Skip to content

Secure WebSocket connection with cookie authentication #621

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 40 commits into from
Apr 6, 2021
Merged

Secure WebSocket connection with cookie authentication #621

merged 40 commits into from
Apr 6, 2021

Conversation

Shiranuit
Copy link
Contributor

@Shiranuit Shiranuit commented Mar 26, 2021
edited
Loading

What does this PR do ?

This PR adds the support of cookie when using the websocket protocol. To do that, when Kuzzle cookieAuth option is true, Kuzzle will call the method enableCookieSupport from the given protocol. When called, this method will throw if outside the browser or if cookie are not supported by the protocol, otherwise this will change how the protocol behave.

For the HTTP protocol it's simple, when enableCookieSupport is called, the protocol will be changing if the request are made with withCredentials set to true or false depending if he should be able to receive cookies.

For the Websocket protocol, this is a bit more complex, when enableCookieSupport is called, the protocol, will be creating a instance of the HTTP Protocol, with the same option (host, port, ssl, ...) as the websocket protocol, after that, when a request auth:login, auth:logout or auth:refreshToken is made, the protocol will use the HTTP Protocol instead of the websocket client to make the request.
[ex: auth:login request is made -> websocket closes the connection -> then send the request with the http protocol -> when a response is received it reopens the connection -> then resolve the request]

renew auth

TODO:

  • HTTP integration in Websocket Protcol
  • Unit Tests
  • Documentation
  • Add pictures to explain the changes in behaviour

Shiranuit and others added 23 commits March 5, 2021 17:15
@Shiranuit
add cookieAuthentication option to kuzzle sdk
12d415e
@Shiranuit
slight behaviour modification when the sdk has cookieAuthentication e…
6b09225 
…nabled
@Shiranuit
enable credentials in requests to receive cookie
ce9d18e
@Shiranuit
add tests
c01e66c
@Shiranuit
fix lint erros
dcec8f5
@Shiranuit
fix removed check
16bb3b7
@scottinet
Update src/controllers/Auth.ts
a643ec6
@scottinet
Update src/controllers/Auth.ts
08a8ab0
@Shiranuit
add documentation for auth:login and the new option for the Kuzzle co…
6229cce 
…nstructor
@Shiranuit
Merge branch '609-http-cookie-authentication-support' of github.com:k…
63d2753 
…uzzleio/sdk-javascript into 609-http-cookie-authentication-support
@Shiranuit
update refreshToken documentation
d602417
@Shiranuit
modify protocols to support cookie, add httpprotocol inside websocket…
a6f9437 
… when cookieAuth is enabled
@Shiranuit
when kuzzle cookieAuthentication support is enabled, kuzzle call prot…
e83330b 
…ocol.enableCookieAuthentication method
@Shiranuit
add Http tests on method enableCookieAuthentication
72ddae2
@Shiranuit
add test for protocol websocket when cookie authentication is enabled
8802c3f
@Shiranuit
Merge branch '7-dev' into 591-secure-websocket-connection-with-cookie
7a44166
@Shiranuit
fix lint tests
d053321
@Shiranuit
fix lint tests
dc12b40
@Shiranuit
rename cookieAuthentication to cookieSupport
86965d7
@Shiranuit
add test in kuzzle constructor that check if enableCookieSupport from…
74cb983 
… the protocol is called when cookieAuthentication is true
@Shiranuit
add enableCookieSupport in the protocol mock
98d98e7
@Shiranuit
rename enableCookieAuthentication in protocols to enableCookieSupport…
7c79c5d 
… instead
@Shiranuit
add reconnect method that simulate a disconnection then a reconnect
791844f
@Shiranuit Shiranuit self-assigned this Mar 26, 2021
@codecov
Copy link

codecov bot commented Mar 26, 2021
edited
Loading

Codecov Report

Merging #621 (14911c9) into 7-dev (9c5e37b) will decrease coverage by 0.55%.
The diff coverage is 71.92%.

Impacted file tree graph

@@            Coverage Diff             @@
##            7-dev     #621      +/-   ##
==========================================
- Coverage   86.86%   86.30%   -0.56%     
==========================================
  Files          34       34              
  Lines        1538     1585      +47     
  Branches      272      279       +7     
==========================================
+ Hits         1336     1368      +32     
- Misses        146      159      +13     
- Partials       56       58       +2
Impacted Files Coverage Δ
src/Kuzzle.ts 83.45% <33.33%> (-2.32%) ⬇️
src/protocols/WebSocket.ts 79.82% <83.33%> (+0.70%) ⬆️
src/protocols/Http.ts 83.13% <86.66%> (-1.01%) ⬇️
src/protocols/abstract/Base.ts 92.64% <100.00%> (+0.33%) ⬆️

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 9c5e37b...14911c9. Read the comment docs.

@Aschen Aschen linked an issue Mar 26, 2021 that may be closed by this pull request
Secure authentication renewal with WebSocket connection #592
Closed
Aschen
Aschen suggested changes Mar 26, 2021
View reviewed changes
@Shiranuit Shiranuit marked this pull request as ready for review March 26, 2021 15:11
@Shiranuit Shiranuit requested a review from Aschen March 26, 2021 15:23
@Aschen Aschen changed the title 591 secure websocket connection with cookie Secure WebSocket connection with cookie authentication Mar 30, 2021
Aschen
Aschen suggested changes Mar 30, 2021
View reviewed changes
Copy link
Contributor

@Aschen Aschen left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Some comments, good job otherwise 👍

scottinet
scottinet suggested changes Mar 30, 2021
View reviewed changes
@Shiranuit Shiranuit requested review from Aschen and scottinet April 2, 2021 12:10
@Shiranuit
Copy link
Contributor Author

Update:
When cookieAuth option is set to true in the Kuzzle constructor, this enables the autoResubscribe option to make sure that subscriptions are retrieved upon reconnection, along with offlineMode=auto to enable queuing and replaying the requests after the connection has been reestablished.

Aschen
Aschen suggested changes Apr 2, 2021
View reviewed changes
@Aschen Aschen merged commit fd5eb2b into 7-dev Apr 6, 2021
@Aschen Aschen deleted the 591-secure-websocket-connection-with-cookie branch April 6, 2021 16:16
@Aschen Aschen mentioned this pull request Apr 6, 2021
Merged
Aschen added a commit that referenced this pull request Apr 7, 2021
@Aschen
Merge pull request #624 from kuzzleio/7.6.0-proposal
817fe2d 
# [7.6.0](https://github.com/kuzzleio/sdk-javascript/releases/tag/7.6.0) (2021-04-06)


#### Bug fixes

- [ [#622](#622) ] Pick first route when multiple non-GET routes of the same size are available   ([scottinet](https://github.com/scottinet))

#### New features

- [ [#621](#621) ] Secure WebSocket connection with cookie authentication   ([Shiranuit](https://github.com/Shiranuit))
- [ [#613](#613) ] Implement index:stats   ([Leodau](https://github.com/Leodau))
- [ [#612](#612) ] Implement security:getUserStrategies   ([Leodau](https://github.com/Leodau))

#### Enhancements

- [ [#620](#620) ] Add kuzzleStack property to KuzzleError   ([Aschen](https://github.com/Aschen))
- [ [#617](#617) ] Add suggest to search result   ([Aschen](https://github.com/Aschen))
- [ [#614](#614) ] Print deprecation warning from Kuzzle   ([MathieuVeber](https://github.com/MathieuVeber))
- [ [#606](#606) ] Add _source property to user objects   ([Aschen](https://github.com/Aschen))
---
@Leodau Leodau linked an issue Apr 8, 2021 that may be closed by this pull request
Secure WebSocket connection on authentication with Http cookies #591
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@scottinet scottinet Awaiting requested review from scottinet

1 more reviewer

@Aschen Aschen Aschen approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees

@Shiranuit Shiranuit

Labels
7-dev changelog:new-features
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Secure authentication renewal with WebSocket connection Secure WebSocket connection on authentication with Http cookies
3 participants
@Shiranuit @Aschen @scottinet