search

dunglas / mercure

🪽 An open, easy, fast, reliable and battery-efficient solution for real-time communications
https://mercure.rocks
GNU Affero General Public License v3.0
3.98k stars 296 forks source link

401 Unauthorized, Authorization Token / Secret are correct #413

Closed primus852 closed 3 years ago

primus852 commented 3 years ago

I have a docker-compose which fires up a mercure container

docker-compose

version: '3.8'

services:
    ...
    mercure:
        image: dunglas/mercure
        ports:
            - '8003:443'
            - '8004:80'
        environment:
            - JWT_KEY='so_secret'
            - DEMO=1
            - DEBUG=1
            - ALLOW_ANONYMOUS=1
            - CORS_ALLOWED_ORIGINS=*
            - PUBLISH_ALLOWED_ORIGINS=*
networks:
    default:

But when I POST to POST http://mercure/.well-known/mercure I get this from my mercure container: (prettified)

Log #1
{
   "level":"info",
   "ts":1606379852.84174,
   "logger":"http.handlers.mercure",
   "msg":"Topic selectors not matched or not provided",
   "remote_addr":"192.168.192.3:37534",
   "error":"unable to parse JWT: signature is invalid"
}

Log #2
{
   "level":"error",
   "ts":1606379852.8418272,
   "logger":"http.log.access",
   "msg":"handled request",
   "request":{
      "remote_addr":"192.168.192.3:37534",
      "proto":"HTTP/1.1",
      "method":"POST",
      "host":"mercure",
      "uri":"/.well-known/mercure",
      "headers":{
         "Authorization":[
            "Bearer eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdLCJzdWJzY3JpYmUiOlsiKiJdfX0.pTAUOEQV8ldj1yfNFiiy_zbZSxpb1_f-9Z0Y6bksK9Y"
         ],
         "User-Agent":[
            "Symfony HttpClient/Curl"
         ],
         "Accept-Encoding":[
            "gzip"
         ],
         "Content-Length":[
            "1339"
         ],
         "Content-Type":[
            "application/x-www-form-urlencoded"
         ],
         "Accept":[
            "*/*"
         ]
      }
   },
   "common_log":"192.168.192.3 - - [26/Nov/2020:08:37:32 +0000] \"POST /.well-known/mercure HTTP/1.1\" 401 13",
   "duration":0.001635684,
   "size":13,
   "status":401,
   "resp_headers":{
      "X-Content-Type-Options":[
         "nosniff"
      ],
      "X-Xss-Protection":[
         "1; mode=block"
      ],
      "Content-Security-Policy":[
         "default-src 'self' mercure.rocks cdn.jsdelivr.net"
      ],
      "Content-Type":[
         "text/plain; charset=utf-8"
      ],
      "Server":[
         "Caddy"
      ],
      "X-Frame-Options":[
         "DENY"
      ]
   }
}

The JWT Payload is this:

{
  "mercure": {
    "publish": [
      "*"
    ],
    "subscribe": [
      "*"
    ]
  }
}

sudo docker-compose exec mercure env shows JWT_KEY=so_secret, so what else can I check?

// EDIT I changed the Token to

eyJhbGciOiJIUzI1NiJ9.eyJtZXJjdXJlIjp7InB1Ymxpc2giOlsiKiJdLCJzdWJzY3JpYmUiOlsiKiJdfX0.Ws4gtnaPtM-R2-z9DnH-laFu5lDZrMnmyTpfU8uKyQo

which is signed by !ChangeMe! but where should I change this? I cannot see anything where I set !ChangeMe!

dunglas commented 3 years ago

It's because you are using the 0.11 version (beta). Either add :v0.10 to image, switch to the legacy build :legacy-latest or upgrade your configuration as described in https://mercure.rocks/docs/UPGRADE