1
0
mirror of https://github.com/ppy/osu.git synced 2025-01-11 01:13:00 +08:00
Commit Graph

61 Commits

Author SHA1 Message Date
Dean Herbert
07611bd8f5
Use IAPIProvider interface and correctly support scheduling from DummyAPIAccess 2024-08-30 18:35:31 +09:00
Bartłomiej Dach
3006bae0d8
Send client-generated session GUID for identification purposes
This is the first half of a change that *may* fix
https://github.com/ppy/osu/issues/26338 (it definitely fixes *one case*
where the issue happens, but I'm not sure if it will cover all of them).

As described in the issue thread, using the `jti` claim from the JWT
used for authorisation seemed like a decent idea. However, upon closer
inspection the scheme falls over badly in a specific scenario where:

1. A client instance connects to spectator server using JWT A.

2. At some point, JWT A expires, and is silently rotated by the game in
   exchange for JWT B.

   The spectator server knows nothing of this, and continues to only
   track JWT A, including the old `jti` claim in said JWT.

3. At some later point, the client's connection to one of the spectator
   server hubs drops out. A reconnection is automatically attempted,
   *but* it is attempted using JWT B.

   The spectator server was not aware of JWT B until now, and said JWT
   has a different `jti` claim than the old one, so to the spectator
   server, it looks like a completely different client connecting, which
   boots the user out of their account.

This PR adds a per-session GUID which is sent in a HTTP header on every
connection attempt to spectator server. This GUID will be used instead
of the `jti` claim in JWTs as a persistent identifier of a single user's
single lazer session, which bypasses the failure scenario described
above.

I don't think any stronger primitive than this is required. As far as I
can tell this is as strong a protection as the JWT was (which is to say,
not *very* strong), and doing this removes a lot of weird complexity
that would be otherwise incurred by attempting to have client ferry all
of its newly issued JWTs to the server so that it can be aware of them.
2024-07-17 15:56:41 +02:00
Dean Herbert
f3bc944ac8
Remove using statement 2024-05-30 17:45:32 +09:00
Dean Herbert
2f2bc8e52e
Avoid ChatAckRequest failures flooding console in OsuGameTestScenes 2024-05-30 17:37:55 +09:00
Dean Herbert
4a2602a775
Merge branch 'master' into 2fa 2024-01-29 16:57:29 +09:00
Dean Herbert
ef94eff574
Rename PollingChatClientConnector to better describe usage 2024-01-29 16:56:28 +09:00
Bartłomiej Dach
a2e69d37e8
Add basic testing of failure flow 2024-01-26 11:17:32 +01:00
Bartłomiej Dach
3d3506b906
Merge branch 'decouple-notification-websocket-from-chat' into 2fa 2024-01-25 14:51:42 +01:00
Bartłomiej Dach
de52f0a80c
Decouple notifications websocket handling from chat operations
This is a prerequisite for https://github.com/ppy/osu/pull/25480.

The `WebSocketNotificationsClient` was tightly coupled to chat specifics
making it difficult to use in the second factor verification flow.
This commit's goal is to separate the websocket connection and message
handling concerns from specific chat logic concerns.
2024-01-25 14:47:29 +01:00
Bartłomiej Dach
2cfaa1c103
Merge branch 'master' into 2fa 2024-01-23 16:51:23 +01:00
StanR
e240443c46 Update LocalUser statistics, add test 2024-01-03 18:15:32 +06:00
StanR
d34f30f6ad Add Statistics bindable to IAPIProvider and update it from SoloStatisticsWatcher 2024-01-03 14:37:57 +06:00
Dean Herbert
f7fa9c90d6
Add test coverage of 2FA flow 2023-11-16 18:18:40 +09:00
Dean Herbert
0e4244a692
Add APIAccess flow for 2fa 2023-11-16 18:18:15 +09:00
Dean Herbert
85e303ec54
Add two factor step to api state flow 2023-11-16 18:18:15 +09:00
Dean Herbert
96dd7b3333
Update the last played date of a beatmap when importing a replay by the local user 2023-10-30 15:44:16 +09:00
Dean Herbert
6001f7e5c7 Rename "dummy" local user to something more descriptive
This created weird cases in logs which are very hard to understand. The
one which really got me was this:

```
[runtime] 2023-08-13 07:48:27 [verbose]: Invalidating working beatmap cache for unknown artist - unknown title (Dummy)
```

