Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Psre 2138/feature/pre hash string utils PSRE-2229 #70

Merged
merged 23 commits into from
Apr 10, 2024
Merged

Psre 2138/feature/pre hash string utils PSRE-2229 #70

merged 23 commits into from
Apr 10, 2024

Conversation

shtrom
Copy link
Contributor

@shtrom shtrom commented Feb 27, 2024
edited
Loading

This PR:

  • introduces a separate PreHashString service concept, and moves the current implementation into a LegacyPrehashStringService
  • removes the ability to inject signature factories into the Init object, as using the latest version is a deliberate choice
  • reintroduces v1 signature tests
  • moves the tests params to a separate fixture provider
  • ensures that things we want to test for backward compatibility are hardcoded strings, rather than generated on the fly
  • refreshes the phpunit config
  • adds linting tools
  • lints the lot for good measure
  • add a github workflow to run those tests on PR

It may help to review this PR commit by commit, as they build on top of each other.

Checklist

  • Feature

  • Bug

  • Refactor

  • ChangeLog.md updated

  • Tests added

  • All testsuite passes

  • make dist completed successfully

@shtrom shtrom marked this pull request as draft February 27, 2024 07:06
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 2 times, most recently from 1a9608b to df747fb Compare March 5, 2024 07:08
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 8 times, most recently from c252e2a to 0e9329b Compare March 13, 2024 06:57
@shtrom shtrom marked this pull request as ready for review March 13, 2024 07:01
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 8 times, most recently from 4937087 to 76aa9ba Compare March 18, 2024 05:09
david-scarratt-lrn and others added 7 commits April 3, 2024 10:21
@david-scarratt-lrn @shtrom
[FEATURE] Containerise dev env LRN-34270
f52a0a1
@shtrom
[TEST] Allow passing test arguments via ARGS_PHPUNIT
970aee5 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] phpunit --migrate-configuration
af5a1d1 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[VENDOR] require --dev squizlabs/php_codesniffer=*
2816b5d 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[LINT] Add phpcs config
b79be8f 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[BUILD] Add lint target
a9cfd06 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[LINT] Run phpcbf on codebase
5a8465e 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[LINT] Apply manual fixes
e4e8ebc 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] Move instanciation of Init to test rather than data providers
b2c94b7
@shtrom
[TEST] Move getWorking*Params to separate ParamsFixture
a07f237 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] Minute updates to ParamsFixture
a447d80 
[TEST] ParamsFixture/items: add user_id in security
[TEST] ParamsFixture lexical ordering of method per API name
[TEST] ParamsFixture: move data timestamp to fixture
[TEST] ParamsFixture: reuse apiQuestionActivity in Assess init options
[TEST] Explicitely disable telemetry in constructor tests

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] ParamsFixture: provide expected signature for params from Fixture
c4daed9 
Only leave hardcoded signatures in test for bespoke modifications.

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] InitTest: Use valid action for dataApiPost -> Set
26fdfa8 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 2 times, most recently from d20163e to a1ee325 Compare April 2, 2024 23:41
@shtrom
[FEATURE] Introduce PreHashString services
7c02fc5 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[REFACTOR] Init: Use PreHashString services
fdeab94 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] ParamsFixture: reintroduce v1 signatures to actively test back…
ffed4f2 
…ward compatibility

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] Signing services: test both v1 and v2 signatures
cc60b06 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] LegacyPreHashStringTest: hardcode expected PHS for v1Compat an…
ea380b8 
…d current schemes

