Skip to content
This repository has been archived by the owner on Dec 20, 2018. It is now read-only.

UserManager now blocks null security stamps #1026

Closed
wants to merge 5 commits into from
Closed

UserManager now blocks null security stamps #1026

wants to merge 5 commits into from

Conversation

HaoK
Copy link
Member

@HaoK HaoK commented Nov 11, 2016

@HaoK
Copy link
Member Author

HaoK commented Nov 11, 2016

Note we usually take care of modifying the security stamp, but this guards against some edge cases where they mucked with the entity directly, or end up with a null security stamp via other means outside of our APIs

@kevinchalet
Copy link

kevinchalet commented Nov 12, 2016
edited
Loading

So, in the "rare" case where a security stamp would be missing, the user wouldn't be able to update his profile, right?

@HaoK
Copy link
Member Author

HaoK commented Nov 12, 2016
edited
Loading

Yes, basically its a developer error to end up with a user with a security stamp missing, you won't be able to save a user with no security stamp anymore.

@kevinchalet
Copy link

kevinchalet commented Nov 12, 2016
edited
Loading

its a developer error to end up with a user with a security stamp missing

My point is that it shouldn't be returned to the end user, as there's nothing he can do to fix it.
Is there a particular reason you prefer returning an error instead of generating a new security stamp on the fly?

@HaoK
Copy link
Member Author

HaoK commented Nov 12, 2016
edited
Loading

Ah yes, your point about this being a pretty useless message to the user is valid. I guess this behavior also shouldn't be optional based on the user validator, this check should be explicit in the user manager and throw an exception instead.

Its not really safe to automatically generate a new security stamp, that would just result in really hard to repro cases of users that are suddenly signed out.

@HaoK
Copy link
Member Author

HaoK commented Nov 14, 2016

@divega @blowdart do you guys agree that a missing security stamp on a user when the feature is enabled should result in a runtime exception instead of a 'recoverable' identity error.

@kevinchalet
Copy link

Its not really safe to automatically generate a new security stamp, that would just result in really hard to repro cases of users that are suddenly signed out.

Well, if a user has a null security stamp at some point, he will be unable to log in at all, as it will crash when creating the ClaimsPrincipal :trollface:

@blowdart
Copy link
Member

Sure, throw. It's unexpected enough to be an exceptional event.

@HaoK HaoK changed the title UserValidator now blocks null security stamps UserManager now blocks null security stamps Nov 15, 2016
@HaoK
Copy link
Member Author

HaoK commented Nov 15, 2016

Updated moving null stamp check to unoverridable user manager code. @divega look reasonable?

@kevinchalet
Copy link

No love for UserStore.SetSecurityStampAsync? If null stamps are illegal, maybe it should throw an ArgumentException when it's null or empty.

https://github.com/aspnet/Identity/blob/dev/src/Microsoft.AspNetCore.Identity.EntityFrameworkCore/UserStore.cs#L1242

@HaoK
Copy link
Member Author

HaoK commented Nov 15, 2016

Sure that's valid defense in depth, but its very hard to call that today using the identity APIs as its only called in the UpdateSecurityStamp internal method which never passes in null, but it doesn't hurt to add

@HaoK
Copy link
Member Author

HaoK commented Nov 21, 2016

4dd38e8

@HaoK HaoK closed this Nov 21, 2016
@HaoK HaoK deleted the haok/11-11stamp branch August 7, 2017 17:01
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@HaoK @kevinchalet @blowdart @dnfclas