Skip to content

Add HMAC authentication to patron anonymization handler#11993

Merged
mekarpeles merged 5 commits intointernetarchive:masterfrom
jimchamp:hmac-auth-for-anon-handler
Mar 18, 2026
Merged

Add HMAC authentication to patron anonymization handler#11993
mekarpeles merged 5 commits intointernetarchive:masterfrom
jimchamp:hmac-auth-for-anon-handler

Conversation

@jimchamp
Copy link
Copy Markdown
Collaborator

@jimchamp jimchamp commented Mar 3, 2026
edited
Loading

Supports #10976
Follows #11053 #11111

Adds HMAC authentication to the patron anonymization handler. The HMAC message is expected to be colon-delimited. The expiry time must be a Unix timestamp in seconds, and may include a fraction of a second.

Handler will return different error codes, depending on what went wrong:

Issue HTTP Response
Improperly formed message (including timestamp) 400 Bad Request
Token has expired 401 Unauthorized
HMAC digest mismatch 401 Unauthorized
Misconfigured secret 503 Service Unavailable

Technical

Testing

Screenshot

Stakeholders

Copilot AI review requested due to automatic review settings March 3, 2026 03:04
Copilot AI reviewed Mar 3, 2026
View reviewed changes
Copy link
Copy Markdown
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds HMAC-based authentication to the /account/anonymize handler (used for IA-triggered account anonymization) and extends the shared HMACToken.verify helper to support Unix-timestamp message formats.

Changes:

  • Require digest and msg parameters on the account anonymization POST handler and attempt HMAC verification before processing.
  • Extend HMACToken.verify with a unix_time option to parse/validate expiry timestamps as Unix seconds (optionally fractional).

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.

File Description
openlibrary/plugins/upstream/account.py Adds HMAC verification inputs (digest, msg) and performs verification before anonymization.
openlibrary/core/auth.py Updates HMACToken.verify to support Unix timestamps and adjusts key/timestamp parsing logic.

@jimchamp jimchamp marked this pull request as draft March 3, 2026 03:08
@jimchamp jimchamp force-pushed the hmac-auth-for-anon-handler branch from 890ec8b to 6bd9a64 Compare March 3, 2026 03:35
@jimchamp jimchamp force-pushed the hmac-auth-for-anon-handler branch from 4f92aab to 8fbbf3f Compare March 3, 2026 03:46
@jimchamp jimchamp changed the title Hmac auth for anon handler Add HMAC authentication to patron anonymization handler Mar 3, 2026
@jimchamp jimchamp marked this pull request as ready for review March 3, 2026 03:59
@mekarpeles mekarpeles self-assigned this Mar 6, 2026
@mekarpeles mekarpeles merged commit 1b97104 into internetarchive:master Mar 18, 2026
4 checks passed
mekarpeles pushed a commit that referenced this pull request Mar 20, 2026
@jimchamp @mekarpeles
Add HMAC authentication to patron anonymization handler (#11993)
28e5c8f 
* Shore up HMAC token verification
* Add Unix timestamp support HMAC verification method
* Add HMAC authentication to anonymization handler
@jimchamp jimchamp deleted the hmac-auth-for-anon-handler branch March 20, 2026 16:28
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

Assignees

@mekarpeles mekarpeles

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@jimchamp @mekarpeles