Feature/padlock auth #15
Conversation
andrewr224
commented
Apr 6, 2018
•
andrewr224
commented
- Create delete job on token creation
- Improve phone/mail validation
- Implement email verification
- Implement reset password
andrewr224
force-pushed
the
feature/padlock-auth
branch
3 times, most recently
from
117ed28 to
52caa23
Compare
| key_type: type, | ||
| expired_at: expired_at | ||
| ) | ||
| ExpireTokenJob.set(wait_until: token.expired_at).perform_now(token_id: token.id) if token |
There was a problem hiding this comment.
This seems to work, but, and I know a good but when I see one, that's probably not how it's supposed to be used. Please advise
| def create | ||
| @user = V1::Padlock::Registrations::Create.call(user_params) | ||
|
|
||
| return render json: @user.errors, status: :unprocessable_entity unless @user.persisted? |
There was a problem hiding this comment.
if @user.new_record? => same
There was a problem hiding this comment.
unless persisted seems to better convey my intention here, namely - I wanna render errors unless the user was saved
There was a problem hiding this comment.
Ok, just noticed that => persisted? == !(new_record? || destroyed?)
There was a problem hiding this comment.
Also, you have defined alias for this - user_valid?
| def create | ||
| @user = V1::Padlock::Sessions::Create.call(params) | ||
|
|
||
| return render json: nil, status: :unauthorized unless @user |
| def destroy | ||
| return render json: nil, status: :unprocessable_entity unless token | ||
|
|
||
| return render json: nil, head: :ok if ::Padlock::TokenDestroyer.call(token: token) |
There was a problem hiding this comment.
Because render checks status key. Change :ok, to :unprocessable_entity. Theoretically you'll see the same result.
There was a problem hiding this comment.
..so you can ignore status here at all, because it is 200, when response has body, by default
| end | ||
|
|
||
| def destroy | ||
| return render json: nil, status: :unprocessable_entity unless token |
app/jobs/expire_token_job.rb
Outdated
| class ExpireTokenJob < ApplicationJob | ||
| queue_as :default | ||
|
|
||
| def perform(params = {}) |
There was a problem hiding this comment.
ArgumentError: wrong number of arguments (given 1, expected 0)
| def identity | ||
| @identity ||= case | ||
| when email | ||
| Identity.find_by(uid: email) |
There was a problem hiding this comment.
def uid
email || phone
end
def identity
@identity ||= Identity.find_by(uid: uid)
end
| def initialize(params = {}) | ||
| @user = params[:user] | ||
| @type = params[:type] || :auth | ||
| @expired_at = params[:expired_at] || Time.zone.now + 1.month |
There was a problem hiding this comment.
use fetch when you set default values in initializer.
But if you need to wrap cases like this:
Object.new(type: nil)
and have :auth instead of nil
=> use your approach
andrewr224
force-pushed
the
feature/padlock-auth
branch
2 times, most recently
from
2b286f8 to
136fcbb
Compare
andrewr224
force-pushed
the
feature/padlock-auth
branch
from
136fcbb to
ad3964b
Compare
andrewr224
force-pushed
the
feature/padlock-auth
branch
2 times, most recently
from
8ab1e3c to
bbeef09
Compare
| attr_reader :user | ||
|
|
||
| def user_valid? | ||
| user&.persisted? |
There was a problem hiding this comment.
This is not a predicate, you can receive nil here
user && user.persisted?
And IMO, user_persisted? looks better, because user_valid? is a little bit smooth description here
There was a problem hiding this comment.
Rubocop wouldn't stand it
| end | ||
|
|
||
| def insert_token | ||
| response.headers[ACCESS_TOKEN_KEY] = user.tokens.last.key if user_valid? |
There was a problem hiding this comment.
thread-unsafe token
(someone else can add token to user right after creation of user)
Remember about refactoring here.
Now you can define has_one association last_access_token in User model
| @@ -0,0 +1,27 @@ | |||
| module V1 | |||
There was a problem hiding this comment.
We need to think about moving whole this module to lib folder.
It’s for libraries that are not packaged as gems but could be. (c) source
| def create | ||
| @user = V1::Padlock::Registrations::Create.call(user_params) | ||
|
|
||
| return render json: @user.errors, status: :unprocessable_entity unless @user.persisted? |
There was a problem hiding this comment.
Also, you have defined alias for this - user_valid?
| def create | ||
| @user = V1::Padlock::Sessions::Create.call(params) | ||
|
|
||
| return head :unauthorized unless @user |
app/jobs/expire_token_job.rb
Outdated
| @@ -0,0 +1,9 @@ | |||
| class ExpireTokenJob | |||
| include Sidekiq::Worker | |||
There was a problem hiding this comment.
You can move include to ApplicationJob and then inherit from it. Would be cleaner
There was a problem hiding this comment.
ArgumentError: You cannot include Sidekiq::Worker in an ActiveJob: ApplicationJob
app/jobs/expire_token_job.rb
Outdated
| class ExpireTokenJob | ||
| include Sidekiq::Worker | ||
|
|
||
| def perform(params = {}) |
There was a problem hiding this comment.
Use explicit arguments, or at least key arguments (:+1:) here.
We haven't defined constructor for job to provide attributes assigning, call them from the params hash all the time looks messy.
spec/factories/identity.rb
Outdated
| factory :identity do | ||
| trait :email do | ||
| uid { Faker::Internet.email } | ||
| provider 'email'.freeze |
spec/factories/identity.rb
Outdated
|
|
||
| trait :phone do | ||
| uid { Faker::PhoneNumber.phone_number } | ||
| provider 'phone'.freeze |
spec/jobs/expire_token_job_spec.rb
Outdated
|
|
||
| subject { described_class.perform_at(token.expired_at, token_id: token.id) } | ||
|
|
||
| let!(:token) { create(:token) } |
There was a problem hiding this comment.
Let's apply one conventional call order:
- Definition of variables ->
let,let! subjectbeforeafter
There was a problem hiding this comment.
Agreed, but I vote for subject/let/before/after
There was a problem hiding this comment.
That's the order they use in style guide
https://github.com/reachlocal/rspec-style-guide#good-example-2
andrewr224
force-pushed
the
feature/padlock-auth
branch
3 times, most recently
from
b7625cb to
e5d190a
Compare
andrewr224
force-pushed
the
feature/padlock-auth
branch
from
e5d190a to
ad5edd3
Compare
andrewr224
force-pushed
the
feature/padlock-auth
branch
from
ad5edd3 to
fa53410
Compare
