search

rokwire / safer-illinois-app

Source code repository of "Safer Illinois" App - the official COVID-19 app of the University of Illinois.
https://safer.illinois.edu/
Apache License 2.0
33 stars 23 forks source link

[BUG] COVID-19 QR switching paired and not paired in Settings screen #674

Closed isaac-galvan closed 3 years ago

isaac-galvan commented 3 years ago

Describe the bug The COVID-10 panel in the Settings page is acting weird with COVID-19 keys. This is in 2.10.31 and 2.10.29

To Reproduce Steps to reproduce the behavior:

  1. Use "Remove my Information"
  2. Complete setup and get to the Home screen
  3. Open Settings and view COVID-19 keys are valid and paired
  4. Go back to Home, then forward to Settings several times and see it alternate between "keys valid and paired" and keys not paired"

Expected behavior It would always read valid and paired.

Screenshots If applicable, add screenshots to help explain your problem. https://user-images.githubusercontent.com/11352701/125674105-59bbe7d7-72e9-4267-833e-da2f61e9e0dd.MP4

Smartphone (please complete the following information):

Priyaravi8 commented 3 years ago

I too reproduce this issue.

isaac-galvan commented 3 years ago

Later, the COVID-19 keys stopped changing, but the other toggles (exposure notification, health provider data) started changing from off to on every time you open the settings screen:

https://user-images.githubusercontent.com/11352701/125684680-d8e0dbde-a8ca-4c05-a0de-159abfff1118.MP4

mihail-varbanov commented 3 years ago

@petyos, my investigation shows that there is something wrong on the backend side. GET https://api.rokwire.illinois.edu/health/covid19/user returns different values for "privateKey" - sometimes the right value but sometimes a previous value of this key.

Please take a look at the attached log. We are interested in the log entries prefixed with "HealthUser:".

  1. The first GET request returns some value (a wrong one): -----BEGIN PUBLIC KEY-----\r\nMIIBCgKCAQEAizpISgPU7D/iRKGPrcE9Fv/lfqSvaxFOFgdP330BMAPzLk/K4z1CJpl4FlH/WCEGPDb13kUk6MDbIsxPu8nkB3RCRrAu+tJhf63FlbUbtnkXKDNYxTapicEZu4JJoarqKQAj8MBa/Lou7csYdHyEIiJaGF5bfHoKqlOKUiMeuRoU5Aig1z7nlpHLizOIfGHPlfZiaUh1mZfO9XyeiOCGCg5AYI/sosoiehq1x5kOHvSPx6GO/RjcKC2fHOBaPs8i8oFYwPJQIrw0mr9XVfr9rHyr9G/idwlehl+hyulHC9of0dB9+O/094ot1OHN4w6NlZlAfFjnO59Fz9ehLZHmewIDAQAB\r\n-----END PUBLIC KEY-----

  2. The next 3 GET requests returns another value (the right one): -----BEGIN PUBLIC KEY-----\r\nMIIBCgKCAQEAmV8qRg+Db/UBwHCayhBAfIxRcJyAZLwtHePgyPuk+4K3/qt6GyU7Lx7jBC55SBHGa8cJ7/A5IAqC/muyWeNmleWD3r1cAhwqIvAjI712o3PYomzxf9aWikDjMegiko05nnqJxRX+WqR8tEWpAwbfQLwsEk9SpH/Z5jd65Vp6i2QJor+h4b/ChgrpNcp58LgtroJ68MFQWvwr5nL98R4up0F+nM7XkltDMfOwTjabRgX0BVNpy7Ervh8c+7fZIcE7vsLkCmmR17IzLqz9y7ZujHoW1eAo8jB8ACbDxlWJD/3KhvSo4unk9Bx5EG+TUV4Ve/h7oqDf6uT0+nPAl7P3AwIDAQAB\r\n-----END PUBLIC KEY-----

  3. Then we refresh the RSA key pair and apply the new public key using POST https://api.rokwire.illinois.edu/health/covid19/login API -----BEGIN PUBLIC KEY-----\r\nMIIBCgKCAQEAgb1Wng8HS+xaCNOdyzsYFcBk7aGj7LBQP/4elUtzLa3DX/3izRNe2MNX6NmQlMR74v1WYiA9hpoHFT+amNZ7fofIfDcmenLNKHUydpiq+N3uE9vJlX8f8z5zpQClwMEPQFVQ33ZjL3OiIIhZiuvrJ/iYW5HAoMukfnQINV7nIo/tRymOonUELntNuJnioJsfAfcHNFB75Yzm/uJ1yeWDovXyY2ukO1J/LFJnyImav6LC6SR5+/b890CKzJtqtKuju7YgmCZ4xFUO2l4GBWcUaITtsbNJgzvXx44QK5A2Ee9ntSboKYzi5slUdUXVetQyH6JGxQVB05ZUBw4FBWRKdwIDAQAB\r\n-----END PUBLIC KEY-----

  4. The next GET request returns the right public key: -----BEGIN PUBLIC KEY-----\r\nMIIBCgKCAQEAgb1Wng8HS+xaCNOdyzsYFcBk7aGj7LBQP/4elUtzLa3DX/3izRNe2MNX6NmQlMR74v1WYiA9hpoHFT+amNZ7fofIfDcmenLNKHUydpiq+N3uE9vJlX8f8z5zpQClwMEPQFVQ33ZjL3OiIIhZiuvrJ/iYW5HAoMukfnQINV7nIo/tRymOonUELntNuJnioJsfAfcHNFB75Yzm/uJ1yeWDovXyY2ukO1J/LFJnyImav6LC6SR5+/b890CKzJtqtKuju7YgmCZ4xFUO2l4GBWcUaITtsbNJgzvXx44QK5A2Ee9ntSboKYzi5slUdUXVetQyH6JGxQVB05ZUBw4FBWRKdwIDAQAB\r\n-----END PUBLIC KEY-----

  5. The next GET request returns the previous public key from point 3 -----BEGIN PUBLIC KEY-----\r\nMIIBCgKCAQEAmV8qRg+Db/UBwHCayhBAfIxRcJyAZLwtHePgyPuk+4K3/qt6GyU7Lx7jBC55SBHGa8cJ7/A5IAqC/muyWeNmleWD3r1cAhwqIvAjI712o3PYomzxf9aWikDjMegiko05nnqJxRX+WqR8tEWpAwbfQLwsEk9SpH/Z5jd65Vp6i2QJor+h4b/ChgrpNcp58LgtroJ68MFQWvwr5nL98R4up0F+nM7XkltDMfOwTjabRgX0BVNpy7Ervh8c+7fZIcE7vsLkCmmR17IzLqz9y7ZujHoW1eAo8jB8ACbDxlWJD/3KhvSo4unk9Bx5EG+TUV4Ve/h7oqDf6uT0+nPAl7P3AwIDAQAB\r\n-----END PUBLIC KEY-----

Please Note:

NB 1: It is an arbitrary value which a GET request after a POST update will return the previous public key. Sometimes it happens on the second request, sometime on the 5-th. А рandom stuff.

NB 2: I managed to recreate this only on production and not on dev.

HealthUser.log

petyos commented 3 years ago

There is a Health BB version to be deployed - https://github.com/rokwire/rokwire-terraform/issues/66 Please test when deployed. Thanks!

isaac-galvan commented 3 years ago

Hi @petyos @mihail-varbanov we're still seeing an issue with the toggles in the app being inconsistent as shown in the video attached to https://github.com/rokwire/safer-illinois-app/issues/674#issuecomment-880168104.

If you change one of the toggles (off -> on, on -> off) it does not stay the same on later views of the settings screen.

petyos commented 3 years ago

It was fixed in Health BB v2.10.0

isaac-galvan commented 3 years ago

The update is Working great. Thanks!