Skip to content
This repository has been archived by the owner on Sep 11, 2024. It is now read-only.

OIDC: extract token persistence functions to utils #11690

Merged
merged 4 commits into from
Oct 2, 2023
Merged

OIDC: extract token persistence functions to utils #11690

merged 4 commits into from
Oct 2, 2023

Conversation

kerryarchibald
Copy link
Contributor

@kerryarchibald kerryarchibald commented Oct 2, 2023
edited by github-actions bot
Loading

For element-hq/element-web#25839

Extract token persistence functions from Lifecycle to utils/tokens, so they can be used in OIDC utils without causing circular dependencies.

Checklist

  • Tests written for new code (and old code if feasible)
  • Linter and other CI checks pass
  • Sign-off given on the changes (see CONTRIBUTING.md)

This change is marked as an internal change (Task), so will not be included in the changelog.

@kerryarchibald kerryarchibald added the T-Task Refactoring, enabling or disabling functionality, other engineering tasks label Oct 2, 2023
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 2, 2023
View reviewed changes
src/utils/tokens/tokens.ts
// store the access token unencrypted since localStorage only saves
// strings.
if (!!token) {
localStorage.setItem(storageKey, token);

Check failure

Code scanning / CodeQL

Clear text storage of sensitive information

This stores sensitive data returned by [a call to sendLoginRequest](1) as clear text.
src/utils/tokens/tokens.ts Fixed Show fixed Hide fixed
github-advanced-security[bot]
github-advanced-security bot found potential problems Oct 2, 2023
View reviewed changes
src/utils/tokens/tokens.ts
await StorageManager.idbSave("account", storageKey, token);
} catch (e) {
if (!!token) {
localStorage.setItem(storageKey, token);

Check failure

Code scanning / CodeQL

Clear text storage of sensitive information

This stores sensitive data returned by [a call to sendLoginRequest](1) as clear text.
@kerryarchibald kerryarchibald marked this pull request as ready for review October 2, 2023 04:05
@kerryarchibald kerryarchibald requested a review from a team as a code owner October 2, 2023 04:05
@kerryarchibald kerryarchibald added this pull request to the merge queue Oct 2, 2023
Merged via the queue into develop with commit 6685403 Oct 2, 2023
@kerryarchibald kerryarchibald deleted the kerry/25392/extract-token-functions branch October 2, 2023 22:44
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@t3chguy t3chguy t3chguy approved these changes

@andybalaam andybalaam Awaiting requested review from andybalaam andybalaam is a code owner automatically assigned from matrix-org/element-web-reviewers

Assignees
No one assigned
Labels
T-Task Refactoring, enabling or disabling functionality, other engineering tasks
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@kerryarchibald @t3chguy