search

GeniusesOfSymfony / WebSocketBundle

:part_alternation_mark: Websocket server for Symfony applications (powered by Ratchet), includes a Autobahn.JS based JavaScript client
MIT License
609 stars 140 forks source link

Cannot use local pusher with enabled authentication #284

Open PhilippHandke opened 6 years ago

PhilippHandke commented 6 years ago

For establishing a secure connection, we use the authentication feature to check access to our topics:

public function secure(
        ConnectionInterface $connection = null,
        Topic $topic,
        WampRequest $request,
        $payload = null,
        $exclude = null,
        $eligible = null,
        $provider = null
    ) {
        if (!$this->isGranted($topic)) {
            throw new FirewallRejectionException();
        }
    }

When using the pusher from a local command line script, it does not get authenticated and our messages cannot be pushed into the channels. 

10:57:07 DEBUG     [websocket] GET CLIENT 822 [] []
10:57:07 DEBUG     [websocket] REMOVE CLIENT 822 [] []
10:57:07 INFO      [websocket] anon-4020195625a65b57310875794934178 disconnected ["connection_id" => 822,"session_id" => "4020195625a65b57310875794934178","storage_id" => 822,"username" => "anon-4020195625a65b57310875794934178"] []

How can we establish this while using our authentication method?

jjsaunier commented 6 years ago

Pusher and User anthentication are agnostic. Read this : https://github.com/GeniusesOfSymfony/WebSocketBundle/blob/master/Resources/docs/SessionSetup.md it explain how configure things to get authenticator working. The drawback is that you need a shared session storage (redis, pdo etc)

incrediblecube commented 6 years ago

User authentication is working great except for the pusher service (e.g. WampPusher) which is using Gos\Component\WebSocketClient\Wamp\Client. The Client-class is lacking the authentication functionality: 😟

https://github.com/GeniusesOfSymfony/WebSocketPhpClient/blob/64e4351d42acb77d5b6df748221c889a2f0adee4/Wamp/Client.php#L88

public function setAuthenticationToken()
{
    /* @todo  **/
}

Ends up always getting an "anon"-User while using the pusher.

Are we missing something else?

PhilippHandke commented 6 years ago

Authentication is working properly with all users accessing the WS-Server. We only do not get the pusher into sending messages because authentication still fails.

Is there some way to allow access for all users that are on the same host (eg. 127.0.0.1), do we need some kind of token for our pusher to exchange authentication information, or how does the server determine the credentials of our pusher?