NgRx 4 released

New version of NgRx finally released with new cool features 
19 July 2017   2567
JavaScript

Lightweight interpreted or JIT-compiled programming language with first-class functions.

NgRx 4 is finally out. This is reported by the Angular Blog.

Main features are: 

  • Official support for lazy loading
  • Simplified testing
  • Redesigned router integration

Let's take a better look on it and figure out, what developers brought to user.

Support for Lazy Loading

Earlier it was not very comfy to use lazy loading with NgRx. Coders faced manual loading management and unloading reducers. With this release developers added official support for lazy loading.

@NgModule({
  imports: [
    StoreModule.forRoot(appReducers),
    EffectsModule.forRoot([SourceA, SourceB]),
    RouterModule.forRoot([
      { path: ‘lazy’, loadModule: ‘./lazy.module#LazyModule’ }
    ])
  ]
})
export class AppModule { }
@NgModule({
  imports: [
    StoreModule.forFeature(‘lazy’, lazyReducers),
    EffectsModule.forFeature([SourceC]),
    RouterModule.forChild(childRoutes)
  ]
})
export class LazyModule { }

Improved Testing

NgRx now clearly separates the UI, state management, and side effects. This alone makes testing more straightforward and enjoyable.

Since reducers are synchronous pure functions, testing them was always as easy. But testing effects classes, which heavily rely on RxJS, was tricky.

The RxJS community came up with a great solution to simplify testing RxJS observables — marble testing, which makes tests visual and easy to read. Previously it was not easy to use marbles for testing effects classes, but it has changed with NgRx 4.

describe(‘My Effects’, () => {
  let effects: MyEffects;
  let actions: Observable<any>;

  beforeEach(() => {
    TestBed.configureTestingModule({
      providers: [
        MyEffects,
        provideMockActions(() => actions),
        // other providers
      ],
    });

    effects = TestBed.get(MyEffects);
  });

  it(‘should work’, () => {
    actions = hot(‘—a-’, { a: SomeAction,  … });
    const expected = cold(‘—b’, { b: AnotherAction });
    expect(effects.someSource$).toBeObservable(expected);
  });
});

Redesigned Router Integration

NgRx help coders to solve one of the most difficulty development issues - state management. But it is not the only part of the state management story. The other one is the router. And, that is why, making sure that NgRx and the router work well together was a high priority for NgRx team.

Main issue of NgRx 2 router integration was that the store and the router were synchronized after that fact. This meant that resolvers and guards could not access the new state, which made them less useful. This also meant that the store could not cancel the navigation.

In order to fix it, developers had to make the Angular router more pluggable.

Learn more at Angular Blog

Third Party Apps Could Read Twitter Messaging

According to the company, no one used this vulnerability and the issues is now solved
18 December 2018   677

Until the beginning of December, third-party applications could access Twitter private messages. According to the company, no one took advantage of this vulnerability. Terence Eden, who found it, was paid almost $ 3,000 under the Bug Bounty program.

In 2013, there was a leak of keys to the Twitter API - so applications could access the interface bypassing the social network. To protect users, Twitter implemented an application authorization mechanism through predefined addresses (Callback URL), but it didn’t suit everyone.

Applications that do not support Callback URLs could authenticate using PIN codes. With this authorization, a window pops up that lists which data the user opens to access. The window did not request access to private messages, but in fact the application received it.

On December 6, Twitter reported that it had solved the problem. Judging by the statement of the company on the HackerOne website, no one had time to take advantage of this vulnerability.

This is not the first social network security error related to the API. In September, Twitter discovered a bug in AAAPI (Account Activity API): the system sent a copy of the user's personal message to a random recipient.