Temp keys policy onboarding

[chenriksson]

No description provided.

[joelverhagen]

You should probably filter out empty results after trimming.

[joelverhagen]

This properly becomes Username IN ('a', 'b', ...) in SQL? Or is this being evaluated client side?

[chenriksson]

Evaluated SQL-side, with similar query...

SELECT * FROM Users WHERE EXISTS(
  SELECT 1 AS [C1] FROM  (
    SELECT N'name1' AS [C1] FROM  ( SELECT 1 AS X ) AS [SingleRowTable1]
    UNION ALL
    SELECT N'name2' AS [C1] FROM  ( SELECT 1 AS X ) AS [SingleRowTable2]
) AS [UnionAll2] WHERE Users.[Username] = [UnionAll2].[C1])

[joelverhagen]

Could we get a screenshot?

[chenriksson]

@joelverhagen sent

[skofman1]

can you send everybody?

---

In reply to: 114229583 [](ancestors = 114229583)

[scottbommarito]

I think you can upload the image to GitHub so everybody can see.

[chenriksson]

Attached to conversation

[joelverhagen]

Do we really have to invent our own serialization here? Can't we just JSON encode?

[chenriksson]

Updated

[joelverhagen]

Let's use JSON API to write this JSON string.

[joelverhagen]

This will fall into the typical expiration notification flow -- so user's might now know reason why this is expiring, right?

[joelverhagen]

Also, DateTime.UtcNow

[joelverhagen]

This could actually give some keys more time right? Shouldn't we only do this if the Expires is greater than 7 days in the future?

[joelverhagen]

If this is all constant, can't we just subclass UserSecurityPolicyGroup? This allows us to avoid the Action<User> and just make it an overridden method.

[scottbommarito]

Agreed. This is really confusing as is...just make this an abstract class with SecurePushUserSecurityPolicyGroup a subclass with all of this logic.

[joelverhagen]

It seems to me like a "policy group" is a bit redundant. Isn't this just another policy, a la "aggregate policy"? Maybe I'm off here but couldn't a policy either have it's own logic, be an aggregate of other policies, or both? I don't see why we need another type for a grouping when the UserSecurityPolicy type could describe it as well.

[chenriksson]

@joelverhagen @skofman1 per our discussion, will add a new column to UserSecurityPolicies table to track what was enrolled in - which could be a single policy or aggregate.

[scottbommarito]

@chenriksson make sure that column handles the state of being enrolled in multiple aggregates.

e.g.
I'm enrolled in policy A through groups X and Y. I leave group X. I should still be enrolled in policy A through group Y.

[joelverhagen]

⌚️

[skofman1]

null check

[skofman1]

consider using Lazy

[skofman1]

c.Type.StartsWith(CredentialTypes.ApiKey.Prefi [](start = 16, length = 46)

I think there is a method IsApiKey that has this logic

[skofman1]

r [](start = 21, length = 1)

one class per file please

[skofman1]

should we send a user an e-mail when he is enrolled? Perhaps Anand has ideas.

[scottbommarito]

@anangaur

[skofman1]

[scottbommarito]

I really want to see UserSecurityPolicyGroup split into subclasses. Otherwise looks good.

[scottbommarito]

Might be more clear if this was named UserSecurityPolicyEnrollments.

[scottbommarito]

I think you can upload the image to GitHub so everybody can see.

[scottbommarito]

When you changed the serialization did you update this comment?

[scottbommarito]

@chenriksson make sure that column handles the state of being enrolled in multiple aggregates.

e.g.
I'm enrolled in policy A through groups X and Y. I leave group X. I should still be enrolled in policy A through group Y.

[scottbommarito]

Agreed. This is really confusing as is...just make this an abstract class with SecurePushUserSecurityPolicyGroup a subclass with all of this logic.

[scottbommarito]

should also check [InlineData("", null)] just in case

[scottbommarito]

Why is this not an Equals method?

e.g. UserSecurityPolicy should implement IEquatable<UserSecurityPolicy>

[scottbommarito]

If you use MemberData instead of InlineData you can get rid of the serialization/deserialization.

[scottbommarito]

Do we want test cases around
1 - adding policies that are already added
2 - removing policies that are not enrolled

[scottbommarito]

Usually these kind of operations will set a message on the page, e.g. User x was enrolled in y.

Do we want to do that here? It could be nontrivial to figure out what was changed otherwise.

[chenriksson]

@scottbommarito

[joelverhagen]

Name [](start = 22, length = 4)

Nit: => SubscriptionName

[joelverhagen]

IEquatable [](start = 47, length = 10)

IEquatable should override GetHashCode

[chenriksson]

done

[joelverhagen]

EqualsReturnsFalse_Data [](start = 56, length = 23)

nit make this a property

[joelverhagen]

nullable [](start = 80, length = 8)

What will existing records do with this?

Or are we assuming there is no data?

[chenriksson]

No data in the table yet.

[joelverhagen]

Sounds good. Thanks.

[joelverhagen]

PolicyService [](start = 38, length = 13)

nit why public?

[joelverhagen]

Search [](start = 36, length = 6)

thoughts on unit testing this?

[joelverhagen]

Ideally we could mock the context and policy service

---

In reply to: 115030333 [](ancestors = 115030333)

[chenriksson]

@joelverhagen Tests added!

[joelverhagen]

Where [](start = 17, length = 5)

linq except might be a bit clearer for this

[joelverhagen]

IsSubscribed [](start = 17, length = 12)

This isn't thread safe. Two simultaneous enrolls to the same subscription would result in duplicate policies right? Or is there a optimistic concurrency on the user?

[skofman1]

I'm afraid that's the case for a lot of our CUD actions... for scoped API keys I added "locks" in the page itself to prevent double clicks from creating duplicate calls.

[chenriksson]

The confirmation prompt should help guard against duplicate clicks. I don't think a lock in the gallery (per instance) or optimistic concurrency in the DB (per row) is the solution here.

Now that we have the Subscription column, we could add a unique index (Name, Subscription)... assuming we wouldn't have a subscription contain multiple of the same policies differing in value only. We could then silently ignore duplicate inserts (SqlException 2601). Thoughts?

[joelverhagen]

(Name, Subscription) unique index seems right. That being said, it seems like the "is enrolled?" and unenroll code paths handle duplicates just fine.

[joelverhagen]

= 7 [](start = 83, length = 3)

why optional parameter? there is only one acceptable value here today right? seems like a private const more correct here

[joelverhagen]

SecurityPolicyService [](start = 17, length = 21)

I don't see any logging around these actions. Are we thinking that auditing is enough?

[chenriksson]

Was planning to do auditing and telemetry together in next PR.

[joelverhagen]

🕐

[skofman1]

nit: c# 7 introduces throw expressions: https://blogs.msdn.microsoft.com/dotnet/2016/08/24/whats-new-in-csharp-7-0/

[chenriksson]

I think I tried in an earlier commit and had a CI issue... but will try it.

[scottbommarito]

Make sure you have the changes to build.ps1 from this commit. If it still fails, run it on the build machines queue and not the hosted agent queue.

[skofman1]

What will be the behavior if we authenticated with a credential that is not an API key?

[chenriksson]

The apiKey var would be empty/null, and user.Credentials.FirstOrDefault would return null. Same behavior, so the IsNullOrEmpty check is unnecessary.

This is actually a regression from PR #3855, since some test infra uses empty API keys.