Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ONYX-13640 - Nested annotations integration #2404

Merged
merged 4 commits into from
Nov 2, 2021
Merged

ONYX-13640 - Nested annotations integration #2404

merged 4 commits into from
Nov 2, 2021

Conversation

sashaCher
Copy link
Contributor

Desired Outcome

authn-jwt related host annotations supports nested claims.

Implemented Changes

ValidateRestrictionsOneToOne is using Hash.dig function instead of direct key access to json object.

Connected Issue/Story

Follows design #2394
ONYX-13640

Definition of Done

  • Desired outcome achieved
  • New code has appropriate UT and System tests

Changelog

  • The CHANGELOG has been updated, or
  • This PR does not include user-facing changes and doesn't require a
    CHANGELOG update

Test coverage

  • This PR includes new unit and integration tests to go with the code
    changes, or
  • The changes in this PR do not require tests

Documentation

  • Docs (e.g. READMEs) were updated in this PR
  • A follow-up issue to update official docs has been filed here: insert issue ID
  • This PR does not require updating any documentation

Behavior

  • This PR changes product behavior and has been reviewed by a PO, or
  • These changes are part of a larger initiative that will be reviewed later, or
  • No behavior was changed with this PR

Security

  • Security architect has reviewed the changes in this PR,
  • These changes are part of a larger initiative with a separate security review, or
  • There are no security aspects to these changes

@sashaCher sashaCher requested a review from a team November 2, 2021 07:59
@sashaCher sashaCher requested a review from a team as a code owner November 2, 2021 07:59
tzheleznyak
tzheleznyak reviewed Nov 2, 2021
View reviewed changes
app/domain/authentication/authn_jwt/restriction_validation/validate_restrictions_one_to_one.rb Outdated
claim_name_for_error(annotation_name, claim_name)
end
claim_value = @decoded_token.dig(*parsed_claim_path(claim_name))
raise Errors::Authentication::AuthnJwt::JwtTokenClaimIsMissing,
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

do a normal if here

tzheleznyak
tzheleznyak reviewed Nov 2, 2021
View reviewed changes
app/domain/authentication/authn_jwt/restriction_validation/validate_restrictions_one_to_one.rb
raise Errors::Authentication::AuthnJwt::JwtTokenClaimIsMissing,
claim_name_for_error(annotation_name, claim_name)
end
claim_value = @decoded_token.dig(*parsed_claim_path(claim_name))
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Move right side to function called claim_value

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To seperate responsibilities between function. One wrapping parsed_claim_path and one doing the compare. Do what you think its not critical

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's replace one function dig by other.
The class is stateless from single restriction perspective so memorization is impossible.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Without memoriaztion jsut

def claim_value(claim_name)
   @decoded_token.dig(*parsed_claim_path(claim_name))
end

So the comprare
restriction_value == claim_value

will be the only call for the function.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there are multiple usages by claim value in the main function
I don't want to dig for value each time it needed
It's enough to dig once.

codeclimate[bot]
codeclimate bot reviewed Nov 2, 2021
View reviewed changes
app/domain/authentication/authn_jwt/restriction_validation/validate_restrictions_one_to_one.rb
@@ -23,12 +25,13 @@ def valid_restriction?(restriction)
raise Errors::Authentication::ResourceRestrictions::EmptyAnnotationGiven, annotation_name
end

unless @decoded_token.key?(claim_name)
claim_value = @decoded_token.dig(*parsed_claim_path(claim_name))
if claim_value.nil?
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Authentication::AuthnJwt::RestrictionValidation::ValidateRestrictionsOneToOne#valid_restriction? performs a nil-check

@codeclimate
Copy link

codeclimate bot commented Nov 2, 2021

Code Climate has analyzed commit ed1428b and detected 1 issue on this pull request.

Here's the issue category breakdown:

Category Count
Complexity 1

The test coverage on the diff in this pull request is 100.0% (50% is the threshold).

This pull request will bring the total coverage in the repository to 90.9% (0.0% change).

View more on Code Climate.

tzheleznyak
tzheleznyak approved these changes Nov 2, 2021
View reviewed changes
Copy link
Contributor

@tzheleznyak tzheleznyak left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@sashaCher sashaCher merged commit 42f5f36 into master Nov 2, 2021
@sashaCher sashaCher deleted the nested-annotations-integration branch November 2, 2021 10:04
@jtuttle jtuttle mentioned this pull request Nov 12, 2021
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@codeclimate codeclimate[bot] codeclimate[bot] left review comments

@tzheleznyak tzheleznyak tzheleznyak approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@sashaCher @tzheleznyak