Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug/Question]: Webhook service offline send same Mqtt msg as not authorized #2082

Open
1 task done
nicolascampbell opened this issue Feb 8, 2023 · 4 comments
Open
1 task done

[Bug/Question]: Webhook service offline send same Mqtt msg as not authorized #2082

nicolascampbell opened this issue Feb 8, 2023 · 4 comments
Labels
enhancement

Comments

@nicolascampbell
Copy link

Environment

  • VerneMQ Version: 1.12.3
  • OS: Alpine Linux 3.9.6
  • Erlang/OTP version (if building from source):
  • Cluster size/standalone:

Current Behavior

Hi!
We use the following webhooks auth_on_register, auth_on_publish and auth_on_subscribe. When auth service offline is tracing is as follows when I make a req:

2023-02-08T09:18:14Z <9406.908.0> Hook returned {error,nxdomain}
2023-02-08T09:18:14Z <9406.908.0> MQTT SEND: CID: "1309dca6a8243712" CONNACK(sp: 0, rc: 5)
2023-02-08T09:18:14Z <9406.908.0> Trace session for 1309dca6a8243712 stopped

When I kick the client and try to publish smth

2023-02-08T10:28:02Z <8526.726.0> Calling auth_on_publish(device-49040c8221e3bd704def9d033f02179c,{[],  <<"1309dca6a8243712">>},0,<LONG_ID>/dispatch/action/open_house_door,false) with payload:
    {}
2023-02-08T10:28:02Z <8526.726.0> Hook returned {error,
                                                 {invalid_response_code,400}}
2023-02-08T10:28:02Z <8526.726.0> Trace session for 1309dca6a8243712 stopped
2023-02-08T10:28:03Z New session with PID <8526.762.0> found for client "1309dca6a8243712"
2023-02-08T10:28:03Z <8526.762.0> MQTT RECV: CID: "1309dca6a8243712" CONNECT(c: 1309dca6a8243712, v: 4, u: device-<LONG_ID>, p: <LONG_ID>, cs: 1, ka: 60)
2023-02-08T10:28:03Z <8526.762.0> Calling auth_on_register({{172,20,0,4},
                                                            50014},{[],
                                                                    <<"1309dca6a8243712">>},device-<LONG_ID>,true) 
2023-02-08T10:28:03Z <8526.762.0> Hook returned {error,
                                                 {invalid_response_code,401}}
2023-02-08T10:28:03Z <8526.762.0> MQTT SEND: CID: "1309dca6a8243712" CONNACK(sp: 0, rc: 5)
2023-02-08T10:28:03Z <8526.762.0> Trace session for 1309dca6a8243712 stopped

I added this <LONG_ID> so that it doesnt look so bloated.

My client gets for both of this cases: Connection refused: Not authorized

Expected behaviour

I expect vernemq to send different MQTT (not only CONNACK(sp: 0, rc: 5)) messages when webhook returns {error,nxdomain} and the auth_on_register fails with not allowed and status code 401 because the client is no longer allowed.

Maybe I am seeing something wrong or I dont understand some concept correctly so any feedback helps :D

Configuration, logs, error output, etc.

No response

Code of Conduct

  • I agree to follow the VerneMQ's Code of Conduct
@nicolascampbell nicolascampbell changed the title [Bug]: Webhook service offline send same Mqtt msg as not authorized [Bug/Question]: Webhook service offline send same Mqtt msg as not authorized Feb 8, 2023
@ioolkos
Copy link
Contributor

ioolkos commented Feb 8, 2023

@nicolascampbell Thanks, if I understand you correctly, you're comparing:

  • a situation where the WebHook is offline
  • to a situation where the WebHook is online but you have invalidated/deleted a Client from your auth_on_register implementation

We can certainly think about which one of the Connect return codes would be appropriate (supposing this is v3.1.1):
http://docs.oasis-open.org/mqtt/mqtt/v3.1.1/os/mqtt-v3.1.1-os.html#_Toc385349257

Would you return 3, 4 or 5? There is semantic overlap, for sure. And the result will always be the same: the server has to disconnect the client.

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@nicolascampbell
Copy link
Author

Hi @ioolkos, sorry for the late reply. Thank you for your fast reply :D
Yeah you got me right. And yes, this is for mqtt v3.
For me it would make sense, when the webhook is not reachable to send an error code 3. When the client is rejected keep on sending an error code 5.
Can I help somehow to bring this forward?

@ioolkos
Copy link
Contributor

ioolkos commented Feb 9, 2023

@nicolascampbell I see; I think that's an acceptable solution. If we can't authenticate the client due to the missing endpoint, we can consider this as "MQTT service non available".
(happy to review PRs)

👉 Thank you for supporting VerneMQ: https://github.com/sponsors/vernemq
👉 Using the binary VerneMQ packages commercially (.deb/.rpm/Docker) requires a paid subscription.

@nicolascampbell
Copy link
Author

@ioolkos Okay, will try myself out, may take some time though :D

@ioolkos ioolkos added enhancement and removed bug labels Feb 14, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ioolkos @nicolascampbell