Problem: Test test_websocket_logs_invalid_auth fail on Python 3.12.3 #692
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #692 +/- ##
==========================================
+ Coverage 62.19% 62.21% +0.01%
==========================================
Files 69 69
Lines 6074 6076 +2
Branches 641 642 +1
==========================================
+ Hits 3778 3780 +2
Misses 2144 2144
Partials 152 152 ☔ View full report in Codecov by Sentry. |
hoh
force-pushed
the
ol-fix-test-authenticate_websocket_message
branch
from
3d3aa96
to
a340830
Compare
olethanh
force-pushed
the
ol-fix-test-authenticate_websocket_message
branch
from
dc10bd2
to
b0d7ea6
Compare
|
|
||
| It allows the user to control their VM. e.g : stop reboot, view their log, etc… | ||
|
|
||
| ## Overview |
There was a problem hiding this comment.
| ## Overview | |
| ## Motivations | |
| This protocol ensures secure authentication between a blockchain wallet owner and an aleph.im compute node. | |
| Private key access is typically gated by prompts requiring manual approval for each signing operation. With hardware wallets, users are prompted both by the software on their device and the hardware wallet itself. | |
| ## Overview |
There was a problem hiding this comment.
not sur I understand the second paragraph. is that a llm suggestion?
There was a problem hiding this comment.
What I mean there is that when using a client (CLI or web) with a blockchain wallet, the user usually has to sign every operation with a prompt.
For example with Metamask:
When the private key is stored in a hardware wallet, it is one prompt on screen plus one on the hardware wallet.
This is very annoying to do for every operation on a CRN (access logs, ...).
I want to explain why this intermediate temporary key pair is created.
doc/operator_auth.md
Outdated
| integrity and authenticity. If validation fails (e.g., expired key or invalid signature), the server returns a 401 | ||
| Unauthorized error. | ||
|
|
||
| Support for the Solana wallet will be added soon. |
There was a problem hiding this comment.
Support for Solana wallets is planned in the near future.
doc/operator_auth.md
Outdated
| It is sent serialized as a hex string. | ||
|
|
||
| #### Signature | ||
| This payload is serialized, signed, and sent in the `X-SignedOperation` header to ensure the integrity and authenticity |
doc/operator_auth.md
Outdated
|
|
||
| In case of failed auth the server will respond with await `{"status": "failed", "reason": "string describing the reason"})` and close the connexion | ||
|
|
||
| Note: Authentication via Headers are not used for the websocket transport as it is blocked by some browsers. |
There was a problem hiding this comment.
Only "some" browsers ? Which ones ?
There was a problem hiding this comment.
no idea, not sure it matter
doc/operator_auth.md
Outdated
|
|
||
| In case of failed auth the server will respond with await `{"status": "failed", "reason": "string describing the reason"})` and close the connexion | ||
|
|
||
| Note: Authentication via Headers are not used for the websocket transport as it is blocked by some browsers. |
There was a problem hiding this comment.
no idea, not sure it matter
All python version didn\'t return the same error
```
E - {"status": "failed", "reason": "string indices must be integers"}
E + {"status": "failed", "reason": "string indices must be integers, not \'str\'"}
```
Solution: Force a error message.
Should also make the message a bit clearer
The custom authentication protocol used to access the operator API (logs, reboot, ... of a VM) was not documented.
hoh
force-pushed
the
ol-fix-test-authenticate_websocket_message
branch
from
98bf59c
to
281187a
Compare
All python version didn't return the same error
E - {"status": "failed", "reason": "string indices must be integers"}
E + {"status": "failed", "reason": "string indices must be integers, not 'str'"}
Solution: Force a error message.
Should also make the message a bit clearer