[Review] Implement recovery key support for user storage providers #9
Conversation
closes #38445 Signed-off-by: rtufisi <[email protected]>
|
|
||
| return true; | ||
| } else if (input.getType().equals(RecoveryAuthnCodesCredentialModel.TYPE)) { | ||
| CredentialModel recoveryCodesModel = new CredentialModel(); |
There was a problem hiding this comment.
🔴 HIGH | security
Recovery codes are stored as plain JSON in credentialData without encryption. This could expose sensitive authentication data.
💡 Suggestion: Consider encrypting the recovery codes before storing them, similar to how passwords are hashed. At minimum, add a comment explaining this is test code and production should use encryption.
| CredentialModel recoveryCodesModel = new CredentialModel(); | |
| // TODO: In production, recovery codes should be encrypted before storage | |
| recoveryCodesModel.setCredentialData(input.getChallengeResponse()); |
| if (myUser.recoveryCodes != null) { | ||
| try { | ||
| model = RecoveryAuthnCodesCredentialModel.createFromValues( |
There was a problem hiding this comment.
🟢 LOW | best_practice
IOException is caught but only logged, which could hide critical issues during credential deserialization. This might mask data corruption or other serious problems.
💡 Suggestion: Consider adding more detailed error handling or rethrowing as a runtime exception to ensure critical issues are not silently ignored.
| if (myUser.recoveryCodes != null) { | |
| try { | |
| model = RecoveryAuthnCodesCredentialModel.createFromValues( | |
| } catch (IOException e) { | |
| log.error("Failed to deserialize recovery codes credential for user " + user.getUsername(), e); | |
| // Return empty list to prevent NPE, but consider if this should be a harder failure | |
| return Collections.emptyList(); | |
| } |
Mirrored from ai-code-review-evaluation#9.
Test 9