[PM-6271] Propose cipher versioning scheme dynamic data #910
Conversation
basically copy all the fields from `Cipher` into a separate struct
Trying another approach which uses the existing file structure instead of creating a new parallel one
|
New Issues
Fixed Issues
|
There was a problem hiding this comment.
I've unfortunately only taken a quick look at this, and it deserves significantly more time to wrap my mind around everything.
There are quite a few things to like here, but also some concerns.
I noticed password_history is not in data currently. And data contains items that are currently not always encrypted. I'm worried we will get into scenarios where we need to migrate fields outside the data blob.
It also feels like we're doing much of the work for the cipher refactor in the client without doing the slightly additional work of updating the server too.
I'm curious what items if any we access in the Cipher in a decrypted state. Would it be viable to do this:
struct Cipher {
id: UUID,
meta_data: UnreadableBlob,
full_data: UnreadableBlob,
version: 1
}
Migrating requires the whole context of Cipher, and would affect content in the data blobs, and the version field.
meta_data and full_data in this struct can't be parsed. Migration is implicitly done while decrypting, or through an explicit migrate step.
struct CipherViewFull {
id: UUID,
data: {
login: {
..
},
edit: true
}
}
| @@ -28,6 +28,7 @@ bitwarden-fido = { path = "crates/bitwarden-fido", version = "=0.5.0" } | |||
| bitwarden-generators = { path = "crates/bitwarden-generators", version = "=0.5.0" } | |||
| bitwarden-send = { path = "crates/bitwarden-send", version = "=0.5.0" } | |||
| bitwarden-vault = { path = "crates/bitwarden-vault", version = "=0.5.0" } | |||
| bitwarden-versioning = { path = "crates/bitwarden-versioning", version = "=0.5.0" } | |||
There was a problem hiding this comment.
thought: A versioning crate feels a bit odd. I think it's fine to put this in the core crate.
There was a problem hiding this comment.
Yeah I agree, I thought this was gonna be much bigger but alas :)
I forgot to add
What I tried to do was to think of
Given this distinction, migrating fields outside of the data blob should never be a thing. At least not on the client. Those fields are owned by the server and should be handled appropriately.
Not sure I follow, but I have skipped the server at this stage because I think those changes are much more straight forward. In other words I didn't think we needed to prove the concept on the server side. |
🎟️ Tracking
📔 Objective
This is a version of the proposal that uses a "dynamic data object" i.e. the cipher data object is not statically typed. Migrators instead rely on runtime checks to perform their work.
Of course, they don't have to use dynamic objects. A migrator is just a function and it can be implemented however you like
📸 Screenshots
⏰ Reminders before review
team
🦮 Reviewer guidelines
:+1:) or similar for great changes:memo:) or ℹ️ (:information_source:) for notes or general info:question:) for questions:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmedissue and could potentially benefit from discussion
:art:) for suggestions / improvements:x:) or:warning:) for more significant problems or concerns needing attention:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt:pick:) for minor or nitpick changes