feat(fxa-admin-panel): add email bounce diagnosticCode to FXA Admin Panel #12551
Conversation
millmason
changed the title
millmason
changed the title
|
@millsoper Concerning the diagnostic code, I'd favor explicitly stating it. Since this is an admin panel, I think a more verbose UX is better. Concerning the security warnings, since these are not lines you altered, so it shouldn't be a concern of this PR. Concerning further test coverage, if I see spots were we could improve coverage, I'll call this out in the code as I review it, thanks for bring this to attention though. |
|
@dschom what would you think of using the |
| bounce = randomEmailBounce(argv.email as string); | ||
| bounce = randomEmailBounce( | ||
| argv.email as string, | ||
| argv.withDiagnosticCode as boolean |
There was a problem hiding this comment.
Should withDiagnosticCode be added to yargs.options on line 17?
| @@ -36,6 +36,7 @@ type EmailBounce { | |||
| bounceType: BounceType! | |||
| bounceSubType: BounceSubType! | |||
| createdAt: Float! | |||
| diagnosticCode: String! | |||
There was a problem hiding this comment.
In the graphql.ts diagnosticCode is nullable. :String! indicates the field is not nullable whereas a type of :String would be nullable. Perhaps this should be consistent between the typescript and the graphql schema?
There was a problem hiding this comment.
It definitely should, thanks!
| }: Pick<EmailBounce, 'email'> & { | ||
| templateName: string; | ||
| bounceType: BounceType; | ||
| bounceSubType: BounceSubType; | ||
| diagnosticCode?: string; |
There was a problem hiding this comment.
Random nit, you could also define diagnosticCode in the Pick, which is a more type centric way of declaring this, e.g. Pick<EmailBounce, 'email' | 'diagnosticCode'>. Note that the set of unioned types here are either not present on EmailBounce, or they are being represented with a more specific type, whereas diagnosticCode's type is already aligned with EmailBounce.diagnosticCode.
| @@ -4,5 +4,6 @@ CREATE TABLE `emailBounces` ( | |||
| `bounceType` tinyint(3) unsigned NOT NULL, | |||
| `bounceSubType` tinyint(3) unsigned NOT NULL, | |||
| `createdAt` bigint(20) unsigned NOT NULL, | |||
| `diagnosticCode` varchar(255) NOT NULL, | |||
There was a problem hiding this comment.
Just checking on state again. This collumn is explictily being declared NOT NULL, yet in graphql.ts the field is marked as Nullable.
There was a problem hiding this comment.
Ahhh that's an error, I'll fix that. Thank you!!
| export function randomEmailBounce(email: string): BounceIsh { | ||
| export function randomEmailBounce( | ||
| email: string, | ||
| withDiagnosticCode: boolean = false |
There was a problem hiding this comment.
So I feel a bit conflicted suggesting this, since IMO randomness in tests is bad. However, this is already the approach being used, so I would suggest leaving the daignosticCode up to chance as well. As far as I can tell, nothing ever sets withDiagnosticCode to true, so this path isn't actually being invoked or tested at the moment.
There was a problem hiding this comment.
Ohh I see what you mean -- I set it as the default here because it's being used in the fxa-admin-server script that we use for manually faking bounces, so I was thinking of it more as a dev tool than a test helper, and setting the default to false allowed it to keep being used the way it had been. It is confusing though. Would it be clearer if I added randomization to the tests? Or should I drop this altogether?
millmason
force-pushed
the
4700-add-diagnosticcode
branch
from
9063344 to
523c87c
Compare
…e obj feat(fxa-admin-panel): add diagnosticCode to auth bounce model feat(fxa-admin-panel): add diagnosticCode col to emailBounces table feat(fxa-admin-panel): fix patch to include procedures and use them feat(fxa-admin-panel): update helpers/email bounce faker to include diagnostic code feat(fxa-admin-panel): add diagnostic code to admin panel display feat(fxa-admin-panel): make diagnosticCode field optional chore(fxa-admin-server) update README with new script flag feat(fxa-admin-panel) explicitly show lack of diagnostic code if none present fix(fxa-admin-panel) fix types for diagnostic code fix(fxa-admin-server) gql type fixes fix(fxa-admin-server) gql fix(fxa-admin-panel) set diagnosticCode default value to empty string
millmason
force-pushed
the
4700-add-diagnosticcode
branch
from
523c87c to
24e4b40
Compare
| CALL assertPatchLevel('126'); | ||
|
|
||
| ALTER TABLE emailBounces | ||
| ADD COLUMN diagnosticCode VARCHAR(255) DEFAULT '', |
Because
This pull request
diagnosticCodecolumn to theemailBouncespaneldiagnosticCodekey onto the appropriate models/gql queriesdiagnosticCodeas a nullable, optional value (to safely allow for querying past records which will not have this value.)--hasDiagnosticCodeflag to the script for generating fake email bounces (fxa/packages/fxa-admin-server/scripts/email-bounce.ts). This allowed me to create email bounce records missing the new field, to make sure they would display properly on the frontend.Issue that this pull request solves
Closes: #12137
Checklist
Put an
xin the boxes that applyScreenshots (Optional)
Please attach the screenshots of the changes made in case of change in user interface.
Before:
Has the same data as the "after" image (i.e., a mix of email bounce records, some with diagnostic codes and some without) but does not display any of them.
After:
Here we can see diagnostic codes when they're present on the record.
Other information (Optional)
Do you think we should explicitly say when there is no diagnostic code present on the record? For example, it might be clearer if, instead of hiding the field when the diagnostic code is absent, we put something like
diagnostic code: none present on recordor something like that.I'd also especially appreciate eyes on the database and gql code.
There are some code scanning checks that are failing (for lines I didn't alter) but it looks like the alert is for "Cryptographically insecure randomness in a security context" and it seems to be pointing at randomness used in tests (as opposed to something security-related in production) so I think we can dismiss that alert.
Finally, I'd like opinions on whether there should be specific test coverage of this. It didn't look to me like we were testing other individual fields on the
emailBouncequeries, but I'm open to other opinions.