Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SLCORE-1032 Wrong token error during sync #1157

Open
wants to merge 2 commits into
base: master
Choose a base branch
from

Conversation

kirill-knize-sonarsource
Copy link
Contributor

@kirill-knize-sonarsource kirill-knize-sonarsource commented Nov 11, 2024

Copy link
Contributor

@damien-urruty-sonarsource damien-urruty-sonarsource left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

A first round of comments

RuleType.VULNERABILITY)))
.start();

server.getMockServer().stubFor(get("/api/system/status").willReturn(aResponse().withStatus(status)));
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it would make sense to improve the server fixture instead of accessing the internals. It might be useful for other cases in the future, and it hides how we implement the fixture

@@ -69,7 +77,7 @@ public OrganizationApi organization() {
}

public IssueApi issue() {
return new IssueApi(helper);
return new IssueApi(helper, wrongTokenCallbackWithConnectionIdParam);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is the IssueApi the only one that accepts this parameter, and not other Api classes?

try (var failedResponse = toBeClosed) {
if (failedResponse.code() == HttpURLConnection.HTTP_UNAUTHORIZED) {
invalidTokenCallback.run();
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I feel propagating this callback in many classes is a bit odd. As discussed maybe we could rely on exceptions and have a "middle -man" catching and acting on them

@kirill-knize-sonarsource kirill-knize-sonarsource force-pushed the feature/kk/SLCORE-1032-Wrong-token-error-during-sync branch from 4ede711 to bef1626 Compare November 25, 2024 14:51
@kirill-knize-sonarsource kirill-knize-sonarsource force-pushed the feature/kk/SLCORE-1032-Wrong-token-error-during-sync branch 2 times, most recently from 6032253 to 66d6373 Compare November 29, 2024 09:04
@kirill-knize-sonarsource kirill-knize-sonarsource force-pushed the feature/kk/SLCORE-1032-Wrong-token-error-during-sync branch from 2d21c06 to bf53de4 Compare November 29, 2024 12:50
@kirill-knize-sonarsource kirill-knize-sonarsource marked this pull request as ready for review November 29, 2024 13:58
Copy link
Member

@nquinquenel nquinquenel left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If we are to merge this, I'd prefer to have it merged after the release. It probably need some dogfooding time.

I'm also unsure about the design, is it alright to apply the same behavior on all methods (i.e. sending a notification)? We already have an handler in ServerApiHelper that is checking for error codes. Sometimes we receive the exception on client side, and sometimes we don't due to catch. Maybe we should adapt method per method the behavior?


public Optional<IssueApi.ServerIssueDetails> tryFetchIssue(String issueKey, String projectKey, String branch, @Nullable String pullRequest,
SonarLintCancelMonitor cancelMonitor) {
return callWithErrorHandleAndRethrow(() -> serverApi.issue().fetchServerIssue(issueKey, projectKey, branch, pullRequest, cancelMonitor));
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure this is working, for example fetchServerIssue is already catching any exception from the HTTP request, it's not going to be handled by your handler

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It works in the sense that it is a transparent wrapper that will notify the client in case a wrapped call throws a corresponding exception. If the wrapped call doesn't throw - the wrapper won't do anything.

@@ -5,6 +5,8 @@
* Signature of `org.sonarsource.sonarlint.core.rpc.protocol.backend.file.DidUpdateFileSystemParams#DidUpdateFileSystemParams` was changed
* Parameter `addedOrChangedFiles` was split into `addedFiles` and `changedFiles`
* Removed parameter `branch` and `pullRequest` from `org.sonarsource.sonarlint.core.rpc.protocol.client.issue.IssueDetailsDto` as it should not be used anymore by the client.
* Add new client method `org.sonarsource.sonarlint.core.rpc.client.SonarLintRpcClientDelegate#invalidToken`
* It is called when the token is invalid and the client should notify the user about it
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'm not sure I like this way of doing. SLCORE is not aware in which context the method was called. For instance, on IntelliJ, we might be calling the server from a wizard on UI thread, we are not going to display a notification during the process. Any error should be done within the scope of the wizard (so as response from the call to the server IMO).

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We haven't discussed in depth the scenarios you described. This feature is more about mitigating the sync errors that lead to an inconsistent state of the app in a way that is not obvious to the user.
Situations like wrong token or network error during the wizard manipulations are not in the scope, and I think notifications to clients should be disregarded or even not sent in the first place. Unfortunately, on the CORE side, we don't track if the Web API call is performed by the client request or because of the CORE internal need. So, not sending notifications is quite tricky.
Let's discus it.

import org.sonarsource.sonarlint.core.serverapi.system.ServerStatusInfo;
import org.sonarsource.sonarlint.core.serverapi.system.ValidationResult;

public class ServerApiErrorHandlingWrapper {
Copy link
Member

@nquinquenel nquinquenel Nov 29, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks complex to maintain and likely to be error prone 🤷🏻

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I came up with this because it's an approach where we centralize all the API calls and handle certain situations like wrong tokens or network errors in a single place. And introducing new API calls will naturally follow the same pattern. Even if not - if someone forgets to put the new call into the wrapper - in the worst-case scenario, we will get an unhandled error for this call as it exists today.
The suggestion above to change API behaviors method per method is pretty much as error-prone as this - you can easily forget to do it. But method per method changes will be a less visible pattern than a centralized wrapper, and I think it's actually easier to forget to follow this idea in the future.

Let's discuss our options. I created a meeting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants