Activity
Where do you think test factories come in here? A RatingFactory could make sure that the object instance we're using for tests is valid without us having to care how it's achieved.
Posted in Liskov Substitution Principle Discussion
It's not only the initial class design that led to a LSP violation, it's also the function using the classes. Both made the error to assume that all birds can fly.
Having to change the contract in that migrate_south
can't use generic Birds anymore is exactly what the LSP is supposed to prevent. So, instead of treating the symptom, let's refactor the abstraction, especially the interface, correctly. The key is that all birds can travel.
def migrate_south(birds)
birds.each do |bird|
bird.travel(AFRICA)
end
end
class Bird
def travel(destination)
walk(destination)
end
private
def walk(destination)
end
end
class Emu < Bird
end
class FlyingBird < Bird
def travel(destination)
fly(destination)
end
private
def fly(destination)
end
end
class Eagle < FlyingBird
end
class Penguin < Bird
def travel(destination)
if (walking_distance?(destination))
walk(destination)
else
book_trip(destination)
end
end
private
def walking_distance?(destination)
end
def book_trip(destination)
end
end
The refactoring would first introduce the travel
method which simply calls fly
, so altering migrate_south
to use travel
instead of fly
won't change the app behaviour. Then we introduce the FlyingBird
; thanks to the LSP we can make it the Eagle
's new parent class without problems. We also make walk
a Bird
's default mode of travel
. Finally, we can introduce the Penguin
class — all without breaking migrate_south
.
Yes, this is about a worst-case scenario, as it is often in the context of security. You would want to delete the token and reissue a new one ASAP. If you added your email address to the token, that's now out in the wild, making things even worse.
I'd advise against adding the email address to the payload. The purpose of tokens is being able to store them client-side in a secure fashion. By adding the email address to the token, you'd expose 50% of your login credentials.