Follow-up from "Support the JWT params set by Workhorse in upload requests"
The following discussions from !33277 (merged) should be addressed:
-
@stanhu started a discussion: (+3 comments) Do we want to add tests for someone trying to spoof invalid or replaying old JWTs?
-
@nolith started a discussion: (+3 comments) Can we already open a follow-up issue for the FF removal and put the link here with the
TODO
item?We should add the link in the code as well. So we have cross-references.
From our code review guidelines, responsibility of the merge request author.
Avoid:
- Adding comments (referenced above, or TODO items) directly to the source code unless the reviewer requires you to do so. If the comments are added due to an actionable task, a link to an issue must be included.
Bold is mine.
-
@nolith started a discussion: (+2 comments) This function is exactly the same code as
self.from_params(params, field, upload_paths, path_override = nil)
with a couple of minor tweaks.[ ... ]
Good point, making feature flag removal easy it's worth the extra complexity.
Perhaps we need a
TODO
comment here and reference it in #233895 (closed).Absolutely, I will also suggest writing something like this:
- mark the function as deprecated
- add a TODO linking to #233895 (closed)
- make sure there is something matching a
grep
scan for the feature flag (i.e. maybe we could log a warning ifFeature.enabled?(:upload_middleware_jwt_params_handler) == false
)