-
-
Notifications
You must be signed in to change notification settings - Fork 579
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Eliminate problematic _clean_rooms method
- Loading branch information
1 parent
74e9ab1
commit 370db64
Showing
2 changed files
with
8 additions
and
30 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Has the "clean_rooms" functionality been deprecated indefinitely?
370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Not sure I understand your question. What specific functionality you refer to? The
_clean_rooms()
function was internal and did not provide any useful features to applications.370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I believe it's subtle, but the useful feature in this case is the clean up of the sessions that are saved when clients attempt to connect. I noticed that references to
sid
s stick around in cases where a connect attempt is made, but is unsuccessful at some point. In my case specifically, it happens when the client is blocked for not having valid credentials (with a 401 error).370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It may be worth mentioning that I am using
flask_login.login_required
for validating credentials.370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, so unless you're not supposed to use
flask_login.login_required
withsocketio.on('connect')
, doing so seems to cause a resource leak. The idea is, ifabort(401)
is called bylogin_manager.py
when connecting, ansid
is left lingering for the attempted connection.I can put together an example of this if you like. Package versions I'm using:
Flask (0.10.1)
Flask-Login (0.4.0)
Flask-SocketIO (2.9.0)
python-engineio (1.7.0)
python-socketio (1.7.6)
370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, Flask-Login's
login_required
decorator is not compatible with Flask-SocketIO, it only works for HTTP routes. You can usecurrent_user
in your Flask-SocketIO events, butlogin_required
is not going to work.370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I see, is that due to a limitation at a lower level, or could this be considered as a possible enhancement for Flask-SocketIO?
370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I never intended for Flask-Login authentication to work. That was made for HTTP and this is WebSocket, so it's not compatible. I can't really say that it is impossible to make it work because I didn't really invest the time to see if anything can be done, but I think it is unlikely. If you want to give it a shot and find a way to use
login_required
on the connect handler, I'll add it as a feature. But consider that all the redirect stuff that Flask-Login does when the user is not logged in will have to be disabled, for this usage you want the authentication error to returnFalse
from the connect handler, or maybe a 401. Definitely not a redirect to the login page.370db64
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Okay, sounds good. I'll look into this when I can as I am interested to see if it could work.