[PM-16227] Move import to sdk and enable it in browser/web #12479
Conversation
|
No New Or Fixed Issues Found |
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found. Additional details and impacted files@@ Coverage Diff @@
## main #12479 +/- ##
==========================================
- Coverage 33.74% 33.73% -0.01%
==========================================
Files 2918 2918
Lines 90994 91047 +53
Branches 17200 17215 +15
==========================================
+ Hits 30703 30712 +9
- Misses 57891 57924 +33
- Partials 2400 2411 +11 ☔ View full report in Codecov by Sentry. |
quexten
changed the title
quexten
requested review from
addisonbeck,
gbubemismith and
Patrick-Pimentel-Bitwarden
| domain.privateKey = req.privateKey != null ? new EncString(req.privateKey) : null; | ||
| domain.publicKey = req.publicKey != null ? new EncString(req.publicKey) : null; | ||
| domain.keyFingerprint = req.keyFingerprint != null ? new EncString(req.keyFingerprint) : null; | ||
| const parsedKey = import_ssh_key(req.privateKey); |
There was a problem hiding this comment.
🤔 Seems like there should be a null check here. You have one when importing from the clipboard, in case import_ssh_key returns null.
There was a problem hiding this comment.
Ok, so thinking this through, this should only occur when a user hand-modified the export to be broken (or a bug caused the export to be in a broken state), since SSH keys do not have an arbitrary format.
Since we only ever want consistent, and correct keys in the vault, the intended behavior would be to skip the entire cipher. Currently, just from the code, this seems like it would throw and thus throw the entire import.
What is tools recommendation on this?
I see several ways to filter out these broken ciphers in the import later on (i.e in f.e paresDecrypted as a "post-processing" step on the result), but I don't know whether that's what tools intends?
There was a problem hiding this comment.
@djsmith85 - I think this is a place where we'll need your importer expertise.
| } else { | ||
| password = await this.getSshKeyPassword(); | ||
| await this.importSshKeyFromClipboard(password); | ||
| } |
There was a problem hiding this comment.
♻️ It's generally bad form to use try/catch for control flow. Consider signalling the expected case of a missing or incorrect password using the return code instead of an exception.
There was a problem hiding this comment.
I wish there was a better way to represent results in ts/js, but the way this is done in the PR is the default way to hand over results from rust(wasm) to js/ts: https://rustwasm.github.io/docs/wasm-bindgen/reference/types/result.html
There was a problem hiding this comment.
This doesn't need to be solved now--♻️ identifies tech debt. If you're interested in it, though, you might consider embedding an enum in the Ok block of the result.
enum SshImport {
Imported(value),
MissingPassword, // expected failure case
InvalidPassword, // expected failure case
}
fn method(...) : Result<SshImport, Exception> {
// ...
}
There may be better ways to handle this; the main idea is that you have "process failures" (which relate to things like validation) and "runtime failures" (which relate to circumstances outside of the user's control).
There was a problem hiding this comment.
Wasm-bindgen does not support enums with values at the moment (otherwise Result would also be trivial to represent), but only C-style enums: rustwasm/wasm-bindgen#2407. So for passing to typescript, this would need to be converted to some struct, similar to what was done in the desktop-only implementation.
| @@ -79,4 +90,71 @@ export class SshKeySectionComponent implements OnInit { | |||
| keyFingerprint, | |||
| }); | |||
| } | |||
|
|
|||
| async importSshKeyFromClipboard(password: string = "") { | |||
There was a problem hiding this comment.
♻️ This function is replicated with minor alterations across several components. Consider extracting the decision making into one or more shared functions.
There was a problem hiding this comment.
To be honest, after rewriting it, it is so much shorter that moving this out to a service, just for the two consumers, seems like it would lead to less clarity of the code.
There was a problem hiding this comment.
To be honest, after rewriting it, it is so much shorter that moving this out to a service, just for the two consumers, seems like it would lead to less clarity of the code.
It can just be a plain old function. There's no need to embed it in a service.
That said, this is also an optional thing.
…rden/clients into km/pm-16227/ssh-import-web-browser
| return; | ||
| } | ||
| continue; | ||
| } | ||
| break; |
There was a problem hiding this comment.
⛏️ Mixing 3 different control flow keywords here leads me to believe there's a better way to state this.
| } else { | ||
| password = await this.getSshKeyPassword(); | ||
| await this.importSshKeyFromClipboard(password); | ||
| } |
There was a problem hiding this comment.
This doesn't need to be solved now--♻️ identifies tech debt. If you're interested in it, though, you might consider embedding an enum in the Ok block of the result.
enum SshImport {
Imported(value),
MissingPassword, // expected failure case
InvalidPassword, // expected failure case
}
fn method(...) : Result<SshImport, Exception> {
// ...
}
There may be better ways to handle this; the main idea is that you have "process failures" (which relate to things like validation) and "runtime failures" (which relate to circumstances outside of the user's control).
🎟️ Tracking
https://bitwarden.atlassian.net/browse/PM-16227
📔 Objective
Makes use of the sdk in order to handle import on desktop web and browser. Drops importer code from
desktop_nativesince it's not needed there anymore.📸 Screenshots
⏰ Reminders before review
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed issue and could potentially benefit from discussion:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes