Skip to content

Comments

Simplify the check if admin can change password based on encryption status#23906

Merged
MorrisJobke merged 1 commit intomasterfrom
techdebt/noid/simplify-can-change-user-pasword
Nov 5, 2020
Merged

Simplify the check if admin can change password based on encryption status#23906
MorrisJobke merged 1 commit intomasterfrom
techdebt/noid/simplify-can-change-user-pasword

Conversation

@MorrisJobke
Copy link
Member

@MorrisJobke MorrisJobke commented Nov 5, 2020
edited
Loading

Simplify the check if admin can change password based on encryption status

Found by Psalm:

/home/runner/work/server/server/apps/settings/lib/Controller/UsersController.php:324:8:error - RedundantCondition: Type true for $isEncryptionModuleLoaded is never falsy
Old and wrong initial comment

Was initially added in #23857 by @schiessle

Found by Psalm:

/home/runner/work/server/server/apps/settings/lib/Controller/UsersController.php:324:8:error - RedundantCondition: Type true for $isEncryptionModuleLoaded is never falsy

This is basically a simplification of the logical statement there. The PHPDoc comment "encryption is enabled, encryption module is loaded and it uses per-user keys" was code-wise not true and therefore is removed here.

This may needs a verification by @schiessle because comment and code were not aligned.

Let me explain some simplifications:

If you look at the old code:

$canChangePassword = ($isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
			|| (!$isEncryptionEnabled && !$isEncryptionModuleLoaded)
			|| (!$isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys);

If you check the first and the last line you notice that it's exactly the same except that $isEncryptionEnabled is negated. Therefore they can be combined into $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys.

try {
	$noUserSpecificEncryptionKeys = !$this->encryptionManager->getEncryptionModule()->needDetailedAccessList();
	$isEncryptionModuleLoaded = true;
} catch (ModuleDoesNotExistsException $e) {
	$noUserSpecificEncryptionKeys = true;
	$isEncryptionModuleLoaded = false;
}

$canChangePassword = ($isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
			|| (!$isEncryptionEnabled && !$isEncryptionModuleLoaded);

For the try block the first part would depend on $noUserSpecificEncryptionKeys and the second part would be false.

And for the catch block the first part of the statement would be false and the second part only depends on the !$isEncryptionEnabled.

This then would lead to:

$canChangePassword = $noUserSpecificEncryptionKeys
			|| !$isEncryptionEnabled;

And that latter part is what Psalm found out. 🤯 🤯 🤯 🤯 🤯 🤯

RedundantCondition: Type true for $isEncryptionModuleLoaded is never falsy

All in all it boils down to be able to allow password changes when encryption is not enabled or check for user specific encryption keys and if they are not available or the exception is thrown the password can be changed as well.

This is what this quite complex change here does.

I will dedicate this PR description to @danxuliu and @PVince81 because they write quite often those exhaustive descriptions for their PRs. 🙏

@MorrisJobke MorrisJobke added this to the Nextcloud 21 milestone Nov 5, 2020
@ChristophWurst
Copy link
Member

ChristophWurst commented Nov 5, 2020

I will dedicate this PR description to @danxuliu and @PVince81 for quite often write those exhaustive descriptions for their PRs.

🙏

@MorrisJobke MorrisJobke mentioned this pull request Nov 5, 2020
Merged
@faily-bot
Copy link

faily-bot bot commented Nov 5, 2020

🤖 beep boop beep 🤖

Here are the logs for the failed build:

Status of 35056: failure

sqlite

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There were 3 failures:

1) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #2 (true, false, true, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

2) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #5 (false, true, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

3) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #6 (true, false, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

mariadb10.1-php7.3

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There were 3 failures:

1) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #2 (true, false, true, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

2) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #5 (false, true, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

3) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #6 (true, false, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

mariadb10.4-php7.4

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There were 3 failures:

1) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #2 (true, false, true, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

2) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #5 (false, true, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

3) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #6 (true, false, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

mysql8.0-php7.4

  • cancelled - typically means that the tests took longer than the drone CI allows them to run

mysql5.6-php7.3

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There were 3 failures:

1) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #2 (true, false, true, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

2) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #5 (false, true, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

3) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #6 (true, false, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

postgres9-php7.3

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There were 3 failures:

1) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #2 (true, false, true, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

2) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #5 (false, true, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

3) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #6 (true, false, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

postgres11-php7.4

Show full log 
There were 2 warnings:

1) Test\Files\ViewTest::testRenameFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

2) Test\Files\ViewTest::testCopyFailDeleteTargetKeepSource
Trying to configure method "writeStream" which cannot be configured because it does not exist, has not been specified, is final, or is static

--

There were 3 failures:

1) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #2 (true, false, true, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

2) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #5 (false, true, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

3) OCA\Settings\Tests\Controller\UsersControllerTest::testCanAdminChangeUserPasswords with data set #6 (true, false, false, false)
Failed asserting that true is identical to false.

/drone/src/apps/settings/tests/Controller/UsersControllerTest.php:559

PVince81
PVince81 reviewed Nov 5, 2020
View reviewed changes
PVince81
PVince81 approved these changes Nov 5, 2020
View reviewed changes
Copy link
Member

@PVince81 PVince81 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Right... these twisted conditions were confusing.

👍

@MorrisJobke
Simplify the check if admin can change password based on encryption s…
a223f60 
…tatus

Found by Psalm:
```
/home/runner/work/server/server/apps/settings/lib/Controller/UsersController.php:324:8:error - RedundantCondition: Type true for $isEncryptionModuleLoaded is never falsy
```

Signed-off-by: Morris Jobke <hey@morrisjobke.de>
@MorrisJobke MorrisJobke force-pushed the techdebt/noid/simplify-can-change-user-pasword branch from 44d1b04 to a223f60 Compare November 5, 2020 21:21
@MorrisJobke
Copy link
Member Author

MorrisJobke commented Nov 5, 2020

Okay - I was wrong on the initial simplification. There was the case that encryption is disabled but a module is still loaded which prohibits password change (and was also like that documented as well as in the unit tests). So I will keep the logic like that and only removed the redundant condition that Psalm found.

It was this one (first and last line are together independent from $isEncryptionEnabled):

$canChangePassword = ($isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys)
			|| (!$isEncryptionEnabled && !$isEncryptionModuleLoaded)
			|| (!$isEncryptionEnabled && $isEncryptionModuleLoaded && $noUserSpecificEncryptionKeys);

@MorrisJobke MorrisJobke added 4. to release Ready to be released and/or waiting for tests to finish and removed 3. to review Waiting for reviews labels Nov 5, 2020
@MorrisJobke MorrisJobke merged commit f657f0c into master Nov 5, 2020
@MorrisJobke MorrisJobke deleted the techdebt/noid/simplify-can-change-user-pasword branch November 5, 2020 22:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@PVince81 PVince81 PVince81 approved these changes

@juliusknorr juliusknorr juliusknorr approved these changes

@rullzer rullzer Awaiting requested review from rullzer

@ChristophWurst ChristophWurst Awaiting requested review from ChristophWurst

@schiessle schiessle Awaiting requested review from schiessle

@kesselb kesselb Awaiting requested review from kesselb

@skjnldsv skjnldsv Awaiting requested review from skjnldsv

@danxuliu danxuliu Awaiting requested review from danxuliu

Assignees

No one assigned

Labels

4. to release Ready to be released and/or waiting for tests to finish feature: encryption (server-side) technical debt

Projects

None yet

Milestone

Nextcloud 21

Development

Successfully merging this pull request may close these issues.

4 participants

@MorrisJobke @ChristophWurst @PVince81 @juliusknorr