Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unauthorized handshake hook #137

Closed
wants to merge 1 commit into from
Closed

Unauthorized handshake hook #137

wants to merge 1 commit into from

Conversation

shenek
Copy link

@shenek shenek commented Oct 26, 2016
edited

I added an authorization hook into the handshake function.
The hook allows you to raise an exception and return 401 to the client.

@shenek
added a hook 'is_allowed_to_connect' to handshake function
e4b4ca3 
this function could be overriden in an inherited class
to perform some base access checking based on path and headers
if checking fails NotAllowedToConnect exception should be raised
@aaugustin
Copy link
Member

Thanks for the PR. I recognize that it's very inconvenient to override the handshake method currently. I'd like to think a bit about the best API. Perhaps it would be better to split the handshake() method.

@shenek
Copy link
Author

shenek commented Oct 26, 2016
edited

Perhaps it would be better to split the handshake() method.

Sounds like a good idea.
It might be also nice to have a way to override the server response to handshake without rewriting the whole handler function. https://github.com/aaugustin/websockets/blob/master/websockets/server.py#L65

@JostBaron
Copy link

This is really needed - suppose you want to do OAuth authentication/authorization for your websocket server. Then you either need something like this (but ideally even more control over the response), or you need to copy/paste half the server code :(

@aaugustin
Copy link
Member

I tried to come up with a more generic API in #154. Would that PR work for your use case?

Things are a bit messy because on one side WebSocketServerProtocol.handler translates internal exceptions to HTTP codes and on another side you can provide an arbitrary response code in get_response_status. However I didn't want to start down the path of introducing an exception class for every possible use case and to code the exception <--> HTTP mapping in handler.

@aaugustin
Copy link
Member

To epxand on the "more generic" part: for example my proposal supports returning 401 if authentication info is missing and 403 if authentication info is incorrect.

@aaugustin aaugustin mentioned this pull request Jan 15, 2017
Merged
@shenek
Copy link
Author

shenek commented Jan 16, 2017

Well I looked over your branch and I see two things that bother me:

https://github.com/aaugustin/websockets/pull/154/files#diff-a548b853d665035e6e62944845d0a575R133
You are setting headers to self.request_headers and then it could be verified in get_response_status.
Unfortunately I need a part of the path for authentication. So it would be really nice to add something like this to the function:

def read_request_headers(self):
    ...
    self.request_path = path
    ...

But the bigger problem lies here:
https://github.com/aaugustin/websockets/pull/154/files#diff-a548b853d665035e6e62944845d0a575R277
Yes I can return 401 or 403 status. But the connection is initiated anyway. So in the client can just ignore the status and he would have an opened ws connection. So it would bypass the authentication.

@aaugustin
Copy link
Member

Both issues are correct. I'll come up with a revised proposal. Thanks for your feedback.

@aaugustin
Copy link
Member

After e58c1ac you should be all set.

Let me know if you need anything else!

@aaugustin aaugustin closed this May 5, 2017
aaugustin added a commit that referenced this pull request Aug 12, 2017
@aaugustin
Provide a better way to override request handling.
d946ed3 
This replaces the get_response_status() API which never made it into a
release (so there's no backwards incompatibility).

Remove a test that depends on get_response_status() being called after
check_request(). The extension point must be before check_request() so
it can handle regular HTTP requests.

Fix #116.

Supersedes #202 #154, #137.
@aaugustin aaugustin mentioned this pull request Aug 12, 2017
Merged
aaugustin added a commit that referenced this pull request Aug 20, 2017
@aaugustin
Provide a better way to override request handling.
4c186a6 
This replaces the get_response_status() API which never made it into a
release (so there's no backwards incompatibility).

Remove a test that depends on get_response_status() being called after
check_request(). The extension point must be before check_request() so
it can handle regular HTTP requests.

Fix #116.

Supersedes #202 #154, #137.
aaugustin added a commit that referenced this pull request Aug 20, 2017
@aaugustin
Provide a better way to override request handling.
50fd62e 
This replaces the get_response_status() API which never made it into a
release (so there's no backwards incompatibility).

Remove a test that depends on get_response_status() being called after
check_request(). The extension point must be before check_request() so
it can handle regular HTTP requests.

Fix #116.

Supersedes #202 #154, #137.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@shenek @aaugustin @JostBaron