-
-
Notifications
You must be signed in to change notification settings - Fork 5.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WebAuthn CredentialID field needs to be increased in size #20530
WebAuthn CredentialID field needs to be increased in size #20530
Conversation
WebAuthn have updated their specification to set the maximum size of the CredentialID to 1023 bytes. This is somewhat larger than our current size and therefore we need to migrate. Fix go-gitea#20457 Signed-off-by: Andrew Thornton <art27@cantab.net>
Yes this has a migration. I suggest we just port the back the unnecessary migration that is between these two and/or the associated PR. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM, until next time 🤠
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@jolheiser You're just asking for problems 🙊
LGTM, how about setting the length to a large-enough value, like 8000? There should be no difference between 1640 and 8000 on database side, then no worry about overflowing anymore. |
The field is indexed and is searched directly so it's potentially bad on db systems like MySQL which store the value directly within the index. I'm not sure if these would store the max string size eg. 8000 bytes or whether they'd just store the string. If it's just the string then it's no worse but I don't know. The spec has written clearly that this is at most 1023 bytes - previously it wasn't very clear on this hence the change. I guess the question is are they likely to increase it? My suspicion is we'd get more forewarning in that case. I think if they do increase it again we're probably gonna need to think again about how we implement this. It could be that at that point we'd need to be doing shasums of the credential id searching for that and then doing equality of the credential id - if only to keep the index from being too large. |
And in fact I think we've hit the problem I was referring to. Looking at the tests I see:
Sigh I think we're going to need to do a bit more work here. |
…bauthn-credential-field
Signed-off-by: Andrew Thornton <art27@cantab.net>
OK I've had to do something a lot more horrible because of MySQL's index issue. |
Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
Signed-off-by: Andrew Thornton <art27@cantab.net>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Small nit, otherwise L-gtm and verified migration on local instance.
Signed-off-by: Andrew Thornton <art27@cantab.net>
🚀 |
…0530) WebAuthn have updated their specification to set the maximum size of the CredentialID to 1023 bytes. This is somewhat larger than our current size and therefore we need to migrate. The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string to the bytes field before another migration drops the old CredentialID field. Another migration renames this field back. Fix go-gitea#20457 Signed-off-by: Andrew Thornton <art27@cantab.net>
…20555) WebAuthn have updated their specification to set the maximum size of the CredentialID to 1023 bytes. This is somewhat larger than our current size and therefore we need to migrate. The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string to the bytes field before another migration drops the old CredentialID field. Another migration renames this field back. Fix #20457 Signed-off-by: Andrew Thornton <art27@cantab.net> Co-authored-by: zeripath <art27@cantab.net>
* giteaofficial/main: (29 commits) [skip ci] Updated translations via Crowdin Support localized README (go-gitea#20508) Clean up and fix clone button script (go-gitea#20415) Add disable download source configuration (go-gitea#20548) Fix default merge style (go-gitea#20564) Update login methods in package docs (go-gitea#20561) Add missing Tabs on organisation/package view (Frontport go-gitea#20539) (go-gitea#20540) [skip ci] Updated licenses and gitignores Add setting `SQLITE_JOURNAL_MODE` to enable WAL (go-gitea#20535) Rework file highlight rendering and fix yaml copy-paste (go-gitea#19967) Add new API endpoints for push mirrors management (go-gitea#19841) WebAuthn CredentialID field needs to be increased in size (go-gitea#20530) Add latest commit's SHA to content response (go-gitea#20398) Improve token and secret key generation docs (go-gitea#20387) [skip ci] Updated translations via Crowdin Rework raw file http header logic (go-gitea#20484) Update lunny/levelqueue to prevent NPE when reads are performed after close (go-gitea#20534) Added guidance on file to choose to download (go-gitea#20474) [skip ci] Updated translations via Crowdin Ensure that all unmerged files are merged when conflict checking (go-gitea#20528) ...
…0530) WebAuthn have updated their specification to set the maximum size of the CredentialID to 1023 bytes. This is somewhat larger than our current size and therefore we need to migrate. The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string to the bytes field before another migration drops the old CredentialID field. Another migration renames this field back. Fix go-gitea#20457 Signed-off-by: Andrew Thornton <art27@cantab.net>
WebAuthn have updated their specification to set the maximum size of the
CredentialID to 1023 bytes. This is somewhat larger than our current
size and therefore we need to migrate.
The PR changes the struct to add CredentialIDBytes and migrates the CredentialID string
to the bytes field before another migration drops the old CredentialID field. Another migration
renames this field back.
Fix #20457
Signed-off-by: Andrew Thornton art27@cantab.net