Skip to content

Universal Add Factor #136

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
lukejmann wants to merge 25 commits into
base: main
Choose a base branch
from
Open

Universal Add Factor #136

lukejmann wants to merge 25 commits into from

Conversation

@lukejmann
Copy link
Contributor

@lukejmann lukejmann commented Oct 16, 2025
edited
Loading

This PR implements the universal add factor feature described here: https://www.notion.so/worldcoin/Backup-Service-Universal-Add-Factor-Proposal-2548614bdf8c80b5a872c3a08d43ed67?source=copy_link

tldr: we extend the add_factor flow to include all factor combinations, not just passkey->oidc

@lukejmann lukejmann changed the title universal add factor pt 1 Universal Add Factor Oct 16, 2025
aurel-fr
aurel-fr reviewed Oct 17, 2025
View reviewed changes
src/backup_storage.rs
return Err(BackupManagerError::ETagNotFound);
};

metadata.keys.push(encryption_key);
Copy link
Contributor

@aurel-fr aurel-fr Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

shouldn't we check if the key already exist and skip if it does?

src/routes/add_factor.rs
}
}
// best-effort cleanup if we inserted lookup above when not needed
let _ = factor_lookup
Copy link
Contributor

@aurel-fr aurel-fr Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we don't first check lookup_insert_succeeded before the cleanup here?

src/routes/add_factor_challenge.rs
)
.await?;
(
serde_json::Value::String(STANDARD.encode(new_factor_challenge)),
Copy link
Contributor

@aurel-fr aurel-fr Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some parts of the code we use STANDARD others URL_SAFE_NO_PAD. It'd be simpler to settle on one flavor.

paolodamico
paolodamico reviewed Oct 18, 2025
View reviewed changes
src/backup_storage.rs
/// # Errors
/// - `BackupManagerError::BackupNotFound` - if the backup does not exist.
/// - `BackupManagerError::ETagNotFound` - if `ETag` is missing (unexpected).
pub async fn add_encryption_key_only(
Copy link
Contributor

@paolodamico paolodamico Oct 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

discussing in Slack

src/routes/add_factor_challenge.rs
new_factor: NewFactor,
/// Optional; defaults to PASSKEY to preserve current clients
#[serde(default)]
existing_factor_kind: Option<ExistingFactorKind>,
Copy link
Contributor

@paolodamico paolodamico Oct 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wonder if we really need this and we need to distinguish the challenge_type in the challenge_token. I don't think having that is adding much. thoughts @aurel-fr too?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@paolodamico paolodamico paolodamico left review comments

@aurel-fr aurel-fr aurel-fr left review comments

@murph murph Awaiting requested review from murph murph is a code owner

@thomas-waite thomas-waite Awaiting requested review from thomas-waite thomas-waite is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@lukejmann @paolodamico @aurel-fr