Fix legacy hub compatibility

[SailReal]

This PR fixes using legacy API

• user setup: we need to accept also privateKey/publicKey
• sending the UserDto: we need to respond also with privateKey/publicKey
• getting the userDto: must not contain devices

[coderabbitai]

Warning

Rate limit exceeded

@SailReal has exceeded the limit for the number of commits or files that can be reviewed per hour. Please wait 17 minutes and 21 seconds before requesting another review.

⌛ How to resolve this issue?

After the wait time has elapsed, a review can be triggered using the @coderabbitai review command as a PR comment. Alternatively, push new commits to this PR.

We recommend that you space out your commits to avoid hitting the rate limit.

🚦 How do rate limits work?

CodeRabbit enforces hourly rate limits for each developer per organization.

Our paid plans have higher rate limits than the trial, open-source and free plans. In all cases, we re-allow further reviews after a brief timeout.

Please see our FAQ for further information.

📥 Commits

Reviewing files that changed from the base of the PR and between ae261c2 and fb5c91f.

📒 Files selected for processing (1)

• backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2 hunks)

Walkthrough

The pull request introduces significant modifications to the UserDto class, enhancing its constructor to manage both new and legacy property names for fields such as ecdhPublicKey and privateKeys. The constructor now utilizes a @JsonCreator annotation and includes private final fields with corresponding getter methods, replacing public field access. The UsersResource class is updated to use these getter methods, improving encapsulation and adding null checks for device handling. Additionally, the dev-realm.json configuration file is modified to expand the cli user's roles from ["user"] to ["user", "create-vaults"], thereby increasing its permissions. Changes in the frontend components reflect the shift from singular to plural naming for private keys, ensuring consistency across the application.

Possibly related PRs

• Feature: User Audit Log #310: The changes in the main PR, specifically the updates to the UserDto class and its getter methods, are directly related to the modifications in the UsersResource class in the retrieved PR, which now uses these getter methods instead of direct property access.
• Preserve User Language Setting #313: The changes in the main PR regarding the UserDto class and its handling of the language property are directly related to the modifications made in the retrieved PR, which also involves updates to the UserDto class to include a new language field and its associated logic.

Suggested reviewers

• overheadhunter

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[SailReal]

Just noticed: Still broken for adding/removing members, will fix it tomorrow.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (1)

22-60: Well-implemented backward compatibility.

The constructor effectively handles both new and legacy property names with clear fallback logic. The code is well-documented with comments explaining the dual property support.

However, consider adding validation to ensure that at least one of the paired properties (new or legacy) is provided:

 if (ecdhPublicKey != null) {
   this.ecdhPublicKey = ecdhPublicKey;
 } else {
+  if (publicKey == null) {
+    throw new IllegalArgumentException("Either ecdhPublicKey or publicKey must be provided");
+  }
   this.ecdhPublicKey = publicKey;
 }

frontend/src/components/InitialSetup.vue (1)

300-312: Consider making device type configurable.

The implementation securely handles device registration and key submission. However, the device type is hardcoded as 'BROWSER'.

Consider making the device type configurable to support different client types in the future:

-async function submitBrowserKeys(browserKeys: BrowserKeys, me: UserDto, userKeys: UserKeys) {
+async function submitBrowserKeys(browserKeys: BrowserKeys, me: UserDto, userKeys: UserKeys, deviceType: string = 'BROWSER') {
   await backend.users.putMe(me);
   const jwe = await userKeys.encryptForDevice(browserKeys.keyPair.publicKey);
   await backend.devices.putDevice({
     id: await browserKeys.id(),
     name: deviceName.value,
-    type: 'BROWSER',
+    type: deviceType,
     publicKey: await browserKeys.encodedPublicKey(),
     userPrivateKey: jwe,
     creationTime: new Date()
   });
   userdata.reload();
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 34059dc and 6a227df.

📒 Files selected for processing (6)

• backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2 hunks)
• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java (3 hunks)
• frontend/src/common/backend.ts (1 hunks)
• frontend/src/common/userdata.ts (2 hunks)
• frontend/src/components/InitialSetup.vue (1 hunks)
• frontend/src/components/RegenerateSetupCodeDialog.vue (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build and Test

🔇 Additional comments (9)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (3)

14-20: LGTM! Well-structured field declarations.

