-
Notifications
You must be signed in to change notification settings - Fork 32
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Username checking in native auth requests #2385
Conversation
@@ -53,6 +53,7 @@ data class ResetPasswordStartRequest private constructor( | |||
headers: Map<String, String?> | |||
): ResetPasswordStartRequest { | |||
// Check for empty Strings and empty Maps | |||
ArgUtils.validateNonNullArg(username, "username") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why was this removed in the first place?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure about the reason but I would prefer to keep the checking here.
@Test | ||
fun testSignUpStartWithEmptyUsernameShouldNotThrowException() { | ||
@Test(expected = ClientException::class) | ||
fun testSignUpStartWithEmptyUsernameShouldThrowException() { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Wasn't this changed (i.e. the exception removed) as part of last year's work to align some of our errors and return an InvalidUsernameError in the case of an empty string? Giannis worked on that I believe.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes. I think so. But either CommandResultUtil.kt
if (this.status != ICommandResult.ResultStatus.COMPLETED) {
var exception: Exception? = null
var exceptionMessage: String? = ""
if (this.result is Exception) {
exception = this.result as Exception
exceptionMessage = exception.message
}
return com.microsoft.identity.common.java.nativeauth.controllers.results.INativeAuthCommandResult.UnknownError(
error = UNSUCCESSFUL_COMMAND_ERROR,
errorDescription = exceptionMessage,
exception = exception,
correlationId = this.correlationId
) as ExpectedType
or NativeAuthPublicClientApplication.kt
return withContext(Dispatchers.IO) {
try {
verifyNoUserIsSignedIn()
if (username.isBlank()) {
return@withContext SignUpError(
errorType = ErrorTypes.INVALID_USERNAME,
errorMessage = "Empty or blank username",
correlationId = "UNSET"
)
}
can handle empty username.
I think the latter one act the main role of returning InvalidUsernameError before sending out the request/validating request parameters. Thus, I would prefer to keep the ThrowException here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Some thoughts:
- if we're already doing a username is empty check in the interface, we don't need to do it again in the API layer.
- we shouldn't just be throwing exceptions. An exception is a pretty heavy mechanism to give feedback to a developer. We should aim for something more graceful than that.
- the fact that this "throwing an exception" was removed from this API layer a few months ago, means we had a reason why. If that reason has changed, let's talk about it. We can just revert the work we did a few months ago without good reason.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Will abandon this PR.
Put back ArgUtils.validateNonNullArg(username, "username") in all initial native auth requests.
Company PRs:
msal: AzureAD/microsoft-authentication-library-for-android#2080
native sample app: Azure-Samples/ms-identity-ciam-native-auth-android-sample#24