search

tinode / chat

Instant messaging platform. Backend in Go. Clients: Swift iOS, Java Android, JS webapp, scriptable command line; chatbots
GNU General Public License v3.0
11.95k stars 1.87k forks source link

cannnot subscribe with access mode #737

Closed gabriel-vasile closed 2 years ago

gabriel-vasile commented 2 years ago

to reproduce:

expected: user B joins the group successfully and has access mode JRP got: topic[grpglXHsm2f9tc] subscription failed subscription rejected due to permissions

asLvl is 0 here when user B subs: https://github.com/tinode/chat/blob/65efc3eb2b2b3589217a4640863eb417136ad738/server/topic.go#L1363

or-else commented 2 years ago

Please attach the server-side and client-side logs.

gabriel-vasile commented 2 years ago

user A:

tinode        | 2022/03/29 07:57:34 ws: session started nWImM_nmdyg 172.21.0.1:45504 1
tinode        | 2022/03/29 07:57:34 in: '{"hi":{"id":"101521","ver":"0.18.3","ua":"TinodeWeb/0.18.3 (Firefox/95.0; Linux x86_64); tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='nWImM_nmdyg' uid=''
tinode        | 2022/03/29 07:57:34 in: '{"login":{"id":"101522","scheme":"sch","secret":"secre<...>' sid='nWImM_nmdyg' uid=''
tinode        | 2022/03/29 07:57:39 in: '{"sub":{"id":"101523","topic":"me","get":{"what":"sub desc tags cred"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:39 in: '{"sub":{"id":"101524","topic":"grpglXHsm2f9tc","get":{"what":"sub desc"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:41 in: '{"sub":{"id":"101525","topic":"fnd","get":{"what":"sub"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:59 in: '{"leave":{"id":"101527","topic":"grpglXHsm2f9tc"}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'
tinode        | 2022/03/29 07:57:59 in: '{"sub":{"id":"101528","topic":"new101526","set":{"desc":{"public":{"fn":"test sub with acc mode","note":"␡"}}},"get":{"data":{"limit":24},"what":"data sub desc"}}}' sid='nWImM_nmdyg' uid='Xjxeeayxo70'

user B:

tinode        | 2022/03/29 08:00:09 ws: session started TCCIa40zvs8 172.21.0.1:45592 2
tinode        | 2022/03/29 08:00:09 in: '{"hi":{"id":"112854","ver":"0.18.3","ua":"TinodeWeb/0.18.3 (Firefox/95.0; Linux x86_64); tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='TCCIa40zvs8' uid=''
tinode        | 2022/03/29 08:00:09 in: '{"login":{"id":"112855","scheme":"sch","secret":"secre<...>' sid='TCCIa40zvs8' uid=''
tinode        | 2022/03/29 08:00:14 in: '{"sub":{"id":"112856","topic":"me","get":{"what":"sub desc data"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"sub":{"id":"112857","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"set":{"id":"112858","topic":"fnd","desc":{"public":"_type=grp&_query=&_topics=grpglXHsm2f9tc"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"get":{"id":"112859","topic":"fnd","what":"sub"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:14 in: '{"leave":{"id":"112860","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"sub":{"id":"112861","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"set":{"id":"112862","topic":"fnd","desc":{"public":"_type=grp&_query=&_topics="}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"get":{"id":"112863","topic":"fnd","what":"sub"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:23 in: '{"leave":{"id":"112864","topic":"fnd"}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:28 in: '{"sub":{"id":"112865","topic":"grphyQeaKeBSso","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}}' sid='TCCIa40zvs8' uid='ZjGgtungZVU'
tinode        | 2022/03/29 08:00:28 topic[grphyQeaKeBSso] subscription failed subscription rejected due to permissions, sid=TCCIa40zvs8

Again, to reproduce, just sub to group and ask for any access mode other than the default access mode.

or-else commented 2 years ago

I cannot reproduce:

