Closed Bug 1017908 Opened 11 years ago Closed 8 years ago

handle hawk token expiry or invalidation

Categories

(Hello (Loop) :: Client, defect, P4)

Product:
Hello (Loop)
Component:
Client
Type:
defect
Points:
1

Tracking

(Not tracked)

Status:
RESOLVED INCOMPLETE
Blocking Flags:
backlog backlog+

People

(Reporter: dmosedale, Unassigned)

References

Details

(Whiteboard: [investigation])

Right now, it's not clear that our code copes with token expiry / invalidation well. We should probably figure out how we want the client to behave (both at registration time and later), write some tests for this, and then fix any issues that come up.
Priority: -- → P2
Target Milestone: --- → mozilla33
will need user notification UI under 1000788, but Mark Banner thinking through scenarios and behaviors we want in different cases.
Whiteboard: [p=1, investigation]
Assignee: nobody → standard8
Not working on this atm, so removing from my list. Dan, can you remember the specifics about validation? I've a feeling that we were verifying the token length. Though I'm not sure if we need to check anything else.
Assignee: standard8 → nobody
If we had decided the specifics about token validation, I don't recall them.
Priority: P2 → P1
Target Milestone: mozilla33 → mozilla34
Flags: firefox-backlog+
Priority: P1 → --
Target Milestone: mozilla34 → mozilla35
Hi Mark, going through comments we couldn't determine if this is still a relevant bug. If it is how often do we anticipate?
backlog: --- → Fx38?
Flags: needinfo?(standard8)
Target Milestone: mozilla35 → ---
(In reply to sescalante from comment #4) > going through comments we couldn't determine if this is still a relevant > bug. If it is how often do we anticipate? I'm not actually sure. Chris - we're sharing much of the code for hawk that Firefox OS uses, do you think we need to be doing more validation on the hawk requests/responses?
Flags: needinfo?(standard8) → needinfo?(ckarlof)
Mark, do you rely on this? http://mxr.mozilla.org/mozilla-central/source/services/common/hawkclient.js If the token isn't valid, the Loop server should return a 401 response: https://docs.services.mozilla.com/loop/apis.html#error-responses which should be bubbled up by hawkclient with an error object with error.code === 401: http://mxr.mozilla.org/mozilla-central/source/services/common/hawkclient.js#105
Flags: needinfo?(ckarlof)
(In reply to Chris Karlof [:ckarlof] from comment #6) > Mark, do you rely on this? > > http://mxr.mozilla.org/mozilla-central/source/services/common/hawkclient.js Yes we do. > If the token isn't valid, the Loop server should return a 401 response: > > https://docs.services.mozilla.com/loop/apis.html#error-responses > > which should be bubbled up by hawkclient with an error object with > error.code === 401: > > http://mxr.mozilla.org/mozilla-central/source/services/common/hawkclient. > js#105 Ok, yes, we're seeing that. I think originally we were wondering if there's more client-side verification that should be done, but it sounds like that's not necessary?
Flags: needinfo?(ckarlof)
> I think originally we were wondering if there's more client-side verification that should be done, but it sounds like that's not necessary? In terms of token invalidation, handling the 401 error is sufficient, but more generally the look client needs to handle all the documented error codes from the server: https://docs.services.mozilla.com/loop/apis.html#error-responses
Flags: needinfo?(ckarlof)
Priority: -- → P4
backlog: Fx38? → backlog+
Points: --- → 1
Rank: 45
Whiteboard: [p=1, investigation] → [investigation]
Support for Hello/Loop has been discontinued. https://support.mozilla.org/kb/hello-status Hence closing the old bugs. Thank you for your support.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.