search

lenra-io / server

GNU Affero General Public License v3.0
6 stars 0 forks source link

[Bug]: Webhook token invalid #491

Closed jonas-martinez closed 8 months ago

jonas-martinez commented 9 months ago

What happened?

It seems that the webhook authentication token received in the listener is invalid. I tried to check where this problem could appear in the server, but I only came to the conclusion that it might be a problem on the send_env_event function in server/libs/application_runner/lib/event_handler.ex:24.

It seems to differ from the send_session_event line 34.

Each of these two functions go to the handle_call function in libs/application_runner/lib/event_handler.ex:94 which generates a new token at line 103.

I don't understand what might be causing this issue but it could cause the crons to return the same error when trying to insert data from this token as it is an env token.

This issue is quite important to solve quickly so don't hesitate to write some ideas in the comments.

How to reproduce this error quickly

Run the Achiever app locally https://github.com/jonas-martinez/achiever Use the steam id that you can find in the file technical.md and then use the app-id.

What browsers are you seeing the problem on?

No response

Version

No response

Relevant log output

{
  error: { message: 'Your token is invalid.', reason: 'invalid_token' },
  response: Response {
    [Symbol(realm)]: null,
    [Symbol(state)]: {
      aborted: false,
      rangeRequested: false,
      timingAllowPassed: true,
      requestIncludesCredentials: true,
      type: 'default',
      status: 401,
      timingInfo: [Object],
      cacheState: '',
      statusText: 'Unauthorized',
      headersList: [HeadersList],
      urlList: [Array],
      body: [Object]
    },
    [Symbol(headers)]: HeadersList {
      cookies: null,
      [Symbol(headers map)]: [Map],
      [Symbol(headers map sorted)]: null
    }
  }
}
jonas-martinez commented 9 months ago

@taorepoara @shiipou @lenra-io/devs

jonas-martinez commented 8 months ago

This was just a problem in my application. In fact, if your listener that is called by the webhook runs async calls and terminates without making sure that these calls are finished, it will revoke the token (as expected) and the API calls inside of these async calls will fail with the token invalid error.

Solution: Just make sure to await on your async calls on your webhook's listener.