Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bug?: Perhaps, invite hijacking verification is broken #19

Open
4 tasks
Tracked by #3
cognivore opened this issue Aug 26, 2022 · 1 comment
Open
4 tasks
Tracked by #3

Bug?: Perhaps, invite hijacking verification is broken #19

cognivore opened this issue Aug 26, 2022 · 1 comment
Labels
low priority

Comments

@cognivore
Copy link
Contributor

Why?

We seemed to have a working invite system, but we patched a MASSIVE BUG in crypto.ex and all the tests started failing.
To fix tests, we have inspected the output of the invite presentation credential, and hacked the test to work.

In the test we hacked, we now just compare the holder of the inner credential to its issuer. It kinda seems like a bug?..

How?

  • Reconstruct the logic of root invites
  • Reconstruct the invite fulfilling protocol
  • See if it's a bug
  • If it is, fix grant_root_invite and other invite granting facilities.
@cognivore cognivore mentioned this issue Aug 26, 2022
Open
4 tasks
cognivore added a commit that referenced this issue Aug 26, 2022
@cognivore
Problem: Crypto.verify_map always returns Ok, even on failed verif.
3bf5ee8 
Solution:

 - Pattern-matched multi-proof verrification to throw into Result.err on error.
 - Worked-around a failing test in invite_tests.exs, perhaps CREATING A NEW BUG!!! See #19
 - Wrote a regression test to check that stuff will always work.
@cognivore
Copy link
Contributor Author

This is low priority because we for our products, instead of the "clubhouse" invite system, we use E-Mail sign-up. We do it because our products are b2b currently.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
low priority
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@cognivore