Closed
Bug 970606
Opened 12 years ago
Closed 12 years ago
Support the username parameter on setIdentityProvider
Categories
(Core :: WebRTC, defect)
Core
WebRTC
Tracking
()
RESOLVED
FIXED
mozilla31
People
(Reporter: mt, Assigned: mt)
References
()
Details
Attachments
(1 file, 2 obsolete files)
|
8.16 KB,
patch
|
jib
:
review+
|
Details | Diff | Splinter Review |
Bug 884573 doesn't support the username parameter of setIdentityProvider(). Mainly because the spec didn't support the feature. It's not super important, but having the feature is pretty handing for some testing scenarios.
| Assignee | ||
Updated•12 years ago
|
Assignee: nobody → martin.thomson
| Assignee | ||
Comment 1•12 years ago
|
||
| Assignee | ||
Comment 2•12 years ago
|
||
Comment on attachment 8391416 [details] [diff] [review]
Adding username to setIdentityProvider
There are changes with respect to usernames coming in later bugs, and I'd like to get this relatively simple change out of the way first.
Attachment #8391416 -
Flags: review?(adam)
| Assignee | ||
Comment 3•12 years ago
|
||
Getting dependencies cleared up, rebasing, etc...
Attachment #8391416 -
Attachment is obsolete: true
Attachment #8391416 -
Flags: review?(adam)
Comment 4•12 years ago
|
||
Comment on attachment 8393835 [details] [diff] [review]
0001-Bug-970606-Adding-username-to-setIdentityProvider.patch
Review of attachment 8393835 [details] [diff] [review]:
-----------------------------------------------------------------
::: dom/media/tests/identity/idp-proxy.js
@@ +58,5 @@
> case "SIGN":
> + if (message.username) {
> + if (message.username.indexOf("@") < 0) {
> + this.username = message.username + "@" + this.domain;
> + } else if (message.username.split("@", 2)[1] === this.domain) {
If username were "alice@thisdomain.com@ bob@evil.com" it would get through here. Is that a problem?
Also, == is preferred to ===.
@@ +82,2 @@
> case "VERIFY":
> + var payload = JSON.parse(message.message);
Any reason we're not using let in this file?
Attachment #8393835 -
Flags: review?(jib)
Comment 5•12 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #4)
> Comment on attachment 8393835 [details] [diff] [review]
> 0001-Bug-970606-Adding-username-to-setIdentityProvider.patch
>
> Review of attachment 8393835 [details] [diff] [review]:
> -----------------------------------------------------------------
>
> ::: dom/media/tests/identity/idp-proxy.js
> @@ +58,5 @@
> > case "SIGN":
> > + if (message.username) {
> > + if (message.username.indexOf("@") < 0) {
> > + this.username = message.username + "@" + this.domain;
> > + } else if (message.username.split("@", 2)[1] === this.domain) {
>
> If username were "alice@thisdomain.com@ bob@evil.com" it would
> get through here. Is that a problem?
>
> Also, == is preferred to ===.
Hmm... Why? This is the opposite of Crockford's guidance in
Appendix B of JavaScript: the Good Parts. The argument he offers
for === over == seems pretty compelling to me.
> @@ +82,2 @@
> > case "VERIFY":
> > + var payload = JSON.parse(message.message);
>
> Any reason we're not using let in this file?
Comment 6•12 years ago
|
||
(In reply to Eric Rescorla (:ekr) from comment #5)
> > Also, == is preferred to ===.
>
> Hmm... Why? This is the opposite of Crockford's guidance in
> Appendix B of JavaScript: the Good Parts. The argument he offers
> for === over == seems pretty compelling to me.
https://developer.mozilla.org/en-US/docs/Developer_Guide/Coding_Style#Operators says:
> In JavaScript, == is preferred to ===.
=== seems necessary only to distinguish between 0/false/undefined.
Comment 7•12 years ago
|
||
and emptyish strings.
Comment 8•12 years ago
|
||
Yes, I know what the style guide says, but the problem is that == does coercions if the objects are not of the same type. It's not just limited to falsy values (again, this is all in Crockford). Do you have a technical reason for preferring ==?
Comment 9•12 years ago
|
||
Yes, this being JS, type-conversions are not abnormal and === is not a panacea, because it is sometimes wrong. For instance, I reviewed a js patch recently that did this:
if(aInput !== 0) { doSomethingWith(aInput); }
Problem here is it doesn't catch aInput being undefined, which happens alot in js, and is generally expected to be handled (implicitly off not explicitly). If I recall correctly we changed it to:
if(!aInput) return false;
which is the same as:
if(aInput != 0) { doSomething(aInput); }
not ===. I don't think outlawing == would work.
Comment 10•12 years ago
|
||
This seems like an argument for simply testing boolean
arguments directly, rather than for using == versus ===.
Comment 11•12 years ago
|
||
Yes, and if(aInput) is equivalent to if(aInput != false) not if(aInput !== false), so it seems type-conversion is the norm in JS rather than the exception. I generally only use and see === and !== when detection of undefined as distinct from a value provided matters.
Comment 12•12 years ago
|
||
The whole thrust of Crockford's argument is that type conversion is a menace,
(and incidentally that the large number of falsy values is a problem), so I'm
not sure this is responsive. In any case, I'll leave it to Martin to decide if
he wants to make this change.
| Assignee | ||
Comment 13•12 years ago
|
||
I'm glad that you guys have run the course of the argument while I was struggling with children. I'm with Crockford on this one. Implicit coercion is bad.
Jan-Ivar's example is a case where you can and should use if (aInput) {...}; which is explicit boolean coercion, though maybe better still to use (typeof aInput === 'string') and avoid having to rely on coercion later.
I've seen too many actual bugs caused by lazy type inference to find relying on implicit type conversion sane. Especially when it comes to numeric types.
'2' + 1 = '21'
'2' - 1 = 1
| Assignee | ||
Comment 14•12 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #4)
> > + } else if (message.username.split("@", 2)[1] === this.domain) {
>
> If username were "alice@thisdomain.com@ bob@evil.com" it would
> get through here. Is that a problem?
It won't. That's what the 2 is for.
> Any reason we're not using let in this file?
This is content, not chrome.
Comment 15•12 years ago
|
||
(In reply to Martin Thomson [:mt] from comment #13)
> I'm glad that you guys have run the course of the argument while I was
> struggling with children. I'm with Crockford on this one. Implicit
> coercion is bad.
>
> Jan-Ivar's example is a case where you can and should use if (aInput) {...};
> which is explicit boolean coercion,
No it is implicit. aInput is an int in a boolean expression.
> though maybe better still to use (typeof aInput === 'string') and avoid having to rely on coercion later.
Ugh, I'm still new at JS, but ducktyping rules. Checking types at every corner is neither efficient nor best practice.
Comment 16•12 years ago
|
||
(In reply to Martin Thomson [:mt] from comment #14)
> > > + if (message.username.indexOf("@") < 0) {
> > > + this.username = message.username + "@" + this.domain;
> > > + } else if (message.username.split("@", 2)[1] === this.domain) {
> > > + this.username = message.username;
> >
> > If username were "alice@thisdomain.com@ bob@evil.com" it would
> > get through here. Is that a problem?
>
> It won't. That's what the 2 is for.
It will, because the domain test succeeds, and then you use the whole string in the next line.
> > Any reason we're not using let in this file?
>
> This is content, not chrome.
Yeah, but isn't it our content running exclusively in our browser?
| Assignee | ||
Comment 17•12 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #15)
> (In reply to Martin Thomson [:mt] from comment #13)
> > I'm glad that you guys have run the course of the argument while I was
> > struggling with children. I'm with Crockford on this one. Implicit
> > coercion is bad.
> >
> > Jan-Ivar's example is a case where you can and should use if (aInput) {...};
> > which is explicit boolean coercion,
>
> No it is implicit. aInput is an int in a boolean expression.
I consider this to be explicit. if statements take booleans.
> > though maybe better still to use (typeof aInput === 'string') and avoid having to rely on coercion later.
>
> Ugh, I'm still new at JS, but ducktyping rules. Checking types at every
> corner is neither efficient nor best practice.
I said "maybe" intentionally. You have to be aware of every place that you allow ducktyping to occur. Otherwise, you are operating with unknown preconditions.
(In reply to Jan-Ivar Bruaroey [:jib] from comment #16)
> (In reply to Martin Thomson [:mt] from comment #14)
> > > > + if (message.username.indexOf("@") < 0) {
> > > > + this.username = message.username + "@" + this.domain;
> > > > + } else if (message.username.split("@", 2)[1] === this.domain) {
> > > > + this.username = message.username;
> > >
> > > If username were "alice@thisdomain.com@ bob@evil.com" it would
> > > get through here. Is that a problem?
> >
> > It won't. That's what the 2 is for.
