Add infrastructure for password guards #121
Conversation
This is a big commit, let's take a look at individual parts: 1. LQPasswordGuard contains logic about password hashing. It publishes `isValid`, which can be used to check if a provided password is valid. There's also LQAcceptingGuard, which acts like a null object. 2. LiquidPoll now stores a `guard` instance variable. By default, it's the LQAcceptingGuard null object, which allows *any* password. Once the poll is started using startWithId:andPassword:..., it's replaced with an actual LQPasswordGuard. The LQPasswordGuard can be safely transferred over the wire, since it contains nothing but a hash. 3. To relieve users from the unbearable burden of remembering a password, we now have the LQPasswordManager. It generates & stores passwords for polls. This is a rough first attempt, in that it only implements password protection for Poll >> isOpen, and it uses the cryptographically unsound MD5 hashing algorithm. Co-Authored-By: Callista Gratz <[email protected]>
Pull Request Test Coverage Report for Build 1037011211
💛 - Coveralls |
co-authored-by: Simon Knott <[email protected]>
co-authored-by: Simon Knott <[email protected]>
Skn0tt
requested review from
NikkelM and
Dassderdie
and removed request for
NikkelM
co-authored-by: Simon Knott <[email protected]>
co-authored-by: Simon Knott <[email protected]>
There was a problem hiding this comment.
I have quite a lot of comments concerning this PR, two of which I classified as [boulders], concerning an error occurring during runtime and the handling of the new passwords in our tests. Most of it is however only of cosmetic nature.
Edit: I also finally found the place where "request changes" comes from. Now that I saw that it is connected to the review as a whole and not to a specific comment, I better understand what it actually does
packages/Liquid-Core.package/LQAcceptingGuard.class/instance/isValid..st
Outdated
Show resolved
Hide resolved
packages/Liquid-Core.package/LQGuard.class/instance/isValid..st
Outdated
Show resolved
Hide resolved
packages/Liquid-Core.package/LQPasswordGuard.class/instance/password..st
Show resolved
Hide resolved
packages/Liquid-Core.package/LiquidPoll.class/instance/closeWithPassword..st
Outdated
Show resolved
Hide resolved
packages/Liquid-Core.package/LiquidPoll.class/instance/initialize.st
Outdated
Show resolved
Hide resolved
packages/Liquid-Tests.package/LQLoadTest.class/instance/testTwoHundredUsers.st
Outdated
Show resolved
Hide resolved
packages/Liquid-Tests.package/LQPasswordGuardTest.class/instance/testPasswordGuard.st
Show resolved
Hide resolved
packages/Liquid-Tests.package/LiquidPollTests.class/instance/testClosePoll.st
Outdated
Show resolved
Hide resolved
packages/Liquid-Core.package/LQPasswordManager.class/instance/generatePasswordFor..st
Show resolved
Hide resolved
packages/Liquid-Core.package/LiquidPoll.class/instance/startWithId.andPassword.ifTaken..st
Outdated
Show resolved
Hide resolved
|
The current solution has some drawbacks:
My proposal would be some sort of security detached from the poll class, so that one doesn't have to care about security stuff so much when working in the poll class. But this is out of scope for this semester I guess... |
|
A whitelist sure sounds like a good idea. I opened a tracking issue for this: #124 |
This is a chunky PR, let's take a look at individual parts:
isValid, which can be used to check if a provided password is valid. There's also LQAcceptingGuard, which acts like a null object.guardinstance variable. By default, it's the LQAcceptingGuard null object, which allows any password. Once the poll is started using startWithId:andPassword:..., it's replaced with an actual LQPasswordGuard. The LQPasswordGuard can be safely transferred over the wire, since it contains nothing but a hash.This is a rough first attempt, in that it only implements password protection for Poll >> isOpen, and it uses the cryptographically unsound MD5 hashing algorithm.