Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: prevent GDPR features with insufficient loa #476

Merged
merged 2 commits into from
Apr 24, 2024
Merged

feat: prevent GDPR features with insufficient loa #476

merged 2 commits into from
Apr 24, 2024

Conversation

voneiden
Copy link
Contributor

Originally profile would restrict verified information with insufficient loa. This is seemingly fine, but there is a risk of GDPR implementing service not checking loa and leaking sensitive information for an account that may contain information that should not be accessed with low loa.

Therefore it was decided, that accounts which have verified personal information (ie. suomi.fi linked) may not use GDPR features unless they have at least substantial loa.

Ref. HP-2269

@voneiden voneiden requested a review from a team March 14, 2024 10:26
@voneiden voneiden marked this pull request as ready for review March 14, 2024 10:27
@voneiden voneiden force-pushed the hp-2269-block-gdpr-api-with-loa branch from bc586eb to fc0ebaf Compare March 14, 2024 10:28
@codecov-commenter
Copy link

codecov-commenter commented Mar 14, 2024
edited
Loading

Codecov Report

Attention: Patch coverage is 79.31034% with 6 lines in your changes are missing coverage. Please review.

Project coverage is 95.41%. Comparing base (f505b24) to head (fc0ebaf).
Report is 22 commits behind head on main.

❗ Current head fc0ebaf differs from pull request most recent head 147ea5a. Consider uploading reports for the commit 147ea5a to get more accurate results

Files Patch % Lines
profiles/schema.py 42.85% 2 Missing and 2 partials ⚠️
profiles/utils.py 71.42% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #476      +/-   ##
==========================================
- Coverage   95.56%   95.41%   -0.15%     
==========================================
  Files         207      207              
  Lines        8222     8285      +63     
  Branches      991     1003      +12     
==========================================
+ Hits         7857     7905      +48     
- Misses        279      290      +11     
- Partials       86       90       +4

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Failed Quality Gate failed

Failed conditions
0.0% Coverage on New Code (required ≥ 65%)
D Maintainability Rating on New Code (required ≥ A)

See analysis details on SonarCloud

Catch issues before they fail your Quality Gate with our IDE extension SonarLint

charn
charn reviewed Apr 12, 2024
View reviewed changes
profiles/schema.py Outdated Show resolved Hide resolved
@voneiden voneiden force-pushed the hp-2269-block-gdpr-api-with-loa branch from fc0ebaf to d91fcfa Compare April 17, 2024 10:54
@voneiden voneiden requested a review from charn April 17, 2024 10:55
@terovirtanen
Copy link
Contributor

HELSINKI-PROFILE-API branch is deployed to platta: https://helsinki-profile-pr476.api.dev.hel.ninja 🚀🚀🚀

@voneiden voneiden force-pushed the hp-2269-block-gdpr-api-with-loa branch 3 times, most recently from 1d15fc5 to fbe993d Compare April 17, 2024 12:40
@terovirtanen
Copy link
Contributor

HELSINKI-PROFILE-API branch is deployed to platta: https://helsinki-profile-pr476.api.dev.hel.ninja 🚀🚀🚀

@voneiden
feat: prevent GDPR features with insufficient loa
e1b8d4a 
Originally profile would restrict verified information with
insufficient loa. This is seemingly fine, but there is a risk of GDPR
implementing service not checking loa and leaking sensitive information
for an account that may contain information that should not be accessed
with low loa.

Therefore it was decided, that accounts which have verified personal
information (ie. suomi.fi linked) may not use GDPR features unless they
have at least substantial loa.

Ref. HP-2269
@voneiden voneiden force-pushed the hp-2269-block-gdpr-api-with-loa branch from fbe993d to e1b8d4a Compare April 17, 2024 12:54
@terovirtanen
Copy link
Contributor

HELSINKI-PROFILE-API branch is deployed to platta: https://helsinki-profile-pr476.api.dev.hel.ninja 🚀🚀🚀

@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
1 Accepted issue

Measures
0 Security Hotspots
83.3% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

@terovirtanen
Copy link
Contributor

HELSINKI-PROFILE-API branch is deployed to platta: https://helsinki-profile-pr476.api.dev.hel.ninja 🚀🚀🚀

@mikkojamG mikkojamG mentioned this pull request Apr 18, 2024
Merged
charn
charn approved these changes Apr 18, 2024
View reviewed changes
Copy link
Contributor

@charn charn left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM! 👍 :shipit:

@voneiden voneiden merged commit 4cdf426 into main Apr 24, 2024
23 checks passed
@voneiden voneiden deleted the hp-2269-block-gdpr-api-with-loa branch April 24, 2024 13:05
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@charn charn charn approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@voneiden @codecov-commenter @terovirtanen @charn