VisualReCode / Cocoon

An implementation of the Strangler Fig pattern for ASP.NET Core
Apache License 2.0
62 stars 10 forks source link

Bug: Unexpected msgpack code 13 (positive fixint) encountered #21

Closed conficient closed 2 years ago

conficient commented 2 years ago

Running with Blazor Server on .NET 6, if a user is not logged on we get this exception in the Blazor app's log:

[17:23:30 ERR] Failed to deserialize ReCode.Cocoon.Proxy.Authentication.MessagePrincipal value.
MessagePack.MessagePackSerializationException: Failed to deserialize ReCode.Cocoon.Proxy.Authentication.MessagePrincipal value.
 ---> MessagePack.MessagePackSerializationException: Unexpected msgpack code 13 (positive fixint) encountered.
   at MessagePack.MessagePackReader.ThrowInvalidCode(Byte code)
   at MessagePack.MessagePackReader.ReadArrayHeader()
   at MessagePack.Formatters.ReCode_Cocoon_Proxy_Authentication_MessagePrincipalFormatter1.Deserialize(MessagePackReader& reader, MessagePackSerializerOptions options)
   at MessagePack.MessagePackSerializer.Deserialize[T](MessagePackReader& reader, MessagePackSerializerOptions options)
   --- End of inner exception stack trace ---
   at MessagePack.MessagePackSerializer.Deserialize[T](MessagePackReader& reader, MessagePackSerializerOptions options)
   at MessagePack.MessagePackSerializer.DeserializeFromSequenceAndRewindStreamIfPossible[T](Stream streamToRewind, MessagePackSerializerOptions options, ReadOnlySequence`1 sequence, CancellationToken cancellationToken)
   at MessagePack.MessagePackSerializer.DeserializeAsync[T](Stream stream, MessagePackSerializerOptions options, CancellationToken cancellationToken)
   at ReCode.Cocoon.Proxy.Authentication.CocoonAuthenticationClient.DeserializePrincipal(Stream stream)
   at ReCode.Cocoon.Proxy.Authentication.CocoonAuthenticationClient.AuthenticateAsync(HttpRequest request)
[17:23:30 INF] Cocoon was not authenticated. Failure message: Failed to deserialize ReCode.Cocoon.Proxy.Authentication.MessagePrincipal value.

Looking at the code in CocoonAuthenticationClient,cs, it logs the response and status code, which we see in the Blazor log just before the exception:

[17:23:29 INF] Start processing HTTP request GET http://localhost:9343/facadeauth
[17:23:29 INF] Sending HTTP request GET http://localhost:9343/facadeauth
[17:23:30 INF] Received HTTP response headers after 474.8694ms - 200
[17:23:30 INF] End processing HTTP request after 478.5473ms - 200

Note the 200 response code.

Looking at AuthApiHandler.cs in Cocoon.Legacy it should return a 401 if not logged in, however that does not seem to be happening.

conficient commented 2 years ago

Ran my application with debug versions of the client, and found that the requests to /facadeauth on the legacy app was redirecting to /login?returnUrl=%2Ffacadeauth - the handler was not correctly ignoring the redirect.

I checked the sample WingtipToys app against my implementation, and found this in Startup.Auth.cs:

 OnApplyRedirect = context =>
  {
    /* This prevents the cookie auth model trying to redirect on a 401 */
    if(context.Request.Uri.ToString().Contains("facadeauth") && context.Response.StatusCode == 401)
    {
      return;
    }
    context.Response.Redirect(context.RedirectUri);
  }

This was the missing code in my application, which fixed the issue. I re-checked the Cocoon installation instructions and find that it's not mentioned there, which is why I didn't have it. I will do a pull request to fix this.