Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: apkam-aware activate_cli #576

Merged
merged 24 commits into from
May 15, 2024
Merged

feat: apkam-aware activate_cli #576

merged 24 commits into from
May 15, 2024

Conversation

gkc
Copy link
Contributor

@gkc gkc commented May 7, 2024
edited
Loading

- What I did

  • feat: 'activate' CLI is now APKAM-aware, and supports
    • onboarding (as before)
    • submitting enrollment requests
    • listing / approving / denying / revoking enrollment requests
    • generating one-time passcodes
    • setting semi-permanent passcode

- How I did it

  • New code in src/cli : auth_cli.dart, auth_cli_args.dart
  • Modified existing bin/activate_cli.dart so it uses auth_cli.main instead of activate_cli.main

- How to verify it

  • See NoPorts e2e tests (initial PR) which use this CLI extensively
  • Some examples if you wish to test manually:
    • dart bin/activate_cli.dart -h to see overall usage info and list of available commands
    • dart bin/activate_cli.dart <some command> -h to see help and usage info for a specific command
    • dart bin/activate_cli.dart otp -a @alice to generate an OTP for example
    • dart bin/activate_cli.dart interactive -a @alice to run interactively

-Additional context

  • TODO but will be in follow-up PR as it's not on critical path right now: Add code which allows user to 'resume' an enrollment similar to what has been done in at_client_mobile - basically if the CLI is killed while waiting for its enrollment request to be approved or denied, then allow the exact same command to be re-run, but instead of submitting a new enrollment request it finds the details of the previous one and then goes straight to attempting PKAM auth

gkc added 22 commits March 6, 2024 08:37
@gkc
chore: AtOnboardingPreference: remove unnecessary overrides of AtCien…
8633f39 
…tPreference fields
@gkc
feat: new apkam-aware activate / onboarding CLI: interim commit
8c32f11
@gkc
Merge remote-tracking branch 'origin/trunk' into gkc/apkam-aware-cli
26c3bbb
@gkc
Merge remote-tracking branch 'origin/trunk' into gkc/apkam-aware-cli
c58804d 
# Conflicts:
#	packages/at_onboarding_cli/bin/activate_cli.dart
#	packages/at_onboarding_cli/pubspec.yaml
@gkc
feat: add Duration? retryInterval param to AtOnboardingService.enroll…
9d9be70 
…; deprecate the int? pkamRetryIntervalMins parameter
@gkc
feat: new apkam-aware cli for onboarding / enrollment / enrollment ma…
895d1c2 
…nagement. Interim commit: mostly structural changes for testability, readability etc
@gkc
fix: Fixed async-await bug in at_onboarding_service_impl. Added more …
6998e6a 
…lint rules to analysis_options.yaml including the unawaited futures rule so we don't have this happen anywhere else.
@gkc
feat: new at_activate cli working fully; needs a couple of changes to…
624ae47 
… go to prod swarms before can be used for prod
@gkc
use new enroll:fetch:$id to fetch a specific enrollment
8608953
@gkc
Merge remote-tracking branch 'origin/trunk' into gkc/apkam-aware-cli
b67ec15
@gkc
Merge remote-tracking branch 'origin/trunk' into gkc/apkam-aware-cli
66193d3
@gkc
docs: update CHANGELOG
459bce5
@gkc
Merge remote-tracking branch 'origin/trunk' into gkc/apkam-aware-cli
3419b72
@gkc
feat: at_onboarding_cli: Added regex support for list / approve / den…
a0349bc 
…y / revoke in auth_cli
@gkc
build: at_onboarding_cli: pubspec and CHANGELOG for 1.5.0
6ebe04b
@gkc
docs: at_onboarding_cli: tweaked pub description
9466d64
@gkc
feat: at_onboarding_cli: auth_cli throw ArgumentError when appropriate
6341a37
@gkc
fix: auth_cli: write generated OTP to stdout
e0ecbc9
@gkc
build: at_onboarding_cli: upgrade at_cli_commons dependency
0b7b023
@gkc
feat: auth_cli: add maxConnectAttempts param to auth_cli
675cb2f
@gkc
build: using published version 1.1.0 of at_cli_commons
29b129b
@gkc
test: modify cli functional tests pubspec to use at_onboarding_cli fr…
7fb44de 
…om pub.dev rather than local path. This is slightly inconvenient but we have a circular dependency now between at_onboarding_cli and at_cli_commons.
gkc
gkc commented May 7, 2024
View reviewed changes
packages/at_onboarding_cli/lib/src/onboard/at_onboarding_service_impl.dart Outdated
final Duration retryInterval = Duration(minutes: pkamRetryIntervalMins);
retryInterval ??= Duration(
minutes: pkamRetryIntervalMins ??
atOnboardingPreference.apkamAuthRetryDurationMins);
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added retryInterval as a Duration, so calling code has more control

gkc
gkc commented May 7, 2024
View reviewed changes
packages/at_onboarding_cli/lib/src/onboard/at_onboarding_service_impl.dart Outdated
@@ -160,11 +166,11 @@ class AtOnboardingServiceImpl implements AtOnboardingService {
atLookUpImpl.atChops = AtChopsImpl(atChopsKeys);

// Pkam auth will be attempted asynchronously until enrollment is approved/denied
_attemptPkamAuthAsync(
await _attemptPkamAuthAsync(
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

added missing await

gkc
gkc commented May 7, 2024
View reviewed changes
packages/at_onboarding_cli/lib/src/onboard/at_onboarding_service_impl.dart Outdated
@@ -174,12 +180,13 @@ class AtOnboardingServiceImpl implements AtOnboardingService {
return enrollmentResponse;
}

void _listenToPkamSuccessStream(
Future<void> _listenToPkamSuccessStream (
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Made _listenToPkamSuccessStream return a Future which is only completed when we've actually processed the success

gkc
gkc commented May 7, 2024
View reviewed changes
packages/at_onboarding_cli/lib/src/util/print_full_parser_usage.dart

import 'package:args/args.dart';

extension PrintAllArgParserUsage on ArgParser {
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A little extension to help with pretty printing of the auth_cli's ArgParsers' usage when there are subcommands involved

gkc
gkc commented May 7, 2024
View reviewed changes
packages/at_onboarding_cli/lib/src/cli/auth_cli.dart
final first = arguments.first;
if (first.startsWith('-') && first != '-h' && first != '--help') {
// no command found ... legacy ... insert 'onboard' as the command
arguments = ['onboard', ...arguments];
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is the only tricky bit of logic to be aware of, to allow us to most easily provide backwards compatibility

@gkc gkc mentioned this pull request May 7, 2024
Merged
@murali-shris
Copy link
Member

@gkc

murali@Muralidharans-MacBook-Pro at_onboarding_cli % dart bin/activate_cli.dart enroll -s 5KSNW3  -r vip.ve.atsign.zone -p buzz -d pixel -n “buzz:rw” -a @alice🛠 -k /Users/murali/.atsign/keys/@alice🛠_buzz.atKeys

Can we log the enrollment response from server after running the above command. I had to copy the enrollmentId from the server logs and pass it to the approve command.

@murali-shris
Copy link
Member

With dart 3.3.4, I am getting this warning every time I run activate_cli

murali@Muralidharans-MacBook-Pro at_onboarding_cli % dart bin/activate_cli.dart enroll -s 5KSNW3  -r vip.ve.atsign.zone -p buzz -d pixel -n “buzz:rw” -a @alice🛠 -k /Users/murali/.atsign/keys/@alice🛠_buzz.atKeys
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/macs/cbc_block_cipher_mac.dart:103:46: Warning: Operand of null-aware operation '!' has type 'Padding' which excludes null.
 - 'Padding' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
    var paddingName = _padding != null ? '/${_padding!.algorithmName}' : '';
                                             ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/macs/cbc_block_cipher_mac.dart:203:7: Warning: Operand of null-aware operation '!' has type 'Padding' which excludes null.
 - 'Padding' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      _padding!.addPadding(_buf, _bufOff);
      ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/signers/ecdsa_signer.dart:94:41: Warning: Operand of null-aware operation '!' has type 'Mac' which excludes null.
 - 'Mac' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      kCalculator = _RFC6979KCalculator(_kMac!, n, _pvkey!.d!, message);
                                        ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/signers/ecdsa_signer.dart:166:7: Warning: Operand of null-aware operation '!' has type 'Digest' which excludes null.
 - 'Digest' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      _digest!.reset();
      ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/signers/ecdsa_signer.dart:167:14: Warning: Operand of null-aware operation '!' has type 'Digest' which excludes null.
 - 'Digest' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      return _digest!.process(message);

