Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow websocket connections with external auth #6912

Merged
merged 3 commits into from
Jan 26, 2024
Merged

Allow websocket connections with external auth #6912

merged 3 commits into from
Jan 26, 2024

Conversation

pretendWhale
Copy link
Contributor

@pretendWhale pretendWhale commented Jan 25, 2024
edited
Loading

Motivation and Context

Currently, websocket connections fail when users are logged in via external auth (i.e. UTORAuth). This is because current_user is not added to user sessions when logged in via external auth.

Your Changes

Description:
Added a check for remote authorization when attempting to create a websocket connection.

Type of change (select all that apply):

  • Bug fix (non-breaking change which fixes an issue)

Testing

Tested that when logged in via external auth websocket connections work in the web interface. Added a test for the case that a user is logged in via external auth.

Questions and Comments (if applicable)

I think the order of the checks is right - as it stands, we check for the remote auth first, then override with current user if it exists (which should catch role-switched users), then falling back to real_user_name if current_user is not set by either previous check. But I'd appreciate a second opinion.

Checklist

  • I have performed a self-review of my own code.
  • I have verified that the pre-commit.ci checks have passed.
  • I have verified that the CI tests have passed.
  • I have reviewed the test coverage changes reported on Coveralls.
  • I have added tests for my changes.
  • I have updated the Changelog.md file.

Pull request to make documentation changes (if applicable)

@pretendWhale pretendWhale changed the title Allow websoccket connections with external auth Allow websocket connections with external auth Jan 25, 2024
@pretendWhale pretendWhale added this to the v2.4.4 milestone Jan 25, 2024
david-yz-liu
david-yz-liu reviewed Jan 26, 2024
View reviewed changes
app/channels/application_cable/connection.rb
@@ -2,6 +2,9 @@ module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
if request.session[:auth_type] == 'remote'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Very nice. In comparing this implementation with MainController#login, I note that the latter uses a remote_auth? helper, which checks another session key. I suspect it would be prudent to do the same here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @david-yz-liu - thanks for the review! Sessions are not available in cable (hence the use of request.session), so we can't directly re-use remote_auth?. We do check the same session key here as in that method. Would you be alright with keeping it this way for simplicity, or is there another approach we should be thinking of?

Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pretendWhale oh sorry you're totally right, I missed that even though I was looking at exactly this line. All good 👍

david-yz-liu
david-yz-liu approved these changes Jan 26, 2024
View reviewed changes
app/channels/application_cable/connection.rb
@@ -2,6 +2,9 @@ module ApplicationCable
class Connection < ActionCable::Connection::Base
identified_by :current_user
def connect
if request.session[:auth_type] == 'remote'
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@pretendWhale oh sorry you're totally right, I missed that even though I was looking at exactly this line. All good 👍

@david-yz-liu david-yz-liu merged commit 05f72ed into MarkUsProject:master Jan 26, 2024
6 checks passed
donny-wong pushed a commit to donny-wong/Markus that referenced this pull request Jan 28, 2024
@pretendWhale
Allow websocket connections with external auth (MarkUsProject#6912)
5f081bb
donny-wong pushed a commit to donny-wong/Markus that referenced this pull request Jan 31, 2024
@pretendWhale
Allow websocket connections with external auth (MarkUsProject#6912)
4992a2d
@pretendWhale pretendWhale mentioned this pull request Feb 2, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@david-yz-liu david-yz-liu david-yz-liu approved these changes

@donny-wong donny-wong donny-wong approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v2.4.4
Development

Successfully merging this pull request may close these issues.
3 participants
@pretendWhale @david-yz-liu @donny-wong