-
Notifications
You must be signed in to change notification settings - Fork 3.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[authentication] Validate tokens for binary connections #6233
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Interestingly, it seems that we don't have a test to catch that. @addisonj it is possible to add a test case for this.
So it results in NPE, though the client is still not being allowed in, right? |
correct. It fails in the JWT validation with an NPE and leaves a lot of
chattery logs. I don't believe this will actually makes the logs be less
noisy as it still throws an exception that is logged, but I figured this is
still much better than an NPE
…On Thu, Feb 6, 2020 at 6:05 PM Matteo Merli ***@***.***> wrote:
Currently, binary connects aren't checked to see if they provide a token.
So it results in NPE, though the client is still not being allowed in,
right?
—
You are receiving this because you were assigned.
Reply to this email directly, view it on GitHub
<#6233?email_source=notifications&email_token=AAE3LA2D3VLZTA4GEIQIRT3RBSXURA5CNFSM4KQSLQKKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELBLOSY#issuecomment-583186251>,
or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAE3LA4KRQQB6DN2ZBBMVEDRBSXURANCNFSM4KQSLQKA>
.
|
Currently, binary connects aren't checked to see if they provide a token. This results in a NPE in the JWT validation as well as a whole bunch of log spam. By explictly checking for a null/empty token here, we can avoid some exceptions and clean up log spam.
7e853ce
to
8e599fd
Compare
It should, since we don't print the full stack trace in case of an |
It might be tricky to test since the connection gets rejected. Maybe a way would be to check the exception type when creating a producers (eg: AuthenticationError vs Timeout) |
@merlimat can you check the last comment? |
@sijie I just say we merge it, it should at least give a more clear error message, but we can always clean up the logs more later |
Currently, binary connects aren't checked to see if they provide a token. This results in a NPE in the JWT validation as well as a whole bunch of log spam. By explictly checking for a null/empty token here, we can avoid some exceptions and clean up log spam. Co-authored-by: Addison Higham <ahigham@instructure.com> (cherry picked from commit 00ce81f)
Currently, binary connects aren't checked to see if they provide a token. This results in a NPE in the JWT validation as well as a whole bunch of log spam. By explictly checking for a null/empty token here, we can avoid some exceptions and clean up log spam. Co-authored-by: Addison Higham <ahigham@instructure.com> (cherry picked from commit 00ce81f)
Currently, binary connects aren't checked to see if they provide a token. This results in a NPE in the JWT validation as well as a whole bunch of log spam. By explictly checking for a null/empty token here, we can avoid some exceptions and clean up log spam. Co-authored-by: Addison Higham <ahigham@instructure.com>(cherry picked from commit 00ce81f)
Currently, binary connects aren't checked to see if they provide a token. This results in a NPE in the JWT validation as well as a whole bunch of log spam. By explictly checking for a null/empty token here, we can avoid some exceptions and clean up log spam. Co-authored-by: Addison Higham <ahigham@instructure.com>
Motivation
Currently, binary connects aren't checked to see if they provide a
token.
This results in a NPE in the JWT validation as well as a whole bunch of
log spam.
Modifications
By explicitly checking for a null/empty token here, we can
avoid some exceptions and clean up log spam.
Verifying this change
This change is a trivial rework / code cleanup without any test coverage.
Does this pull request potentially affect one of the following parts:
If
yes
was chosen, please highlight the changesDocumentation