biscuit-auth
Fix for third party block reuse
This changes the third party block signature format to prevent reuse of third party blocks across tokens, by including the previous block's signature in the signed data
I'm not decided yet on the best name for the functions still allowing the old format, between Biscuit::unsafe_deprecated_deserialize and UnverifiedBiscuit::unsafe_from
CodSpeed Performance Report
Merging #230 will not alter performance
Comparing geal/third-party-reuse (c026d50) with v5 (e59f41d)
Summary
✅ 12 untouched benchmarks
![codspeed-hq[bot] avatar](https://avatars.githubusercontent.com/in/257293?v=4 "Published by a pub.dev verified publisher"){kind=small}
I'm not decided yet on the best name for the functions still allowing the old format, between
Biscuit::unsafe_deprecated_deserializeandUnverifiedBiscuit::unsafe_from
I’d go for the most explicit. I read unsafe_from in the diff and was a bit confused
I think we should document the signature scheme to make a few things clearer:
- imo the version should be signed (if defined)
- the previous key should not be signed if we sign the previous signature instead
Codecov Report
Attention: Patch coverage is 87.34940% with 21 lines in your changes missing coverage. Please review.
Project coverage is 69.89%. Comparing base (
3930767) to head (c026d50). Report is 2 commits behind head on v5.
Additional details and impacted files
@@ Coverage Diff @@
## v5 #230 +/- ##
==========================================
+ Coverage 69.03% 69.89% +0.86%
==========================================
Files 25 25
Lines 5926 5990 +64
==========================================
+ Hits 4091 4187 +96
+ Misses 1835 1803 -32
:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
🚨 Try these New Features:
- Flaky Tests Detection - Detect and resolve failed and flaky tests
![codecov[bot] avatar](https://avatars.githubusercontent.com/in/254?v=4 "Published by a pub.dev verified publisher"){kind=small}