Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Psre 2138/feature/pre hash string utils PSRE-2229 #70

Merged
merged 23 commits into from
Apr 10, 2024

Conversation

shtrom
Copy link
Contributor

@shtrom shtrom commented Feb 27, 2024

This PR:

  • introduces a separate PreHashString service concept, and moves the current implementation into a LegacyPrehashStringService
  • removes the ability to inject signature factories into the Init object, as using the latest version is a deliberate choice
  • reintroduces v1 signature tests
  • moves the tests params to a separate fixture provider
  • ensures that things we want to test for backward compatibility are hardcoded strings, rather than generated on the fly
  • refreshes the phpunit config
  • adds linting tools
  • lints the lot for good measure
  • add a github workflow to run those tests on PR

It may help to review this PR commit by commit, as they build on top of each other.

Checklist

  • Feature

  • Bug

  • Refactor

  • ChangeLog.md updated

  • Tests added

  • All testsuite passes

  • make dist completed successfully

@shtrom shtrom marked this pull request as draft February 27, 2024 07:06
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 2 times, most recently from 1a9608b to df747fb Compare March 5, 2024 07:08
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 8 times, most recently from c252e2a to 0e9329b Compare March 13, 2024 06:57
@shtrom shtrom requested a review from markkellyeire March 13, 2024 06:58
@shtrom shtrom marked this pull request as ready for review March 13, 2024 07:01
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 8 times, most recently from 4937087 to 76aa9ba Compare March 18, 2024 05:09
@shtrom shtrom requested a review from markus-liang-lrn March 19, 2024 03:54
david-scarratt-lrn and others added 7 commits April 3, 2024 10:21
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
shtrom added 6 commits April 3, 2024 10:21
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
[TEST] ParamsFixture/items: add user_id in security
[TEST] ParamsFixture lexical ordering of method per API name
[TEST] ParamsFixture: move data timestamp to fixture
[TEST] ParamsFixture: reuse apiQuestionActivity in Assess init options
[TEST] Explicitely disable telemetry in constructor tests

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Only leave hardcoded signatures in test for bespoke modifications.

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch 2 times, most recently from d20163e to a1ee325 Compare April 2, 2024 23:41
shtrom added 6 commits April 3, 2024 10:59
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
…ward compatibility

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
…d current schemes

Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch from a1ee325 to 595b8b1 Compare April 2, 2024 23:59
@@ -6,17 +6,17 @@

class HashSignature implements SignatureInterface
{
const ALGORITHM = 'sha256';
public const ALGORITHM = 'sha256';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Are these really public? I understand that the default of these is public, but I think these should only be used in this class, so should be private

@@ -8,17 +8,17 @@

class HmacSignature implements SignatureInterface
{
const ALGORITHM = 'sha256';
public const ALGORITHM = 'sha256';
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Visibility should be private I'd say


use LearnositySdk\Exceptions\ValidationException;

class LegacyPreHashString implements PreHashStringInterface
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I assume there will be another class implementing this in the future, otherwise the interface makes no sense

Copy link
Contributor Author

@shtrom shtrom Apr 5, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep, the idea is to make each signature pattern independent, rather than the current pattern we have which is really hard to audit because it jumps around and has too many ifs.

The LegacyPreHashString implementation is different from what we had in the SDK before, as it takes the approach of the implementation we have in LP instead, which is a lot simpler to follow.

use LearnositySdk\Services\PreHashStrings\PreHashStringInterface;
use LearnositySdk\Services\PreHashStrings\LegacyPreHashString;

class PreHashStringFactory
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure if PreHashString is the best name for these classes. Maybe PlainStringManipulator ? Not sure if that's better though

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's not a great name, but that's the one that has been used historically, so I went with that.

https://github.com/Learnosity/learnosity-sdk-php/blob/master/src/Request/Init.php#L297-L315

It's a very specific Service that should only do PHS generation.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prior to the signature upgrade in most cases the pre hash string variable was called $signature in many places which was so confusing. Changing it to prehash string was a revelation in terms of readability but I now realise that probably only was the case for myself and others who had struggled to understand the code when it was called $signature.

Has a look each implementation of of hash hmac in each of the SDK languages we support just for naming convention ideas and it seems most languages refer to the data to be hashed as message or simply data which in both cases is probably too ambiguous.

@shtrom shtrom requested a review from klauste April 5, 2024 03:00
@shtrom shtrom changed the title Psre 2138/feature/pre hash string utils Psre 2138/feature/pre hash string utils PSRE-2229 Apr 5, 2024
$this->requestPacket,
$this->action
);
/* $preHashString = $this->generatePreHashString(); */
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@shtrom Looks like this commented out line can go.

use LearnositySdk\Services\PreHashStrings\PreHashStringInterface;
use LearnositySdk\Services\PreHashStrings\LegacyPreHashString;

class PreHashStringFactory
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Prior to the signature upgrade in most cases the pre hash string variable was called $signature in many places which was so confusing. Changing it to prehash string was a revelation in terms of readability but I now realise that probably only was the case for myself and others who had struggled to understand the code when it was called $signature.

Has a look each implementation of of hash hmac in each of the SDK languages we support just for naming convention ideas and it seems most languages refer to the data to be hashed as message or simply data which in both cases is probably too ambiguous.

@shtrom shtrom requested a review from markkellyeire April 8, 2024 07:20
shtrom added 4 commits April 8, 2024 17:21
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
Signed-off-by: Olivier Mehani <olivier.mehani@learnosity.com>
@shtrom shtrom force-pushed the PSRE-2138/feature/pre-hash-string-utils branch from 40d291e to 49c0fc7 Compare April 8, 2024 07:21
@shtrom shtrom dismissed markkellyeire’s stale review April 9, 2024 02:24

Comments addressed.

@shtrom shtrom merged commit 2c05853 into master Apr 10, 2024
2 checks passed
@shtrom shtrom deleted the PSRE-2138/feature/pre-hash-string-utils branch April 10, 2024 01:27
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants