search

pusher / pusher-http-php

PHP library for interacting with the Pusher Channels HTTP API
https://pusher.com/docs/server_api_guide
1.4k stars 306 forks source link

Invalid user id from pusher server. #360

Closed hubertnnn closed 1 year ago

hubertnnn commented 1 year ago

Not sure if this should be fixed by php library or by pusher server (most likely pusher server). Both pusher server and the php library have different rules about what is allowed in user id.

Pusher documentation states that:

The user object passed to the authenticateUser method must include an id field with a non-empty string.

PHP library (this repository) also only checks for non empty user id:

    private function validate_user_id(string $user_id): void
    {
        if ($user_id === null || empty($user_id)) {
            throw new PusherException('Invalid user id ' . $user_id);
        }
    }

But pusher server seems to also not like some characters eg. for id e:2:

`Invalid user id: e:2 (invalid characters) `

I assume that : is not allowed in the id.

Either pusher server should be fixed to allow all characters in user id or both documentation and PHP library should be updated to correctly validate user id's.

At this point its impossible to guess if a specific user id would be valid or not since neither the documentation nor the library will tell if a userId is invalid and backend cannot trust an error passed back from frontend (eg. to generate a new user id if needed).

It also seems that this error only happens on user authentication. When using channel authentication, userId e:1 is 100% valid.

I would also like to mention that not all user Ids are just alphanumeric. eg. someone might be using uuid, or like in my use case have multiple user entities (admin, employee, device) with ids in format: a:1, e:2, d:3

Normally I would put this issue on pusher server bugtracker, but it seems that there is none, so I left it here as the second best place for this issue.

benw-pusher commented 1 year ago

You are correct, our documentation doesn't provide details of the list of invalid characters for the user ID. I will ensure this is updated. For reference, valid characters are lower and uppercase letters, numbers and the following punctuation: _ - = @ , . ;

benw-pusher commented 1 year ago

We have now updated the documentation to make this clear.