Prefer forcing timezones #730
Conversation
|
@elle should doorkeeper force UTC times? It's used in Rails and Grape frameworks. Thank you! |
|
@tute We should never use |
|
Thank you Elle! And how would doorkeeper-for-non-rails frameworks define current? |
|
Good point. My apologies. So, yes, we would like to use Would be good to freeze time in the specs and check these methods in various time zones. |
|
@elle is there a standard way to freeze time without timecop? |
|
@lcpriest looking at the gemspec file, timecop is already a development dependency [https://github.com/doorkeeper-gem/doorkeeper/blob/master/doorkeeper.gemspec#L25] Alternatively, we can use http://api.rubyonrails.org/classes/ActiveSupport/Testing/TimeHelpers.html Looking at http://api.rubyonrails.org/classes/ActiveRecord/Timestamp.html, timestamps are saved in UTC by default. So it's a good thing that the methods compare both times in utc. Possible problem would be if someone ever set: |
|
Given that timecop isn't used anywhere, could we drop the dependency and use the TimeHelpers instead? |
|
Would be good to give it a go |
|
I'm at work now, so will be unable to have a go at that - would you be okay to have a look? |
|
Thank you Lachlan and Elle for your work on this. I'm totally up for dropping Timecop; if it's not used anywhere It shouldn't break tests if you remove it as part of this changeset. |
|
@lcpriest: is this potentially backwards incompatible? In what cases? |
|
Any incompatibilities would be if your server was in non UTC time, this could expire a token too soon (or give it an extra day or so) |
|
And so I understand the implications of this change: what are we missing while we don't have doorkeeper do UTC? What issue are we solving? Thanks, again! |
|
It's really just a best practice: |
|
Whoops, sorry. :) Will check those links out to learn the why of this best practice. Elle also wrote about this:
Won't be able to do this homework today, hopefully next Friday! Thanks. |
|
@lcpriest, the two links you show are Rails specific. Questions still stand:
If it was a new library I would definitly follow your suggestion and code, but there are thousands of existing installations, not only in Rails. |
|
@tute this might be an issue with comparing two times that are not equal.
Comparing two times in two different time zones is like comparing apples and oranges. To be useful, both times should be in the same time zone. And the least painful way to solve this is to have both compared times in I think we should use TimeCop and stub the times and time zones in the specs to make sure the time comparison works as intended. I would also probably call |
|
Thank you, Elle! Copying bug report #738 that will be fixed when we merge this PR. I found this issue when following a tutorial, as mentioned in my other issue. In file expires_in && Time.now > expired_timeIn my dev setup, I had to change the line to: expires_in && Time.now.utc > expired_timeso it would correctly validate. This was preventing me from getting to the URI validation and any other validation happening after this. This was an issue because grant dates in the DB were in UTC and my Mac is running in timezone -06.00 (Mexico's CST). So when comparing dates, it wasn't comparing them correctly. I thought they would since they are supposed to be Date/Time objects and comparison would be done internally, accounting for time zones, but it seems it is not like that. This answers my first question (what bugs are right now present), but I still didn't answer my second quesition: Would this changeset introduce potentially backwards incompatible changes? If so, what would be the upgrade process? |
lcpriest
force-pushed
the
chore/its-time
branch
from
6cf549c
to
da8cb1f
Compare
|
Any code outside of the gem written to compare times would not have taken this change into account, but I think if this is adequately changelogged, that isn't necessarily an issue for the gem. The other is that we need to convert both sides of the equivalences to use utc, in cases of servers with non-utc timezones set. |
| end | ||
|
|
||
| def expires_in_seconds | ||
| return nil if expires_in.nil? | ||
| expires = (created_at + expires_in.seconds) - Time.now | ||
| expires = (created_at + expires_in.seconds) - Time.now.utc |
There was a problem hiding this comment.
How does the .seconds method work outside of rails? It's added to the Numeric module:
http://api.rubyonrails.org/classes/Numeric.html
There was a problem hiding this comment.
How does the .seconds method work outside of rails? It's added to the Numeric module:
Pretty sure it does not, I'm surprised Grape users didn't submit related issues.
Right, and potentially convert doorkeeper's legacy data in different time zones. |
|
I've not got time right now to work on this, should I close this or is there someone else who can work on it? |
|
If no one has found issues yet, I'm inclined to close it, as it might introduce new bugs for existing apps. That said, I will have time starting in December to investigate these issues, and I'm ok having this open until then, as it is a potentially useful fix. Your call. Thanks! |
|
|
|
There are no timezone specific tests on this branch. |
|
@tute your issue here sounds like a problem in your database serialization layer/ORM. You should be persisting dates in UTC in the DB, and setting TZ when you load them into Ruby. If you are storing dates in local TZ, then you should to ensure the TZ is set correctly when they are converted from DB to Ruby objects. (In other words, if you are serializing/deserializing from DB with correct TZ handling, then |
|
@lcpriest would you update the NEWS file, and rebase this branch on top of latest master? I'd like to get this merged in. |
lcpriest
force-pushed
the
chore/its-time
branch
from
da8cb1f
to
02755b1
Compare
|
@tute Done :) |
|
Nice! Can you add more context from this PR's discussion into your commit message, and explicitly state this as a potentially backwards incompatible change in the NEWS file? Then we merge. Thanks! |
|
rc3? |
Yep! |
This was initially a change for the sake of the HoundCI, but it is also just A Good Idea™. Forcing UTC should not cause any issues as the way two times are compared takes the timezone into account anyway. Here are a few articles regarding the best practice of Time in Ruby. https://robots.thoughtbot.com/its-about-time-zones https://robots.thoughtbot.com/a-case-study-in-multiple-time-zones http://rails-bestpractices.com/posts/2014/10/22/use-time-zone-now-instead-of-time-now/ http://danilenko.org/2012/7/6/rails_timezones/
lcpriest
force-pushed
the
chore/its-time
branch
from
02755b1
to
f981001
Compare
| @@ -1,3 +1,3 @@ | |||
| module Doorkeeper | |||
| VERSION = "4.0.0.rc2" | |||
| VERSION = "4.0.0.rc3" | |||
There was a problem hiding this comment.
Freeze mutable objects assigned to constants.
There was a problem hiding this comment.
If this shouldn't be another commit, I think github now allows PRs to be squashed on merge.
https://github.com/blog/2141-squash-your-commits
|
Thanks so much! 🎉 |
|
No, Thank you! Doorkeeper is such a great project and everyone I have spoken to so far has been really nice. |
I believe this repositories hound settings encourage not using Time.now without specifying something like timezone or UTC. This should fix those hound errors.