Skip to content

[ECO-4845] Fix wildcard clientId #418

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
sacOO7 merged 6 commits into from
Jul 4, 2024
Merged

[ECO-4845] Fix wildcard clientId #418

sacOO7 merged 6 commits into from
Jul 4, 2024

Conversation

@sacOO7
Copy link
Contributor

@sacOO7 sacOO7 commented Jun 25, 2024
edited
Loading

Fixed #414

  1. Added client_id_for_request method
  2. Added method client_id_for_request_sync to realtime auth
  3. Annotated implementation with right spec

@sacOO7
[ECO-4845] refactored rest/realtime auth
f4d7f2b 
1. Renamed rest auth extra_auth_headers to client_id_header with both rest/realtime specific impl
2. Added method client_id_header_sync to realtime auth
3. Annotated implementation with right spec
@github-actions github-actions bot temporarily deployed to staging/pull/418/features June 25, 2024 10:29 Inactive
@sacOO7 sacOO7 changed the title [ECO-4845] Refactored rest/realtime auth [ECO-4845] Fix wildcard clientId Jun 25, 2024
@github-actions github-actions bot temporarily deployed to staging/pull/418/docs June 25, 2024 10:29 Inactive
AndyTWF
AndyTWF reviewed Jun 25, 2024
View reviewed changes
lib/ably/auth.rb Outdated
def client_id_header(realtime=false)
if options[:client_id] && using_basic_auth?
if realtime
{ 'clientId' => options[:client_id] }
Copy link

@AndyTWF AndyTWF Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For realtime connections the clientId is passed in the query params, not as a header - see RSA7e1

Copy link

@AndyTWF AndyTWF Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think by putting the realtime setting in a method that explicitly mentions header (even if its later put in the right place by subsequent code) is going to make things confusing

Copy link
Contributor Author

@sacOO7 sacOO7 Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, it's just a naming convention. I will try to make it more meaningful 👍

Copy link
Contributor Author

@sacOO7 sacOO7 Jun 25, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

As far as spec impl. is concerned, setting clientId for both realtime and rest follows exactly similar checks
spec- RSA7e

Copy link
Contributor Author

@sacOO7 sacOO7 Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Updated -> bb4b71f

Copy link
Contributor Author

@sacOO7 sacOO7 Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

maybe custom_client_id or external_client_id

Copy link
Contributor Author

@sacOO7 sacOO7 Jun 25, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

updated -> 0f49ede

Copy link
Collaborator

@lawrence-forooghian lawrence-forooghian Jul 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, perhaps we should just have a method which returns the client id to use in the request:

def client_id_for_request
  if options[:client_id] && using_basic_auth?
    return options[:client_id]
  else
    return nil
  end
end

and we update the existing extra_auth_headers method to call this, and update create_websocket_transport to call it?

Copy link
Contributor Author

@sacOO7 sacOO7 Jul 3, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed 1ff7d6b

Copy link
Collaborator

@lawrence-forooghian lawrence-forooghian Jul 4, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Cool, looks good to me — will leave to @AndyTWF to resolve if happy since it's his thread

@github-actions github-actions bot temporarily deployed to staging/pull/418/features June 25, 2024 10:43 Inactive
@github-actions github-actions bot temporarily deployed to staging/pull/418/docs June 25, 2024 10:43 Inactive
@sacOO7 sacOO7 requested a review from AndyTWF June 25, 2024 10:44
@github-actions github-actions bot temporarily deployed to staging/pull/418/features June 25, 2024 10:53 Inactive
@github-actions github-actions bot temporarily deployed to staging/pull/418/docs June 25, 2024 10:54 Inactive
@github-actions github-actions bot temporarily deployed to staging/pull/418/features June 25, 2024 10:59 Inactive
@github-actions github-actions bot temporarily deployed to staging/pull/418/docs June 25, 2024 10:59 Inactive
@sacOO7 sacOO7 requested review from ttypic and removed request for ttypic July 2, 2024 10:21
@lawrence-forooghian
Copy link
Collaborator

lawrence-forooghian commented Jul 2, 2024

@sacOO7 is this a bug that only affects the v2 branch? If not, then shouldn't the fix go into main so that we can release it ASAP?

@ttypic
Copy link
Contributor

ttypic commented Jul 2, 2024

@lawrence-forooghian there is no rush, this problem have been for a long time. Workaround on realtime side implemented for all version <= 1.2.5

@sacOO7
Copy link
Contributor Author

sacOO7 commented Jul 2, 2024
edited
Loading

@sacOO7 is this a bug that only affects the v2 branch? If not, then shouldn't the fix go into main so that we can release it ASAP?

Actually, this bug was caused by server side changes, so they have patched a fix that will work for ably-ruby <= 1.2.5
Link to internal conversation for more information -> https://ably-real-time.slack.com/archives/C8SPU4589/p1718885475429199

lawrence-forooghian
lawrence-forooghian reviewed Jul 2, 2024
View reviewed changes
lib/ably/auth.rb Outdated
def client_id_header(realtime=false)
if options[:client_id] && using_basic_auth?
if realtime
{ 'clientId' => options[:client_id] }
Copy link
Collaborator

@lawrence-forooghian lawrence-forooghian Jul 2, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yeah, perhaps we should just have a method which returns the client id to use in the request:

def client_id_for_request
  if options[:client_id] && using_basic_auth?
    return options[:client_id]
  else
    return nil
  end
end

and we update the existing extra_auth_headers method to call this, and update create_websocket_transport to call it?

Base automatically changed from feature/protocol-2-presence to feature/integration-protocol-2 July 3, 2024 11:50
ttypic
ttypic approved these changes Jul 4, 2024
View reviewed changes
Copy link
Contributor

@ttypic ttypic left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@sacOO7
Copy link
Contributor Author

sacOO7 commented Jul 4, 2024

Thanks for the review

@sacOO7 sacOO7 merged commit 08877bf into feature/integration-protocol-2 Jul 4, 2024
@sacOO7 sacOO7 deleted the fix/wildcard-clientId-request branch July 4, 2024 18:30
@sacOO7 sacOO7 mentioned this pull request Jul 4, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@lawrence-forooghian lawrence-forooghian lawrence-forooghian approved these changes

@ttypic ttypic ttypic approved these changes

@SimonWoolf SimonWoolf Awaiting requested review from SimonWoolf

@AndyTWF AndyTWF Awaiting requested review from AndyTWF

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sacOO7 @lawrence-forooghian @ttypic @AndyTWF