[FS-919] Support Basic Processing of External Commits #2765
Conversation
zebot
added
the
ok-to-test
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
2db5319 to
70a607f
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
d0f0b69 to
9a1c4c4
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
a3ff2ce to
bc0b9af
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
bc0b9af to
937f13a
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
937f13a to
62e5bdf
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
62e5bdf to
61b5bab
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
61b5bab to
e6beea8
Compare
- Extract the key package from the update path
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
e6beea8 to
38ae3ef
Compare
mdimjasevic
force-pushed
the
fs-919/external-commits
branch
from
38ae3ef to
c69966d
Compare
| Just cli -> pure $ updateKeyPackageMapping lconv qusr cli (Just senderRef) updatedRef | ||
| Nothing -> pure $ pure () | ||
| (_, Nothing) -> pure $ pure () -- ignore commits without update path | ||
| Just cli -> pure (updateKeyPackageMapping lconv qusr cli (Just senderRef) updatedRef, action) |
There was a problem hiding this comment.
Would moving pure outside of the case match work?
There was a problem hiding this comment.
I don't think it would. At first it looked weird to me as well. All the branches of the bigger pattern-match have to have the same type. As far as my understanding goes, this block is written this way so it can be executed later, but then I suppose the same could have been achieved if at the top we had a let binding instead of monadic binding and using one level of monads less.
There was a problem hiding this comment.
I'm fine either way, more of a nitpick :D
| paRemove :: ClientMap, | ||
| -- The backend does not process external init proposals, but still it needs | ||
| -- to know if a commit has one when processing external commits | ||
| paExternalInit :: Maybe () |
There was a problem hiding this comment.
This Maybe () is pretty weird. Can we use Any instead?
There was a problem hiding this comment.
Sure, done in commit 20162df. But aren't these two types isomorphic as well, i.e., don't the same arguments you had yesterday in the call apply to Any as well?
There was a problem hiding this comment.
What arguments? My only argument here is that Maybe () is a circuitous way to express a boolean, while Any is more direct. Using Bool there is also fine. It's a minor thing, anyway.
There was a problem hiding this comment.
Sure, I see your point.
| throwS @'MLSRemovalUserMismatch | ||
| pure (Just r) | ||
|
|
||
| updateKeyPackageMapping lconv qusr (ciClient cid) remRef newRef |
There was a problem hiding this comment.
Shouldn't you validate the key package first? See for example applyProposal.
There was a problem hiding this comment.
Your observation has seemed valid and with that in mind, I looked at other cases when a key package is updated or mapped and then some of them seemed equally wrong because they also just call updateKeyPackageMapping. For example, in the case of an existing member updating their key package via the update path we blindly accept the new key package without checking if it is for the same protocol, same cipher suite, etc., but this seems wrong, doesn't it?
I realized updateKeyPackageMapping does validation (the ciphersuite, identity matching, signature scheme, etc.) if the old key package is non-existent (i.e., we pass in Nothing to updateKeyPackageMapping), by calling an internal endpoint in Brig, for which there's a handler upsertKeyPackage.
So before making a call to updateKeyPackageMapping in the case of a NewMemberSender, I just added a call to addKeyPackageRef, which calls upsertKeyPackage in Brig and validates it before inserting into the database.
Does that seem OK?
There was a problem hiding this comment.
As long as validation is happening.
* Check external commit criteria - Extract the key package from the update path - Validate key package before replacing the old one * Fix the serialiseMLS instance for `Sender 'MLSPlainText` * Update the mls-test-cli reference * Integration tests for external commits
The PR introduces basic support for external commits in MLS. Note that this does not resubmit external pending proposals submitted by the backend; this is to be done in https://wearezeta.atlassian.net/browse/FS-920.
Tracked by https://wearezeta.atlassian.net/browse/FS-919.
Checklist
changelog.d