Closed Bug 1023792 Opened 11 years ago Closed 11 years ago

Error when registering with an already valid hawk session.

Categories

(Hello (Loop) :: Server, defect)

Product:
Hello (Loop)
Component:
Server
Platform:
x86_64
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: alexis+bugs, Unassigned)

References

Details

(Whiteboard: [qa+])

Attachments

(3 files)

1023792-tcpdump-log.txt
8.36 KB, text/plain
Details
1023792-server-crash.txt
669 bytes, text/plain
Details
link to github PR
56 bytes, text/x-github-pull-request
rhubscher
: review+
Details | Review
It seems the server returns a 500 when following this flow: 1. Register with a valid FxA assertion; 2. Get back hawk session 3. Register again with an hawk session.
I've tried to reproduce here without success: https://github.com/mozilla-services/loop-server/compare/fix-registration
José, can you confirm the STR are valid here, and provide me with additional information so that I can try to reproduce and fix it?
Flags: needinfo?(josea.olivera)
(In reply to Alexis Metaireau (:alexis) from comment #2) > José, can you confirm the STR are valid here, and provide me with additional > information so that I can try to reproduce and fix it? Sure, the STR you commented at comment 0 is the one I followed. You can give a try with the app I prepared at https://github.com/jaoo/firefoxos-loop-client/tree/1023792-test-app. It seems to work from the FxOS 2.0 simulator. I'll attach a tcpdump log that might be helpful and the server crash. Note, for the app you need to change the IP address of your server at https://github.com/jaoo/firefoxos-loop-client/blob/1023792-test-app/js/config.js#L6. Contact me if you hit any issue.
Flags: needinfo?(josea.olivera)
Thanks for reporting this. This is actually both a bug on the server and on the client. The client should provide a header like that: > authorization: 'Hawk id="14fead980ee8e1f03f79f3f3ec293d3371f691d978d3ee2e223498f669bb38a5", ts="1402601140", nonce="5w-no8", hash="B0weSUXsMcb5UhL41FZbrUJCAotzSI3HawE1NPLRUz8=", mac="Vh1k2Ax4hM9CEwmhPUOPxvplJGLumAbmjGG7Rk0TxT4="' The one you gave was malformed and so the server had troubles parsing it. The one you are giving at the moment is like that: > authorization: 'Hawk 714e6f024f1dad4bdde023c97a4e7033ec3940cd6d77727128c41c8eb095ee95'
Whiteboard: [qa+]
(In reply to Alexis Metaireau (:alexis) from comment #6) > Thanks for reporting this. Thanks for having a look into it. > This is actually both a bug on the server and on the client. The client > should provide a header like that: > > > authorization: 'Hawk id="14fead980ee8e1f03f79f3f3ec293d3371f691d978d3ee2e223498f669bb38a5", ts="1402601140", nonce="5w-no8", hash="B0weSUXsMcb5UhL41FZbrUJCAotzSI3HawE1NPLRUz8=", mac="Vh1k2Ax4hM9CEwmhPUOPxvplJGLumAbmjGG7Rk0TxT4="' Oh, sorry about sending a malformed authorization header. I have a question here, I've been sending request with that format for call urls and there wasn't any (that) issue. So is that format only valid for registration request? I'll fix the client side and land bug 1016423. Thanks Alexis!
Flags: needinfo?(alexis+bugs)
For registration, I believe this is not valid either. If that was considered valid then we have a problem with the validation logic on the server side! From what I've been looking at the code on your repo, and it seems that by default you're doing the right thing: https://github.com/jaoo/firefoxos-loop-client/blob/1023792-test-app/js/client_request_helper.js#L36 But here you're just falling in this case https://github.com/jaoo/firefoxos-loop-client/blob/1023792-test-app/js/client_request_helper.js#L30-L34 where it doesn't use the hawk lib !
Flags: needinfo?(alexis+bugs)
Attached file link to github PR
Attachment #8439566 - Flags: review?(rhubscher)
(In reply to Alexis Metaireau (:alexis) from comment #9) > Actually, just removing > https://github.com/jaoo/firefoxos-loop-client/blob/1023792-test-app/js/ > client_request_helper.js#L30 does the trick on my machine :) Nope, the change needed it to use the hawk lib also for the registration request associated to the sign in user action.
Attachment #8439566 - Flags: review?(rhubscher) → review+
https://github.com/mozilla-services/loop-server/commit/0c84639dc0ef16251b50533a6a37324c2a3b6403
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → FIXED
Fix either went out with a previous deployment to Production or has been superceded by new code...
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: