Fix singleton functionality of Asana_Interface::get_client() #143
Labels
cleanup
Improves code organization and usability
performance
Changes related to performance optimization
security
Security vulnerability or tightening
Comments
MichelleBlanchette
added
bug
|
This would be a good opportunity to refactor/rewrite all Asana client-related code anyways since #217 and the PHP SDK seems to no longer be actively maintained... |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Asana_Interfaceshould instead maintain a map of its "instances" rather than having separate, individual static member variables. Additionally, I thinkget_client()and its counterparts should explicitly require a user ID be passed to it.When authenticating multiple users within one session, such as when retrieving and testing "connected users", the authentication is lost each time the singleton loads a new client and user identity. This gets incredibly confusing and insecure as authentication happens across PHP files, function calls, and even processes (such as AJAX functionality).
This has been a problem I've repeatedly tried to fix, but it involves a massive amount of regression testing since this basically the core functionality.
While it's tempting to simply create an
Asana_Userinstantiation class, you should keep in mind that an authenticated Asana client is often passed around between scripts. This is why a singleton was initially decided on being used, because it stores its instances in memory by default.Additionally, I don't like all the uncaught exceptions, though it is important to distinguish errors (and their associated codes and messages) from actually empty or null data returns.
The text was updated successfully, but these errors were encountered: