-
Notifications
You must be signed in to change notification settings - Fork 20
[#436] [FEATURE] Récupération du niveau par compétence pour un utilisateur via une api sécurisée (US-527) #436
Conversation
florianEnoh
commented
Jun 6, 2017
- Création du endpoint : /api/users
- Récupération toutes les compétences par domaines via Airtable
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sinon LGTM
.verify(token) | ||
.then((user_id) => { | ||
return UserRepository.findUserById(user_id) | ||
.then((foundedUser) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
La beauté des promesses, c'est que normalement ici tu n'es pas obligé d'imbriquer les then
, tu peux juste chaîner les promesses :
return authorizationToken
.verify(token)
.then(user_id => UserRepository.findUserById(user_id))
.then(foundedUser => reply(userSerializer.serialize(foundedUser)).code(201))
.catch((err) => {
// …
});
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes well seen
const token = request.headers.authorization; | ||
return authorizationToken | ||
.verify(token) | ||
.then((user_id) => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
userId
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, mais dans la PR de la connexion, c'est la clé user_id qui utilisée pour la signature.
Je l'ai laissé ainsi en attendant
if(err instanceof NotFoundError) { | ||
err = 'Cet utilisateur est introuvable'; | ||
} else { | ||
err = 'Le token n\'est pas valid'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Parfois, pour éviter le \'
disgracieux, je mets une apostrophe courbe : err = 'Le token n’est pas valide';
.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
err = 'Cet utilisateur est introuvable'; | ||
} else { | ||
err = 'Le token n\'est pas valid'; | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ça me semble un peu confondant que l'erreur par défaut soit "Le token n'est pas valide". Il n'y aurait pas moyen de détecter cette erreur là spécifiquement, pour faciliter le déboguage ? Un truc du genre :
if(err instanceof NotFoundError) {
err = 'Cet utilisateur est introuvable';
} else if (/* err.code = token_pas_valide, qqc comme ça */) {
err = 'Le token n’est pas valide';
} else {
err = 'Une erreur est survenue lors de l’authentification de l’utilisateur';
}
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Done
I've deployed this PR to http://get-user-level-by-skills.pix.beta.gouv.fr. Please check it out |
api/lib/application/tools/index.js
Outdated
@@ -0,0 +1,18 @@ | |||
const ToolsController = require('./tools-controller'); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On commence à avoir plusieurs endroits pour rafraichir le cache.
Proposition:
- On renomme en CacheController => /api/cache/all
- On deplace la purge de cache POST /api/courses/{id} vers ce controller
- DELETE est ok. Je crois qu'on peux utiliser PURGE également.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
pour la remarque 2) nous avons créée une issue #452
}); | ||
|
||
it('should exist', (done) => { | ||
return expectRouteToExist({method: 'DELETE', url: '/api/tools/cache'}, done); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Pas forcément nécessaire sortir une function.
On pourra aussi utiliser injectThen()
et se passer du done
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Bien vu
|
||
describe('Success cases', () => { | ||
|
||
it('should delete cache entry with key provided', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Le nom ne match pas avec ce qu'on test vraiment.
Je m'attendais à un truc du genre.
sinon.assert.callWith(cache.del, 'test-cache-key');
Pour le moment, je peux modifier request.payload['cache-key']
dans removeEntry par TOTO
sans aucun test rouge.
|
||
it('should delete cache entry with key provided', () => { | ||
// Given | ||
cache.del.returns(1); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
P-e extraire une variable pour expliquer le 1
(ex: countOfDeletedEntries = 1).
|
||
it('should reply with Error, when cache key is not found', () => { | ||
// Given | ||
cache.del.returns(0); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
P-e extraire une variable pour expliquer le 0
(ex: noDeletedEntries = 0).
api/lib/settings.js
Outdated
@@ -50,7 +51,7 @@ module.exports = (function() { | |||
secret: 'test-recaptcha-key' | |||
}; | |||
|
|||
config.authentication.secret = 'shhhhhhhhh'; | |||
config.authentication.secret = 'test-jwt-key'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
On a 2 façons de surcharger les configurations pour les tests, ça serait cool d'harmoniser.
}); | ||
}); | ||
|
||
it('should return 401 HTTP status code, when authorization is valid but user not found', () => { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Est-ce qu'on ne devrait pas retourner 404 quand l'authentification est réussi (= token valid et bien formé) mais que la ressource n'existe pas ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrigé!
|
||
it('should return 401 HTTP status code, when authorization is valid but error occurred', () => { | ||
authorizationToken.verify.resolves(4); | ||
UserRepository.findUserById.returns(Promise.reject(new Error())); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ici, on devrait renvoyer une erreur 5xx (500 ou autre) parce que l'erreur vient du serveur.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Corrigé!
areaId: 'recvoGdo0z0z0pXWZ' | ||
}]; | ||
|
||
const expectedCompetences = [ |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Expected en dernier ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Voir dans le then
}]; | ||
|
||
beforeEach(function() { | ||
cache.flushAll(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ici, on flush le cache avant chaque test et après, on stub.
Une seule façon de faire ?
On peux éventuellement faire un spy() si on veux
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes c'est bon
I've deployed this PR to http://get-user-level-by-skills.pix.beta.gouv.fr. Please check it out |