WebSocketBundle icon indicating copy to clipboard operation
WebSocketBundle copied to clipboard

Published 20 hours ago verified publisher icon GeniusesOfSymfony

Cannot use local pusher with enabled authentication

Open PhilippHandke opened this issue 6 years ago • 3 comments

For establishing a secure connection, we use the authentication feature to check access to our topics:

public function secure(
        ConnectionInterface $connection = null,
        Topic $topic,
        WampRequest $request,
        $payload = null,
        $exclude = null,
        $eligible = null,
        $provider = null
    ) {
        if (!$this->isGranted($topic)) {
            throw new FirewallRejectionException();
        }
    }

When using the pusher from a local command line script, it does not get authenticated and our messages cannot be pushed into the channels.

10:57:07 DEBUG     [websocket] GET CLIENT 822 [] []
10:57:07 DEBUG     [websocket] REMOVE CLIENT 822 [] []
10:57:07 INFO      [websocket] anon-4020195625a65b57310875794934178 disconnected ["connection_id" => 822,"session_id" => "4020195625a65b57310875794934178","storage_id" => 822,"username" => "anon-4020195625a65b57310875794934178"] []

How can we establish this while using our authentication method?

PhilippHandke avatar Jan 22 '18 09:01 PhilippHandke

Pusher and User anthentication are agnostic. Read this : https://github.com/GeniusesOfSymfony/WebSocketBundle/blob/master/Resources/docs/SessionSetup.md it explain how configure things to get authenticator working. The drawback is that you need a shared session storage (redis, pdo etc)

jjsaunier avatar Jan 24 '18 10:01 jjsaunier

User authentication is working great except for the pusher service (e.g. WampPusher) which is using Gos\Component\WebSocketClient\Wamp\Client. The Client-class is lacking the authentication functionality: 😟

https://github.com/GeniusesOfSymfony/WebSocketPhpClient/blob/64e4351d42acb77d5b6df748221c889a2f0adee4/Wamp/Client.php#L88

public function setAuthenticationToken()
{
    /* @todo  **/
}

Ends up always getting an "anon"-User while using the pusher.

Are we missing something else?

incrediblecube avatar Jan 24 '18 16:01 incrediblecube

Authentication is working properly with all users accessing the WS-Server. We only do not get the pusher into sending messages because authentication still fails.

Is there some way to allow access for all users that are on the same host (eg. 127.0.0.1), do we need some kind of token for our pusher to exchange authentication information, or how does the server determine the credentials of our pusher?

PhilippHandke avatar Feb 01 '18 14:02 PhilippHandke