Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

cannnot subscribe with access mode #737

Closed
gabriel-vasile opened this issue Mar 28, 2022 · 10 comments
Closed

cannnot subscribe with access mode #737

gabriel-vasile opened this issue Mar 28, 2022 · 10 comments
Labels

Comments

@gabriel-vasile
Copy link
Contributor

gabriel-vasile commented Mar 28, 2022

to reproduce:

  • 2 users
  • user A creates a group with
    Default access mode:
    Auth: JRWPASD
    Anon: N
  • user B tries to subscribe to the group with an access mode:
    {"sub":{"id":"122019","topic":"grpglXHsm2f9tc","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}}

expected: user B joins the group successfully and has access mode JRP
got: topic[grpglXHsm2f9tc] subscription failed subscription rejected due to permissions

asLvl is 0 here when user B subs:

asLvl := auth.Level(pkt.AuthLvl)

@or-else
Copy link
Contributor

or-else commented Mar 28, 2022

Please attach the server-side and client-side logs.

@gabriel-vasile
Copy link
Contributor Author

user A:

tinode        | 2022/03/29 07:57:34 ws: session started nWImM_nmdyg 172.21.0.1:45504 1
tinode        | 2022/03/29 07:57:34 in: '{"hi":{"id":"101521","ver":"0.18.3","ua":"TinodeWeb/0.18.3 (Firefox/95.0; Linux x86_64); tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='nWImM_nmdyg' uid=''
tinode        | 2022/03/29 07:57:34 in: '{"login":{"id":"101522","scheme":"sch","secret":"secre<...>' sid='nWImM_nmdyg' uid=''
tinode        | 2022/03/29 07:57:39 in: '{"sub":{"id":"101523","topic":"me","get":{"what":"sub desc tags cred"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:39 in: '{"sub":{"id":"101524","topic":"grpglXHsm2f9tc","get":{"what":"sub desc"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:41 in: '{"sub":{"id":"101525","topic":"fnd","get":{"what":"sub"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:59 in: '{"leave":{"id":"101527","topic":"grpglXHsm2f9tc"}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:59 in: '{"sub":{"id":"101528","topic":"new101526","set":{"desc":{"public":{"fn":"test sub with acc mode","note":"␡"}}},"get":{"data":{"limit":24},"what":"data sub desc"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'

user B:

tinode        | 2022/03/29 08:00:09 ws: session started TCCIa40zvs8 172.21.0.1:45592 2
tinode        | 2022/03/29 08:00:09 in: '{"hi":{"id":"112854","ver":"0.18.3","ua":"TinodeWeb/0.18.3 (Firefox/95.0; Linux x86_64); tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='TCCIa40zvs8' uid=''
tinode        | 2022/03/29 08:00:09 in: '{"login":{"id":"112855","scheme":"sch","secret":"secre<...>' sid='TCCIa40zvs8' uid=''
tinode        | 2022/03/29 08:00:14 in: '{"sub":{"id":"112856","topic":"me","get":{"what":"sub desc data"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"sub":{"id":"112857","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"set":{"id":"112858","topic":"fnd","desc":{"public":"_type=grp&_query=&_topics=grpglXHsm2f9tc"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"get":{"id":"112859","topic":"fnd","what":"sub"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"leave":{"id":"112860","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"sub":{"id":"112861","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"set":{"id":"112862","topic":"fnd","desc":{"public":"_type=grp&_query=&_topics="}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"get":{"id":"112863","topic":"fnd","what":"sub"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"leave":{"id":"112864","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:28 in: '{"sub":{"id":"112865","topic":"grphyQeaKeBSso","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:28 topic[grphyQeaKeBSso] subscription failed subscription rejected due to permissions, sid=TCCIa40zvs8

Again, to reproduce, just sub to group and ask for any access mode other than the default access mode.

@or-else
Copy link
Contributor

or-else commented Mar 31, 2022

I cannot reproduce:

[02:29:49.021] out: {"sub":{"id":"102361","topic":"grpGOZmMsRbMWQ","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}} 
[02:29:49.035] in: {"ctrl":{"id":"102361","topic":"grpGOZmMsRbMWQ","params":{"acs":{"mode":"JRP","given":"JRWPS","want":"JRP"}},"code":200,"text":"ok","ts":"2022-03-31T02:29:49.022Z"}} 

@or-else
Copy link
Contributor

or-else commented Mar 31, 2022

I suspect your previously subscribed to this topic.

@or-else
Copy link
Contributor

or-else commented Mar 31, 2022

asLvl is 0 here when user B subs:

You are probably using your own gRPC client.

@gabriel-vasile
Copy link
Contributor Author

gabriel-vasile commented Apr 1, 2022

I did some more tests and I'm not sure if i found another issue or it is the same. It seems to have something to do with gRPC plugins.

To reproduce the problem:

  1. create a gRPC plugin which returns pbx.RespCode_REPLACE and the original, unaltered client msg. As I understand from doc comments, this plugin should have no effect on the functionality of the server.
package dummy_plg
import (
	"context"
	"net"

	"github.com/tinode/chat/pbx"
	"google.golang.org/grpc"
)
func main() {
	lis, err := net.Listen("tcp", ":40051")
	if err != nil {
		panic(err)
	}
	s := grpc.NewServer()

	pbx.RegisterPluginServer(s, handler{})
	if err := s.Serve(lis); err != nil {
               panic(err)
        }
}
type handler struct {
	pbx.UnimplementedPluginServer
}
func (h handler) FireHose(c context.Context, r *pbx.ClientReq) (*pbx.ServerResp, error) {
	return &pbx.ServerResp{Status: pbx.RespCode_REPLACE, Clmsg: r.Msg}, nil
}

tinode.conf

	"plugins": [
		{
			"enabled": true,
			"name": "dummy_plg",
			"timeout": 200000,
			"filters": {
				"fire_hose": "pub,sub,get,set"
			},
			"failure_code": 0,
			"failure_text": null,
			"service_addr": "tcp://localhost:40051"
		}
	],
  1. login in webapp, sub to someone, send messages, etc.

expected: everything works as if the plugin was not there
got: tinode | 2022/04/01 09:58:56 s.dispatch: authentication required AsOyMHwbiMk

server logs:

tinode        | 2022/04/01 10:06:37 ws: session started hag0AaSGAeE 172.27.0.1:52878 1
tinode        | 2022/04/01 10:06:37 in: '{"hi":{"id":"116803","ver":"0.18.3","ua":"tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='hag0AaSGAeE' uid=''
tinode        | 2022/04/01 10:06:37 in: '{"login":{"id":"116804","scheme":"basic","secret":"secret' sid='hag0AaSGAeE' uid=''
tinode        | 2022/04/01 10:06:41 in: '{"sub":{"id":"116805","topic":"me","get":{"what":"sub desc tags cred"}}}' sid='hag0AaSGAeE' uid='FfD0YCfLURI'
tinode        | 2022/04/01 10:06:41 s.dispatch: authentication required hag0AaSGAeE

@gabriel-vasile
Copy link
Contributor Author

To fix the problem with authentication required and get to the original reported problem subscription failed subscription rejected due to permissions, inside plugin FireHose method I can add this:

func (h handler) FireHose(c context.Context, r *pbx.ClientReq) (*pbx.ServerResp, error) {
       if r.Msg.Extra == nil {
               r.Msg.Extra = &pbx.ClientExtra{}
       }
       r.Msg.Extra.OnBehalfOf = r.Sess.UserId
       return &pbx.ServerResp{Status: pbx.RespCode_REPLACE, Clmsg: r.Msg}, nil
}

or-else added a commit that referenced this issue Apr 2, 2022
@or-else
Copy link
Contributor

or-else commented Apr 2, 2022

I believe 1fc9699 should fix it. Please verify.

@gabriel-vasile
Copy link
Contributor Author

Seems fixed, thanks.

@or-else
Copy link
Contributor

or-else commented Apr 4, 2022

@or-else or-else closed this as completed Apr 4, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

No branches or pull requests

2 participants