Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
* Fix temp keys clashing on equal public keys (#1976) * Fix temp keys clashing on equal public keys This PR fixes a bug that surfaced in the context of the dev build where the dummy auth public key is static for all anchors: The temp keys were kept by device public key only, which lead to subsequent registrations evicting the temp key of the previous dummy auth device. Additionally, expirations are only cleaned up lazily and also were only checking the device public key. This lead to the behaviour where a newly registered temp key was not considered valid, because it matched the expiration of a previous registration. None of the issues above are observed in production, because WebAuthn generates new public keys for each registration, even if the same hardware is used. The fix moves the anchor into the temp key identifier, making it different for different anchors. This addresses both of the issues outlined above. * Refactor expiration struct This makes it clearer that both the device_key and anchor are required to reference the temp key. It also removes one of the calls to `clone()`. * Preload loader (#1969) This ensures the loader (astronaut) is loaded as soon as the app itself loads. The asset is fairly heavy and can take a couple seconds to load from the IC. By loading it eagerly we ensures that when it is needed, the astronaut is ready. * Add CI step to check Cargo.lock (#1979) * Add CI step to check Cargo.lock This PR adds a small job to check whether the Cargo.lock is up to date. * Add comment to the lockfile check Co-authored-by: Nicolas Mattia <[email protected]> * formatting --------- Co-authored-by: Nicolas Mattia <[email protected]> * Remove CSP meta tag (#1980) * Remove CSP meta tag This removes the `<meta>` tag used for CSP. We originally included the CSP in the HTML because the HTTP headers could not be certified. HTTP headers are now certified so the `Content-Security-Policy` header _should_ be enough. Additionally, the `<meta>` tag hasn't been replaced correctly for some time leading to an irrelevant HTML tag. * Inline CSP meta * Update commit of IC artefacts (#1988) Co-authored-by: gix-bot <[email protected]> * Fix docker-build script (#1989) The docker build is layered with a dependencies layer to cache already compiled dependencies. To not cache the non-dependency code, the last modified timestamp of the `lib.rs` files has to be updated. If a new `lib.rs` file is introduced, its timestamp needs to be updated as well. This was overlooked when introducing the `canister_sig_utils` crate. This PR makes the dockerfile more robust to touch _all_ the relevant `lib.rs` files rather than specific ones. * Update test app dfinity libraries (#1983) The test app is still using libraries that have the sha256 bug. This PR updates it to no longer be affected. * Refactor readCanisterId to allow reading the test_app id as well (#1985) * Refactor readCanisterId to allow reading the test_app id as well This PR is in preparation for the migration of the selnium tests out of docker. After the migration, vite needs to know about the test_app canister id too. This refactoring allows using the existing helper for that. * Name parameters of * Update screenshots chrome to version 116 (#1990) Update scrennshots chrome to version 116 This update chrome used for the screenshots job to version 116. The version is updated because the future switch to non-dockerized selenium tests requires a chromedriver and the chromedriver package for the version 106 seems to be broken. * Fix asset URL paths (#1987) * Fix asset URL paths This updates the logic for serving assets from the canister. The logic previously did not cover all paths where an asset may be found. For instance, an asset `/foo/index.html` may have returned 200 on `/foo/` but 404 on `/foo`. Moreover the `/faq` endpoint is fixed to actually return the expected redirect to the FAQ. In practice the canister has extra logic for handling `/faq`, but this fixes the HTML-redirect fallback. This ensures that `/faq/` & `/faq/index.html` also redirect (which the canister does not currently check for). * Don't clone exp vector * Don't update dapps without logo (#1991) This updates the dapps update script to skip dapps that do not have a logo. If the dapp doesn't have a logo, then we don't have much to display. This also adds some comments to the jq filter used to parse the dapps list for clarity. --------- Co-authored-by: Frederik Rothenberger <[email protected]> Co-authored-by: gix-bot <[email protected]> Co-authored-by: gix-bot <[email protected]>
- Loading branch information
4 people
authored
Oct 30, 2023
1 parent
14dba88
commit 49191df