New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNP/HTTP fails to retrieve registered applications #32
Comments
Fixed the issue. There's a further issue to be resolved (Beta 3 now saves the original password used when registering and expects it to match in subsequent registrations, which is a problem for SNP/HTTP as it uses the access token as the password and this changes per session). I'll probably simply remove the password element from SNP/HTTP for now, but I'll give it some thought first. |
Thanks again! I'm checking registration by looking for failed or success object on message send for now. Hmm if you do keep it would it accept an old session token as a password then? Even if that token was wiped from a crash or Snarl restarting? Example: Snarl is restarted in some way causing token to be released
The old token would still work for that app? |
Quick update to keep you in the loop. I'm proposing the following changes to v2:
|
I agree on the password per app bases it only makes sense and using multiple access tokens as passwords gets confusing fast. May i propose as a security option a global access-token that can be reset on the admin panel if needed? Very similar to how most Oauth token verification works. This could weed out any unwanted users/programs from spamming you. |
Yep, that's how the other transports work in R5 as well. You can set a password on the transport within Snarl which will then require any application that wants to talk to the listener to supply a key hash and token that Snarl can match to the password. This will be passed in the headers as the HTTP specs seem unclear on whether body content can be included in DELETE requests. |
Any check of any registration fails.
Registering
Input:
curl -X POST -H "Content-Type: application/json" "http://10.0.0.50:9597/v2/apps?access_token=a7ea1d69-10d8-464a-96f5-e7243629d816" -d "{ 'app-id': 'app', 'title': 'app' }"
Output:
{ "success": { "app-id": "app" } }
Checking if app has been registered:
Input:
curl -X GET 'http://10.0.0.50:9597/v2/apps/app?access_token=a7ea1d69-10d8-464a-96f5-e7243629d816'
Output:
{ "failed": { "error_number": 101, "error_text": "Failed", "reason": "Application \"app\" isn't registered." } }
Strangley enough I can delete it with no issues:
Input:
curl -X DELETE http://10.0.0.50:9597/v2/apps/app?access_token=a7ea1d69-10d8-464a-96f5-e7243629d816
Output:
{ "success": { "app-id": "app" } }
Noticed the app-id has a "@" character applied to it on the Snarl admin page.
https://drive.google.com/open?id=0B-DXGrGCN6DCT1dORW9USGtqNHM
Not sure if related or not.
The text was updated successfully, but these errors were encountered: