User pagination and fields, docblocks, formatting, test improvements #261
Conversation
| * @param string $user_id - User ID to update. | ||
| * @param array $data - User data to update: | ||
| * - Only certain fields can be updated; see the @link below for allowed fields. | ||
| * - "user_metadata" and "app_metadata" fields are merged, not replaced. |
There was a problem hiding this comment.
this is true for this fields but also for the rest of the fields under User. I do like the clarification though.
There was a problem hiding this comment.
In the API docs:
The properties of the new object will replace the old ones ... The metadata fields are an exception to this rule
Am I not capturing that correctly or are the docs wrong?
There was a problem hiding this comment.
Ah. Users behave differently, ignore my first comment.
src/API/Management/Users.php
Outdated
| * Create a new User. | ||
| * | ||
| * @param array $data - User create data: | ||
| * - "connection" name field is required and limited to sms, email, & DB connections. |
There was a problem hiding this comment.
instead of "DB" I'd use "sms, email and auth0 (Username and Password) strategies". I don't think you are allowed to create "ad" db users with this method
There was a problem hiding this comment.
I'm a little hesitant to mix strategies in here. This field is looking for a connection name, not a strategy.
Should we clarify what kind of user can be created here?
There was a problem hiding this comment.
This field is looking for a connection name, not a strategy.
true, but those connections must belong to "one of this strategies: sms, email, auth0"
| * @param array $data - User create data: | ||
| * - "connection" name field is required and limited to sms, email, & DB connections. | ||
| * - "phone_number" field is required by sms connections. | ||
| * - "email" field is required by email and DB connections. |
There was a problem hiding this comment.
depending on the connection settings, "username" could be required for sign-ups as well.
src/API/Management/Users.php
Outdated
|
|
||
| // Passwords are required for DB connections. | ||
| if ('email' !== $data['connection'] && empty($data['password'])) { | ||
| throw new \Exception('Missing required "password" field for DB connection.'); |
There was a problem hiding this comment.
Maybe instead of 'db' use the name of the connection you are being passed.
src/API/Management/Users.php
Outdated
| * | ||
| * @link https://auth0.com/docs/users/search/v3#migrate-from-search-engine-v2-to-v3 | ||
| * @link https://auth0.com/docs/api/management/v2#!/Users/get_users | ||
| * @link https://auth0.com/docs/users/search/best-practices |
There was a problem hiding this comment.
I see many links to sections under /docs/users/search. Why not just point to that page? Anchors to sections may break if a char on the title is changed.
There was a problem hiding this comment.
First link is an anchor, the rest are direct. I wouldn't imagine that the migration guide link will change as it's in a number of places.
There was a problem hiding this comment.
I'd just point to https://auth0.com/docs/users/search/v3 since that's the main page for the search API. Also, in that article there's a link to v2 syntax. So just keep:
| * | ||
| * @return bool | ||
| */ | ||
| protected function errorHasString(\Exception $e, $str) |
There was a problem hiding this comment.
why \ precedes Exception always ?
There was a problem hiding this comment.
\ indicates global namespce
tests/API/Management/UsersTest.php
Outdated
| * | ||
| * @var integer | ||
| */ | ||
| protected $rand; |
There was a problem hiding this comment.
This seems common across entities tests. What about moving this up to the BasicCrudTest class?
There was a problem hiding this comment.
Good catch ... that was kind of silly :)
| protected function getAllEntities() | ||
| { | ||
| $fields = array_keys($this->getCreateBody()); | ||
| $fields[] = $this->id_name; |
There was a problem hiding this comment.
what's this line doing? is like no index is passed to the array? 😕
There was a problem hiding this comment.
$fields is an array of fields to get, created initially as the keys from the createBody array. This adds the id field to that array so we get the id as well.
There was a problem hiding this comment.
but since "arrays in php are not arrays but dictionaries", am I right to assume this will end up adding a key named user_id (specified here https://github.com/auth0/auth0-PHP/pull/261/files/b018f664c75fbfaca8c8febb9148eacb2002d58f#diff-f6b74f1841de4422909e8c5982be5c87R19) with a null value?
There was a problem hiding this comment.
