Bug in Loading Strategies #6
Comments
|
Interesting. I think this was originally a refactor from: https://github.com/stormpath/stormpath-sdk-node/blob/abe164b88538cf357c18ac53545796cd48fa0e03/lib/Config.js#L46 But I can definitely see how this is an issue. I thought I had tests for it, but I'll add some and fix this issue :) @rdegges @avojnovicDk Big thanks on discovering/reporting it! :) |
|
Thanks @typerandom! All credits go to @avojnovicDk, she's really great. |
|
Thanks! <3 It's always good to have another pair of eyes. |
|
Thanks @avojnovicDk for pointing this out - we'll have to update this, the way it should work is defined here: https://github.com/stormpath/stormpath-sdk-spec/blob/master/specifications/config.md#loading-order |
|
Actually, there are some more things that bother me in that Strategy: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L31-L34
I checked the extend function in this fiddle: http://jsfiddle.net/L11q3LqL/ . This is jQuery, but npm's extend should be it's port: https://www.npmjs.com/package/extend . Also, now I think that this condition https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37 will never be Another thing that confuses me with the case when the file is empty is this line: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L53 Please note that I'm not a Node.js developer, so I'm sorry if I misinterpreted some lines. |
So, our Python contractor (@avojnovicDk) has been working on porting this library over to Python, and came across a bug in this code here: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37-L39
So, here's what's happening. First, take a look at the order in which things are supposed to be loaded from our sdk spec: https://github.com/stormpath/stormpath-sdk-spec/blob/master/specifications/config.md#loading-order
The order in which things should be loaded goes from most 'implicit' to most 'explicit'. So, the more explicit a user is about their settings, we'll prefer those explicit settings over the more generic ones. This makes sense, because it means a user will usually get what they expect in a magical way.
Here's the scenario in which the APIKeyConfigStrategy is broken:
Let's say I'm a user, and I have the following:
~/.stormpath/apiKey.properties,apiKey.propertiesinside of my local application folder that I'm currently working on.Per our spec, we should first load the settings from
~/.stormpath/apiKey.properties, and later override it with the settings fromapiKey.propertiesin the local directory since it also exists.This is not happening though.
These lines of code: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37-L39 show that if those API key values are already loaded from the first API key file, than we'll skip processing and use those old values INSTEAD of overwriting them like we should.
I think the solution is most likely to just remove these lines of code, but we should write some tests / etc. to cover this scenario first to make sure we aren't missing anything.
The text was updated successfully, but these errors were encountered: