Skip to content

Fix ActionCable auth fallback + unblock deploy (diff-lcs)#103

Merged
HamptonMakes merged 3 commits intomainfrom
hephaestus/actioncable-auth
May 4, 2026
Merged

Fix ActionCable auth fallback + unblock deploy (diff-lcs)#103
HamptonMakes merged 3 commits intomainfrom
hephaestus/actioncable-auth

Conversation

@HamptonMakes
Copy link
Copy Markdown
Collaborator

@HamptonMakes HamptonMakes commented May 4, 2026

Summary

  • Unify authentication across HTTP and ActionCable via CoPlan::Authentication
  • Fallback to configured authenticate callback when connection.current_user is absent
  • Fix deploy failure by adding missing diff-lcs dependency

Why

  • Hosts without ApplicationCable::Connection#current_user were failing websocket auth
  • diff_to_operations requires diff/lcs but dependency was missing, breaking deploy

Changes

  • Add engine/app/services/coplan/authentication.rb
  • Update PlanPresenceChannel to resolve user via shared auth
  • Update ApplicationController to use shared auth
  • Add diff-lcs to gemspec
  • Add spec for websocket auth fallback

Verification

  • Specs: 83 examples, 0 failures
  • Manual: channel fallback resolves user via authenticate callback

Risk

  • Low: consolidates existing auth logic; preserves behavior when current_user exists

Follow-ups

  • Bump coplan-engine in coplan-square after merge and redeploy

@HamptonMakes
fix(actioncable): unify authentication via engine and add diff-lcs de…
79f9097 
…pendency to unblock deploy

Use shared CoPlan::Authentication for both HTTP and ActionCable contexts, falling back when connection.current_user is absent. This fixes websocket auth failures in hosts without ApplicationCable::Connection.

Also add missing diff-lcs dependency required by diff_to_operations to fix deploy error.
HamptonMakes
HamptonMakes commented May 4, 2026
View reviewed changes
Comment thread engine/app/channels/coplan/plan_presence_channel.rb
@HamptonMakes
fix(actioncable): require authentication explicitly in channel subscr…
73685d8 
…iption

Reject unauthenticated websocket subscriptions early instead of relying on implicit policy checks. Simplifies lifecycle methods and aligns with reviewer feedback.
HamptonMakes
HamptonMakes commented May 4, 2026
View reviewed changes
Comment thread engine/app/channels/coplan/plan_presence_channel.rb Outdated
@HamptonMakes @sisyphus-dev-ai
fix(actioncable): use current_user accessor in presence channel
7617c71 
Route channel subscription auth through the memoized current_user method instead of reading @current_user directly.

Ultraworked with [Sisyphus](https://github.com/code-yeongyu/oh-my-openagent)

Co-authored-by: Sisyphus <clio-agent@sisyphuslabs.ai>
@HamptonMakes HamptonMakes merged commit 1875f2e into main May 4, 2026
5 checks passed
@HamptonMakes HamptonMakes deleted the hephaestus/actioncable-auth branch May 4, 2026 17:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@HamptonMakes