malpercio.dev / ezpds
An easy-to-host PDS on the ATProtocol, iPhone and MacOS. Maintain control of your keys and data, always.
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

fix: address code review feedback on ignored integration tests

- test_ac7_3_build_recovery_override_signs_with_device_key: Replace hardcoded timestamps with dynamic values using Utc::now(). Use (Utc::now() - Duration::hours(2)).to_rfc3339() for genesis and (Utc::now() - Duration::hours(1)).to_rfc3339() for the unauthorized op, ensuring timestamps remain within the 72-hour recovery window.

- test_ac7_3_build_recovery_override_signs_with_device_key: Fix add_identity failure by calling remove_identity first to clean up stale Keychain state, then expect() on add_identity to properly propagate errors instead of silently discarding them.

- test_ac7_4_submit_recovery_override: Apply same timestamp fix as test_ac7_3.

- test_ac7_4_submit_recovery_override: Apply same add_identity cleanup as test_ac7_3.

Root causes:
- Hardcoded timestamps from 2026-03-29 are now >72 hours old, exceeding the recovery window and failing check_recovery_window().
- Silently discarding add_identity errors masked Keychain stale state from prior test runs, causing cascading failures in device key lookup.

Malpercio a73fea36 0ebc4439

+13 -26
+13 -26
apps/identity-wallet/src-tauri/src/recovery.rs
··· 915 915 916 916 // Setup identity with IdentityStore (pattern from plc_monitor.rs) 917 917 let store = IdentityStore; 918 - let _ = store.add_identity(did); 919 - for suffix in [ 920 - "device-key", 921 - "device-key-pub", 922 - "device-key-app-label", 923 - "did-doc", 924 - "plc-log", 925 - "oauth-tokens", 926 - ] { 927 - let _ = crate::keychain::delete_item(&format!("{did}:{suffix}")); 928 - } 918 + let _ = store.remove_identity(did); 919 + store.add_identity(did).expect("add_identity"); 929 920 let device_pub = store 930 921 .get_or_create_device_key(did) 931 922 .expect("device key generation failed"); ··· 962 953 "sig": "fake_attacker_signature" 963 954 }); 964 955 965 - // Build audit log JSON 956 + // Build audit log JSON with dynamic timestamps within the 72-hour recovery window 957 + let genesis_time = (Utc::now() - Duration::hours(2)).to_rfc3339(); 958 + let unauth_time = (Utc::now() - Duration::hours(1)).to_rfc3339(); 959 + 966 960 let audit_log_json = serde_json::json!([ 967 961 { 968 962 "did": did, 969 963 "cid": "bafy_genesis", 970 - "createdAt": "2026-03-29T00:00:00Z", 964 + "createdAt": genesis_time, 971 965 "nullified": false, 972 966 "operation": genesis_operation 973 967 }, 974 968 { 975 969 "did": did, 976 970 "cid": "bafy_unauthorized", 977 - "createdAt": "2026-03-29T01:00:00Z", 971 + "createdAt": unauth_time, 978 972 "nullified": false, 979 973 "operation": unauth_operation 980 974 } ··· 1072 1066 1073 1067 // Setup identity with device key 1074 1068 let store = IdentityStore; 1075 - let _ = store.add_identity(did); 1076 - for suffix in [ 1077 - "device-key", 1078 - "device-key-pub", 1079 - "device-key-app-label", 1080 - "did-doc", 1081 - "plc-log", 1082 - "oauth-tokens", 1083 - ] { 1084 - let _ = crate::keychain::delete_item(&format!("{did}:{suffix}")); 1085 - } 1069 + let _ = store.remove_identity(did); 1070 + store.add_identity(did).expect("add_identity"); 1086 1071 let device_pub = store 1087 1072 .get_or_create_device_key(did) 1088 1073 .expect("device key generation failed"); ··· 1148 1133 serde_json::from_str(&recovery_op.signed_op_json).expect("parse recovery op json"); 1149 1134 1150 1135 // Updated audit log (after recovery operation is applied) 1136 + let genesis_time = (Utc::now() - Duration::hours(2)).to_rfc3339(); 1137 + 1151 1138 let updated_audit_log_json = serde_json::json!([ 1152 1139 { 1153 1140 "did": did, 1154 1141 "cid": "bafy_genesis", 1155 - "createdAt": "2026-03-29T00:00:00Z", 1142 + "createdAt": genesis_time, 1156 1143 "nullified": false, 1157 1144 "operation": genesis_operation 1158 1145 }