No, this is just a plain array, numeric keys:
[ 'connection', 'email', 'password', 'picture', 'email_verified', 'user_metadata', 'user_id' ]
tests/API/Management/UsersTest.php
Outdated
| $this->domain = $env['DOMAIN']; | ||
| // Get the second page of Users with 1 per page (second result). | ||
| $paged_results = $this->api->getAll([ | ||
| 'sort' => 'created_at:1' |
There was a problem hiding this comment.
do the rest of the entities do the same sorting?
There was a problem hiding this comment.
No. I added this because we're likely to get back a lot of results and this will ensure the pagination check works regardless of the number. Other endpoints don't appear to support sorting.
tests/API/Management/UsersTest.php
Outdated
| try { | ||
| $this->api->create([]); | ||
| } catch (\Exception $e) { | ||
| $caught_connection_error = $this->errorHasString($e, 'connection'); |
There was a problem hiding this comment.
a bit vague. I don't remember the full error message but what about searching for something like "missing param 'connection'" at least? Same for the checks below
|
@lbalmaceda - Also added scopes here, good suggestion ... I'll make a note to add that to other docblocks |
src/API/Management/Users.php
Outdated
| { | ||
| /** | ||
| * Get a single User by ID. | ||
| * Requires scopes: read:users, read:user_idp_tokens. |
There was a problem hiding this comment.
Suggestion -> Enclose values in quotes. (applies for all docblocks)
IMHO required -> explain when the read:user_idp_tokens scope would be required. It's not that to call this endpoint you must provide it, only if you want to obtain the access_tokens for each logged in identity provider.
src/API/Management/Users.php
Outdated
| /** | ||
| * Update a User. | ||
| * Requires scope: update:users. | ||
| * May require scope: update:users_app_metadata |
There was a problem hiding this comment.
ahá!! again, when would this scope be required? Don't say it's implicit on the scope value. You can also rephrase it in a similar way to this:
Requires scope 'update:users'. If the values being changed include the 'user_metadata' or 'app_metadata' fields, additionally the scope must include 'update:users_app_metadata'.
src/API/Management/Users.php
Outdated
| * - "phone_number" field is required by sms connections. | ||
| * - "email" field is required by email and DB connections. | ||
| * - "password" field is required by DB connections. | ||
| * - Depending on the connection user, other fields may be required. |
There was a problem hiding this comment.
i think you meant user->used ??
Also, I don't think we enforce other fields apart from username. (We don't provide a way to customize this either AFAIK, maybe good to look at "custom db sign up scripts"). If it's that one alone, why not just name it?
| $client = $this->apiClient->get() | ||
| ->users(); | ||
| // Fields to include/exclude. | ||
| if (!isset($params['fields']) && null !== $fields) { |
There was a problem hiding this comment.
no debugging is needed as long as it's well documented. Being one case or the other. Both are corrects. I like more the one I suggested in my previous comment since the previous signature didn't have anything but the params dictionary, so anything added later (talking about order) would replace them, but I accept yours as well 👍 Choose whatever that sticks to the other entities' methods behavior.
src/API/Management/Users.php
Outdated
| if (is_array($params['fields'])) { | ||
| $params['fields'] = implode(',', $params['fields']); | ||
| } | ||
| if (null !== $include_fields) { |
There was a problem hiding this comment.
here you're not checking that include_fields is first set on params, so you're overriding it with the explicit parameter.
src/API/Management/Users.php
Outdated
| * Requires scope: update:users. | ||
| * | ||
| * @param string $user_id - User ID of the primary identity | ||
| * @param array $data - Secondary identity to link; either link_with JWT or provider, connection_id, and user_id. |
There was a problem hiding this comment.
What about adding something like "see ways of calling this endpoint in the @link below", like you did for users search v3 above. Or at least add a bulleted list below the data param to differentiate both payloads. (I still find it confusing)
i.e.
- Sending the JWT as the link_with parameter
- Sending the provider, connection_id and user_id values.
| * Should the results returned by getAll be searched for the created user? | ||
| * | ||
| * @var bool | ||
| */ | ||
| protected $findCreatedItem = false; |
There was a problem hiding this comment.
also, doesn't this apply for all the entities with a CREATE method? Should it be generalized like the rand in the super class?
There was a problem hiding this comment.
No, it's an option of sorts
joshcanhelp
force-pushed
the
add-users-pagination-tests
branch
from
816576d
to
6af9428
Compare
|
This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. |
Users::getAll()method