Which looks like a dummy working beatmap was invalidated, but it turns
out that's just the local user which was populated when creating a new
local beatmap.
2023-08-16 13:52:27 +09:00
Dean Herbert
1abce098b4 Apply nullability to login form related classes 2023-06-26 13:26:07 +09:00
Dean Herbert
ac0c988d49 Fix weirdly named test method and add xmldoc 2023-06-26 13:21:29 +09:00
Joseph Madamba
25c9bf4061
Improve and refactor LoginPanel test scene to use LoginOverlay 2023-06-25 11:39:32 -07:00
Bartłomiej Dach
1672608a87
Document why things were done in DummyAPIAccess 2023-06-22 23:08:30 +02:00
Liam DeVoe
21bed336c6 adjust DummyAPIAccess to more closely match APIAccess
wrt logging in and out
2023-06-22 16:01:12 -04:00
Salman Ahmed
ab790ec96a Expose currently selected language from IAPIProvider 2023-06-08 02:59:34 +03:00
Dan Balasescu
7bc8908ca9 Partial everything 2022-11-27 00:00:27 +09:00
Dan Balasescu
66bbe34116 Move polling clients to osu.Game.Tests namespace 2022-11-04 18:52:57 +09:00
Dan Balasescu
5b25ef5f2f Construct notifications client via IAPIProvider 2022-11-01 21:34:34 +09:00
Dean Herbert
a1e849c4db Ensure that DummyAPIAccess runs all queued tasks on disposal 2022-08-20 16:22:35 +09:00
Dean Herbert
13dcaf82ad Fix chat tests failing 1/10000 runs
31a447fda0/osu.Game/Online/Chat/ChannelManager.cs (L412-L414)

Sigh.
2022-06-27 16:50:10 +09:00
Dan Balasescu
f8830c6850 Automated #nullable processing 2022-06-17 16:37:17 +09:00
Dean Herbert
c18dd8c8fb Ensure Queue operations on DummyAPIAccess are performed on the update thread 2022-05-30 16:32:44 +09:00
Dean Herbert
a2a057440e Fail requests taretting the fake API with a more deliberate exception
I think this feels better than relying on some other method to throw an
exception.
2022-05-30 16:31:54 +09:00
Dean Herbert
7f4cc221d2 Add API versioning 2022-02-21 19:02:03 +09:00
Dean Herbert
0ecf5f201c Rename User to APIUser and move to correct namespace 2021-11-07 11:26:01 +09:00
Dean Herbert
266b4c7124 Expose login errors from IAPIProvider and show on the login form 2021-10-04 15:40:24 +09:00
Dean Herbert
617ff40de7 Add the ability to not use MessagePack when creating a HubConnector 2021-08-02 18:50:22 +09:00
Dean Herbert
aeff9bd853 Add return bool to HandleRequest to better trigger failures 2021-03-23 18:17:29 +09:00
Dean Herbert
f5ba746ae5 Fail all API requests sent to DummyAPIAccess
Until now, API requests sent to dummy API were just lost in the void. In most cases this somehow worked as expected, but any logic which is waiting on a request to finish will potentially never get a response.

Going forward, I'm not 100% sure that every `Wait` on a web response will have local timeout logic (I think there is a certain amount of assumption that this is being managed for us by `APIAccess`), so I've made this change to better handle such cases going forward. Now, rather than nothing happening, requests will trigger a failure via the existing exception logic rather than silently pretending the request never arrived.
2021-03-23 17:37:45 +09:00
Dean Herbert
9ad38ab20e Move HubClientConnector retrieval to IAPIProvider 2021-02-15 16:43:56 +09:00
Dean Herbert
323da82477 Add website root URL and update most links to use it
For what it's worth, I intentionally didn't include news / changelog /
supporter, because these should never change.
2020-12-24 18:11:42 +09:00
Dean Herbert
a749dca20b Remove left over using statement 2020-12-18 15:43:15 +09:00
Dean Herbert
99b670627a Remove unused placeholder friend in DummyAPI implementation 2020-12-18 15:25:12 +09:00
Dean Herbert
206bf3713e Make IAPIProvider read-only bindables into IBindables 2020-12-18 15:16:36 +09:00
Salman Ahmed
78ce6f1cd2 Add friends list to API providers 2020-12-17 13:30:55 +03:00
Dean Herbert
4788b4a643 Expose oauth access token via api interface 2020-10-22 17:48:15 +09:00
Dean Herbert
da573c7487 Remove unused usings 2020-10-22 14:44:10 +09:00
Dean Herbert
9753dab93b Remove IOnlineComponent and change existing components to use bindable flow 2020-10-22 14:19:12 +09:00
Dean Herbert
89d8063588 Add support for Perform/PerformAsync 2020-04-13 21:35:35 +09:00
Dean Herbert
832822858c Add basic request / response support 2020-04-11 17:48:23 +09:00
Lucas A
0422b326ad Add visual tests 2020-01-17 18:54:00 +01:00
Dean Herbert
c49aeb08c4 Add API methods to perform requests out-of-queue 2019-11-29 20:03:14 +09:00