Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Webmozart assertions #1132

Open
wants to merge 7 commits into
base: master
from

Conversation

Projects
None yet
2 participants
@tvdijen
Copy link
Member

commented May 29, 2019

Start using Webmozart for assertions, like we do in all externalized modules and the saml2-library already.

tvdijen added some commits May 28, 2019

@tvdijen

This comment has been minimized.

Copy link
Member Author

commented May 29, 2019

What's left using old assert()s are two deprecated classes and some old php-style templates. Not worth the effort of migrating.
Since this could potentially be breaking BC, it is targeted for 2.0

@tvdijen tvdijen added this to the 2.0 milestone May 29, 2019

@tvdijen tvdijen added the enhancement label May 29, 2019

tvdijen added some commits May 29, 2019

@jornane

This comment has been minimized.

Copy link
Member

commented Jun 1, 2019

This means that the wishes from the administrator by means of assert_options or assert.-settings in php.ini no longer will be respected.

If assertions must be done using a library instead of calling the assert language construct of PHP, it would be preferred to use a library that uses the PHP internals instead of inventing its own way of doing things. At the very least it should respect the PHP settings.

Show resolved Hide resolved lib/SimpleSAML/Auth/Simple.php Outdated
@tvdijen

This comment has been minimized.

Copy link
Member Author

commented Jun 1, 2019

Hi @jornane ! We are aware of this and do this on purpose.
It was discussed here: simplesamlphp/saml2#90

Show resolved Hide resolved @ Outdated
@jornane

This comment has been minimized.

Copy link
Member

commented Jun 3, 2019

Thanks @tvdijen ! I've read through simplesamlphp/saml2#90 but I think maybe I'm missing something?

Starting in PHP 7.2 the old behavior will be deprecated.

This is about using a string as the assertion, where PHP has to run eval() on that string. SimpleSAMLphp doesn't do that so it doesn't apply to us.

The webmozart project uses __callStatic, which breaks static code analyses, making mistakes like ba0b826 go unnoticed. At the same time its yet another dependency to replace a one-liner with another one-liner. I already mentioned respecting the administrators wishes with regard to php.ini settings for assertions.

At the end of the day, this is a bikeshed issue, so if this has already been decided, I won't stand in the way. However I do want to point out that the original reasoning for this change (deprecation) has been based on a misunderstanding. The current way SimpleSAMLphp does things is not currently, or about to be, deprecated.

@tvdijen

This comment has been minimized.

Copy link
Member Author

commented Jun 3, 2019

OK, bikeshed it is! 4pm after detention class 😆
Maybe I've linked to the wrong issue, or it was discussed offline.. The thing is, 99% of the assertions we have are for type checking and we want this to be tested at runtime too..
@jaimeperez you have anything to add here? I don't remember the discussions too well..

@edit: I've discussed this offline with Jaime again and basically we don't care about administrators.. If it triggers and exception, it's a bug and it should be fixed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.