Rejuvinate the Stepup Middleware #416
Draft
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
MKodde
force-pushed
the
feature/rejuvination
branch
from
1ec4235 to
78ee79c
Compare
Base automatically changed from
feature/build-and-publish-test-container
to
main
February 20, 2024 15:35
MKodde
force-pushed
the
feature/rejuvination
branch
4 times, most recently
from
ea8aa70 to
4e910cc
Compare
They are monitored using Dependabot
The latest and greatest dependencies are installed.
The composer packages have been upgraded. Some code is now broken as proven by tests. This commit aims to eat the low hanging fruits, and get the tests as green as possible. The harder nuts will be fixed in the following commits
In v6, we set the rootnode name in the constructor of the tree builder. And then retrieve the rootnode via a getter
For now they: - Implement the find method (add return types) - Use the bridge ManagerRegistry
1. Added return type definitions 2. When possible; add parameter type definitions 3. Use imports, remove FQN
Simplify certain code constructs like: - Simplify return statement - Make 'is empty' statements more specific - Simplify regex statements
As performed by Rectors SYMFONY_CODE_QUALITY set list
And clean up the code accordingly
Many repos referred to a moved ManagerRegistry class. That was changed in this commit
Type definitions have been added where possible
pablothedude
force-pushed
the
feature/rejuvination
branch
from
3175335 to
5e544dc
Compare
pablothedude
force-pushed
the
feature/rejuvination
branch
from
5e544dc to
b5071f9
Compare
pablothedude
force-pushed
the
feature/rejuvination
branch
from
9a06585 to
9d834af
Compare
This is done to prevent failing replays
Fix bugs after manual testing
pablothedude
force-pushed
the
feature/rejuvination
branch
from
d4cd580 to
894632a
Compare
MKodde
commented
Dec 11, 2024
There was a problem hiding this comment.
Awesome work @pablothedude. This was quite an undertaking!
I have some questions, submitted as comments in this review thread, but also have a couple of peer review questions I'd like to look at with you IRL.
src/Surfnet/StepupMiddleware/ApiBundle/Doctrine/Type/SelfVetOptionType.php
Show resolved
Hide resolved
src/Surfnet/StepupMiddleware/GatewayBundle/Entity/InstitutionConfiguration.php
Show resolved
Hide resolved
src/Surfnet/StepupMiddleware/ApiBundle/Identity/Projector/SecondFactorProjector.php
Outdated
Show resolved
Hide resolved
src/Surfnet/StepupMiddleware/ApiBundle/Controller/RecoveryTokenController.php
Show resolved
Hide resolved
johanib
reviewed
Dec 12, 2024
| @@ -5,9 +5,9 @@ set -e | |||
|
|
|||
| cd $(dirname $0)/../../ | |||
|
|
|||
| ./ci/qa/create-test-db | |||
| #./ci/qa/create-test-db | |||
There was a problem hiding this comment.
can this be removed? or is it needed in some cases. If so, when?
| "doctrine/doctrine-migrations-bundle": "^1.2", | ||
| "doctrine/orm": "^2.5", | ||
| "ext-openssl": "*", | ||
| "ext-pdo": "*", |
There was a problem hiding this comment.
are these exts new deps? Or just made explicit?
| @@ -13,9 +12,6 @@ doctrine: | |||
| password: "%database_middleware_password%" | |||
| server_version: "%database_server_version%" | |||
| charset: utf8 | |||
| options: | |||
| # The 1002 constant sets the PDO MYSQL_ATTR_INIT_COMMAND for when the connection is (re)connected. | |||
| 1002: "%database_driver_options_1002%" | |||
There was a problem hiding this comment.
This is not needed anymore? Or only for dev?
| when@test: | ||
| framework: | ||
| validation: | ||
| not_compromised_password: false |
There was a problem hiding this comment.
We don't do anything with passwords right?
🤔 should it be enabled / disabled for prod mode?
| resource: "@SurfnetStepupMiddlewareManagementBundle/Resources/config/routing.yml" | ||
| prefix: /management | ||
|
|
||
| openconext_monitor: |
There was a problem hiding this comment.
I see this is still the old bundle. Not a problem for now, but adding the config just in case.
Suggested change
| openconext_monitor: | |
| open_conext_monitor: | |
| resource: "@OpenConextMonitorBundle/src/Controller" | |
| type: attribute | |
| prefix: / |
https://github.com/OpenConext/Monitor-bundle/releases/tag/4.3.0
| /** | ||
| * Auto-generated Migration: Please modify to your needs! | ||
| */ | ||
| final class Version20241128131107 extends AbstractMigration |
| { | ||
| if ($id !== Configuration::CONFIGURATION_ID) { |
| if ($items !== [] && array_pop($items) instanceof VettedSecondFactor) { | ||
| return array_reduce( | ||
| $this->toArray(), | ||
| fn(VettedSecondFactor $carry, VettedSecondFactor $item): VettedSecondFactor => $service->hasEqualOrHigherLoaComparedTo( |
There was a problem hiding this comment.
Suggested change
| fn(VettedSecondFactor $carry, VettedSecondFactor $item): VettedSecondFactor => $service->hasEqualOrHigherLoaComparedTo( | |
| static fn(VettedSecondFactor $carry, VettedSecondFactor $item): VettedSecondFactor => $service->hasEqualOrHigherLoaComparedTo( |
| ); | ||
| return new HashedSecret($hashedSecret); | ||
| } | ||
|
|
||
| public function __construct(string $secret) | ||
| public function __construct(private readonly string $secret) |
There was a problem hiding this comment.
Suggested change
| public function __construct(private readonly string $secret) | |
| public function __construct(#[\SensitiveParameter] private readonly string $secret) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The aim of this PR is to make the Stepup-Middleware project compatible with PHP 8.2 and Symfony 6.4.
This is not simply achieved by installing those requirements and call it a day. Many of the project dependencies need to be made compatible with the new standards Symfony adheres to. And that can quickly become a slippery slope.
In this PR so far I mainly focussed on improving the code quality to modern standards. For example by implementing PHP Stan's rules. Almost the entire app has been made type safe and PHP 8 compatible.
Some major steps to take are:
config/packages/[dev/prod/...]folders and merge them into the main package config/migrationsfolder imho, and be excluded from qa tests?For more details on things to do, this private Google Drive document shows more information and an estimation on what's left to do.