So, our Python contractor (@avojnovicDk) has been working on porting this library over to Python, and came across a bug in this code here: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37-L39
So, here's what's happening. First, take a look at the order in which things are supposed to be loaded from our sdk spec: https://github.com/stormpath/stormpath-sdk-spec/blob/master/specifications/config.md#loading-order
The order in which things should be loaded goes from most 'implicit' to most 'explicit'. So, the more explicit a user is about their settings, we'll prefer those explicit settings over the more generic ones. This makes sense, because it means a user will usually get what they expect in a magical way.
Here's the scenario in which the APIKeyConfigStrategy is broken:
Let's say I'm a user, and I have the following:
- An API key file named
~/.stormpath/apiKey.properties,
- An API key file named
apiKey.properties inside of my local application folder that I'm currently working on.
Per our spec, we should first load the settings from ~/.stormpath/apiKey.properties, and later override it with the settings from apiKey.properties in the local directory since it also exists.
This is not happening though.
These lines of code: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37-L39 show that if those API key values are already loaded from the first API key file, than we'll skip processing and use those old values INSTEAD of overwriting them like we should.
I think the solution is most likely to just remove these lines of code, but we should write some tests / etc. to cover this scenario first to make sure we aren't missing anything.
So, our Python contractor (@avojnovicDk) has been working on porting this library over to Python, and came across a bug in this code here: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37-L39
So, here's what's happening. First, take a look at the order in which things are supposed to be loaded from our sdk spec: https://github.com/stormpath/stormpath-sdk-spec/blob/master/specifications/config.md#loading-order
The order in which things should be loaded goes from most 'implicit' to most 'explicit'. So, the more explicit a user is about their settings, we'll prefer those explicit settings over the more generic ones. This makes sense, because it means a user will usually get what they expect in a magical way.
Here's the scenario in which the APIKeyConfigStrategy is broken:
Let's say I'm a user, and I have the following:
~/.stormpath/apiKey.properties,apiKey.propertiesinside of my local application folder that I'm currently working on.Per our spec, we should first load the settings from
~/.stormpath/apiKey.properties, and later override it with the settings fromapiKey.propertiesin the local directory since it also exists.This is not happening though.
These lines of code: https://github.com/stormpath/stormpath-node-config/blob/master/lib/strategy/LoadAPIKeyConfigStrategy.js#L37-L39 show that if those API key values are already loaded from the first API key file, than we'll skip processing and use those old values INSTEAD of overwriting them like we should.
I think the solution is most likely to just remove these lines of code, but we should write some tests / etc. to cover this scenario first to make sure we aren't missing anything.