⚠️ Ensure that Websocket connections are always terminated upon auth failure.

In Tornado there can apparently be some race condition where `open` on a Websocket handler does a `self.close()`, but the client is still sending some bytes. In that case, it may happen that the extra message is still processed. This commit prevents the race condition by raising an exception in `open` upon authentication failure instead of doing `close()+return`.
2024-11-17 23:52:47 +01:00 · 2024-11-17 23:52:47 +01:00 · acaca67c61
commit acaca67c61
parent 171efec739
2 changed files with 2 additions and 1 deletions
--- a/platypush/backend/http/app/streaming/_base.py
+++ b/platypush/backend/http/app/streaming/_base.py
@ -31,6 +31,7 @@ class StreamingRoute(RequestHandler, PubSubMixin, ABC):
            auth_status = get_auth_status(self.request)
            if auth_status != UserAuthStatus.OK:
                self.send_error(auth_status.value.code, error=auth_status.value.message)
+                self.finish()
                return

        self.logger.info(
--- a/platypush/backend/http/app/ws/_base.py
+++ b/platypush/backend/http/app/ws/_base.py
@ -27,7 +27,7 @@ class WSRoute(WebSocketHandler, Thread, PubSubMixin, ABC):
        auth_status = get_auth_status(self.request)
        if auth_status != UserAuthStatus.OK:
            self.close(code=1008, reason=auth_status.value.message)  # Policy Violation
-            return
+            raise ValueError(f'Unauthorized connection: {auth_status.value.message}')

        logger.info(
            'Client %s connected to %s', self.request.remote_ip, self.request.path