search

pusher / pusher-http-php

PHP library for interacting with the Pusher Channels HTTP API
https://pusher.com/docs/server_api_guide
1.4k stars 306 forks source link

authenticateUser() gives invalid response #354

Closed hubertnnn closed 1 year ago

hubertnnn commented 1 year ago

When using signature generated by php library pusher responds with error: Invalid format: auth must have the format key:signature It seems that there is a bug in how the signature is generated and its missing the key: part.

Most likely Pusher::authenticateUser() function should have something like:

['auth' => $key . ':' . $signature, 'user_data' => $serialized_user_data],

instead of 

['auth' => $signature, 'user_data' => $serialized_user_data],
benw-pusher commented 1 year ago

Can you share the version of the library in use so I can look to replicate this?

hubertnnn commented 1 year ago

I am using version 7.2.0. But it seems that the same error is on master as well (not tested though).

benw-pusher commented 1 year ago

Can you verify the Pusher object is instantiated correctly? I am only able to replicate this when I do not specify the key correctly upon calling $pusher = new Pusher\Pusher('key','secret','id',$options).

hubertnnn commented 1 year ago

Yes, it is. Here is the minimum code that triggers the error:

        $appId = '1234567';
        $key = '1234567890abcdefghij';
        $secret = '123456789abcdefghijk';
        $cluster = 'eu';

        $socketId = '123456.12345678';

        $pusher = new Pusher($key, $secret, $appId, ['cluster' => $cluster]);

        $token = $pusher->authenticateUser($socketId, [
            'id' => 'e:1',
            'user_info' => [
                'name' => 'Jimmy',
                'email' => 'jimmy@example.com',
            ],
        ]);

        dump($token);
        die();

This outputs:

{
    "auth":"dc6f1387915bfe0ab499c54a48ef71de26afced245ac399fe6418bcae50057c8",
    "user_data":"{\"id\":\"e:1\",\"user_info\":{\"name\":\"Jimmy\",\"email\":\"jimmy@example.com\"}}"
}

But it should output:

{
    "auth":"1234567:dc6f1387915bfe0ab499c54a48ef71de26afced245ac399fe6418bcae50057c8",
    "user_data":"{\"id\":\"e:1\",\"user_info\":{\"name\":\"Jimmy\",\"email\":\"jimmy@example.com\"}}"
}

Aka, its missing the appId from the auth (based on documentation). Its fake data, but gives the same issue as real one.

benw-pusher commented 1 year ago

Thanks, I have replicated this and will raise with our engineering team to resolve.

sonologico commented 1 year ago

Thanks for catching this oversight. This has been fixed in 7.2.1.