[02:29:49.021] out: {"sub":{"id":"102361","topic":"grpGOZmMsRbMWQ","set":{"sub":{"mode":"JRP"}},"get":{"data":{"limit":24},"what":"data sub desc"}}} 
[02:29:49.035] in: {"ctrl":{"id":"102361","topic":"grpGOZmMsRbMWQ","params":{"acs":{"mode":"JRP","given":"JRWPS","want":"JRP"}},"code":200,"text":"ok","ts":"2022-03-31T02:29:49.022Z"}}
or-else commented 2 years ago

I suspect your previously subscribed to this topic.

or-else commented 2 years ago

asLvl is 0 here when user B subs:

You are probably using your own gRPC client.

gabriel-vasile commented 2 years ago

I did some more tests and I'm not sure if i found another issue or it is the same. It seems to have something to do with gRPC plugins.

To reproduce the problem:

  1. create a gRPC plugin which returns pbx.RespCode_REPLACE and the original, unaltered client msg. As I understand from doc comments, this plugin should have no effect on the functionality of the server.

    package dummy_plg
import (
"context"
"net"

"github.com/tinode/chat/pbx"
"google.golang.org/grpc"
)
func main() {
lis, err := net.Listen("tcp", ":40051")
if err != nil {
    panic(err)
}
s := grpc.NewServer()

pbx.RegisterPluginServer(s, handler{})
if err := s.Serve(lis); err != nil {
           panic(err)
    }
}
type handler struct {
pbx.UnimplementedPluginServer
}
func (h handler) FireHose(c context.Context, r *pbx.ClientReq) (*pbx.ServerResp, error) {
return &pbx.ServerResp{Status: pbx.RespCode_REPLACE, Clmsg: r.Msg}, nil
}

tinode.conf

    "plugins": [
        {
            "enabled": true,
            "name": "dummy_plg",
            "timeout": 200000,
            "filters": {
                "fire_hose": "pub,sub,get,set"
            },
            "failure_code": 0,
            "failure_text": null,
            "service_addr": "tcp://localhost:40051"
        }
    ],
  1. login in webapp, sub to someone, send messages, etc.

expected: everything works as if the plugin was not there got: tinode | 2022/04/01 09:58:56 s.dispatch: authentication required AsOyMHwbiMk

server logs:

tinode        | 2022/04/01 10:06:37 ws: session started hag0AaSGAeE 172.27.0.1:52878 1
tinode        | 2022/04/01 10:06:37 in: '{"hi":{"id":"116803","ver":"0.18.3","ua":"tinodejs/0.18.3","lang":"en-US","platf":"web"}}' sid='hag0AaSGAeE' uid=''
tinode        | 2022/04/01 10:06:37 in: '{"login":{"id":"116804","scheme":"basic","secret":"secret' sid='hag0AaSGAeE' uid=''
tinode        | 2022/04/01 10:06:41 in: '{"sub":{"id":"116805","topic":"me","get":{"what":"sub desc tags cred"}}}' sid='hag0AaSGAeE' uid='FfD0YCfLURI'
tinode        | 2022/04/01 10:06:41 s.dispatch: authentication required hag0AaSGAeE
gabriel-vasile commented 2 years ago

To fix the problem with authentication required and get to the original reported problem subscription failed subscription rejected due to permissions, inside plugin FireHose method I can add this:

func (h handler) FireHose(c context.Context, r *pbx.ClientReq) (*pbx.ServerResp, error) {
       if r.Msg.Extra == nil {
               r.Msg.Extra = &pbx.ClientExtra{}
       }
       r.Msg.Extra.OnBehalfOf = r.Sess.UserId
       return &pbx.ServerResp{Status: pbx.RespCode_REPLACE, Clmsg: r.Msg}, nil
}
or-else commented 2 years ago

I believe https://github.com/tinode/chat/commit/1fc9699c2c42c5f3c618f23e8f3f2a74fced0cb4 should fix it. Please verify.

gabriel-vasile commented 2 years ago

Seems fixed, thanks.

or-else commented 2 years ago

released in https://github.com/tinode/chat/releases/tag/v0.18.4