• steventhedev@lemmy.world
    link
    fedilink
    arrow-up
    62
    arrow-down
    1
    ·
    2 months ago

    Ew no.

    Abusing language features like this (boolean expression short circuit) just makes it harder for other people to come and maintain your code.

    The function does have opportunity for improvement by checking one thing at a time. This flattens the ifs and changes them into proper sentry clauses. It also opens the door to encapsulating their logic and refactoring this function into a proper validator that can return all the reasons a user is invalid.

    Good code is not “elegant” code. It’s code that is simple and unsurprising and can be easily understood by a hungover fresh graduate new hire.

    • traches@sh.itjust.works
      link
      fedilink
      English
      arrow-up
      42
      arrow-down
      1
      ·
      2 months ago

      Agreed. OP was doing well until they replaced the if statements with ‚function call || throw error’. That’s still an if statement, but obfuscated.

      • BrianTheeBiscuiteer@lemmy.world
        link
        fedilink
        arrow-up
        7
        ·
        2 months ago

        Don’t mind the || but I do agree if you’re validating an input you’d best find all issues at once instead of “first rule wins”.

        • rooster_butt@lemm.ee
          link
          fedilink
          arrow-up
          3
          ·
          2 months ago

          Short circuiting conditions is important. Mainly for things such as:

          if(Object != Null && Object.HasThing) …

          Without short circuit evaluation you end up with a null pointer exception.

    • verstra@programming.dev
      link
      fedilink
      arrow-up
      19
      ·
      2 months ago

      I agree, this is an anti-pattern for me.

      Having explicit throw keywords is much more readable compared to hiding flow-control into helper functions.

    • YaBoyMax@programming.dev
      link
      fedilink
      English
      arrow-up
      14
      arrow-down
      1
      ·
      2 months ago

      This is the most important thing I’ve learned since the start of my career. All those “clever” tricks literally just serve to make the author feel clever at the expense of clarity and long-term manintainability.

    • Womble@lemmy.world
      link
      fedilink
      English
      arrow-up
      10
      arrow-down
      5
      ·
      edit-2
      2 months ago

      Good code is not “elegant” code. It’s code that is simple and unsurprising and can be easily understood by a hungover fresh graduate new hire.

      I wouldnt go that far, both elegance are simplicity are important. Sure using obvious and well known language feaures is a plus, but give me three lines that solve the problem as a graph search over 200 lines of object oriented boilerplate any day. Like most things it’s a trade-off, going too far in either direction is bad.

  • koper@feddit.nl
    link
    fedilink
    arrow-up
    39
    ·
    edit-2
    2 months ago

    Why the password.trim()? Silently removing parts of the password can lead to dangerous bugs and tells me the developer didn’t peoperly consider how to sanitize input.

    I remember once my password for a particular organization had a space at the end. I could log in to all LDAP-connected applications, except for one that would insist my password was wrong. A trim() or similar was likely the culprit.

    • spechter@lemmy.ml
      link
      fedilink
      arrow-up
      31
      ·
      2 months ago

      Another favorite of mine is truncating the password to a certain length w/o informing the user.

      • NotationalSymmetry@ani.social
        link
        fedilink
        English
        arrow-up
        14
        ·
        2 months ago

        Saving the password truncates but validation doesn’t. So it just fails every time you try to log in with no explanation. The number of times I have seen this in a production website is too damn high.

      • Flipper@feddit.org
        link
        fedilink
        arrow-up
        10
        ·
        2 months ago

        The password needs to be 8 letters long and may only contain the alphabet. Also we don’t tell you this requirement or tell you that setting the password went wrong. We just lock you out.

    • Aijan@programming.devOP
      link
      fedilink
      arrow-up
      16
      ·
      edit-2
      2 months ago

      Thanks for the tip. password.trim() can indeed be problematic. I just removed that line.

    • HamsterRage@lemmy.ca
      link
      fedilink
      arrow-up
      12
      ·
      2 months ago

      The reason for leaving in the password.trim() would be one of the few things that I would ever document with a comment.

  • Atlas_@lemmy.world
    link
    fedilink
    arrow-up
    20
    ·
    edit-2
    2 months ago

    In addition to the excellent points made by steventhedev and koper:

    user.password = await hashPassword(user.password);

    Just this one line of code alone is wrong.

    1. It’s unclear, but quite likely that the type has changed here. Even in a duck typed language this is hard to manage and often leads to bugs.
    2. Even without a type change, you shouldn’t reuse an object member like this. Dramatically better to have password and hashed_password so that they never get mixed up. If you don’t want the raw password available after this point, zero it out or delete it.
    3. All of these style considerations apply 4x as strongly when it’s a piece of code that’s important to the security of your service, which obviously hashing passwords is.
    • Aijan@programming.devOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      6
      ·
      2 months ago

      I appreciate the security concerns, but I wouldn’t consider overriding the password property with the hashed password to be wrong. Raw passwords are typically only needed in three places: user creation, login, and password reset. I’d argue that having both password and hashedPassword properties in the user object may actually lead to confusion, since user objects are normally used in hundreds of places throughout the codebase. I think, when applicable, we should consider balancing security with code maintainability by avoiding redundancy and potential confusion.

      • nous@programming.dev
        link
        fedilink
        English
        arrow-up
        9
        ·
        2 months ago

        When is the hashed password needed other than user creation, login or password resets? Once you have verified the user you should not need it at all. If anything storing it on the user at all is likely a bad idea. Really you have two states here - the unauthed user which has their login details, and an authed user which has required info about the user but not their password, hashed or not.

        Personally I would construct the user object from the request after doing auth - that way you know that any user object is already authed and it never needs to store the password or hash at all.

        • Aijan@programming.devOP
          link
          fedilink
          arrow-up
          1
          arrow-down
          2
          ·
          2 months ago

          Perhaps I was unclear. What I meant to say is that, whenever possible, we shouldn’t have multiple versions of a field, especially when there is no corresponding plaintext password field in the database, as is the case here.

          • nous@programming.dev
            link
            fedilink
            English
            arrow-up
            4
            ·
            2 months ago

            And they were arguing the same - just renaming the property rather than reusing it. You should only have one not both but naming them differently can make it clear which one you have.

            But here I am arguing to not have either on the user object at all. They are only needed at the start of a request and should never be needed after that point. So no point in attaching them to a user object - just verify the username and password and pass around user object after that without either the password or hash. Not everything needs to be added to a object.

      • Atlas_@lemmy.world
        link
        fedilink
        arrow-up
        6
        ·
        2 months ago

        I absolutely agree. An even better structure wouldn’t have a raw password field on the user object at all.

  • Rogue@feddit.uk
    link
    fedilink
    arrow-up
    8
    arrow-down
    1
    ·
    2 months ago

    A quick glance and this seemed nothing to do with self documenting code and everything to do with the flaws when code isn’t strictly typed.

  • graycube@lemmy.world
    link
    fedilink
    arrow-up
    7
    ·
    2 months ago

    I would have liked some comments explaining the rules we are trying to enforce or a link to the product requirements for it. Changing the rules requirements is the most likely reason this code will ever be looked at again. The easier you can make it for someone to change them the better. Another reason to need to touch the code is if the user model changes. I suppose we might also want a different password hash or to store the password separately even a different outcome if the validation fails. Or maybe have different ruled for different user types. When building a function like this I think less about “ideals” and more about why someone might need to change what I just did and how can I make it easier for them.

    • nous@programming.dev
      link
      fedilink
      English
      arrow-up
      7
      ·
      2 months ago

      and how can I make it easier for them.

      I am wary of this. It is very hard to predict what someone else in the future might want to do. I would only go so far as to ensure nothing I am doing will unnecessarily block a refactor later on but I would avoid trying to add or abstract things in ways that make the current code harder to read because you think it might be easier for someone to add to in the future.

      I have needed, far too many times, to strip out some unused abstraction to do something that abstraction was never intended to allow because someone was trying to save me time and predict what might happen to the code in the future and got it completely wrong. It is far easier to add an abstraction to simple code later on when it actually helps then to try and figure out what the abstraction is and remove it when it is found to be wrong.

      • graycube@lemmy.world
        link
        fedilink
        arrow-up
        2
        ·
        2 months ago

        Good point. I think knowing where to draw that line comes with experience (and having to fix lots of other people’s code).

  • dohpaz42@lemmy.world
    link
    fedilink
    English
    arrow-up
    13
    arrow-down
    6
    ·
    2 months ago
    async function createUser(user) {
        validateUserInput(user) || throwError(err.userValidationFailed);
        isPasswordValid(user.password) || throwError(err.invalidPassword);
        !(await userService.getUserByEmail(user.email)) || throwError(err.userExists);
    
        user.password = await hashPassword(user.password);
        return userService.create(user);
    }
    

    Or

    async function createUser(user) {
        return await (new UserService(user))
            .validate()
            .create();
    }
    
    // elsewhere…
    const UserService = class {
        #user;
    
        constructor(user) {
            this.user = user;
        }
    
        async validate() {
            InputValidator.valid(this.user);
    
           PasswordValidator.valid(this.user.password);
    
            !(await UserUniqueValidator.valid(this.user.email);
    
            return this;
        }
    
        async create() {
            this.user.password = await hashPassword(this.user.password);
    
            return userService.create(this.user);
        }
    }
    

    I would argue that the validate routines be their own classes; ie UserInputValidator, UserPasswordValidator, etc. They should conform to a common interface with a valid() method that throws when invalid. (I’m on mobile and typed enough already).

    “Self-documenting” does not mean “write less code”. In fact, it means the opposite; it means be more verbose. The trick is to find that happy balance where you write just enough code to make it clear what’s going on (that does not mean you write long identifier names (e.g., getUserByEmail(email) vs. getUser(email) or better fetchUser(email)).

    Be consistent:

    1. get* and set* should be reserved for working on an instance of an object
    2. is* or has* for Boolean returns
    3. Methods/functions are verbs because they are actionable; e.g., fetchUser(), validate(), create()
    4. Do not repeat identifiers: e.g., UserService.createUser()
    5. Properties/variables are not verbs; they are state: e.g., valid vs isValid
    6. Especially for JavaScript, everything is const unless you absolutely have to reassign its direct value; I.e., objects and arrays should be const unless you use the assignment operator after initialization
    7. All class methods should be private until it’s needed to be public. It’s easier to make an API public, but near impossible to make it private without compromising backward compatibility.
    8. Don’t be afraid to use if {} statements. Short-circuiting is cutesy and all, but it makes code more complex to read.
    9. Delineate unrelated code with new lines. What I mean is that jamming all your code together into one block makes it difficult to follow (like run-on sentences or massive walls of text). Use new lines and/or {} to create small groups of related code. You’re not penalized for the white space because it gets compiled away anyway.

    There is so much more, but this should be a good primer.

    • Caveman@lemmy.world
      link
      fedilink
      arrow-up
      2
      ·
      2 months ago

      I like the service but the constructor parameter is really bad and makes the methods less reusable

      • dohpaz42@lemmy.world
        link
        fedilink
        English
        arrow-up
        2
        ·
        2 months ago

        That’s fair. How would you go about implementing the service? I always love seeing other people’s perspectives. 😊

        • Caveman@lemmy.world
          link
          fedilink
          arrow-up
          1
          ·
          2 months ago

          More or less the same but the user gets passed as a method parameter each time. Validators would be in my opinion a long function inside the service also with named variables like this because it’s just easy to read and there are no surprises. I’d probably refactor it at around 5 conditions or 30 lines of validation logic.

          I recommend trying out using the constructor in services for tools such as a database and methods for data such as user. It will be very easy to use everywhere and for many users and whatever

          const passwordIsValid = ...
          if (!passwordIsValid){
            return whatever
          }
          
  • Kissaki@programming.dev
    link
    fedilink
    English
    arrow-up
    2
    ·
    edit-2
    2 months ago

    Code before:

    async function createUser(user) {
        if (!validateUserInput(user)) {
            throw new Error('u105');
        }
    
        const rules = [/[a-z]{1,}/, /[A-Z]{1,}/, /[0-9]{1,}/, /\W{1,}/];
        if (user.password.length >= 8 && rules.every((rule) => rule.test(user.password))) {
            if (await userService.getUserByEmail(user.email)) {
                throw new Error('u212');
            }
        } else {
            throw new Error('u201');
        }
    
        user.password = await hashPassword(user.password);
        return userService.create(user);
    }
    

    Here’s how I would refac it for my personal readability. I would certainly introduce class types for some concern structuring and not dangling functions, but that’d be the next step and I’m also not too familiar with TypeScript differences to JavaScript.

    const passwordRules = [/[a-z]{1,}/, /[A-Z]{1,}/, /[0-9]{1,}/, /\W{1,}/]
    function validatePassword(plainPassword) => plainPassword.length >= 8 && passwordRules.every((rule) => rule.test(plainPassword))
    async function userExists(email) => await userService.getUserByEmail(user.email)
    
    async function createUser(user) {
        // What is validateUserInput? Why does it not validate the password?
        if (!validateUserInput(user)) throw new Error('u105')
        // Why do we check for password before email? I would expect the other way around.
        if (!validatePassword(user.password)) throw new Error('u201')
        if (!userExists(user.email)) throw new Error('u212')
    
        const hashedPassword = await hashPassword(user.password)
        return userService.create({ email: user.email, hashedPassword: hashedPassword });
    }
    

    Noteworthy:

    • Contrary to most JS code, [for independent/new code] I use the non-semicolon-ending style following JavaScript Standard Style - see their no semicolons rule with reasoning; I don’t actually know whether that’s even valid TypeScript, I just fell back into JS
    • I use oneliners for simple check-error-early-returns
    • I commented what was confusing to me
    • I do things like this to fully understand code even if in the end I revert it and whether I implement a fix or not. Committing refacs is also a big part of what I do, but it’s not always feasible.
    • I made the different interface to userService.create (a different kind of user object) explicit
    • I named the parameter in validatePassword plainPasswort to make the expectation clear, and in the createUser function more clearly and obviously differentiate between “the passwords”/what password is. (In C# I would use a param label on call validatePassword(plainPassword: user.password) which would make the interface expectation and label transformation from interface to logic clear.

    Structurally, it’s not that different from the post suggestion. But it doesn’t truth-able value interpretation, and it goes a bit further.

      • Zagorath@aussie.zone
        link
        fedilink
        arrow-up
        5
        ·
        2 months ago

        If the doco we’re talking about is specifically an API reference, then the documentation should be written first. Generate code stubs (can be as little as an interface, or include some basic actual code such as validating required properties are included, if you can get that code working purely with a generated template). Then write your actual functional implementation implementing those stubs.

        That way you can regenerate when you change the doco without overriding your implementation, but you are still forced to think about the user (as in the programmer implementing your API) experience first and foremost, rather than the often more haphazard result you can get if you write code first.

        For example, if writing a web API, write documentation in something like OpenAPI and generate stubs using Swagger.

          • Zagorath@aussie.zone
            link
            fedilink
            English
            arrow-up
            3
            ·
            2 months ago

            Yup absolutely. I mentioned web APIs because that’s what I’ve got the most experience with, but .h files, class library public interfaces, and any other time users who are not the implementor of the functionality might want to call it, the code they’ll be interacting with should be tailored to be good to interact with.