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] ParamsFixture: add service-agnostic entrypoint methods
3b00efc 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch from a1ee325 to 595b8b1 Compare April 2, 2024 23:59
klauste
klauste reviewed Apr 3, 2024
View reviewed changes
src/Services/Signatures/HashSignature.php Outdated
@@ -6,17 +6,17 @@

class HashSignature implements SignatureInterface
{
const ALGORITHM = 'sha256';
public const ALGORITHM = 'sha256';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these really public? I understand that the default of these is public, but I think these should only be used in this class, so should be private

src/Services/Signatures/HmacSignature.php Outdated
@@ -8,17 +8,17 @@

class HmacSignature implements SignatureInterface
{
const ALGORITHM = 'sha256';
public const ALGORITHM = 'sha256';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Visibility should be private I'd say

src/Services/PreHashStrings/LegacyPreHashString.php

use LearnositySdk\Exceptions\ValidationException;

class LegacyPreHashString implements PreHashStringInterface
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume there will be another class implementing this in the future, otherwise the interface makes no sense

Copy link
Contributor Author

@shtrom shtrom Apr 5, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, the idea is to make each signature pattern independent, rather than the current pattern we have which is really hard to audit because it jumps around and has too many ifs.

The LegacyPreHashString implementation is different from what we had in the SDK before, as it takes the approach of the implementation we have in LP instead, which is a lot simpler to follow.

src/Services/PreHashStringFactory.php
use LearnositySdk\Services\PreHashStrings\PreHashStringInterface;
use LearnositySdk\Services\PreHashStrings\LegacyPreHashString;

class PreHashStringFactory
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if PreHashString is the best name for these classes. Maybe PlainStringManipulator ? Not sure if that's better though

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a great name, but that's the one that has been used historically, so I went with that.

https://github.com/Learnosity/learnosity-sdk-php/blob/master/src/Request/Init.php#L297-L315

It's a very specific Service that should only do PHS generation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prior to the signature upgrade in most cases the pre hash string variable was called $signature in many places which was so confusing. Changing it to prehash string was a revelation in terms of readability but I now realise that probably only was the case for myself and others who had struggled to understand the code when it was called $signature.

Has a look each implementation of of hash hmac in each of the SDK languages we support just for naming convention ideas and it seems most languages refer to the data to be hashed as message or simply data which in both cases is probably too ambiguous.

@shtrom shtrom requested a review from klauste April 5, 2024 03:00
@shtrom shtrom changed the title Psre 2138/feature/pre hash string utils Psre 2138/feature/pre hash string utils PSRE-2229 Apr 5, 2024
markkellyeire
markkellyeire previously requested changes Apr 5, 2024
View reviewed changes
src/Request/Init.php Outdated
$this->requestPacket,
$this->action
);
/* $preHashString = $this->generatePreHashString(); */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shtrom Looks like this commented out line can go.

src/Services/PreHashStringFactory.php
use LearnositySdk\Services\PreHashStrings\PreHashStringInterface;
use LearnositySdk\Services\PreHashStrings\LegacyPreHashString;

class PreHashStringFactory
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prior to the signature upgrade in most cases the pre hash string variable was called $signature in many places which was so confusing. Changing it to prehash string was a revelation in terms of readability but I now realise that probably only was the case for myself and others who had struggled to understand the code when it was called $signature.

Has a look each implementation of of hash hmac in each of the SDK languages we support just for naming convention ideas and it seems most languages refer to the data to be hashed as message or simply data which in both cases is probably too ambiguous.

@shtrom
[REFACTOR] Remove legacy PHS+Signing code
cdcf4c8 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[TEST] Add github workflow
3f22736 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[BUG] Request can be empty (or null)
bcc5b5c 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom
[REFACTOR] Signatures: reduce visibility of internal consts
49c0fc7 
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch from 40d291e to 49c0fc7 Compare April 8, 2024 07:21
@shtrom shtrom dismissed markkellyeire’s stale review April 9, 2024 02:24

Comments addressed.

@shtrom shtrom merged commit 2c05853 into master Apr 10, 2024
2 checks passed
@shtrom shtrom deleted the PSRE-2138/feature/pre-hash-string-utils branch April 10, 2024 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@markus-liang-lrn markus-liang-lrn markus-liang-lrn left review comments

@klauste klauste klauste approved these changes

@markkellyeire markkellyeire Awaiting requested review from markkellyeire

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@shtrom @markkellyeire @klauste @markus-liang-lrn @david-scarratt-lrn