1. Addd scope, expires, access token, and online access info to session storage #11
Conversation
MuhammadFarag
force-pushed
the
update-sesssion-storage
branch
from
c9d297e
to
b384cab
Compare
app/Models/DbSessionStorage.php
Outdated
| $dbSession->expires_at = $session->getExpires(); | ||
| $dbSession->scope = $session->getScope(); | ||
| if(!empty($session->getOnlineAccessInfo())){ | ||
| $dbSession->online_access_info = serialize($session->getOnlineAccessInfo()); |
There was a problem hiding this comment.
I have a bitter feeling about this...
Other options:
- Serialize as JSON and handle potential exception
- Create a column for each field in the online access info
- Go the other way around and just serialize the entire Session object against the key
There was a problem hiding this comment.
The disadvantage of serializing it as JSON is that we'd have to rebuild the object when coming back (which could be a static method in the info class). I agree that the serialize call is less than ideal, but this is a shallow value object, so it's not necessarily a big problem.
If we want to do things 'the right way', we'd probably go with option 2, which is more work but gives us fully structured data that can be queried for the purposes of an app - like say an app that needs to know which user is doing things in a context that does not use one of the lib's sessions.
There was a problem hiding this comment.
Spread it into separate columns 👍
MuhammadFarag
changed the title
app/Models/DbSessionStorage.php
Outdated
| if($dbSession->expires_at){ | ||
| $session->setExpires($dbSession->expires_at); | ||
| } | ||
| if($dbSession->access_token){ | ||
| $session->setAccessToken($dbSession->access_token); | ||
| } | ||
| if($dbSession->scope){ | ||
| $session->setScope($dbSession->scope); | ||
| } | ||
| if($dbSession->online_access_info){ | ||
| $session->setOnlineAccessInfo(unserialize($dbSession->online_access_info)); | ||
| } | ||
| return $session; |
There was a problem hiding this comment.
| if($dbSession->expires_at){ | |
| $session->setExpires($dbSession->expires_at); | |
| } | |
| if($dbSession->access_token){ | |
| $session->setAccessToken($dbSession->access_token); | |
| } | |
| if($dbSession->scope){ | |
| $session->setScope($dbSession->scope); | |
| } | |
| if($dbSession->online_access_info){ | |
| $session->setOnlineAccessInfo(unserialize($dbSession->online_access_info)); | |
| } | |
| return $session; | |
| if ($dbSession->expires_at){ | |
| $session->setExpires($dbSession->expires_at); | |
| } | |
| if ($dbSession->access_token){ | |
| $session->setAccessToken($dbSession->access_token); | |
| } | |
| if ($dbSession->scope){ | |
| $session->setScope($dbSession->scope); | |
| } | |
| if ($dbSession->online_access_info){ | |
| $session->setOnlineAccessInfo(unserialize($dbSession->online_access_info)); | |
| } | |
| return $session; |
There was a problem hiding this comment.
This tells me, we need to merge a linting PR prior to these PRs
app/Models/DbSessionStorage.php
Outdated
| } | ||
| return null; | ||
| } | ||
|
|
||
| public function storeSession(Session $session): bool | ||
| { | ||
| $dbSession = new \App\Models\Session(); | ||
| $dbSession =\App\Models\Session::where('session_id', $session->getId())->first(); |
There was a problem hiding this comment.
| $dbSession =\App\Models\Session::where('session_id', $session->getId())->first(); | |
| $dbSession = \App\Models\Session::where('session_id', $session->getId())->first(); |
app/Models/DbSessionStorage.php
Outdated
| } | ||
| return null; | ||
| } | ||
|
|
||
| public function storeSession(Session $session): bool | ||
| { | ||
| $dbSession = new \App\Models\Session(); | ||
| $dbSession =\App\Models\Session::where('session_id', $session->getId())->first(); | ||
| if(!$dbSession){ |
There was a problem hiding this comment.
| if(!$dbSession){ | |
| if (!$dbSession){ |
app/Models/DbSessionStorage.php
Outdated
| $dbSession->access_token = $session->getAccessToken(); | ||
| $dbSession->expires_at = $session->getExpires(); | ||
| $dbSession->scope = $session->getScope(); | ||
| if(!empty($session->getOnlineAccessInfo())){ |
There was a problem hiding this comment.
| if(!empty($session->getOnlineAccessInfo())){ | |
| if (!empty($session->getOnlineAccessInfo())){ |
There was a problem hiding this comment.
Thank you @Paulinakhew 💯
app/Models/DbSessionStorage.php
Outdated
| $dbSession->expires_at = $session->getExpires(); | ||
| $dbSession->scope = $session->getScope(); | ||
| if(!empty($session->getOnlineAccessInfo())){ | ||
| $dbSession->online_access_info = serialize($session->getOnlineAccessInfo()); |
There was a problem hiding this comment.
The disadvantage of serializing it as JSON is that we'd have to rebuild the object when coming back (which could be a static method in the info class). I agree that the serialize call is less than ideal, but this is a shallow value object, so it's not necessarily a big problem.
If we want to do things 'the right way', we'd probably go with option 2, which is more work but gives us fully structured data that can be queried for the purposes of an app - like say an app that needs to know which user is doing things in a context that does not use one of the lib's sessions.
| @@ -42,12 +60,11 @@ public function testLoadSessionReturnSessionIfItExists() | |||
| ); | |||
| } | |||
|
|
|||
| public function testStoreSessionReturnFalseIfOperationFails() | |||
| public function testStoreShouldUpdateSession() | |||
There was a problem hiding this comment.
I made this comment elsewhere, seems like that was a branch off of this :) - we should probably keep the old test around as it's useful, and trigger a different storage failure (like an invalid type for a column?).
There was a problem hiding this comment.
I just didn't know how to trigger that failure in the tests 😅
There was a problem hiding this comment.
😅 won't it fail if we give a column some bogus value? I guess the problem here is that strict typing makes our code too robust to fail 😄 .
| $dbSession->expires_at = $session->getExpires(); | ||
| $dbSession->scope = $session->getScope(); | ||
| if (!empty($session->getOnlineAccessInfo())) { | ||
| $dbSession->user_id = $session->getOnlineAccessInfo()->getId(); |
There was a problem hiding this comment.
A bit more verbose, but I like this approach better. As a separate PR, we may want to consider adding a method to Shopify\Auth\Session that takes in an object / associative array and pops out a session object so partners don't need to go through all of this (i.e. this could all be done as Session::createFromObject($dbSession).
There was a problem hiding this comment.
I am not sure if we can generalize that. Because we don't know the underlying store they are using an how is it being encoded.
MuhammadFarag
force-pushed
the
update-sesssion-storage
branch
from
283a91d
to
eda87f2
Compare
Add missing fields to session storage. These fields are required for the callback flow and online session tokens