feat: hashed user auth tokens #67969

mdtro · 2024-03-29T21:36:53Z

Update the UserAuthTokenAuthentication middleware to support hashed token values. As tokens are used, it will store the appropriate hash value.
Use an option, apitoken.use-and-update-hash-rate that will apply the code paths using the hashed values for lookups and updating the hashed values on plaintext tokens randomly based on the configured rate.
Introduce a temporary option, apitoken.save-hash-on-create. This will be used in the model logic and in pre and post backfill migration tests in the future.

This previously resulted in INC-684 via PR #65941. The hashed_token and hashed_refresh_token columns now have indexes.

src/sentry/api/authentication.py

- add tests for the hashing logic pre and post request - refactored helper function to return related user and application - call the helper function when authentication is happening under control silo mode

mdtro changed the title ~~Mdtro/apitoken middleware hash~~ feat: hashed user auth tokens Mar 29, 2024

github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Mar 29, 2024

vercel bot deployed to Preview March 29, 2024 21:39 View deployment

mdtro force-pushed the mdtro/apitoken-middleware-hash branch from 9ec71bc to 45aecd6 Compare April 1, 2024 19:33

vercel bot deployed to Preview April 1, 2024 19:36 View deployment

vercel bot deployed to Preview April 1, 2024 20:34 View deployment

mdtro marked this pull request as ready for review April 1, 2024 20:42

mdtro requested review from a team as code owners April 1, 2024 20:42

mdtro force-pushed the mdtro/apitoken-middleware-hash branch from 22a57ad to 7fb9623 Compare April 1, 2024 20:42

vercel bot deployed to Preview April 1, 2024 20:45 View deployment

wedamija approved these changes Apr 1, 2024

View reviewed changes

src/sentry/api/authentication.py Outdated Show resolved Hide resolved

mdtro added 13 commits April 1, 2024 16:53

feat: hash support for user auth token middleware

2abfbe4

fix comment

321bc9e

add tests and use helper function in control silo

626f589

- add tests for the hashing logic pre and post request - refactored helper function to return related user and application - call the helper function when authentication is happening under control silo mode

wip: handle backfilling when in region mode

107c173

upsert hashed_token + tests

b7ce0ea

remove incompatible call to ApiToken from region silo mode

aedcc7e

wip: fix typing

b6d3395

handle apitokenreplica lookup outside function to please mypy

394c69f

add type checks

9c77f06

fix test

46af43f

remove setUp

cedb03e

use option to control rollout rate

8a7aaf6

ref: store result of rate check in variable for readability

c052cb1

mdtro force-pushed the mdtro/apitoken-middleware-hash branch from 4f73517 to c052cb1 Compare April 1, 2024 21:53

vercel bot deployed to Preview April 1, 2024 21:55 View deployment

fix typo in tests

7e4be6d

vercel bot deployed to Preview April 1, 2024 22:39 View deployment

mdtro merged commit db950e3 into master Apr 2, 2024

mdtro deleted the mdtro/apitoken-middleware-hash branch April 2, 2024 14:07

github-actions bot locked and limited conversation to collaborators Apr 18, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

feat: hashed user auth tokens #67969

feat: hashed user auth tokens #67969

Uh oh!

mdtro commented Mar 29, 2024 •

edited

Loading

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

Uh oh!

feat: hashed user auth tokens #67969

feat: hashed user auth tokens #67969

Uh oh!

Conversation

mdtro commented Mar 29, 2024 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

mdtro commented Mar 29, 2024 •

edited

Loading