adding ability to configure session.secret in local env config

[jloveland]

fixing #926

[lirantal]

This isn't really required because it's already coming from default.js config

[jloveland]

@lirantal, updated please let me know what you think

[mleanos]

LGTM. I also like the addition of validateSessionSecret :) Thanks!

[lirantal]

LGTM

[codydaig]

LGTM.

Thanks! :-D

[ilanbiala]

Why a variable?

[ilanbiala]

Can we get some tests for this?

[jloveland]

@ilanbiala I will add some tests.

[jloveland]

@ilanbiala added tests

[ilanbiala]

Can you explain why this is a variable and not a named function?

[lirantal]

@ilanbiala that entire file is handled with variable functions like that: https://github.com/jloveland/mean/blob/local-session-secret/config/config.js , the validateSessionSecret is not an exception.

[ilanbiala]

@lirantal why is an anonymous function assigned to a variable better than a named function?

[codydaig]

@ilanbiala I'm pretty sure that was a "standard" that a lot of projects picked up and ran with for Node. Currently the rest of the file and server side js files are this way, and for consistency should be kept this way until a refactor is done, which IMO is outside the scope of this PR

[lirantal]

@ilanbiala you're missing the point. I'm not saying it's better or worse, I'm saying that the entire config.js file (https://github.com/jloveland/mean/blob/local-session-secret/config/config.js) makes use of the same style functions, i.e:

var getGlobbedPaths = function (globPatterns, excludes) {}
var validateEnvironmentVariable = function () {}
var validateSecureMode = function (config) {}
var validateSessionSecret = function (config, testing) {}
var initGlobalConfigFolders = function (config, assets) {}
and so on

I don't think that this PR or others should turn into code style PRs. If we want to change this we can opt for another PR to update to better code styles.

[ilanbiala]

@lirantal agreed, but let's add this to the list of things to fix up in the formatting issue you are going to create.

[lirantal]

Cool, np.

[codydaig]

LGTM with the new tests

[lirantal]

@jloveland can you please rebase so we can resolve the conflicts and merge?

[jloveland]

this is ready to merge

[lirantal]

Coverage increased, great work @jloveland ! :)

[ilanbiala]

This should be return done(). However, it doesn't look like there is any asynchronous code being tested, so why are we using done?

[ilanbiala]

@lirantal @jloveland if this is indeed synchronous (which I think it is), then we should revert this PR and remove the callback because it's unnecessary.

[lirantal]

@jloveland can you open a new PR to address the return done() standard as Ilan suggested?

@ilanbiala I agree with the async observation although for the sake of consistency and later updates to the tests it's ok to keep the done callback. After all, the code is not incorrect, but rather just uses a callback.

[jloveland]

@ilanbiala thanks for the review!

@lirantal I can submit a new PR to fix the issue @ilanbiala pointed out.