>
> It will, because the domain test succeeds, and then you use the whole string
> in the next line.
I could have sworn that I tested this out. But you are right.
It's not a problem, but I think that we can do better here. It will make the code less clear, but correctness > clarity, sadly.
> > > Any reason we're not using let in this file?
> >
> > This is content, not chrome.
>
> Yeah, but isn't it our content running exclusively in our browser?
None of our mochitests use let. The marginal value of let over var is so marginal I'd rather be consistent.
Comment 18•12 years ago
|
||
(In reply to Martin Thomson [:mt] from comment #17)
> I consider this to be explicit. if statements take booleans.
What about if ('2' - 1)
> I said "maybe" intentionally. You have to be aware of every place that you
> allow ducktyping to occur. Otherwise, you are operating with unknown
> preconditions.
Preconditions are different from types. Rather than a liability, my understanding of ducktyping is to narrow preconditions to what's relevant to the task at hand. E.g. My code should (nay must) work the same whether I'm passed an array or an object that acts like an array. This is expressly avoiding type-dependence as a design principle and is "webby" I am told.
By inference, I claim == should generally be considered first, unless your code needs ===.
> None of our mochitests use let. The marginal value of let over var is so
> marginal I'd rather be consistent.
Makes sense.
| Assignee | ||
Comment 19•12 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #18)
> (In reply to Martin Thomson [:mt] from comment #17)
> > I consider this to be explicit. if statements take booleans.
>
> What about if ('2' - 1)
Let's say that '2' is a string variable and you have something like this:
if (parseInt(stringVar, 10) - 1) {...}
That's OK. The point being that relying on implicit coercion === bad.
> > I said "maybe" intentionally. You have to be aware of every place that you
> > allow ducktyping to occur. Otherwise, you are operating with unknown
> > preconditions.
>
> Preconditions are different from types. Rather than a liability, my
> understanding of ducktyping is to narrow preconditions to what's relevant to
> the task at hand. E.g. My code should (nay must) work the same whether I'm
> passed an array or an object that acts like an array. This is expressly
> avoiding type-dependence as a design principle and is "webby" I am told.
>
> By inference, I claim == should generally be considered first, unless your
> code needs ===.
Type checking is entirely valid if the code assumes a dependency on type.
As I said, it will depend on situation. Array-like objects can be used in place of Array sometimes. Until you try to use .map(), .filter(), etc... and find that they aren't there.
| Assignee | ||
Comment 20•12 years ago
|
||
I think that this addresses the comments, other than the ones on which we have a philosophical disagreement (==).
Attachment #8393835 -
Attachment is obsolete: true
Attachment #8393835 -
Flags: review?(jib)
Attachment #8394380 -
Flags: review?(jib)
Comment 21•12 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #18)
> By inference, I claim == should generally be considered first, unless your
> code needs ===.
I'm pretty sure you're off in the weeds here. I invite you to take this theory to #developers to see what the consensus view is there.
Updated•12 years ago
|
Attachment #8394380 -
Flags: review?(jib) → review+
Comment 22•12 years ago
|
||
(In reply to Adam Roach [:abr] from comment #21)
> I invite you to take this theory to #developers to see what the consensus view is there.
No need, I'm aligned with the official code-style.
Comment 23•12 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #22)
> (In reply to Adam Roach [:abr] from comment #21)
> > I invite you to take this theory to #developers to see what the consensus view is there.
>
> No need, I'm aligned with the official code-style.
The reason I'm asking you to talk to people on #developers is because I've already been down this route. When I came across this part of the code guidelines, I found it somewhat perplexing -- so I asked around, and determined that, of the people I sampled on the project, all thought that the code guidelines were off-base.
At the time, I didn't have the cycles to determine what accepted process and norms around updating that page were; but I was am fairly certain that what is documented there matches neither practice nor intention of the bulk of Mozilla developers.
See, e.g., http://krijnhoetmer.nl/irc-logs/developers/20130712#l-1101 and http://krijnhoetmer.nl/irc-logs/developers/20130327#l-2264
Comment 24•12 years ago
|
||
We should probably take this to irc and not continue in this bug. I would ask in #content.
| Assignee | ||
Updated•12 years ago
|
Keywords: checkin-needed
Comment 25•12 years ago
|
||
Flags: in-testsuite+
Keywords: checkin-needed
Comment 26•12 years ago
|
||
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla31
You need to log in
before you can comment on or make changes to this bug.
Description
•