The private final fields are properly encapsulated and follow consistent naming conventions.

---

77-88: Good use of deprecation annotations.

The legacy getter is properly marked with @Deprecated(forRemoval = true) while maintaining functionality.

---

95-106: Consistent implementation of private keys getters.

The implementation follows the same pattern as the public key getters, maintaining consistency throughout the codebase.

frontend/src/common/userdata.ts (2)

96-99: Property reference updated correctly.

The check for user initialization now uses the new privateKeys property name, maintaining consistency with the backend changes.

---

131-131: Property assignment updated correctly.

The assignment in addEcdsaKeyIfMissing now uses the new privateKeys property name.

frontend/src/components/RegenerateSetupCodeDialog.vue (1)

156-156: Property reference updated correctly.

The assignment in regenerateSetupCode now uses the new privateKeys property name.

frontend/src/common/backend.ts (1)

78-78: Type definition updated correctly.

The UserDto type now uses the new privateKeys property name, ensuring type safety across the application.

frontend/src/components/InitialSetup.vue (2)

280-298: LGTM! Secure key recovery implementation.

The key recovery process follows secure practices:

• Trims user input
• Comprehensive error handling
• Uses the updated key decryption method

---

266-266: LGTM! Verify encryption compatibility.

The change from privateKey to privateKeys aligns with the PR objectives for legacy hub compatibility. The encryption process looks secure.

Please verify that the encryption process is compatible with both legacy and new hub versions by checking the UserKeys implementation:

✅ Verification successful

🏁 Script executed:

#!/bin/bash
# Search for UserKeys implementation to verify encryption compatibility
ast-grep --pattern 'class UserKeys {
  $$$
  encryptWithSetupCode($$$) {
    $$$
  }
  $$$
}'

Length of output: 95

---

I'll execute an alternative search to locate the implementation of the encryption function. This will help us understand whether the compatibility with legacy hubs is maintained and how encryptWithSetupCode is implemented.

---

🏁 Script executed:

#!/bin/bash
# Search for the encryptWithSetupCode function in the repository with context
rg "encryptWithSetupCode(" -n -C 3 .

Length of output: 131

---

Let's run a refined search for the encryptWithSetupCode method, escaping any special regex characters to get a proper output.

---

🏁 Script executed:

#!/bin/bash
# Use ripgrep with an escaped pattern for searching 'encryptWithSetupCode' in the repository
rg "encryptWithSetupCode" -n -C 5 .

Length of output: 4927

---

Encryption Compatibility Confirmed

We’ve verified that the encryptWithSetupCode method is implemented in frontend/src/common/crypto.ts (using JWEBuilder.pbes2) and is properly tested (see tests in frontend/test/common/crypto.spec.ts). The update from privateKey to privateKeys in the InitialSetup.vue component correctly integrates this encryption process for both legacy and new hub support.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (2)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2)

22-60: Consider using Optional for more concise null checks.

While the constructor implementation is correct, the null checks could be more concise using Optional.

Here's a suggested improvement:

-		if (ecdhPublicKey != null) {
-			this.ecdhPublicKey = ecdhPublicKey;
-		} else {
-			this.ecdhPublicKey = publicKey;
-		}
+		this.ecdhPublicKey = Optional.ofNullable(ecdhPublicKey).orElse(publicKey);

-		if (privateKeys != null) {
-			this.privateKeys = privateKeys;
-		} else {
-			this.privateKeys = privateKey;
-		}
+		this.privateKeys = Optional.ofNullable(privateKeys).orElse(privateKey);

---

117-131: Remove redundant ecdhPublicKey parameter in factory method.

The justPublicInfo method passes the same value user.getEcdhPublicKey() twice to the constructor. Since one parameter is for legacy support, this duplication is unnecessary.

Here's a suggested improvement:

 		return new UserDto(
 				user.getId(),
 				user.getName(),
 				user.getPictureUrl(),
 				user.getEmail(),
 				user.getLanguage(),
 				Set.of(),
 				user.getEcdhPublicKey(),
-				user.getEcdhPublicKey(),
+				null,  // legacy publicKey parameter
 				user.getEcdsaPublicKey(),
 				null,
 				null,
 				null);

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 6a227df and b7a6a35.

📒 Files selected for processing (1)

• backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build and Test

🔇 Additional comments (2)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2)

14-20: LGTM! Well-structured field declarations.

The fields are properly encapsulated as private final, with clear naming and appropriate types.

---

62-115: LGTM! Well-documented getter methods with proper deprecation notices.

The getter methods are properly implemented with:

• Consistent @JsonProperty annotations
• Clear deprecation notices with issue references
• Proper implementation of legacy getters

[overheadhunter]

If I understand this correctly, deserialization accepts both names but prefers the new one (XOR), while serialization produces duplicate fields using both the new and the old name.

Clients should therefore be compatible as long as

1. they ignore unknown fields during deserialization
2. they produce JSON that conforms to either the old or the new standard.

This looks solid, however the legacy duplications hurt readability. I would therefore like to see a separate constructor that is used for every non-Jackson-related new UserDto() call.

Furthermore, could you please explain what you mean by

getting the userDto: must not contain devices

?

[SailReal]

Furthermore, could you please explain what you mean by

getting the userDto: must not contain devices

?

Before the 1.4.0 changes, it was possible to first create the user and then create the devices. We are using it e.g. in hub-cli.

If we now put an UserDto in

hub/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java

Line 93 in d52b272

updateDevices(user, dto);

the devices are required in

hub/backend/src/main/java/org/cryptomator/hub/api/UsersResource.java

Line 107 in d52b272

var devices = userEntity.devices.stream().collect(Collectors.toUnmodifiableMap(Device::getId, Function.identity()));

(userEntity.devices.stream() produces an nullpointer).

With b1cb347 we also accept UserDto's again without devices set.

[coderabbitai]

Actionable comments posted: 1

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between b7a6a35 and 349f520.

📒 Files selected for processing (2)

• backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2 hunks)
• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java (2 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• backend/src/main/java/org/cryptomator/hub/api/UsersResource.java

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build and Test

🔇 Additional comments (4)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (4)

14-20: LGTM! Well-structured field declarations.

The fields are properly encapsulated as private final, with clear and consistent naming that supports both new and legacy properties.

---

22-46: LGTM! Well-implemented constructor with legacy support.

The constructor effectively handles both new and legacy properties using ternary operators for null checks. The separate @JsonProperty annotations (instead of @JsonAlias) correctly prevent property override issues when both new and legacy properties are provided.

---

48-67: LGTM! Clean secondary constructor implementation.

The secondary constructor provides a clean API for internal use without legacy property handling.

---

70-122: LGTM! Well-documented getter methods with clear deprecation notices.

The getters are properly annotated and include clear deprecation notices with migration guidance for legacy properties.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (1)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (1)

22-46: Consider using this constructor as the primary one.

The constructor effectively handles both new and legacy properties with proper validation. However, to improve maintainability, consider making this the primary constructor and having the other constructor delegate to it.

 public UserDto(
         String id,
         String name,
         String pictureUrl,
         String email,
         String language,
         Set<DeviceResource.DeviceDto> devices,
         String ecdhPublicKey,
         String ecdsaPublicKey,
         String privateKeys,
         String setupCode) {
-    super(id, Type.USER, name, pictureUrl);
-    this.email = email;
-    this.language = language;
-    this.devices = devices;
-    this.ecdhPublicKey = ecdhPublicKey;
-    this.ecdsaPublicKey = ecdsaPublicKey;
-    this.privateKeys = privateKeys;
-    this.setupCode = setupCode;
+    this(id, name, pictureUrl, email, language, devices, ecdhPublicKey, null, ecdsaPublicKey, privateKeys, null, setupCode);
 }

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 349f520 and ae261c2.

📒 Files selected for processing (1)

• backend/src/main/java/org/cryptomator/hub/api/UserDto.java (2 hunks)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Build and Test

🔇 Additional comments (3)

backend/src/main/java/org/cryptomator/hub/api/UserDto.java (3)

14-20: LGTM! Well-structured field declarations.

The fields are properly encapsulated as private final, ensuring immutability and proper data hiding.

---

69-122: LGTM! Well-documented getters with proper deprecation notices.

The getter methods are properly implemented with clear deprecation notices and issue tracking links for legacy methods.

---

124-136: LGTM! Factory method correctly implements public info DTO creation.

The justPublicInfo method properly creates a UserDto instance with only public information, using the correct parameter order and null values for sensitive data.