Comments (5)
emlun
commented on July 30, 2024
Thanks for the suggestion! That sounds reasonable, we can probably make that happen.
from java-u2flib-server.
emlun
commented on July 30, 2024
Looking at this again, I feel like there might be little point in introducing a common ancestor exception since the exceptions are used to signal mostly separate failure conditions:
U2fBadConfigurationExceptionmeans there's something wrong in the server configuration.U2fBadInputExceptionmeans the client's response is malformed.NoEligibleDevicesExceptionmeans the state of the client's account does not permit initiating an authentication operation, because no devices are registered.DeviceCompromisedExceptionandInvalidDeviceCounterExceptionmean the signature counter returned from the client is or has been invalid.
Can you share one or a few specific examples of ugly code caused by the current exception (non-)hierarchy? That would help decide how we want to go about this.
from java-u2flib-server.
jasonab
commented on July 30, 2024
Sure, let's look at these from my implementor's perspective:
- U2fBadConfigurationException is absolutely a runtime exception, and there's no reason for any client code to catch it.
- U2fBadInputException is a runtime exception from you, but it's a checked exception to me. I'm sending you user input that could be anything, and it could fail for any reason. I understand that this is supposed to be coming from the key, but I can't guarantee that, so I have to handle this exception to avoid a 500.
- NoEligibleDevicesException is properly a checked exception that I have to handle.
- DeviceCompromisedException is properly a checked exception.
For me, any of the final 3 could be thrown during an authentication flow, and if any of them are thrown, it means authentication failed. I agree that I might need to message them differently, but with the separate types, I have to have multiple catch blocks to differentiate the cause of the error. What would be easier for me is to be able to catch a single "u2f process failed" type exception, with an embedded error code that explains why.
Right now, I have to catch U2fBadInputException and DeviceCompromised exception separately in the same flow, but react the same way.
from java-u2flib-server.
emlun
commented on July 30, 2024
Ah yes, I see. I guess my dabbling in Scala had me still thinking in expression-oriented terms rather than Java's statement-oriented paradigm.
from java-u2flib-server.
emlun
commented on July 30, 2024
This is now released in version 0.19.0. Please have a look, and let us know if you have any more suggestions for improvements. Thanks!
from java-u2flib-server.
Related Issues (20)
- During u2f device registration getting error HOT 6
- Unexpected Token { in Example HOT 1
- Maven versioning HOT 3
- Latest release (0.15.0) missing from repo HOT 2
- Can release 0.16.0 be released? HOT 4
- deviceRegistration.toJsonWithAttestationCert() causes exception HOT 3
- u2flib-server-demo does not build
- code deployoment HOT 2
- registration failing HOT 3
- I cannot open https://localhost:8443/assets/registerIndex.html on Mac HOT 1
- java.security.InvalidKeyException: No installed provider supports this key: org.bouncycastle.jce.provider.JCEECPublicKey HOT 1
- Signing a request in JavaScript with u2f.sign gives {errorCode: 4} in chrome but works in Firefox. HOT 3
- Publish SoftKey.java as a test-jar? HOT 1
- shouldn't requestStorage be a cache and not userStorage HOT 1
- [Information] Scala U2F Server has been developed based on Yubico Java U2F library HOT 1
- promlens with device identification in Chomre and Opera HOT 1
- Unable to build with JDK 10 or JDK 11-ea HOT 2
- Getting error while authenticating U2F token with com.yubico 0.18.1 HOT 6
- Your Example does not compile HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from java-u2flib-server.