Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Change error on unimplemented party setter #27

Closed
wants to merge 2 commits into from
Closed

Change error on unimplemented party setter #27

wants to merge 2 commits into from

Conversation

Vagab
Copy link
Contributor

@Vagab Vagab commented Jun 23, 2023
edited
Loading

I think NotImplementedError with class name reads better. Also, the message was saying relying_party which is confusing in this context, since even if it's implemented we'll still get an error.

On a separate note, @tcannonfodder, why don't we just write a default implementation in, say, Warden::WebAuthn::StrategyHelpers? I don't think many users will have a better use for it than

def set_relying_party_in_request_env
  request.env[relying_party_key] = relying_party
end

Happy to make a pr

tcannonfodder
tcannonfodder requested changes Jun 23, 2023
View reviewed changes
Copy link
Contributor

@tcannonfodder tcannonfodder left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I also need to review the updated error message when I'm at my desk

lib/devise/passkeys/controllers/reauthentication_controller_concern.rb Outdated
@@ -70,7 +70,7 @@ def delete_reauthentication_challenge
end

def set_relying_party_in_request_env
raise "need to define relying_party for this SessionsController"
raise NotImplementedError, "need to define set_relying_party_in_request_env for #{self.class.name}"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As annoying & confusing as it can be, there are both semantic & practical reasons to not use NotImplentedError, see: https://oleg0potapov.medium.com/ruby-notimplementederror-dont-use-it-dff1fd7228e5.

Some possible candidates

  • Leave as-is
  • RuntimeError
  • NoMethodError

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oooh, ok. Good catch. Fixed

@tcannonfodder
Copy link
Contributor

On a separate note, @tcannonfodder, why don't we just write a default implementation in, say, Warden::WebAuthn::StrategyHelpers? I don't think many users will have a better use for it than

def set_relying_party_in_request_env

  request.env[relying_party_key] = relying_party

end

Ack, I know I had this conversation with @heliocola, but I can't find it 😬

The gist is that I don't want this gem to be too magical, which is one of the problems I have with devise as a whole.

Since the relying party is the core for the entire WebAuthn flow; the app should be responsible for:

  • Setting it up as needed for each request (even if it remains constant)
  • Slotting it into the request environment so that the warden strategy and this gem can use it

I know it can feel like a bit of overkill, but it has the benefits of:

  • Being easy to search for in your codebase
  • Being able to easily debug without having to pry open & dig into a gem
  • Reducing the maintenance footprint of this gem, since it's less code we manage (and the error message is clear as to what's needed)

@Vagab
Copy link
Contributor Author

Vagab commented Jun 23, 2023

The gist is that I don't want this gem to be too magical, which is one of the problems I have with devise as a whole.

totally agree with this statement. However, I think this is the perfect candidate(there are few) to actually have a generic implementation for. Mainly because I don't see how the implementation for it could reasonably be any different.

@tcannonfodder
Copy link
Contributor

tcannonfodder commented Jun 23, 2023
edited
Loading

Mainly because I don't see how the implementation for it could reasonably be any different.

Hmmm; let me think on that, you make a good point.

I'm also curious about those other places you think a generic implementation would be useful; feel free to make an issue!

@Vagab Vagab requested a review from tcannonfodder June 23, 2023 14:04
tcannonfodder
tcannonfodder requested changes Jun 24, 2023
View reviewed changes
Copy link
Contributor

@tcannonfodder tcannonfodder left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@Vagab I actually moved set_relying_party_in_request_env into Warden::WebAuthn::RackHelper in #29 (7b7d501).

Can you close this PR and make a new one based on that branch, with this error message being on the relying_party method directly, see:
7b7d501#diff-c88c685935abcec7655c75a59b34681909226e6fa4088f253427d5ddefef1c99R72

@Vagab Vagab closed this Jun 24, 2023
@Vagab Vagab deleted the change-error-on-unimplemented-party-setter branch June 24, 2023 11:32
tcannonfodder added a commit that referenced this pull request Jun 24, 2023
@tcannonfodder
SessionsControllerConcern.relying_party raises NoMethodError
91a3bbe 
* This ports the changes to `ReauthenticationControllerConcern` to match
	for consistency
	* see: 447e114
	* #27
tcannonfodder added a commit that referenced this pull request Jun 24, 2023
@tcannonfodder
SessionsControllerConcern.relying_party raises NoMethodError
cb5357f 
* This ports the changes to `ReauthenticationControllerConcern` to match
	for consistency
	* see: 447e114
	* #27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tcannonfodder tcannonfodder tcannonfodder requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@Vagab @tcannonfodder