Best practice for transaction handling using Entity Framework

I am developing an app which uses Entity Framework for data access. The architecture of the app somewhat like below:

enter image description here

As depicted in the drawing, the business service can be consumed from either web app, cli app or windows service. What I’m trying to design is, each service request should be performed in a single transaction. I’m using dependency injection to inject services to web api controllers. If I use request scoped dbcontext using DI container, it’ll do the job for web api, but won’t work for service requests coming directly from CLI app or windows services.

What are best practices used to handle service level transactions with Entity Framework?


// Services public class UserService {     private TaskService _taskService;     private UserRepository _userRepository;      public UserService(TaskService taskService, UserRepository userRepository)     {         this._taskService = taskService;         this._userRepository = userRepository;     }      public void MarkInactive(int userId)     {         this._taskService.CloseAllPendingTasks(userId);         this._userRepository.MarkInactive(userId);     } }  public class TaskService {     public void CloseAllPendingTasks(int userId)     {         ...     } }  // Consumer // Scenario 1: this._taskService.CloseAllPendingTasks(1);  // Scenario 2: this._userService.MarkInactive(2); 

In above example, In case of Scenario 1, task service should create new transaction for the operation. While in Scenario 2, user service should create a transaction and task service should join the already open transaction.

Best practice for multi-factor re-authentication

We just introduced multi-factor authentication (MFA) to access a business network. This has a re-authentication option: to prompt the user to re-enter the password and MFA code periodically. Like most topics in information security, the re-authentication interval has a tradeoff between security and convenience: a short amount (like 1 hour) has greater security but is inconvenient, while a longer amount (like 8 or 12 hours) is more convenient but has lower security.

Our workers need to access this network throughout the business day. What is a reasonable duration? 4, 6, 8, 12 hours? Something else? Thanks.

Is it a good security practice to force employees hide their employer to avoid being targeted?

A young tech company which operates on sensitive data has employees that fall victim to phishing/porting scams despite its best efforts to instill security fobs, vpn, password managers, non-sms 2FA, limited email access and so on.

Is it a good practice to force employees to hide their employment status from the public to avoid being targeted for hacking (e.g. remove the employer from LinkedIn)?

Is it a bad practice to create a global factory?

I am studing the importance of the design pattern and I am not able to understand if could be a bad behavior to create a global static factory class (maybe using singleton?)

I put an example hoping to make it clearer.

Put that I’m creating a simple game, it could be mastermind or battleship or whatever. I could have human players and a bot players classes, then more field classes, then more pieces classes. Each of these has its own factory method.

Could be a bad practice (against SOLID) to create a static class (or singleton) that create each object? So a single class with a method that create a player, a method that create a field, a method that create a pieces and so on all in the same class?

Good icon for the word “practice”? [closed]

I am creating a sports app where the users can track their practice for a specific aspect of the game. In my menu, I’d like an icon next to it to convey its meaning (and I have an icon for every other entry in the menu).

Right now I am using the Material Icon from Google “border color”. I chose this because that function of the app creates a new entry for their practice stats. I’d rather have something that signifies the action of practicing rather than the function of the app.

Is it bad practice to repeat logic being tested in unit tests?

Often I find myself writing a unit test for code and repeating some or a lot of the logic in the unit test to make the unit test DRY.

For example, consider the following piece of code:

function speak(conditionOne, conditionTwo) {   if (conditionOne) {     return "Hey"   } else if (conditionTwo) {     return "Sup"   } else {     return "Waddup"   } } 

Now I could write a unit test using jest, for example, by hardcoding all the cases.

describe('speak', () => {   test('when condition one but not condition two', () => {     expect(speak(true, false)).toEqual('Hey')   })    test('when condition one and condition two', () => {     expect(speak(true, true)).toEqual('    test('when not condition one but condition two', () => {     expect(speak(false, true)).toEqual('Sup')   })    test('when not condition one and not condition two', () => {     expect(speak(false, false)).toEqual('Waddup')   }) }) 

Or I could try to make it a bit more terse using syntactic sugar but still hardcoding the cases and expected outcomes:

describe('speak', () => {   test.each`     conditionOne | conditionTwo | value     $  {true}      | $  {false}     | $  {'Hey'}     $  {true}      | $  {true}      | $  {'Hey'}     $  {false}     | $  {true}      | $  {'Sup'}     $  {false}     | $  {false}     | $  {'Waddup'}   `('when conditionOne is $  conditionOne and conditionTwo is $  conditionTwo then $  value', ({ conditionOne, conditionTwo, value }) => {     expect(speak(conditionOne, conditionTwo)).toEqual(value)   }) }) 

But you could imagine if there is a decent amount of logic then the number of cases to hardcode in the table become exponential and the outcome isn’t always so easy to hardcode as a value.

This is where I think it might be a good idea to make the test more intelligent, but then it just starts to become a repeat of the unit logic (and what if I got the unit logic wrong?)

For example:

describe('speak', () => {   describe.each`     conditionOne     $  {true}     $  {false}   `('when conditionOne is $  conditionOne', ({ conditionOne }) => {      test.each`        conditionTwo        $  {true}        $  {false}      `('when conditionTwo is $  conditionTwo', ({ conditionTwo }) => {        let value        if (conditionOne) {          value = 'Hey'        } else if (conditionTwo) {          value = 'Sup'        } else {          value = 'Waddup'        }         expect(speak(conditionOne, conditionTwo)).toEqual(value)      }) }) 

This now makes it much easier to test when manually writing out the table would be cumbersome. However, it seems like it is prone to the same bugs as the unit itself? But on the other hand it lets me refactor with confidence and I can see the test cases get printed out and make sure they are OK when the tests get run.