-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Problem: Test test_websocket_logs_invalid_auth fail on Python 3.12.3 #692
Conversation
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #692 +/- ##
==========================================
+ Coverage 62.19% 62.21% +0.01%
==========================================
Files 69 69
Lines 6074 6076 +2
Branches 641 642 +1
==========================================
+ Hits 3778 3780 +2
Misses 2144 2144
Partials 152 152 ☔ View full report in Codecov by Sentry. |
3d3aa96
to
a340830
Compare
dc10bd2
to
b0d7ea6
Compare
|
||
It allows the user to control their VM. e.g : stop reboot, view their log, etc… | ||
|
||
## Overview |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
## Overview | |
## Motivations | |
This protocol ensures secure authentication between a blockchain wallet owner and an aleph.im compute node. | |
Private key access is typically gated by prompts requiring manual approval for each signing operation. With hardware wallets, users are prompted both by the software on their device and the hardware wallet itself. | |
## Overview |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
not sur I understand the second paragraph. is that a llm suggestion?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What I mean there is that when using a client (CLI or web) with a blockchain wallet, the user usually has to sign every operation with a prompt.
For example with Metamask:
When the private key is stored in a hardware wallet, it is one prompt on screen plus one on the hardware wallet.
This is very annoying to do for every operation on a CRN (access logs, ...).
I want to explain why this intermediate temporary key pair is created.
doc/operator_auth.md
Outdated
integrity and authenticity. If validation fails (e.g., expired key or invalid signature), the server returns a 401 | ||
Unauthorized error. | ||
|
||
Support for the Solana wallet will be added soon. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Support for Solana wallets is planned in the near future.
doc/operator_auth.md
Outdated
It is sent serialized as a hex string. | ||
|
||
#### Signature | ||
This payload is serialized, signed, and sent in the `X-SignedOperation` header to ensure the integrity and authenticity |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
How is the payload serialized ?
doc/operator_auth.md
Outdated
|
||
In case of failed auth the server will respond with await `{"status": "failed", "reason": "string describing the reason"})` and close the connexion | ||
|
||
Note: Authentication via Headers are not used for the websocket transport as it is blocked by some browsers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Only "some" browsers ? Which ones ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no idea, not sure it matter
doc/operator_auth.md
Outdated
|
||
In case of failed auth the server will respond with await `{"status": "failed", "reason": "string describing the reason"})` and close the connexion | ||
|
||
Note: Authentication via Headers are not used for the websocket transport as it is blocked by some browsers. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
no idea, not sure it matter
All python version didn\'t return the same error ``` E - {"status": "failed", "reason": "string indices must be integers"} E + {"status": "failed", "reason": "string indices must be integers, not \'str\'"} ``` Solution: Force a error message. Should also make the message a bit clearer
The custom authentication protocol used to access the operator API (logs, reboot, ... of a VM) was not documented.
98bf59c
to
281187a
Compare
All python version didn't return the same error
E - {"status": "failed", "reason": "string indices must be integers"}
E + {"status": "failed", "reason": "string indices must be integers, not 'str'"}
Solution: Force a error message.
Should also make the message a bit clearer