fix usage of kundensystemId #471
Conversation
can now be set on FinTsOptions and will be used on next login to prevent having to re-authenticate
|
Any comments? |
There was a problem hiding this comment.
An alternative solution would be to introduce a third persist() tier, which includes minimal plus the kundensystemId but not the large blobs.
Relatedly: Why are you opposed to persisting the whole instance? I vaguely recall the specification advocating for that.
lib/Fhp/FinTs.php
Outdated
| @@ -589,6 +589,8 @@ public function selectTanMode($tanMode, $tanMedium = null) | |||
| } | |||
| $this->selectedTanMode = $tanMode instanceof TanMode ? $tanMode->getId() : $tanMode; | |||
| $this->selectedTanMedium = $tanMedium instanceof TanMedium ? $tanMedium->getName() : $tanMedium; | |||
|
|
|||
| $this->kundensystemId = $this->options->kundensystemId; | |||
There was a problem hiding this comment.
Wrong indentation (also in the other file), please run the auto-formatter (cs-fix?)
lib/Fhp/Options/FinTsOptions.php
Outdated
| * The Kundensystem-Id as returned by the bank and persisted by the application code | ||
| * Prevents having to re-authenticate every time on login | ||
| * Use DialogInitialization::getKundensystemId() on the return-object of FinTs::login(), to get the new one | ||
| * @var string |
There was a problem hiding this comment.
Make it clear by the type here and in the explanation above that this is optional. And give it a null default value.
lib/Fhp/Options/FinTsOptions.php
Outdated
| /** | ||
| * The Kundensystem-Id as returned by the bank and persisted by the application code | ||
| * Prevents having to re-authenticate every time on login | ||
| * Use DialogInitialization::getKundensystemId() on the return-object of FinTs::login(), to get the new one |
There was a problem hiding this comment.
Nit: "return object" without dash (compound nouns in English don't use dash)
My actual question: Why does it say "the new one"? Isn't that the "only" one?
I see two potential misunderstandings (of a library user) here:
- Am I supposed to run
login()every time and then get the kundensystemId? - After getting the kundensystemId, do I need to put it into FinTsOptions right away? And then what, create a new FinTs object right away?
Probably it would help to explain how this interacts with persistence, namely that it's meant to be stored in the database and be used the next time a FinTs instance is created, in a new PHP run. And that it's redundant if full persist() is used.
lib/Fhp/FinTs.php
Outdated
| @@ -589,6 +589,8 @@ public function selectTanMode($tanMode, $tanMedium = null) | |||
| } | |||
| $this->selectedTanMode = $tanMode instanceof TanMode ? $tanMode->getId() : $tanMode; | |||
| $this->selectedTanMedium = $tanMedium instanceof TanMedium ? $tanMedium->getName() : $tanMedium; | |||
|
|
|||
| $this->kundensystemId = $this->options->kundensystemId; | |||
There was a problem hiding this comment.
Why does this happen within selectTanMode() and not in the same place where the persist() stuff is read back?
There was a problem hiding this comment.
Because it works here, no other reason 🤷♀️
There was a problem hiding this comment.
I'd move it into the new() function around line 88, and either put it into the else branch (i.e. only run it when $persistedInstance === null) or into an if ($this->options->kundensystemId === null).
(Without that if protection, it will break any user that doesn't populate the field, because it will overwrite the restored kundensystemId with null -- in fact I'm surprised no tests are breaking.)
|
Ok, fixed the indentation and clarified the description as far as I understood. |
|
Great idea to put this in the options. And please don't add another persist tier. It's confusing enough as it is. |
|
I just checked the So I guess you're only running into the original issue #470 because you're not using |
|
I'm using persist() to save the session until the TAN is available. I had no reason to save it longer, until the Sparkasse got too annoying…
Yes, I think so, too. It fits nicely with very few new lines of code and there is already a getKundensystemId-method in the return object of login(). I only have to remember the Kundensystem-ID and not a whole serialized PHP object. |
| * This is optional, but it prevents having to re-authenticate every time on login | ||
| * if not using a persisted instance with FinTs::persist() | ||
| * Use DialogInitialization::getKundensystemId() on the return object of FinTs::login(), to get the current Kundensystem-Id | ||
| * @var string |
There was a problem hiding this comment.
* @var string|null
*/
public $kundensystemId = null;
While I ultimately don't care, I'd still like to point out that it doesn't square with the original design of that class. As per the documentation, it's meant to be "Configuration options for the connection to the bank." In particular, you could share a single such object across multiple users. Some applications might have a database table where they store all the supported banks plus their parameters in the form of a JSON-serialized FinTsOptions object. The addition of the user-specific kundensystemId would now require such applications to augment the object before passing it into Conceptually, the Kundensystem ID is like a session token. So it's sensitive authentication data and would perhaps fit better into |
|
What about adding it as an optional third parameter to But here is another caveat: If you restored a persisted TAN request, the kundensystemId may already be set and different. In that case, it must not be overridden but extracted to update the old id. This is how I currently have implemented it (simplified version, with accessors from my fork): $this->fints->selectTanMode($tan_mode, $media);
// restore persisted system id, see https://github.com/nemiah/phpFinTS/issues/453
// must not be set for get_supported_tan_modes() (which must be called before init_account)
// If id is already set it was restored from a persisted instance (see constructor) during a TAN request and will be updated in $this->persist_state().
if (null === $this->fints->getKundensystemId() && null !== $system_id) {
$this->fints->setKundensystemId($system_id);
} |
Why is that the right place and not the constructor? The constructor solution seems to fit the lifecycle better (it's restoring state from a previous lifetime of the FinTs object and has nothing to do with TAN mode selection) and in your code you could get rid of the |
It just feels a bit too explicit / naked there next to the three current more generic parameters. But after considering everything it may be the best place to put it. |
|
As I ultimately care little about the specific implementation and more about the outcome, this discussion is too complicated for me. Therefore I propose the following solutions:
Please choose 😁 |
kundensystemId can now be set on FinTsOptions and will be used on next login to prevent having to re-authenticate:
See #458 and #453 and #470