Jochen Lillich

Joined

4,640 Experience
46 Lessons Completed
0 Questions Solved

Activity

Posted in How to Test Validations in Rails Discussion

Where do you think test factories come in here? A RatingFactory could make sure that the object instance we're using for tests is valid without us having to care how it's achieved.

Posted in Liskov Substitution Principle Discussion

It's not only the initial class design that led to a LSP violation, it's also the function using the classes. Both made the error to assume that all birds can fly.

Having to change the contract in that migrate_south can't use generic Birds anymore is exactly what the LSP is supposed to prevent. So, instead of treating the symptom, let's refactor the abstraction, especially the interface, correctly. The key is that all birds can travel.

def migrate_south(birds)
  birds.each do |bird|
      bird.travel(AFRICA)
    end
end

class Bird
  def travel(destination)
      walk(destination)
    end

    private

    def walk(destination)
    end
end

class Emu < Bird
end

class FlyingBird < Bird
  def travel(destination)
      fly(destination)
    end

    private

    def fly(destination)
    end
end

class Eagle < FlyingBird
end

class Penguin < Bird
  def travel(destination)
      if (walking_distance?(destination))
          walk(destination)
        else
          book_trip(destination)
        end
    end

    private

  def walking_distance?(destination)
    end

    def book_trip(destination)
    end
end

The refactoring would first introduce the travel method which simply calls fly, so altering migrate_south to use travel instead of fly won't change the app behaviour. Then we introduce the FlyingBird; thanks to the LSP we can make it the Eagle's new parent class without problems. We also make walk a Bird's default mode of travel. Finally, we can introduce the Penguin class — all without breaking migrate_south.

Yes, this is about a worst-case scenario, as it is often in the context of security. You would want to delete the token and reissue a new one ASAP. If you added your email address to the token, that's now out in the wild, making things even worse.

I'd advise against adding the email address to the payload. The purpose of tokens is being able to store them client-side in a secure fashion. By adding the email address to the token, you'd expose 50% of your login credentials.