voryx / Thruway

PHP Client and Router Library for Autobahn and WAMP (Web Application Messaging Protocol) for Real-Time Application Messaging
MIT License
676 stars 117 forks source link

(Non)authenticated realm issue #347

Open schtr4jh opened 4 years ago

schtr4jh commented 4 years ago

So, I've spent a few hours debugging how to allow non-authenticated users to subscribe to the uri, and allow authenticated users (AuthenticationManager+WampCraAuthProvider) to publish messages to the same uri in the same realm.

AuthorizationManager rules:

[
    "role" => "anonymous",
    "action" => "subscribe",
    "uri" => "search.",
    "allow" => true,
],
[
    "role" => "user",
    "action" => "publish",
    "uri" => "search.",
    "allow" => true,
],

Is this maybe incorrect? https://github.com/voryx/Thruway/blob/b82fed26af801e31f68f2889f1838c30a53503e7/src/Authentication/AuthenticationManager.php#L225-L235

Based from the comment, it should be negated as:

if (!$this->realmHasAuthProvider($realm->getRealmName())) {

With this change in place, the setup works as expected. PHPUnit shows the same output: Tests: 139, Assertions: 608, Errors: 6, Failures: 23, Skipped: 2

schtr4jh commented 4 years ago

@davidwdan @mbonneau Any feedback?