Attributes never returned are lost on creates and updates #103
Conversation
xjunior
force-pushed
the
never-attribute-lost-update
branch
from
25bcbf9 to
fe0043e
Compare
xjunior
changed the title
|
This seem similar to what is being discussed in #6 |
There was a problem hiding this comment.
Thanks for this submission. Unfortunately the PR contains changes that make it hard for me to understand what's needed and what's an accident. For example at the very top of the diff line 142 loses "self." for no apparent reason. The placement of "password" in parameter lis ets elsewhere has changed. Why; surely the hash position isn't significant?
I'll review this properly once extraneous diff entries have been removed - please do make pass through and revert any changes that are not strictly part of the change set for the fix being produced here, even if this might not match you personal preferences for code style.
If it's not a hassle, please could you annotate the diff with comments too, for example to explain why READ_WRITE_ATTRIBUTES changed to WRITE_ATTRIBUTES in tests?
|
@pond nothing really is an accident, but the thick of it is reverting this commit. While this commit and this commit add specs that are broken without the said revert. This PR is mostly an exploratory work to fix the issues presented on the specs added by the above commits, and I'm not suggesting we revert the mentioned commit, but that it's where the bug was introduced. Sorry about the confusion. |
|
@xjunior I'm still a bit in the dark. #80 implements the password returning fix. All tests pass; |
Yes, that's what I said:
This PR adds these two commits, which proves that there's a bug while patching a resource with an attribute marked as 'return=never', in this case, User and password.
I agree. This PR proves both: 1) there's a bug (and now a spec asserting that); 2) the bug was caused by that change. This PR does not aim at solving both issues, but to expose one. |
|
Yeah, I mean it needs fixing clearly (though it must be less urgent than I would expect, given the apparent severity, as this has gone unreported otherwise) but don't want to regress the non-returnable attributes PR in the process. I'm trying to figure out how to fix it but the day has been constant interruptions and I'm really just doing nothing much but making mistakes now due to tiredness, annoyingly. Basically it comes down to Incidentally, forgive me for missing the point somewhat at first - but - random commits don't mean much out of context to anyone but the person that committed them. If a specific commit is mentioned, the "owning" PR ideally is mentioned too, so a reader knows the details. It took a while to dig out PR 80 as the root of all this as a result, and that's why I wasn't sure about the two tests you mentioned only by commit (at first glance). |
|
...and the start of that is in main...feature/fix-non-returnables, very much a WIP. The change to not return an attribute in the Name complex type is to prove the nesting failure ( Interestingly I think there was always a bug in |
|
Thanks for your further analysis on this, @pond! I have temporary fixes for the password on both create and patch, but wanted to bring this up here. I agree, it comes down to Sorry about the initial confusion on the description of this issue, I'm glad you could end up understanding the problem. |
|
I had exactly the same idea initially - render because of a write op vs a read op, say - but I couldn't see a way to do it that didn't need controller changes and that'd break existing clients. Next, I thought about checking the action name but - euw, even worse. There shouldn't be any non-standard actions for SCIM but who knows, there might be in some cases. So that was a bad plan. Anyway, the as-JSON / to-SCIM stuff gets used a lot. The gem's founding components have that strange split and some of it wasn't documented, so it's always been something of a guessing game. Part of the work I want to do here is to better document what you use and when. I'd rename TL;DR It made my head hurt. Much of what I got by building Scimitar from other implementations was very useful and constructed in ways I wouldn't have thought of, but some other areas are definitely not built how I'd have done it. Were it not for a rush to get a SCIM implementation into our product (which of course was then never used as the client changed their minds! LOL) I might've taken more care there. |
I feel your pain, on both ways. I can think of ways to improve Scimitar too, starting by adding some abstractions on top of the mapping process. One of the improvements I could be doing in the midterm, though, would be what I suggested in this issue: #107 |
|
@xjunior I think this is looking decent: main...feature/fix-non-returnables EDIT - also generally concur that in terms of priorities, refactoring is all well and good but implementing as major feature as bulk updates would definitely seem a more valuable use of time! |
|
@pond that PR is looking good, and going in a good direction too! |
|
Please close this PR when that is open. Also, looks like it introduces a recursive attribute path, which can be useful here. |
|
Closed in favor of #109 |
Since we started never returning the password attribute via the
return = "never"[1] mechanism [].At https://github.com/RIPAGlobal/scimitar/blob/v2.7.1/app/models/scimitar/resources/mixin.rb#L420,
ci_scim_hashno longer contains the password, but after all operations are applied, an all attributes update is done on https://github.com/RIPAGlobal/scimitar/blob/v2.7.1/app/models/scimitar/resources/mixin.rb#L494 usingfrom_scim, targeting all attributes in the resource, including thoseneverreturned, and emptying them.The included test case ilustrates the scenario.
[1] 413280a
Fixes #105