@gkc
Copy link
Contributor Author

gkc commented May 13, 2024

With dart 3.3.4, I am getting this warning every time I run activate_cli

murali@Muralidharans-MacBook-Pro at_onboarding_cli % dart bin/activate_cli.dart enroll -s 5KSNW3  -r vip.ve.atsign.zone -p buzz -d pixel -n “buzz:rw” -a @alice🛠 -k /Users/murali/.atsign/keys/@alice🛠_buzz.atKeys
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/macs/cbc_block_cipher_mac.dart:103:46: Warning: Operand of null-aware operation '!' has type 'Padding' which excludes null.
 - 'Padding' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
    var paddingName = _padding != null ? '/${_padding!.algorithmName}' : '';
                                             ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/macs/cbc_block_cipher_mac.dart:203:7: Warning: Operand of null-aware operation '!' has type 'Padding' which excludes null.
 - 'Padding' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      _padding!.addPadding(_buf, _bufOff);
      ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/signers/ecdsa_signer.dart:94:41: Warning: Operand of null-aware operation '!' has type 'Mac' which excludes null.
 - 'Mac' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      kCalculator = _RFC6979KCalculator(_kMac!, n, _pvkey!.d!, message);
                                        ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/signers/ecdsa_signer.dart:166:7: Warning: Operand of null-aware operation '!' has type 'Digest' which excludes null.
 - 'Digest' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      _digest!.reset();
      ^
../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/signers/ecdsa_signer.dart:167:14: Warning: Operand of null-aware operation '!' has type 'Digest' which excludes null.
 - 'Digest' is from 'package:pointycastle/api.dart' ('../../../../../.pub-cache/hosted/pub.dev/pointycastle-3.9.0/lib/api.dart').
      return _digest!.process(message);

Should not occur if you do dart pub upgrade to pull in the latest pointycastle

@gkc
Copy link
Contributor Author

gkc commented May 13, 2024

@gkc

murali@Muralidharans-MacBook-Pro at_onboarding_cli % dart bin/activate_cli.dart enroll -s 5KSNW3  -r vip.ve.atsign.zone -p buzz -d pixel -n “buzz:rw” -a @alice🛠 -k /Users/murali/.atsign/keys/@alice🛠_buzz.atKeys

Can we log the enrollment response from server after running the above command. I had to copy the enrollmentId from the server logs and pass it to the approve command.

Done in latest commit

gkc added 2 commits May 13, 2024 15:41
@gkc
at_onboarding_cli: Improve the terminal output from activate_cli. Als…
157dc63 
…o some refactoring

- Deprecated `AtOnboardingPreference.apkamAuthRetryDurationMins`
- Added three new methods to AtOnboardingService - sendEnrollRequest, awaitApproval and createAtKeysFile. Extracted those methods from AtOnboardingServiceImpl.enroll so it now just calls those three methods. The refactoring provides more control to application code.
- For readability, refactored the code related to pkam auth in the context of enrollment success checking
@gkc
chore: run dart format
ac7fd0f
@gkc
Copy link
Contributor Author

gkc commented May 14, 2024

@murali-shris please can you re-review?

@gkc gkc marked this pull request as ready for review May 14, 2024 12:47
@gkc gkc merged commit c8dd65f into trunk May 15, 2024
11 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sitaram-kalluri sitaram-kalluri sitaram-kalluri approved these changes

@srieteja srieteja Awaiting requested review from srieteja

@murali-shris murali-shris Awaiting requested review from murali-shris

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@gkc @murali-shris @sitaram-kalluri