-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rewrite OCS CSRF check to be readable #39125
Conversation
9130a07
to
eb5d0c1
Compare
502465f
to
75cb133
Compare
f3f7472
to
4c23b19
Compare
This PR was hell, the previous logic was really not readable and understandable and comment was misleading... |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Personally, you would increase readability by breaking long lines down into many =) (but with leading operators).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The changes I suggested are only cosmetic. As I used GitHub, I hope the indentations are correct and will satisfy any active cide style formatters.
One suggestion that might improve readability:
We could insert very small private methods that are just evaluating the if
conditions. That would make it more readable, I guess. So, you would (for example) add a method
private function isInvalidCSRFRequired($reflectionMethod) {
if ($this->hasAnnotationOrAttribute($reflectionMethod, 'NoCSRFRequired', NoCSRFRequired::class) {
return false;
}
return ! $this->request->passesCSRFCheck();
}
This is for sure more verbose but I guess more readable, especially as the main beforeController
method will offload significant parts of the logic. Adding comments to various parts of the condition methods will allow more human understanding as well.
What do you think about this?
Apart from that I did not find any flaws with the logic. The behavior should be 100% the same.
In general, I think this increases the readability and that should be done in any case. (Maybe even more)
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
@christianlupus I agree with you, it's a lot more readable when the logic is in a separate method. Then it's also easy to use early returns instead of all this mess. |
4c23b19
to
339999e
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems cleaner and I see no change in the implemented logic here.
lib/private/AppFramework/Middleware/Security/SecurityMiddleware.php
Outdated
Show resolved
Hide resolved
ad657b6
to
e43f50b
Compare
5b391e1
to
bae8e8d
Compare
Signed-off-by: jld3103 <jld3103yt@gmail.com>
bae8e8d
to
12f8543
Compare
How long do I have to rebase until this shit finally works 😅 |
Summary
Previous code was unreadable and every time I come across it I had to read it multiple times to understand what it does. Should be much clearer now (at least it is to me).
Checklist