search

ChristianTremblay / pyhaystack

Pyhaystack is a module that allow python programs to connect to a haystack server project-haystack.org. Connection can be established with Niagara Platform running the nhaystack, Skyspark and Widesky. For this to work with Anaconda IPython Notebook in Windows, be sure to use "python setup.py install" using the Anaconda Command Prompt in Windows. If not, module will be installed for System path python but won't work in the environment of Anaconda IPython Notebook. You will need hszinc 1.3+ for this to work.
Apache License 2.0
74 stars 32 forks source link

Niagara 4.9 | Possible breaking change for login #86

Closed ChristianTremblay closed 4 years ago

ChristianTremblay commented 4 years ago

Ref : Breaking change: HTTP SCRAM Authentication Session Cookie

I don't have 4.9 yet to make any test, here is what article tells... with Java code extract

DESCRIPTION

Summary

Prior to Niagara 4.9, the HTTP SCRAM authentication client reference implementation AuthClientExample.java made the assumption that the session ID cookie would be set in the first Set-Cookie response header. This assumption was unsafe, and due to changes to the web server in Niagara 4.9, the session ID cookie will no longer be set in the first Set-Cookie response header. Any HTTP SCRAM authentication client implementations based on the AuthClientExample reference implementation must be updated to account for differing ordering of Set-Cookie headers to properly capture the session ID cookie.

Remediation

HTTP SCRAM authentication client implementations based on the AuthClientExample reference implementation should have a section of code similar to this section from the reference implementation:

// Set the session Cookie we got from the server
// make sure you save the sessionId for subsequent requests for the same session
String cookie = connection.getHeaderField("Set-Cookie");
if (cookie != null && cookie.startsWith(niagaraParameters.getSessionCookieName()))
{
  sessionId = (cookie.split(";"))[0].trim();
  sessionId = sessionId.split("=")[1];
  System.out.println("*** sessionid: " + sessionId);
}

This section of code should be updated to match the new reference implementation to account for multiple Set-Cookie headers:

// Set the session Cookie we got from the server
// make sure you save the sessionId for subsequent requests for the same session
List<String> cookieHeaders = connection.getHeaderFields().get("Set-Cookie");
if (cookieHeaders != null)
{
  for (String cookie : cookieHeaders)
  {
    if (cookie != null && cookie.startsWith(niagaraParameters.getSessionCookieName()))
    {
      sessionId = (cookie.split(";"))[0].trim();
      sessionId = sessionId.split("=")[1];
      System.out.println("*** sessionid: " + sessionId);
      break;
    }
  }
}

@sjlongland For your info

ChristianTremblay commented 4 years ago

For now, login works on Niagara 4.9 without changing anything to our implementation.

This is good news

<GetGridOperation done: <Grid>
    Version: 2.0
    Columns:
        productUri
        tz
        moduleName
        serverName
        productName
        haystackVersion
        productVersion
        moduleVersion
        serverTime
        moduleUri
        serverBootTime
    Row    0:
    productUri=Uri('http://www.tridium.com/')
    tz='New_York'
    moduleName='nhaystack'
    serverName='PythonInTheBuilding'
    productName='Niagara 4'
    haystackVersion='2.0'
    productVersion='4.9.0.198'
    moduleVersion='3.0.3'
    serverTime=datetime.datetime(2020, 9, 29, 0, 5, 41, 509000, tzinfo=<DstTzInfo 'America/New_York' EDT-1 day, 20:00:00 DST>)
    moduleUri=Uri('https://bitbucket.org/richiemac_77/nhaystack')
    serverBootTime=datetime.datetime(2020, 9, 28, 23, 55, 55, 970000, tzinfo=<DstTzInfo 'America/New_York' EDT-1 day, 20:00:00 DST>)
</Grid>>
ChristianTremblay commented 4 years ago

We'll reopen if troubles shows up. Related to this post : https://github.com/ci-richard-mcelhinney/nhaystack/issues/3