Merge lp:~vds/usso/support_sha1 into lp:usso

Ok

Thanks for doing this! I have some notes. I don't know how urgent they are, since AIUI this code isn't functional yet, so perhaps it's best to land the code anyway, and then address any remaining points in a later branch. Maybe put TODO or XXX markers in the code? Just make sure not to forget. :)

The notes are:

 * I don't think signature() would produce the right output in the HMAC-SHA1 case. You use fmt.Sprint("%s&%s%s", a, b, c, d, e, f, g, h, i, j) but Sprint() doesn't format. So it'll just put that format string at the front as-is, with all the other values appended to it: "%s&%s%sAaaBbbCccDdd" etc. You probably want fmt.Sprintf(). But then you'll also need to provide a format string that consumes all the values you pass! The current code has a format string for 3 parameters, followed by about 10 parameters. This kind of thing is annoyingly hard to test for, because you have a large amount of text and you need to fish out of it the things that you expect to see. Things that you _don't_ expect to see are hard to detect. Normally an end-to-end test would reveal those, but not when the real OAuth server isn't part of the test setup. There are ways to deal with this problem, and I'll try to make them gradually clearer over the rest of this review.

 * The text composition in GetAuthorizationHeader() and signature() looks very repetitive, both within each function and between the two. Also the repeated code leaves out the query-escaping here and there just because it can. Is there no easy way to regularize that into a standard-library call or loop, so that it's easier to avoid little one-off mistakes? I know it would be very easy in Python, although it does look to be a bit harder in Go. Especially if you want to pass a map and get consistently-sorted output.

 * Speaking of which: does signature() need the parameters to be written in a consistent order? The python SSO code sorted them, but I'm not sure net/url's Values.Encode() in Go promises any kind of consistency. I didn't get around to resolving this in my code. :-(

 * Is there any particular reason why SSOData.Timestamp and SSOData.Nonce are initialized inside GetAuthorizationHeader? It seems to me that should be SSOData's responsibility.

 * You introduce some line-breaking. Do we have a standard for doing that in Go? The Go way of dealing with long lines, apparently, is to let them run for as long as they want to. If you do want to break them up, the Cloud Engineering convention in Python at least is to put the first line break *right after* the opening parenthesis or brace that contains the thing you want to break up. *Except* in function definitions, where you continue the parameter list until the line gets too long and then break the line. You do it that way in some places, but not consistently. My personal instinct is to go with the Go way, and if the line gets too long, take that as a signal that something has become too complicated and needs refactoring.

 * signature() returns the empty string in the case of an unknown signature method. Is that meant to indicate an error to the caller, or is it meant as a sensible fallback? If it's an error condi...

> Thanks for doing this! I have some notes. I don't know how urgent they are,
> since AIUI this code isn't functional yet, so perhaps it's best to land the
> code anyway, and then address any remaining points in a later branch. Maybe
> put TODO or XXX markers in the code? Just make sure not to forget. :)

Thanks for this notes, but, if we don't want to forget all this obeservation the right place were to put them is the google doc, once the branch is landed, no one will come back here to read the comments.
I agree with the need for better tests and error handling which has been ignored for a while, both are already listed in the google doc as next work item.

I'll fix the bugs you spotted and then I guess we can land this branch and keep improving the library in the following branches.

Where is that Google doc?

I'll try to review that in details later today but just a quick notes:

[0]

+ fmt.Print("Enter signature method (PLAINTEXT or HMAC-SHA1): ")
+ fmt.Scanf("%s", &signature_method)

How about we ditch that and perform the call for the two available signatures? The goal of this example is to run a test (that covers as much code as possible) against a real server in the quickest way possible.

[1]

22 - fmt.Println("This application will query the staging Ubuntu SSO Server to fetch authorisation tokens.")
23 + fmt.Println("This application will query the staging Ubuntu SSO Server" +
24 + " to fetch authorisation tokens.")

and

384 - server := newSingleServingServer("/api/v2/tokens", string(jsonServerResponseData), 200)
385 + server := newSingleServingServer("/api/v2/tokens",
386 + string(jsonServerResponseData), 200)

and

159 +func (suite *USSOTestSuite) TestNormalizeURLLeavesNonstandardPort(
160 + c *gocheck.C) {

etc.

I think Jeroen's remark about the formatting is right. It's best if we try to use the same style as the other Go projects (lp:juju-core for instance) and use long lines instead of wrapping things like that.

> I'll try to review that in details later today but just a quick notes:
>
> [0]
>
> + fmt.Print("Enter signature method (PLAINTEXT or HMAC-SHA1): ")
> + fmt.Scanf("%s", &signature_method)
>
> How about we ditch that and perform the call for the two available signatures?
> The goal of this example is to run a test (that covers as much code as
> possible) against a real server in the quickest way possible.

It's just an example but I don't really see a reason for two http request.

> [1]
>
> 22 - fmt.Println("This application will query the staging Ubuntu
> SSO Server to fetch authorisation tokens.")
> 23 + fmt.Println("This application will query the staging Ubuntu
> SSO Server" +
> 24 + " to fetch authorisation tokens.")
>
> and
>
> 384 - server := newSingleServingServer("/api/v2/tokens",
> string(jsonServerResponseData), 200)
> 385 + server := newSingleServingServer("/api/v2/tokens",
> 386 + string(jsonServerResponseData), 200)
>
> and
>
> 159 +func (suite *USSOTestSuite) TestNormalizeURLLeavesNonstandardPort(
> 160 + c *gocheck.C) {
>
> etc.
>
> I think Jeroen's remark about the formatting is right. It's best if we try to
> use the same style as the other Go projects (lp:juju-core for instance) and
> use long lines instead of wrapping things like that.

I understand juju-core uses long lines, but omnibus, for example, doesn't. I only see cons in long lines and no pros.

[2]

These two blocks seem very redundant to me, isn't it possible refactor that a bit to unify/simplify it a bit?

289 + `OAuth realm="API", `+
290 + `oauth_consumer_key="%s", `+
291 + `oauth_token="%s", `+
292 + `oauth_signature_method="%s", `+
293 + `oauth_signature="%s", `+
294 + `oauth_timestamp="%s", `+
295 + `oauth_nonce="%s", `+
296 + `oauth_version="1.0"`,
297 + url.QueryEscape(oauth.ConsumerKey),
298 + url.QueryEscape(oauth.TokenKey),
299 + oauth.SignatureMethod,
300 + signature,
301 + url.QueryEscape(oauth.Timestamp),
302 + url.QueryEscape(oauth.Nonce))

337 + base_string := fmt.Sprintf(`%s&%s&%s%s%s%s%s%s%s`,
338 + oauth.HTTPMethod,
339 + url.QueryEscape(base_url),
340 + url.QueryEscape(params),
341 + url.QueryEscape("oauth_consumer_key="+oauth.ConsumerKey),
342 + url.QueryEscape("&oauth_nonce="+oauth.Nonce),
343 + url.QueryEscape("&oauth_signature_method="+oauth.SignatureMethod),
344 + url.QueryEscape("&oauth_timestamp="+oauth.Timestamp),
345 + url.QueryEscape("&oauth_token="+oauth.TokenKey),
346 + url.QueryEscape("&oauth_version=1.0"))

[3]

328 + switch oauth.SignatureMethod {
329 + case "PLAINTEXT":
330 + return fmt.Sprintf(
331 + `%s%%26%s`,
332 + oauth.ConsumerSecret,
333 + oauth.TokenSecret)
334 + case "HMAC-SHA1":

This is probably something that we can fix later but implementing the signature like this looks like a design flaw to me. I think we should be using the strategy pattern here: define a "signing" interface and have two different types implement it (one with a plain text signature, the other with a SHA1 signature).
This would provide a much better encapsulation of the signing code and would make it much more easy to add new signature types if we ever need to.

> [2]
>
> These two blocks seem very redundant to me, isn't it possible refactor that a
> bit to unify/simplify it a bit?
>
> 289 + `OAuth realm="API", `+
> 290 + `oauth_consumer_key="%s", `+
> 291 + `oauth_token="%s", `+
> 292 + `oauth_signature_method="%s", `+
> 293 + `oauth_signature="%s", `+
> 294 + `oauth_timestamp="%s", `+
> 295 + `oauth_nonce="%s", `+
> 296 + `oauth_version="1.0"`,
> 297 + url.QueryEscape(oauth.ConsumerKey),
> 298 + url.QueryEscape(oauth.TokenKey),
> 299 + oauth.SignatureMethod,
> 300 + signature,
> 301 + url.QueryEscape(oauth.Timestamp),
> 302 + url.QueryEscape(oauth.Nonce))
>
>
> 337 + base_string := fmt.Sprintf(`%s&%s&%s%s%s%s%s%s%s`,
> 338 + oauth.HTTPMethod,
> 339 + url.QueryEscape(base_url),
> 340 + url.QueryEscape(params),
> 341 +
> url.QueryEscape("oauth_consumer_key="+oauth.ConsumerKey),
> 342 + url.QueryEscape("&oauth_nonce="+oauth.Nonce),
> 343 +
> url.QueryEscape("&oauth_signature_method="+oauth.SignatureMethod),
> 344 +
> url.QueryEscape("&oauth_timestamp="+oauth.Timestamp),
> 345 +
> url.QueryEscape("&oauth_token="+oauth.TokenKey),
> 346 + url.QueryEscape("&oauth_version=1.0"))

Nope, they look the same but they produce two different string, unifing them will not make them any simpler to read, quite the opposite.

> [3]
>
> 328 + switch oauth.SignatureMethod {
> 329 + case "PLAINTEXT":
> 330 + return fmt.Sprintf(
> 331 + `%s%%26%s`,
> 332 + oauth.ConsumerSecret,
> 333 + oauth.TokenSecret)
> 334 + case "HMAC-SHA1":
>
> This is probably something that we can fix later but implementing the
> signature like this looks like a design flaw to me. I think we should be
> using the strategy pattern here: define a "signing" interface and have two
> different types implement it (one with a plain text signature, the other with
> a SHA1 signature).
> This would provide a much better encapsulation of the signing code and would
> make it much more easy to add new signature types if we ever need to.

Apart from the error handling, that will be added in a following branch, I think that a strategy pattern would be over engineering or just YAGNI.

Just to add my two penn'orth here...

> * You introduce some line-breaking. Do we have a standard for doing
> that in Go? The Go way of dealing with long lines, apparently, is to
> let them run for as long as they want to. If you do want to break
> them up, the Cloud Engineering convention in Python at least is to
> put the first line break *right after* the opening parenthesis or
> brace that contains the thing you want to break up. *Except* in
> function definitions, where you continue the parameter list until the
> line gets too long and then break the line. You do it that way in
> some places, but not consistently. My personal instinct is to go with
> the Go way, and if the line gets too long, take that as a signal that
> something has become too complicated and needs refactoring.

We don't have a standard for this (we need to have some Golang coding
standards agreed across at least the CE team, preferably across the
company).

Now, to get my personal bias out of the way first: I hate long lines. I
like my 78-character limits, thank-you very much.

That said, Go is an interesting problem, and as you say the convention
(by sheer weight of peer pressure, if nothing else) seems to be "let the
line run on and on and on for as long as it needs."

For instance, long function definitions are a pain in the arse to read:

func (myStruct *MyStruct) DoSomethingToAStruct (param1, param2, param3, someOtherParameterWithAStupidlyLongName string) (string, string, string, error) {

Is maddeningly. However, breaking it up:

func (myStruct *MyStruct) DoSomethingToAStruct (param1, param2, param3,
    someOtherParameterWithAStupidlyLongName string)
    (string, string, string, error) {

Is also a bit maddening (particularly that brace. Don't get me started).

Now, I don't know what The Right Thing is here - I'm going to write an email to the -tech list about general Go coding standards, and that's probably the right place for a discussion - in our project we've broken lines to make them fit; I'm happy to continue that semi-psychosis-inducing convention for now, mostly because the other way is also semi-psychosis-inducing.

Finally, a note on multiple lines of parameters and the formatting thereof.

> If you do want to break them up, the Cloud Engineering convention in Python
> at least is to put the first line break *right after* the opening parenthesis
> or brace that contains the thing you want to break up.

You can't do that in Go, at least with strings. For example, if you do this:

func Bleurgh() error {
    SomeFunctionCall(
        "Here's a test of how to break up strings in Go. Note that we " +
        "are using the concatenation operator '+' to combine the " +
        "strings. Isn't that great? Looks just like JavaScript. " +
        "Kill me now.")
}

and then run gofmt on it (which we do habitually; if gofmt needs to change things, your code ain't getting into trunk), you get this piece of joy:

func Bleurgh() error {
    SomeFunctionCall(
        "Here's a test of how to break up strings in Go. Note that we " +
            "are using the concatenation operator '+' to combine the " +
            "strings. Isn't that great? Lo...

Gentlemen, in my humble opinion this branch is spending too much time out of the codebase. I'd love to help implement all these little fixes, and am currently available to do so, but that doesn't work very well with an ongoing merge proposal.

So does anyone mind if we list our grievances for later and get this branch landed in its non-functioning state? I'll start a to-do list in the Google document so that we don't forget to fix the things that were bothering us. Should also help us prioritize them.

Ahem. I said “non-functioning” but actually it looks like Vincenzo fixed the Sprint()/Sprintf() bug! Sorry about that. All the more reason to get this in soon.

Most of the bugs have been addressed in following branches, now it's fully functional and tested. I agree with you, once it lands we can go trough the code again and fix what's left.

> Most of the bugs have been addressed in following branches, now it's fully
> functional and tested. I agree with you, once it lands we can go trough the
> code again and fix what's left.

Yes, let's get this landed.