-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[PM-16227] Move import to sdk and enable it in browser/web #12479
base: main
Are you sure you want to change the base?
Conversation
Great job, no security vulnerabilities found in this Pull Request |
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #12479 +/- ##
==========================================
- Coverage 33.74% 33.73% -0.01%
==========================================
Files 2918 2918
Lines 90994 91047 +53
Branches 17200 17215 +15
==========================================
+ Hits 30703 30712 +9
- Misses 57891 57924 +33
- Partials 2400 2411 +11 ☔ View full report in Codecov by Sentry. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Requested changes marked with
Review-blocking concerns that may not require changes marked with 🤔.
Everything else is commentary.
domain.privateKey = req.privateKey != null ? new EncString(req.privateKey) : null; | ||
domain.publicKey = req.publicKey != null ? new EncString(req.publicKey) : null; | ||
domain.keyFingerprint = req.keyFingerprint != null ? new EncString(req.keyFingerprint) : null; | ||
const parsedKey = import_ssh_key(req.privateKey); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🤔 Seems like there should be a null check here. You have one when importing from the clipboard, in case import_ssh_key
returns null
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ok, so thinking this through, this should only occur when a user hand-modified the export to be broken (or a bug caused the export to be in a broken state), since SSH keys do not have an arbitrary format.
Since we only ever want consistent, and correct keys in the vault, the intended behavior would be to skip the entire cipher. Currently, just from the code, this seems like it would throw and thus throw the entire import.
What is tools recommendation on this?
I see several ways to filter out these broken ciphers in the import later on (i.e in f.e paresDecrypted as a "post-processing" step on the result), but I don't know whether that's what tools intends?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@djsmith85 - I think this is a place where we'll need your importer expertise.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The current behaviour is that, if any error on any item occurs, the whole import is aborted. We might want to change that in the future, if we can provide a detailed import report, but for now it just aborts, to not cause partial imports without a notice to the user.
@quexten Please ensure during dev/testing that an invalid ssh key will throw and show which import-item is causing the issue. If you are also able to provide a detailed/informative error messages, users will appreciate it.
} else { | ||
password = await this.getSshKeyPassword(); | ||
await this.importSshKeyFromClipboard(password); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
♻️ It's generally bad form to use try/catch for control flow. Consider signalling the expected case of a missing or incorrect password using the return code instead of an exception.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I wish there was a better way to represent results in ts/js, but the way this is done in the PR is the default way to hand over results from rust(wasm) to js/ts: https://rustwasm.github.io/docs/wasm-bindgen/reference/types/result.html
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't need to be solved now--♻️ identifies tech debt. If you're interested in it, though, you might consider embedding an enum in the Ok
block of the result.
enum SshImport {
Imported(value),
MissingPassword, // expected failure case
InvalidPassword, // expected failure case
}
fn method(...) : Result<SshImport, Exception> {
// ...
}
There may be better ways to handle this; the main idea is that you have "process failures" (which relate to things like validation) and "runtime failures" (which relate to circumstances outside of the user's control).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wasm-bindgen does not support enums with values at the moment (otherwise Result would also be trivial to represent), but only C-style enums: rustwasm/wasm-bindgen#2407. So for passing to typescript, this would need to be converted to some struct, similar to what was done in the desktop-only implementation.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Or you could use Tsify-next, which is already included as a dependency.
@@ -79,4 +90,71 @@ export class SshKeySectionComponent implements OnInit { | |||
keyFingerprint, | |||
}); | |||
} | |||
|
|||
async importSshKeyFromClipboard(password: string = "") { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
♻️ This function is replicated with minor alterations across several components. Consider extracting the decision making into one or more shared functions.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be honest, after rewriting it, it is so much shorter that moving this out to a service, just for the two consumers, seems like it would lead to less clarity of the code.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
To be honest, after rewriting it, it is so much shorter that moving this out to a service, just for the two consumers, seems like it would lead to less clarity of the code.
It can just be a plain old function. There's no need to embed it in a service.
That said, this is also an optional thing.
…rden/clients into km/pm-16227/ssh-import-web-browser
return; | ||
} | ||
continue; | ||
} | ||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
⛏️ Mixing 3 different control flow keywords here leads me to believe there's a better way to state this.
} else { | ||
password = await this.getSshKeyPassword(); | ||
await this.importSshKeyFromClipboard(password); | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This doesn't need to be solved now--♻️ identifies tech debt. If you're interested in it, though, you might consider embedding an enum in the Ok
block of the result.
enum SshImport {
Imported(value),
MissingPassword, // expected failure case
InvalidPassword, // expected failure case
}
fn method(...) : Result<SshImport, Exception> {
// ...
}
There may be better ways to handle this; the main idea is that you have "process failures" (which relate to things like validation) and "runtime failures" (which relate to circumstances outside of the user's control).
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-16227
📔 Objective
Makes use of the sdk in order to handle import on desktop web and browser. Drops importer code from
desktop_native
since it's not needed there anymore.📸 Screenshots
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:
) or similar for great changes:memo:
) or ℹ️ (:information_source:
) for notes or general info:question:
) for questions:thinking:
) or 💭 (:thought_balloon:
) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:
) for suggestions / improvements:x:
) or:warning:
) for more significant problems or concerns needing attention:seedling:
) or ♻️ (:recycle:
) for future improvements or indications of technical debt:pick:
) for minor or nitpick changes