"'dict' object has no attribute 'encode'" on authorization through "HTTP Bridge Callee"

[freeriderND]

Hi!

I tried to make an authorization scheme through "HTTP Bridge Callee", but got this error:

2018-01-08T15:15:57+0500 [Router      19355] Authorization of 'subscribe' for 'com.site.messages.new.166_2' failed
Traceback (most recent call last):
Failure: autobahn.wamp.exception.ApplicationError: ApplicationError(error=<wamp.error.runtime_error>, args=["'dict' object has no attribute 'encode'"], kwarg
s={}, enc_algo=None)

Here is Crossbar configuration:

    "version": 2,
    "controller": {},
    "workers": [
        {
            "type": "router",
            "realms": [
                {
                    "name": "realm1",
                    "roles": [
                         {
                            "name": "backend",
                            "permissions": [
                                {
                                    "uri": "*",
                                    "allow": {
                                        "publish": true,
                                        "subscribe": true,
                                        "call": true,
                                        "register": true
                                    }
                                }
                            ]
                        },
                        {
                            "name": "user",
                            "authorizer": "com.site.auth"
                        }
                    ]
                }
            ],
            "transports": [
                {
                    "type": "websocket",
                    "endpoint": {
                        "type": "tcp",
                        "port": 9999,
                        "interface": "127.0.0.1"
                    },
                    "auth": {
                        "anonymous": {
                            "type": "static",
                            "role": "user"
                        }
                    }
                },
                {
                    "type": "websocket",
                    "endpoint": {
                        "type": "tcp",
                        "port": 9998,
                        "interface": "127.0.0.1"
                    },
                    "auth": {
                        "anonymous": {
                            "type": "static",
                            "role": "backend"
                        }
                    }
                },
                {
                    "type": "web",
                    "endpoint": {
                        "type": "tcp",
                        "port": 9997,
                        "interface": "127.0.0.1"
                    },
                    "paths": {
                        "/": {
                            "type": "publisher",
                            "realm": "realm1",
                            "role": "backend",
                            "options": {
                                "require_ip": ["127.0.0.1"]
                            }
                        }
                    }
                }
            ]
        },
        {
            "type": "container",
            "options": {
                    "pythonpath": [".."]
            },
            "components": [
                {
                    "type": "class",
                    "classname": "crossbar.adapter.rest.RESTCallee",
                    "realm": "realm1",
                    "extra": {
                        "procedure": "com.site.auth",
                        "baseurl": "https://www.site.com/api/auth/wampauthorizator.php"
                    },
                    "transport": {
                        "type": "websocket",
                        "endpoint": {
                            "type": "tcp",
                            "host": "127.0.0.1",
                            "port": 9998
                        },
                        "url": "ws://127.0.0.1:9998/"
                    }
               }
            ]
        }
    ]
}

Crossbar is behind the Nginx-reverse proxy and responds on 127.0.0.1:9999. Second websocket transport on 127.0.0.1:9998 is needed to configure HTTP Bridge Callee - procedure "com.site.auth" (did not find another way, because otherwise, if you use the same websocket, an authorization collision was obtained - the transport of the component required authorization, which he himself represented).

Here is a detailed error trace:

2018-01-08T15:15:57+0500 [Container   19361] AttributeError: 'dict' object has no attribute 'encode': Traceback (most recent call last):
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/autobahn/wamp/protocol.py", line 895, in onMessage
    on_reply = txaio.as_future(endpoint.fn, *invoke_args, **invoke_kwargs)
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/txaio/tx.py", line 417, in as_future
    return maybeDeferred(fun, *args, **kwargs)
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/twisted/internet/defer.py", line 150, in maybeDeferred
    result = f(*args, **kw)
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/twisted/internet/defer.py", line 1532, in unwindGenerator
    return _inlineCallbacks(None, gen, Deferred())
--- <exception caught here> ---
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/twisted/internet/defer.py", line 1386, in _inlineCallbacks
    result = g.send(result)
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/crossbar/adapter/rest/callee.py", line 72, in on_call
    params=params
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/treq/api.py", line 113, in request
    return _client(**kwargs).request(method, url, **kwargs)
  File "/home/INSTALL/pypy-5.10.0-linux_x86_64-portable/site-packages/treq/client.py", line 127, in request
    method = method.encode('ascii').upper()
exceptions.AttributeError: 'dict' object has no attribute 'encode'

and Crossbar version:

    /  `|__)/  \/__`/__`|__) /\ |__)  |/  \
    \__,|  \\__/.__/.__/|__)/~~\|  \. |\__/

 Crossbar.io        : 17.12.1 (Crossbar.io COMMUNITY)
   Autobahn         : 17.10.1 (with JSON, MessagePack, CBOR, UBJSON)
   Twisted          : 17.9.0-EPollReactor
   LMDB             : 0.93/lmdb-0.9.18
   Python           : 2.7.13/PyPy-5.10.0
 OS                 : Linux-3.2.0-4-amd64-x86_64-with-debian-7.8
 Machine            : x86_64
 Release key        : RWQ0XcNYBo35t9PnNO/8H9oV+bD6Ss3ti49fr6PoqhVfZSHPUvuvIyWT

According to the "HTTP Bridge Callee" documentation:

When making calls to the registered WAMP procedure, you can use the following keyword arguments: method | The HTTP method. (required)

and it seems to me that the problem is precisely this: there is no way to specify a request method for authorization procedures or they are, but not documented.

And now the question:

Is it possible inside Crossbar.io to make a default method (GET or POST) for calls to the registered WAMP procedures which are translates to HTTP requests through HTTP Bridge Callee?

And will my authorization scheme work in this case?

Thank you in advance.

[mitkola]

Is it possible to realize dynamic authenticator as "HTTP Bridge Callee" with last version of crossbar? The result of authentication can be get with call to some other https resource.