Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix #981: Option to disable verification of replay attacks #1004

Merged
merged 2 commits into from
Sep 6, 2023
Merged

Fix #981: Option to disable verification of replay attacks #1004

merged 2 commits into from
Sep 6, 2023

Conversation

romanstrobl
Copy link
Member

No description provided.

banterCZ
banterCZ approved these changes Sep 6, 2023
View reviewed changes
Copy link
Member

@banterCZ banterCZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I really like the solution with @ConditionalOnProperty. I suggest documenting the configuration property in this PR.

...o/getlime/security/powerauth/app/server/service/replay/DefaultReplayVerificationService.java Outdated Show resolved Hide resolved
...in/java/io/getlime/security/powerauth/app/server/service/replay/NoOpVerificationService.java Show resolved Hide resolved
powerauth-java-server/src/main/resources/application.properties Show resolved Hide resolved
...o/getlime/security/powerauth/app/server/service/replay/DefaultReplayVerificationService.java Outdated Show resolved Hide resolved
@romanstrobl romanstrobl requested a review from banterCZ September 6, 2023 09:35
@romanstrobl romanstrobl self-assigned this Sep 6, 2023
banterCZ
banterCZ approved these changes Sep 6, 2023
View reviewed changes
Copy link
Member

@banterCZ banterCZ left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for the documentation.

petrdvorak
petrdvorak approved these changes Sep 6, 2023
View reviewed changes
Copy link
Member

@petrdvorak petrdvorak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved, with a minor comment to fix.

...o/getlime/security/powerauth/app/server/service/replay/DefaultReplayVerificationService.java
@Service
@Slf4j
@AllArgsConstructor
@ConditionalOnProperty(prefix = "powerauth.service.crypto", name = "replayVerificationService", havingValue = "default")
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Just in case, I recommend adding matchIfMissing property to the annotation.

@romanstrobl romanstrobl merged commit d8d4614 into develop Sep 6, 2023
@romanstrobl romanstrobl deleted the issues/981-replay-attack-prevention-optional branch September 6, 2023 12:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@banterCZ banterCZ banterCZ approved these changes

@petrdvorak petrdvorak petrdvorak approved these changes

Assignees

@romanstrobl romanstrobl

Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@romanstrobl @petrdvorak @banterCZ