fix: prevent orphaned API keys in secure-storage profile mutations#239
Draft
bukinoshita wants to merge 1 commit intomainfrom
Draft
fix: prevent orphaned API keys in secure-storage profile mutations#239bukinoshita wants to merge 1 commit intomainfrom
bukinoshita wants to merge 1 commit intomainfrom
Conversation
- Make writeCredentials() atomic via temp file + rename to prevent partial writes from corrupting credentials.json - Add compensating rollback to storeApiKeyAsync: if writeCredentials fails after backend.set(), immediately backend.delete() the just-stored secret - Add compensating rollback to removeApiKeyAsync: cache the existing secret before backend.delete(); if removeApiKey() fails, restore it with backend.set() - Add compensating rollback to removeAllApiKeysAsync: cache all existing secrets before deletion; if file unlink fails, restore them all with backend.set() - Reorder renameProfileAsync: copy secret to newName, commit file rename, then delete oldName; if file rename fails, delete newName to restore original state - Add tests for all rollback scenarios Co-authored-by: Bu Kinoshita <bukinoshita@users.noreply.github.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary by cubic
Fixes orphaned API keys by making secure-storage profile mutations atomic with compensating rollbacks. Addresses Linear BU-636.
writeCredentialsvia temp file +renameSyncto prevent partialcredentials.jsonupdates.storeApiKeyAsync: if the file write fails after storing the secret, delete the new secret from the secure backend.removeApiKeyAsync: cache the existing secret and restore it if the file update fails.removeAllApiKeysAsync: cache all secrets and restore them ifcredentials.jsondeletion fails.renameProfileAsync: copy secret to the new name, commit the file rename, then delete the old secret; revert the new secret if the file rename fails.Written for commit 92bcda3. Summary will update on new commits.