Skip to content

Add a getAttributes to IControllerMethodReflector #37279

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
nickvergessen wants to merge 1 commit into from
Closed

Add a getAttributes to IControllerMethodReflector #37279

nickvergessen wants to merge 1 commit into from

Conversation

@nickvergessen
Copy link
Member

@nickvergessen nickvergessen commented Mar 16, 2023

As discussed in #36928 (comment)

Looking at the diff, I'm not sure it's worth it.

Checklist

@nickvergessen nickvergessen added this to the Nextcloud 27 milestone Mar 16, 2023
@nickvergessen nickvergessen self-assigned this Mar 16, 2023
@ChristophWurst
Copy link
Member

ChristophWurst commented Mar 16, 2023

I'm on the fence here. It's a small enhancement in all fairness.

github-advanced-security[bot]
github-advanced-security bot found potential problems Mar 16, 2023
View reviewed changes
lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
} else {
$reflectionMethod = new ReflectionMethod($controller, $methodName);
$attributes = $reflectionMethod->getAttributes(BruteForceProtection::class);
$attributes = $this->reflector->getAttributes(BruteForceProtection::class);

Check failure

Code scanning / Psalm

InvalidArgument

Argument 1 of OC\AppFramework\Utility\ControllerMethodReflector::getAttributes expects class-string<Attribute>, but OCP\AppFramework\Http\Attribute\BruteForceProtection::class provided
lib/private/AppFramework/Middleware/Security/BruteForceMiddleware.php
} else {
$reflectionMethod = new ReflectionMethod($controller, $methodName);
$attributes = $reflectionMethod->getAttributes(BruteForceProtection::class);
$attributes = $this->reflector->getAttributes(BruteForceProtection::class);

Check failure

Code scanning / Psalm

InvalidArgument

Argument 1 of OC\AppFramework\Utility\ControllerMethodReflector::getAttributes expects class-string<Attribute>, but OCP\AppFramework\Http\Attribute\BruteForceProtection::class provided
lib/private/AppFramework/Middleware/SessionMiddleware.php

$reflectionMethod = new ReflectionMethod($controller, $methodName);
$hasAttribute = !empty($reflectionMethod->getAttributes(UseSession::class));
$hasAttribute = !empty($this->reflector->getAttributes(UseSession::class));

Check failure

Code scanning / Psalm

InvalidArgument

Argument 1 of OC\AppFramework\Utility\ControllerMethodReflector::getAttributes expects class-string<Attribute>, but OCP\AppFramework\Http\Attribute\UseSession::class provided
lib/private/AppFramework/Middleware/SessionMiddleware.php

$reflectionMethod = new ReflectionMethod($controller, $methodName);
$hasAttribute = !empty($reflectionMethod->getAttributes(UseSession::class));
$hasAttribute = !empty($this->reflector->getAttributes(UseSession::class));

Check failure

Code scanning / Psalm

InvalidArgument

Argument 1 of OC\AppFramework\Utility\ControllerMethodReflector::getAttributes expects class-string<Attribute>, but OCP\AppFramework\Http\Attribute\UseSession::class provided
vitormattos
vitormattos suggested changes Mar 16, 2023
View reviewed changes
lib/private/AppFramework/Utility/ControllerMethodReflector.php
*/
class ControllerMethodReflector implements IControllerMethodReflector {

protected ?\ReflectionMethod $reflection;
Copy link

@vitormattos vitormattos Mar 16, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To be more specific because exist other types of reflections:

Suggested change
protected ?\ReflectionMethod $reflection;
protected ?\ReflectionMethod $reflectionMethod;

come-nc
come-nc approved these changes Mar 17, 2023
View reviewed changes
Copy link
Contributor

@come-nc come-nc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 I like it

come-nc
come-nc reviewed Mar 17, 2023
View reviewed changes
lib/private/AppFramework/Utility/ControllerMethodReflector.php
}

/**
* @template T of Attribute
Copy link
Contributor

@come-nc come-nc Mar 17, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Attribute classes do not extend Attribute class, which is final. So you cannot do that.

@ChristophWurst
Copy link
Member

ChristophWurst commented Mar 17, 2023

Subjectively what I don't like about the controller method reflector is that is so stateful. There are two methods to work with it. One analyzes a controller method, another one allows you to test for specific attributes. It sounds a bit artificial but there is no guarantee that at the point of asking for an attribute, nobody else called the reflect method.

In that sense, and with the way PHP reflection works anyway, I would prefer to make the service stateless and pass the controller object and method name into hasAttribute. It ensures that the result you get is only based on what you pass it, not what someone called before.

This remark is not new with attributes. The problem was there with annotations as well. It is just that parsing phpdoc annotations is expensive and there the state for caching makes sense for better performance.

@nickvergessen
Copy link
Member Author

nickvergessen commented Mar 17, 2023

Exactly my thoughts after seeing the resulting PR.
So also tend to close it now and continue as before

@nickvergessen nickvergessen marked this pull request as draft March 20, 2023 11:08
@nickvergessen nickvergessen deleted the techdebt/noid/bruteforce-protection-attribute branch April 14, 2023 11:40
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@come-nc come-nc come-nc approved these changes

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

+1 more reviewer

@vitormattos vitormattos vitormattos requested changes

Reviewers whose approvals may not affect merge requirements

Assignees

@nickvergessen nickvergessen

Labels

3. to review Waiting for reviews technical debt

Projects

None yet

Milestone

Nextcloud 27

Development

Successfully merging this pull request may close these issues.

5 participants

@nickvergessen @ChristophWurst @vitormattos @come-nc