feat: configurable email attribute type for the finalize sender check#193
Conversation
Part 2 of encryption4all/postguard#236 (the cryptify leg). Finalize required exactly pbdf.sidn-pbdf.email.email in the sender's signing identity; test environments cannot issue pbdf credentials, blocking real end-to-end flows. The `email_attribute` config key (default: the production value, so deployed configs are unaffected) now names the attribute type carrying the sender's email. Companion changes: pg-pkg (encryption4all/postguard#244) and pg-js.
|
Thanks for the PR, Ruben! I'm on it — kicking off a review of the |
There was a problem hiding this comment.
Approving — clean, well-scoped change with no rule or review findings.
Rule check (Rust backend diff): all green.
feat:title passes the conventional-commit gate (pr-title.yml).- Cross-repo refs use the full
encryption4all/postguard#NNNform, so they auto-link. - No closing keyword — correct, since this is Part 2 of a multi-part epic and must not auto-close #236.
- Parse tests added for both the default and the override.
Verification: cargo fmt --all -- --check clean; tests 151/151 and clippy -D warnings clean (per the review step).
Correctness notes:
- Both finalize call sites (sender lookup and the sender-attributes filter) route through
config.email_attribute(), so they stay consistent — no risk of the filter and the lookup disagreeing. - The
unwrap_or_elsedefault (pbdf.sidn-pbdf.email.email) preserves current production behaviour, so deployed configs are unaffected. - The only remaining
pbdf.sidn-pbdf.email.emailliteral insrc/is a test-fixture comment, not a live code path — the finalize hardcoding is fully removed.
Looks good to merge.
|
Reviewed and approved: encryption4all/cryptify#193. The new |
Part 2 of encryption4all/postguard#236 (Phase 2 of EPIC encryption4all/postguard#201) — the cryptify leg; companion to encryption4all/postguard#244 (PKG) and a pg-js PR to follow.
Problem:
upload_finalizerejects any upload whose sender identity lacks exactlypbdf.sidn-pbdf.email.email— a hidden contract the e2e harness discovered, and one of the three hardcodings that make it impossible to run real client flows in a test environment (no test env can issuepbdf.*credentials).Change: new
email_attributeconfig key (defaults to the production value — deployed configs unaffected). Finalize's sender lookup and the sender-attributes filter both use it. The e2e stack will setirma-demo.sidn-pbdf.email.email— the public demo scheme mirrors the email credential with published issuer keys, so the harness gets real email semantics on the identical code path.Tests: config default + override parse tests; full suite 149 + 2 green; clippy clean (
-D warnings).