You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@shindig.apache.org by "Justin Mitchell (JIRA)" <ji...@apache.org> on 2009/02/23 18:30:01 UTC
[jira] Created: (SHINDIG-935) Gadget authentication failure causes
javascript error in jsonrpccontainer.js
Gadget authentication failure causes javascript error in jsonrpccontainer.js
-----------------------------------------------------------------------------
Key: SHINDIG-935
URL: https://issues.apache.org/jira/browse/SHINDIG-935
Project: Shindig
Issue Type: Bug
Components: PHP
Affects Versions: trunk
Reporter: Justin Mitchell
Priority: Minor
When a RPC call is made to the server, JsonRpcServlet checks the security token, if the token is null an error is returned to the client in the form of a json message i.e. {"code":401,"message":"The request did not have a proper security token nor oauth message and unauthenticated
requests are not allowed"}}. When sendResponse in jsonrpccontainer.js is called there is an error on this line: if (request.key && response.id != request.key) { because the response object is undefined.
To stop this error occurring and for an error to be returned to the caller, I set the HTTP header in JsonRpcServlet to return HTTP status code 401. This causes the function hadError in io.js to call sendResponse with the errors array of the result set, which stops the above code being called and in turn calls JsonRpcContainer.generateErrorResponse. So in the end an error is returned to the callback function.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHINDIG-935) Gadget authentication failure
causes javascript error in jsonrpccontainer.js
Posted by "Justin Mitchell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680164#action_12680164 ]
Justin Mitchell commented on SHINDIG-935:
-----------------------------------------
When there is a failure because of an invalid token the whole requests fails before the batched requests are split up. Setting the http code to 401 in the response causes the javascript on the client side to give all the batched requests an authorisation failure error which I think it probably the correct behaviour, since none of the batched requests can succeed because they share the same token.
I am using it this way at the moment and seems to work fine :)
> Gadget authentication failure causes javascript error in jsonrpccontainer.js
> -----------------------------------------------------------------------------
>
> Key: SHINDIG-935
> URL: https://issues.apache.org/jira/browse/SHINDIG-935
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Affects Versions: trunk
> Reporter: Justin Mitchell
> Priority: Minor
>
> When a RPC call is made to the server, JsonRpcServlet checks the security token, if the token is null an error is returned to the client in the form of a json message i.e. {"code":401,"message":"The request did not have a proper security token nor oauth message and unauthenticated
> requests are not allowed"}}. When sendResponse in jsonrpccontainer.js is called there is an error on this line: if (request.key && response.id != request.key) { because the response object is undefined.
> To stop this error occurring and for an error to be returned to the caller, I set the HTTP header in JsonRpcServlet to return HTTP status code 401. This causes the function hadError in io.js to call sendResponse with the errors array of the result set, which stops the above code being called and in turn calls JsonRpcContainer.generateErrorResponse. So in the end an error is returned to the callback function.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (SHINDIG-935) Gadget authentication
failure causes javascript error in jsonrpccontainer.js
Posted by "Justin Mitchell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680164#action_12680164 ]
Justin Mitchell edited comment on SHINDIG-935 at 3/9/09 7:55 AM:
-----------------------------------------------------------------
When there is a failure because of an invalid token the whole requests fails before the batched requests are split up. Setting the http code to 401 in the response causes the javascript on the client side to give all the batched requests an authorisation failure error which I think is probably the correct behaviour, since none of the batched requests can succeed because they share the same token.
I am using it this way at the moment and seems to work fine :)
was (Author: mitcheju):
When there is a failure because of an invalid token the whole requests fails before the batched requests are split up. Setting the http code to 401 in the response causes the javascript on the client side to give all the batched requests an authorisation failure error which I think it probably the correct behaviour, since none of the batched requests can succeed because they share the same token.
I am using it this way at the moment and seems to work fine :)
> Gadget authentication failure causes javascript error in jsonrpccontainer.js
> -----------------------------------------------------------------------------
>
> Key: SHINDIG-935
> URL: https://issues.apache.org/jira/browse/SHINDIG-935
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Affects Versions: trunk
> Reporter: Justin Mitchell
> Priority: Minor
>
> When a RPC call is made to the server, JsonRpcServlet checks the security token, if the token is null an error is returned to the client in the form of a json message i.e. {"code":401,"message":"The request did not have a proper security token nor oauth message and unauthenticated
> requests are not allowed"}}. When sendResponse in jsonrpccontainer.js is called there is an error on this line: if (request.key && response.id != request.key) { because the response object is undefined.
> To stop this error occurring and for an error to be returned to the caller, I set the HTTP header in JsonRpcServlet to return HTTP status code 401. This causes the function hadError in io.js to call sendResponse with the errors array of the result set, which stops the above code being called and in turn calls JsonRpcContainer.generateErrorResponse. So in the end an error is returned to the callback function.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Issue Comment Edited: (SHINDIG-935) Gadget authentication
failure causes javascript error in jsonrpccontainer.js
Posted by "Justin Mitchell (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680164#action_12680164 ]
Justin Mitchell edited comment on SHINDIG-935 at 3/9/09 8:03 AM:
-----------------------------------------------------------------
When there is a failure because of an invalid token the whole requests fails before the batched requests are split up. Setting the http code to 401 in the response causes the javascript on the client side to give all the batched requests an authorisation failure error which I think is probably the correct behaviour, since none of the batched requests can succeed because they share the same token.
I agree it doesn't make sense to apply this error reporting to individual batched requests in the batch, only when the entire request fails for the same reason, such as in the case of an invalid token.
I am using it this way at the moment and seems to work fine :)
was (Author: mitcheju):
When there is a failure because of an invalid token the whole requests fails before the batched requests are split up. Setting the http code to 401 in the response causes the javascript on the client side to give all the batched requests an authorisation failure error which I think is probably the correct behaviour, since none of the batched requests can succeed because they share the same token.
I am using it this way at the moment and seems to work fine :)
> Gadget authentication failure causes javascript error in jsonrpccontainer.js
> -----------------------------------------------------------------------------
>
> Key: SHINDIG-935
> URL: https://issues.apache.org/jira/browse/SHINDIG-935
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Affects Versions: trunk
> Reporter: Justin Mitchell
> Priority: Minor
>
> When a RPC call is made to the server, JsonRpcServlet checks the security token, if the token is null an error is returned to the client in the form of a json message i.e. {"code":401,"message":"The request did not have a proper security token nor oauth message and unauthenticated
> requests are not allowed"}}. When sendResponse in jsonrpccontainer.js is called there is an error on this line: if (request.key && response.id != request.key) { because the response object is undefined.
> To stop this error occurring and for an error to be returned to the caller, I set the HTTP header in JsonRpcServlet to return HTTP status code 401. This causes the function hadError in io.js to call sendResponse with the errors array of the result set, which stops the above code being called and in turn calls JsonRpcContainer.generateErrorResponse. So in the end an error is returned to the callback function.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
[jira] Commented: (SHINDIG-935) Gadget authentication failure
causes javascript error in jsonrpccontainer.js
Posted by "Chris Chabot (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SHINDIG-935?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12680155#action_12680155 ]
Chris Chabot commented on SHINDIG-935:
--------------------------------------
I've posted the following message to shindig-dev, i'll await the response there before taking action:
I'm wondering if this is an error in the jsonrpccontainer.js or in my implementation of the RPC protocol.
If an error occurred (for instance, an invalid or empty security token) php shindig will return a '200 OK' with the error code and message in the json structure. However this breaks the jsonrpccontainer because it thinks the requested completed ok, and assumes the presence of a response object. However no response object is set, only an error code and message, thus causing javascript errors.
Since with RPC there can be multiple responses, setting the HTTP error code seems illogical, the meta request completed ok, nor would there be a predictable way of determining exactly which http code of which batched request to use :)
> Gadget authentication failure causes javascript error in jsonrpccontainer.js
> -----------------------------------------------------------------------------
>
> Key: SHINDIG-935
> URL: https://issues.apache.org/jira/browse/SHINDIG-935
> Project: Shindig
> Issue Type: Bug
> Components: PHP
> Affects Versions: trunk
> Reporter: Justin Mitchell
> Priority: Minor
>
> When a RPC call is made to the server, JsonRpcServlet checks the security token, if the token is null an error is returned to the client in the form of a json message i.e. {"code":401,"message":"The request did not have a proper security token nor oauth message and unauthenticated
> requests are not allowed"}}. When sendResponse in jsonrpccontainer.js is called there is an error on this line: if (request.key && response.id != request.key) { because the response object is undefined.
> To stop this error occurring and for an error to be returned to the caller, I set the HTTP header in JsonRpcServlet to return HTTP status code 401. This causes the function hadError in io.js to call sendResponse with the errors array of the result set, which stops the above code being called and in turn calls JsonRpcContainer.generateErrorResponse. So in the end an error is returned to the callback function.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.