From de86aa671eec9d08ab0e0d4cdd30584606882732 Mon Sep 17 00:00:00 2001 From: BlackDex Date: Mon, 14 Dec 2020 19:58:23 +0100 Subject: Fix Key Rotation during password change When ticking the 'Also rotate my account's encryption key' box, the key rotated ciphers are posted after the change of password. During the password change the security stamp was reseted which made the posted key's return an invalid auth. This reset is needed to prevent other clients from still being able to read/write. This fixes this by adding a new database column which stores a stamp exception which includes the allowed route and the current security stamp before it gets reseted. When the security stamp check fails it will check if there is a stamp exception and tries to match the route and security stamp. Currently it only allows for one exception. But if needed we could expand it by using a Vec and change the functions accordingly. fixes #1240 --- migrations/mysql/2020-12-09-173101_add_stamp_exception/down.sql | 0 migrations/mysql/2020-12-09-173101_add_stamp_exception/up.sql | 1 + 2 files changed, 1 insertion(+) create mode 100644 migrations/mysql/2020-12-09-173101_add_stamp_exception/down.sql create mode 100644 migrations/mysql/2020-12-09-173101_add_stamp_exception/up.sql (limited to 'migrations/mysql') diff --git a/migrations/mysql/2020-12-09-173101_add_stamp_exception/down.sql b/migrations/mysql/2020-12-09-173101_add_stamp_exception/down.sql new file mode 100644 index 00000000..e69de29b diff --git a/migrations/mysql/2020-12-09-173101_add_stamp_exception/up.sql b/migrations/mysql/2020-12-09-173101_add_stamp_exception/up.sql new file mode 100644 index 00000000..bcad3922 --- /dev/null +++ b/migrations/mysql/2020-12-09-173101_add_stamp_exception/up.sql @@ -0,0 +1 @@ +ALTER TABLE users ADD COLUMN stamp_exception TEXT DEFAULT NULL; \ No newline at end of file -- cgit v1.2.3