search

octoblu / meshblu

Meshblu is a cross-protocol IoT machine-to-machine messaging system.
https://meshblu.readme.io/
MIT License
815 stars 182 forks source link

uuid and token not being pulled from data on POST to /devices #60

Closed cat-haines closed 10 years ago

cat-haines commented 10 years ago

Steps to reproduce:

1) Create a new object using http endpoint:

→ curl -X POST http://skynet.im/devices --data "uuid=24bbe944-9b92-4cea-bd17-2361fb88ff50&token=b9a964a0-f3b9-4974-b2ad-024dae549f5e" --header "skynet_auth_uuid: 24bbe944-9b92-4cea-bd17-2361fb88ff50" --header "skynet_auth_token: b9a964a0-f3b9-4974-b2ad-024dae549f5e"

Results in:

{"uuid":"24bbe944-9b92-4cea-bd17-2361fb88ff50","token":"b9a964a0-f3b9-4974-b2ad-024dae549f5e","ipAddress":"173.8.157.38","timestamp":"2014-06-12T21:22:29.520Z","channel":"main","online":false}

Device is created with the specified uuid and token (good)

2) Delete the device

→ curl -X DELETE https://skynet.im/devices/79897b50-f277-11e3-ba2e-0b078550b2fe --header "skynet_auth_uuid: 79897b50-f277-11e3-ba2e-0b078550b2fe" --header "skynet_auth_token: 000ngc9b6i1jpgmn29vniyk5f0d1v2t9"

2) Create a new object using https endpoint:

→ curl -X POST https://skynet.im/devices --data "uuid=24bbe944-9b92-4cea-bd17-2361fb88ff50&token=b9a964a0-f3b9-4974-b2ad-024dae549f5e" --header "skynet_auth_uuid: 24bbe944-9b92-4cea-bd17-2361fb88ff50" --header "skynet_auth_token: b9a964a0-f3b9-4974-b2ad-024dae549f5e"

Results in:

{"ipAddress":"173.8.157.38","uuid":"79897b50-f277-11e3-ba2e-0b078550b2fe","timestamp":"2014-06-12T21:21:10.532Z","token":"000ngc9b6i1jpgmn29vniyk5f0d1v2t9","channel":"main","online":false}%

Device is created a newly generated uuid and token.. this is bad :(

octoblu commented 10 years ago

The device created was: 24bbe944-9b92-4cea-bd17-2361fb88ff50 The device deleted was: 79897b50-f277-11e3-ba2e-0b078550b2fe

If you try to create a new device and the UUID already exists, SkyNet auto-assigns the device a new UUID.

cat-haines commented 10 years ago

Sorry - posted wrong code to demonstrate.

The only real important curl command is the last one. You post (to the https endpoint) with a new uuid and a token or other properties), and the device is created without those properties.

octoblu commented 10 years ago

Strange indeed! I'm puzzled at the moment because the HTTP and HTTPS requests flow through the same logic. It seems as though the HTTPS request may be loosing the post body data. We will need to do a little research on Restify's HTTPS handling...

chrismatthieu commented 10 years ago

Fix deployed to production today.