Skip to content

chore: gracefully handle clear value. fix fxa-14092#20814

Open
clouserw wants to merge 1 commit into
mainfrom
FXA-14092
Open

chore: gracefully handle clear value. fix fxa-14092#20814
clouserw wants to merge 1 commit into
mainfrom
FXA-14092

Conversation

@clouserw

@clouserw clouserw commented Jul 2, 2026

Copy link
Copy Markdown
Member

No description provided.

Copilot AI review requested due to automatic review settings July 2, 2026 14:53
@clouserw clouserw requested a review from a team as a code owner July 2, 2026 14:53

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Improves robustness of the Recorded Future “credentials search and reset” script by preventing malformed “clear” credentials (missing clear_text_value) from breaking lookups and by ensuring verification failures don’t abort the entire run.

Changes:

  • Filter out exposed_secret.type === "clear" credentials that lack details.clear_text_value.
  • Add a regression test ensuring such malformed “clear” credentials are dropped.
  • Wrap per-credential password verification in a try/catch and emit a dedicated verify-error metric.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated 1 comment.

File Description
packages/fxa-auth-server/scripts/recorded-future/lib.ts Tightens filtering to require a usable clear_text_value for “clear” secrets.
packages/fxa-auth-server/scripts/recorded-future/lib.spec.ts Adds regression coverage for malformed “clear” credentials.
packages/fxa-auth-server/scripts/recorded-future/check-and-reset.ts Prevents a single verification error from aborting the whole run; adds verify-error metric.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment on lines +260 to +261
const acct = accountsByLogin[foundCredentials.subject as string];
const passwordMatched = await verifyPassword(foundCredentials, acct);

@chenba chenba left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice. Definitely couldn't hurt.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants