Splitting IUserAuthRepository

132 views
Skip to first unread message

Joshua Lewis

unread,
Feb 13, 2012, 2:51:50 PM2/13/12
to ServiceStack .NET Open Source REST Web Services Framework
Hi Demis,
As you know I've been looking into the Auth modules, and have been
attempting to roll my own NHibernate implementation of
IUserAuthRepository. It appears that the 'write' methods are used only
by the registration and roles services. The classes dealing with
authentication and permissions (like attributes etc) use only the
'read' methods of the interface. Do you think there is value in
splitting the interface? (With reference to Interface Segregation
Principle).

In certain scenarios the write methods may not be necessary. For
example, in my project, I'm using ServiceStack for 3rd party web
integration. There is no public facing website, and the concept of
self-registration doesn't make sense. The credentials for users of the
website will be administered through a seperate interface (possibly
manually to begin with). I therefore have no need of
RegistrationService, and therefore I don't need the write methods of
IUserAuthRepository (which make it more challenging to implement the
interface).

(I may be wrong about the authentication and permission classes using
only the read methods).

What are your thoughts on this?

I'd be prepared to take a stab at doing this work.

Joshua Lewis

Demis Bellot

unread,
Feb 13, 2012, 3:19:51 PM2/13/12
to servic...@googlegroups.com
Why not just throw NotImplementedExceptions for the parts of the interface your API doesn't need?

Joshua Lewis

unread,
Feb 13, 2012, 3:43:37 PM2/13/12
to ServiceStack .NET Open Source REST Web Services Framework
That's exactly what I'm doing now, but AuthProvider shouldn't need to
know about those other methods (Interface Segregation Principle).

Plus, it makes me feel kinda dirty :P

Demis Bellot

unread,
Feb 13, 2012, 3:52:16 PM2/13/12
to servic...@googlegroups.com
Except that Registration + Authentication is pretty tied together.
And then the user would then need to complicate things further by registering the same dependency twice, e.g:

container.Register<IUserAuthVerification>(..OrmLiteUserAuthRepository..);
container.Register<IUserAuthRegistration>(..OrmLiteUserAuthRepository..);

If you really want this I'm ok with splitting the interfaces into something like: 

IAuthUserRepository : IUserAuthVerification, IUserAuthRegistration {}

Do you want to come up with better names the interfaces?
Also can you partition the interface into each interface? i.e. which methods do you want belonging to which interface?

Cheers,

Joshua Lewis

unread,
Feb 13, 2012, 4:14:49 PM2/13/12
to ServiceStack .NET Open Source REST Web Services Framework
I anticipated creating a single interface which implements both the
'sub' interfaces. This solves the dependency issue, and also means the
existing Repository implementations don't need to change.

I've already had a look at the code. The 'verfication' interface needs
only these:
bool TryAuthenticate(string userName, string password, out
string userId);
void LoadUserAuth(IAuthSession session, IOAuthTokens tokens);
void SaveUserAuth(IAuthSession authSession);//I'm not sure how
well named this method is
string CreateOrMergeAuthSession(IAuthSession authSession,
IOAuthTokens tokens);

I'll have a think about the names, though I'm not sure I'd come up
with anything better than the ones you've suggested.

In the interim, I used the name IUserAuthReadRepository.
The other changes include:
AuthProvider.protected virtual void SaveUserAuth(IServiceBase
authService, IAuthSession session, IUserAuthReadRepository authRepo,
IOAuthTokens tokens)

and:
public virtual bool TryAuthenticate(IServiceBase authService, string
userName, string password)
{
var authRepo = authService.TryResolve<IUserAuthReadRepository>();
//Rest of method the same
}

Thanks for the assistance!

Joshua Lewis

unread,
Feb 14, 2012, 2:05:34 AM2/14/12
to ServiceStack .NET Open Source REST Web Services Framework
Hi again,
I've done some more work on the NHibernate IUserAuthRepository this
morning, based on the OrmLiteUserAuthRepository (essentially replacing
the DBCommand statements with ISession-based statements). After all
the methods have been filled out, AuthProvider uses all but 4 of the
methods, directly and indirectly. The 4 that aren't used are:

public UserAuth CreateUserAuth(UserAuth newUser, string password)
public void SaveUserAuth(UserAuth userAuth)
public void SaveUserAuth(IAuthSession authSession)
public UserAuth UpdateUserAuth(UserAuth existingUser, UserAuth
newUser, string password)

I've changed my opinion, I don't think its worth splitting the
interface anymore. Sorry for the trouble. Thanks for taking the time
to discuss it with me.

Joshua

Demis Bellot

unread,
Feb 14, 2012, 2:46:18 AM2/14/12
to servic...@googlegroups.com
ok no worries, happy to hear you're making progress.

Joshua Lewis

unread,
Mar 8, 2012, 8:03:19 AM3/8/12
to ServiceStack .NET Open Source REST Web Services Framework
I've uploaded my NHibernate-based IUserAuthRepository implementation
here: https://gist.github.com/2000863
Note that the work-around required to persist the UserAuth entity is
required in the UserAuthMap class.

Joshua
Reply all
Reply to author
Forward
0 new messages