Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Username/password authenticator password encoding issue #237

Closed
mullerch opened this issue Dec 17, 2021 · 3 comments · Fixed by #238
Closed

Username/password authenticator password encoding issue #237

mullerch opened this issue Dec 17, 2021 · 3 comments · Fixed by #238
Assignees
@aricart

Comments

@mullerch
Copy link

Reproduce

  1. Run a nats server with the following configuration:
listen: 0.0.0.0:4222

authorization {
    username: admin
    password: §12§12§12
}

websocket {
    listen: 0.0.0.0:443
    no_tls: true
}
  1. Connect to the server with the ws client usgin username/password auth

Expected result

The client can authenticate successfully

Effective result

The client receives an "Authentication Violation" error.

Debug

When running a custom server and registering a custom authenticator, we can print the received password and we notice that the encoding of § character is wrong.

Workaround

Encode the password in base64 when passing it to the connect function. Create a custom authenticator on the server side and decode the password.
@aricart aricart transferred this issue from nats-io/nats.ws Dec 20, 2021
@aricart aricart self-assigned this Dec 20, 2021
aricart added a commit that referenced this issue Dec 20, 2021
@aricart
[FIX] fixed an issue where the encoding data was not working correctl…
88bc337 
…y as the base library was using a fast encoding/decoding algorithm which doesn't work correctly for higher UTF code-points. The fix simply delegates to standard TextEncoder/TextDecoder.

FIX #237
@aricart
Copy link
Member

aricart commented Dec 20, 2021

@mullerch thanks for the great report - this bug is a general encoding/decoding issue. Since payloads are encoded/decoded separately this is only an issue for non-payload data (such as the connect) and potentially headers or subjects. The new encoding strategy uses TextEncoder/Decoder, and even if less performant will always be correct.

@aricart aricart mentioned this issue Dec 20, 2021
Merged
aricart added a commit to nats-io/nats.ws that referenced this issue Dec 20, 2021
@aricart
on boarding nbc nats-io/nats.deno#237
14af4c9
aricart added a commit that referenced this issue Dec 20, 2021
@aricart
[FIX] fixed an issue where the encoding data was not working correctl…
5daf26f 
…y as the base library was using a fast encoding/decoding algorithm which doesn't work correctly for higher UTF code-points. The fix simply delegates to standard TextEncoder/TextDecoder. (#238)

FIX #237
@aricart
Copy link
Member

aricart commented Dec 20, 2021

@mullerch npm update nats.ws@next to get a build with the fix. I will release it once some changes to KV land.

@mullerch
Copy link
Author

Thanks for the quick fix

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aricart aricart

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

[FIX] replaced fast encode/decode with TextEncoder/Decoder nats-io/nats.deno
2 participants
@aricart @mullerch