Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Rejuvinate the Stepup Middleware #416

Draft
wants to merge 87 commits into
base: main
Choose a base branch
from
Draft

Rejuvinate the Stepup Middleware #416

wants to merge 87 commits into from

Conversation

MKodde
Copy link
Member

@MKodde MKodde commented Jan 17, 2024

The aim of this PR is to make the Stepup-Middleware project compatible with PHP 8.2 and Symfony 6.4.

This is not simply achieved by installing those requirements and call it a day. Many of the project dependencies need to be made compatible with the new standards Symfony adheres to. And that can quickly become a slippery slope.

In this PR so far I mainly focussed on improving the code quality to modern standards. For example by implementing PHP Stan's rules. Almost the entire app has been made type safe and PHP 8 compatible.

Some major steps to take are:

  1. Ensure the entire app functions in the new Symfony 6.4 app
    1. Merge config shattered throughout the app into the /config folder
    2. Remove the config/packages/[dev/prod/...] folders and merge them into the main package config
    3. Remove the SensioLabs framework extra bundle constructs (mainly router annotations and stuff like that)
  2. Doctrine 3 adjustments:
    1. The migrations can be moved to the /migrations folder imho, and be excluded from qa tests?
    2. Test and run migrations
    3. Ensure that the database unit tests run in the new Doctrine setup
  3. Broadway
    1. Test out, and compare outcome of an event replay

For more details on things to do, this private Google Drive document shows more information and an estimation on what's left to do.

@MKodde MKodde marked this pull request as draft January 17, 2024 10:41
@MKodde MKodde force-pushed the feature/rejuvination branch from 1ec4235 to 78ee79c Compare January 17, 2024 10:52
Base automatically changed from feature/build-and-publish-test-container to main February 20, 2024 15:35
@MKodde MKodde force-pushed the feature/rejuvination branch 4 times, most recently from ea8aa70 to 4e910cc Compare February 28, 2024 07:54
quartje and others added 23 commits September 16, 2024 13:36
They are monitored using Dependabot
The latest and greatest dependencies are installed.
The composer packages have been upgraded. Some code is now broken as
proven by tests. This commit aims to eat the low hanging fruits, and get
the tests as green as possible. The harder nuts will be fixed in the
following commits
In v6, we set the rootnode name in the constructor of the tree builder.
And then retrieve the rootnode via a getter
For now they:
- Implement the find method (add return types)
- Use the bridge ManagerRegistry
1. Added return type definitions
2. When possible; add parameter type definitions
3. Use imports, remove FQN
Simplify certain code constructs like:
- Simplify return statement
- Make 'is empty' statements more specific
- Simplify regex statements
As performed by Rectors SYMFONY_CODE_QUALITY set list
And clean up the code accordingly
Many repos referred to a moved ManagerRegistry class. That was changed
in this commit
Type definitions have been added where possible
Copy link
Member Author

@MKodde MKodde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Awesome work @pablothedude. This was quite an undertaking!

I have some questions, submitted as comments in this review thread, but also have a couple of peer review questions I'd like to look at with you IRL.

config/packages/framework.yaml Show resolved Hide resolved
ci/qa/phpunit.xml Show resolved Hide resolved
src/Surfnet/Stepup/Identity/Value/NameId.php Outdated Show resolved Hide resolved
src/Surfnet/Stepup/DateTime/DateTime.php Outdated Show resolved Hide resolved
bin/doctrine-migrations-migrate.sh Outdated Show resolved Hide resolved
Copy link
Member Author

@MKodde MKodde left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved ✔️

Copy link

@johanib johanib left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm about halfway through.
Submitting some minor points. Some might already be fixed, feel free to resolve.

@@ -5,9 +5,9 @@ set -e

cd $(dirname $0)/../../

./ci/qa/create-test-db
#./ci/qa/create-test-db
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can this be removed? or is it needed in some cases. If so, when?

"doctrine/doctrine-migrations-bundle": "^1.2",
"doctrine/orm": "^2.5",
"ext-openssl": "*",
"ext-pdo": "*",
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these exts new deps? Or just made explicit?

@@ -13,9 +12,6 @@ doctrine:
password: "%database_middleware_password%"
server_version: "%database_server_version%"
charset: utf8
options:
# The 1002 constant sets the PDO MYSQL_ATTR_INIT_COMMAND for when the connection is (re)connected.
1002: "%database_driver_options_1002%"
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is not needed anymore? Or only for dev?

when@test:
framework:
validation:
not_compromised_password: false
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We don't do anything with passwords right?

🤔 should it be enabled / disabled for prod mode?

resource: "@SurfnetStepupMiddlewareManagementBundle/Resources/config/routing.yml"
prefix: /management

openconext_monitor:
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I see this is still the old bundle. Not a problem for now, but adding the config just in case.

Suggested change
openconext_monitor:
open_conext_monitor:
resource: "@OpenConextMonitorBundle/src/Controller"
type: attribute
prefix: /

https://github.com/OpenConext/Monitor-bundle/releases/tag/4.3.0

/**
* Auto-generated Migration: Please modify to your needs!
*/
final class Version20241128131107 extends AbstractMigration
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Where do these changes come from?

{
if ($id !== Configuration::CONFIGURATION_ID) {
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Correct that this is removed?

if ($items !== [] && array_pop($items) instanceof VettedSecondFactor) {
return array_reduce(
$this->toArray(),
fn(VettedSecondFactor $carry, VettedSecondFactor $item): VettedSecondFactor => $service->hasEqualOrHigherLoaComparedTo(
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
fn(VettedSecondFactor $carry, VettedSecondFactor $item): VettedSecondFactor => $service->hasEqualOrHigherLoaComparedTo(
static fn(VettedSecondFactor $carry, VettedSecondFactor $item): VettedSecondFactor => $service->hasEqualOrHigherLoaComparedTo(

);
return new HashedSecret($hashedSecret);
}

public function __construct(string $secret)
public function __construct(private readonly string $secret)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
public function __construct(private readonly string $secret)
public function __construct(#[\SensitiveParameter] private readonly string $secret)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants