RSA10j #492
RSA10j #492
Conversation
| @@ -1903,6 +1903,32 @@ class Auth : QuickSpec { | |||
| done() | |||
| } | |||
| } | |||
|
|
|||
There was a problem hiding this comment.
I appreciate the code above was not yours, but I do not follow the logic. The queryTime option is set to true for AuthOptions, I get that. But the time from the time method is stored and then the authorise request is then executed and the issued attribute is checked to be within 1 second. Firstly, if we have even a minor delay here this test will fail, but I am not sure what it's even testing. If we want to check the time then we should have a test for http://docs.ably.io/client-lib-development-guide/features/#RSA10k, but this is mixing concerns and is brittle. Please can you confirm why you think this is even here, and whether RSA10k has suitable coverage proving the request for time is made elsewhere i.e. we can then remove this.
There was a problem hiding this comment.
I guess that previous developer just wanted to test that issued time is in 1 second range with server time, but I also cannot understand the pros of doing time function call to store server time.
There was a problem hiding this comment.
Ok, well let's remove then and if this is a concern perhaps add as a separate test such as localClockInSync which simply fails with "Local clock is out of sync with Ably so tests may have unpredictable results"
I'll keep it in mind, thanks. I'll merge |
| @@ -263,9 +263,9 @@ - (void)executeTokenRequest:(ARTTokenRequest *)tokenRequest callback:(void (^)(A | |||
|
|
|||
| - (void)authorise:(ARTTokenParams *)tokenParams options:(ARTAuthOptions *)authOptions callback:(void (^)(ARTTokenDetails *, NSError *))callback { | |||
| BOOL requestNewToken = NO; | |||
| ARTAuthOptions *mergedOptions = [self mergeOptions:authOptions]; | |||
| ARTAuthOptions *mergedOptions = authOptions ? authOptions : self.options; | |||
There was a problem hiding this comment.
Name is a bit misleading, perhap just currentAuthOptions inline with currentTokenParams below?
There was a problem hiding this comment.
Oh, sorry, of course :)
|
Please review and merge if everything looks good |
| @@ -1717,14 +1718,12 @@ class Auth : QuickSpec { | |||
| waitUntil(timeout: testTimeout) { done in | |||
| auth.authorise(nil, options: authOptions) { tokenDetails, error in | |||
| expect(authCallbackHasBeenInvoked).to(beTrue()) | |||
|
|
|||
| authCallbackHasBeenInvoked = false | |||
There was a problem hiding this comment.
This test shouldn't be changed. It should work, or else we're breaking RSA10g.
There was a problem hiding this comment.
This test shouldn't be changed
Sorry but why?
If I leave the test as it was before - it will fail, because of authorise implementation changes (replace instead of merge). authorise function stores options and params - so I guess I just need to modify test to make it green, no?
There was a problem hiding this comment.
Because @EvgenyKarkan I believe what @tcard is saying is that you should test that the defaults are reused first (i.e. Stores the AuthOptions and TokenParams arguments as defaults for subsequent authorisations with the exception of the attributes TokenParams#timestamp and AuthOptions#queryTime). The test for http://docs.ably.io/client-lib-development-guide/features/#RSA10g is now missing i.e. we need to ensure that the defaults are carried through to the following request for RSA10g, and for RSA10j (this PR), you need to ensure any provided details override existing defaults. Added to this, https://github.com/ably/ably-ios/pull/492/files#diff-b5d84fe9bce26902a7481c2ffec84fffR1723 is really not relevant given that param has been removed completely given RSA10d is now removed, see https://github.com/ably/docs/blob/source/content/client-lib-development-guide/versions/features-0-8__0-9.diff#L116.
So in summary:
- Test that defaults are carried through when none are provided (need initial + subsequent request without any arguments)
- Test that defaults are changed when set (need initial + subsequent request without any arguments)
- Remove
forcecompletely as this just confuses these tests given that option is no longer relevant and should be removed.
There was a problem hiding this comment.
Test that defaults are changed when set (need initial + subsequent request without any arguments)
I guess you mean + subsequent requestwithany arguments here?
Remove force completely
Remove it only from tests target, or also from the lib target?
There was a problem hiding this comment.
I guess you mean + subsequent requestwithany arguments here?
No, we need to test that the defaults are used for subsequent authorisations so if we passed in arguments then we'd be changing those defaults?
Remove force completely
Remove it only from tests target, or also from the lib target?
Not sure what you mean by target, but it should be removed as this option is no longer available as part of the tests you are implementing
There was a problem hiding this comment.
No, we need to test that the defaults are used for subsequent authorisations so if we passed in arguments then we'd be changing those defaults?
I might be missing something, but as per RSA10j spec that states:
For example, if a client is initialised with
TokenParams#ttlconfigured with a custom value, and aTokenParamsobject is passed in as an argument toauthorisewith a null value forttl, then thettlused for every subsequent authorisation will be null.
Does not this mean that the default parameters need to be replaced?
There was a problem hiding this comment.
Yes but if no arguments are passed in, then a TokenParams object has not been passed in.
What it actually states is:
TokenParams and AuthOptions are optional. When the arguments are present...
The point is that if you don't provide those arguments or they are null (but not empty TokenParam or AuthObtion objects), then the defaults are not overriden.
There was a problem hiding this comment.
Not sure what you mean by target
Well, Xcode project can contain several build targets - e.g.. main iOS or OSX app, unit tests, apple watch app, app extension, framework, etc.
In our case we have Ably ObjC library target, AblySpecs Swift tests target, and AblyTests ObjC tests target.
So my question was, in another words, - should I remove use of force from tests only, or should I remove force property from AuthOptions class in Ably library implementation too?
I guess I just need to remove it from test target only, otherwise it won't be possible to implement RSA10d and RTC8, because both of them needs force.
Am I right here, could you confirm please @mattheworiordan ?
|
@EvgenyKarkan I've rebased this PR on top of master instead of RSA9h, so that they are independent. It was getting pretty hard to review. Sorry for the trouble. |
| [self storeParams:currentTokenParams]; | ||
|
|
||
| // Reuse or not reuse the current token | ||
| if (mergedOptions.force == NO && self.tokenDetails) { | ||
| if (currentAuthOptions.force == NO && self.tokenDetails) { |
There was a problem hiding this comment.
I think you should just remove force from this PR and perhaps bundle the change for RSA10d into this as this is only confusing the review of a PR that is in flux between old & new functionality
There was a problem hiding this comment.
If I remove force property from AuthOptions object - it will break RSA10d & also RTC8 requirements, because both them needs force.
That’s why in my opinion it's impossible to combine both RSA10j and RSA10d changes in one PR.
There was a problem hiding this comment.
Then combine more stuff into one PR. We asked for as small PRs as possible, but if it's not possible to deliver this without making other changes, then those changes make this PR as small as possible.
| @@ -275,13 +275,13 @@ - (void)executeTokenRequest:(ARTTokenRequest *)tokenRequest callback:(void (^)(A | |||
|
|
|||
| - (void)authorise:(ARTTokenParams *)tokenParams options:(ARTAuthOptions *)authOptions callback:(void (^)(ARTTokenDetails *, NSError *))callback { | |||
| BOOL requestNewToken = NO; | |||
| ARTAuthOptions *mergedOptions = [self mergeOptions:authOptions]; | |||
| [self storeOptions:mergedOptions]; | |||
| ARTTokenParams *currentTokenParams = [self mergeParams:tokenParams]; | |||
There was a problem hiding this comment.
I believe timestamp and queryTime was not carried forward before, but now it appears they are given these objects are blindly copied? See http://docs.ably.io/client-lib-development-guide/features/#RSA10g
There was a problem hiding this comment.
Got it, will improve.
| } | ||
| expect(tokenDetails.clientId).to(equal(ExpectedTokenParams.clientId)) | ||
| expect(tokenDetails.issued!.dateByAddingTimeInterval(ExpectedTokenParams.ttl)).to(beCloseTo(tokenDetails.expires)) | ||
| expect(tokenDetails.capability).to(equal(ExpectedTokenParams.capability)) |
There was a problem hiding this comment.
If your have removed the TTL and delay in the test, then how do you know the token is not the same token? You need to make sure that a new token has ben generated after calling authorise
| guard let tokenDetails2 = tokenDetails2 else { | ||
| XCTFail("TokenDetails2 is nil"); done(); return | ||
| } | ||
| expect(rest.auth.options.authCallback).to(beNil()) |
There was a problem hiding this comment.
It would be more useful here to check that a documented API is overriden i.e. auth.options is undocumented, so instead why not check that the previous callback has not been used perhaps, or in the callback set a specific capability and ensure that capability has now not been used thus proving the callback has not been called.
ricardopereira
force-pushed
the
RSA10j
branch
2 times, most recently
from
b675c33 to
134c708
Compare
|
Squashed. |
|
@mattheworiordan PTAL |
|
@tcard PTAL |
| let tokenParams = ARTTokenParams(clientId: options.clientId) | ||
| let defaultTtl = tokenParams.ttl | ||
| let defaultCapability = tokenParams.capability | ||
| it("should supersede configured AuthOptions (using key) even if arguments are empty") { |
There was a problem hiding this comment.
This should say even argument objects are empty as saying arguments are empty makes it sound like if you don't pass in arguments as opposed to passing in empty objects
| } | ||
| } | ||
|
|
||
| // Second time |
There was a problem hiding this comment.
What are we testing by doing it a second time? If it's to test that subsequent authorizations will use key = nil then you should pass options: nil the second time or force an authorization some other way, right?
There was a problem hiding this comment.
Right. Done d069ed9.
|
|
||
| // Repeat | ||
| waitUntil(timeout: testTimeout) { done in | ||
| rest.auth.authorise(nil, options: nil) { tokenDetails, error in |
There was a problem hiding this comment.
Like here, you're passing options: nil and I guess you should do the same in the test above.
| XCTFail("TokenDetails is nil"); done(); return | ||
| } | ||
| expect(tokenDetails.clientId).to(beNil()) | ||
| expect(tokenDetails.issued).to(beCloseTo(serverDate, within: 1.0)) //1 Second |
There was a problem hiding this comment.
This doesn't really prove that queryTime was used, since it's really likely that the server time and the local time are within one second of each other. Maybe check that a call to /time was made? Really testing this would require that we mock the time locally, and I don't think that's worth it just for this.
There was a problem hiding this comment.
Plus, anything could take longer that 1 second in the server for any reason and then serverDate would be outdated, especially given you're using it twice. I'd rather not introduce even more reasons for tests to randomly fail because we expect unguaranteed things from the server.
There was a problem hiding this comment.
Yes, I'm having some failures on my machine because of that 1 second. I will mock the time. It will be necessary for another test about the server clock offset.
|
@tcard PTAL |
| @@ -22,6 +22,9 @@ ART_ASSUME_NONNULL_BEGIN | |||
| /// Get argument at index from the identified instance method. | |||
| - (void)testSuite_getArgumentFrom:(SEL)selector atIndex:(NSInteger)index callback:(void (^)(id))callback; | |||
|
|
|||
| /// Change the returning value using a date from the identified instance method. | |||
| - (id<AspectToken>)testSuite_returnValueFor:(SEL)selector withDate:(NSDate *)value; | |||
c5e461b