mirror of
https://github.com/ppy/osu.git
synced 2026-05-18 07:49:52 +08:00
Bartłomiej Dach
caffc7238b
* Do not forcibly log out user if user retrieval fails with a server error code This behaviour caused users to get forcibly logged out of the game during yesterday's redis outage. From one case where logs were provided (https://discord.com/channels/188630481301012481/1097318920991559880/1480201862610423933): - User had repeated timeouts on API requests; consequently, API went into failing state - On one of the login retries `/api/v2/me` returned a 500 with no error details (`{"error":"null}` JSON response) which resulted in an instant logout as per https://github.com/ppy/osu/blob/7263551aa868911a7d9148cf2cb16f9e0325f531/osu.Game/Online/API/APIAccess.cs#L323-L324 This PR intends to only forcibly log the user out if the returned error code indicates a client error. If it is a server error, the login is preserved and a normal retry loop proceeds. This can be tested with a local web instance via following steps: 1. Start `osu-web` and a client instance connected to it. 2. Log in on the client instance. 3. Kill (`^C`) `osu-web`. 4. Trigger a few requests in the client and wait for enough of them to fail for the API to change to `Failing` state. 5. Apply ```diff diff --git a/app/Http/Controllers/UsersController.php b/app/Http/Controllers/UsersController.php index db34639abf2..392a844882a 100644 --- a/app/Http/Controllers/UsersController.php +++ b/app/Http/Controllers/UsersController.php @@ -581,6 +581,8 @@ class UsersController extends Controller */ public function me($mode = null) { + abort(500); + $user = \Auth::user(); $currentMode = $mode ?? $user->playmode; ``` 6. Start `osu-web` again. 7. On master this will log the user out forcibly. On this PR, the user will remain in `Failing` state. 8. Undo patch from step (5) (restarting web is not required). 9. On this PR, the client will be logged back in. * Update framework --------- Co-authored-by: Dean Herbert <pe@ppy.sh>
231 lines
7.0 KiB
C#
231 lines
7.0 KiB
C#
// Copyright (c) ppy Pty Ltd <contact@ppy.sh>. Licensed under the MIT Licence.
|
|
// See the LICENCE file in the repository root for full licence text.
|
|
|
|
#nullable disable
|
|
|
|
using System;
|
|
using System.Diagnostics;
|
|
using System.Net.Http;
|
|
using System.Net.Sockets;
|
|
using Newtonsoft.Json;
|
|
using osu.Framework.Bindables;
|
|
|
|
namespace osu.Game.Online.API
|
|
{
|
|
public class OAuth
|
|
{
|
|
private readonly string clientId;
|
|
private readonly string clientSecret;
|
|
private readonly string endpoint;
|
|
|
|
public readonly Bindable<OAuthToken> Token = new Bindable<OAuthToken>();
|
|
|
|
public string TokenString
|
|
{
|
|
get => Token.Value?.ToString();
|
|
set => Token.Value = string.IsNullOrEmpty(value) ? null : OAuthToken.Parse(value);
|
|
}
|
|
|
|
internal OAuth(string clientId, string clientSecret, string endpoint)
|
|
{
|
|
Debug.Assert(clientId != null);
|
|
Debug.Assert(clientSecret != null);
|
|
Debug.Assert(endpoint != null);
|
|
|
|
this.clientId = clientId;
|
|
this.clientSecret = clientSecret;
|
|
this.endpoint = endpoint;
|
|
}
|
|
|
|
internal void AuthenticateWithLogin(string username, string password)
|
|
{
|
|
if (string.IsNullOrEmpty(username)) throw new ArgumentException("Missing username.");
|
|
if (string.IsNullOrEmpty(password)) throw new ArgumentException("Missing password.");
|
|
|
|
var accessTokenRequest = new AccessTokenRequestPassword(username, password)
|
|
{
|
|
Url = $@"{endpoint}/oauth/token",
|
|
Method = HttpMethod.Post,
|
|
ClientId = clientId,
|
|
ClientSecret = clientSecret
|
|
};
|
|
|
|
using (accessTokenRequest)
|
|
{
|
|
try
|
|
{
|
|
accessTokenRequest.Perform();
|
|
}
|
|
catch (Exception ex)
|
|
{
|
|
Token.Value = null;
|
|
|
|
var throwableException = ex;
|
|
|
|
try
|
|
{
|
|
// attempt to decode a displayable error string.
|
|
var error = JsonConvert.DeserializeObject<OAuthError>(accessTokenRequest.GetResponseString() ?? string.Empty);
|
|
if (error != null)
|
|
throwableException = new APIException(error.UserDisplayableError, ex, accessTokenRequest.ResponseStatusCode);
|
|
}
|
|
catch
|
|
{
|
|
}
|
|
|
|
throw throwableException;
|
|
}
|
|
|
|
Token.Value = accessTokenRequest.ResponseObject;
|
|
}
|
|
}
|
|
|
|
internal bool AuthenticateWithRefresh(string refresh)
|
|
{
|
|
try
|
|
{
|
|
var refreshRequest = new AccessTokenRequestRefresh(refresh)
|
|
{
|
|
Url = $@"{endpoint}/oauth/token",
|
|
Method = HttpMethod.Post,
|
|
ClientId = clientId,
|
|
ClientSecret = clientSecret
|
|
};
|
|
|
|
using (refreshRequest)
|
|
{
|
|
refreshRequest.Perform();
|
|
|
|
Token.Value = refreshRequest.ResponseObject;
|
|
return true;
|
|
}
|
|
}
|
|
catch (SocketException)
|
|
{
|
|
// Network failure.
|
|
return false;
|
|
}
|
|
catch (HttpRequestException)
|
|
{
|
|
// Network failure.
|
|
return false;
|
|
}
|
|
catch
|
|
{
|
|
// Force a full re-authentication.
|
|
Token.Value = null;
|
|
return false;
|
|
}
|
|
}
|
|
|
|
private static readonly object access_token_retrieval_lock = new object();
|
|
|
|
/// <summary>
|
|
/// Should be run before any API request to make sure we have a valid key.
|
|
/// </summary>
|
|
private bool ensureAccessToken()
|
|
{
|
|
// if we already have a valid access token, let's use it.
|
|
if (accessTokenValid) return true;
|
|
|
|
// if not, let's try using our refresh token to request a new access token.
|
|
if (!string.IsNullOrEmpty(Token.Value?.RefreshToken))
|
|
// ReSharper disable once PossibleNullReferenceException
|
|
AuthenticateWithRefresh(Token.Value.RefreshToken);
|
|
|
|
return accessTokenValid;
|
|
}
|
|
|
|
private bool accessTokenValid => Token.Value?.IsValid ?? false;
|
|
|
|
internal bool HasValidAccessToken => RequestAccessToken() != null;
|
|
|
|
internal string RequestAccessToken()
|
|
{
|
|
lock (access_token_retrieval_lock)
|
|
{
|
|
if (!ensureAccessToken()) return null;
|
|
|
|
return Token.Value.AccessToken;
|
|
}
|
|
}
|
|
|
|
internal void Clear()
|
|
{
|
|
lock (access_token_retrieval_lock)
|
|
Token.Value = null;
|
|
}
|
|
|
|
private class AccessTokenRequestRefresh : AccessTokenRequest
|
|
{
|
|
internal readonly string RefreshToken;
|
|
|
|
internal AccessTokenRequestRefresh(string refreshToken)
|
|
{
|
|
RefreshToken = refreshToken;
|
|
GrantType = @"refresh_token";
|
|
}
|
|
|
|
protected override void PrePerform()
|
|
{
|
|
AddParameter("refresh_token", RefreshToken);
|
|
|
|
base.PrePerform();
|
|
}
|
|
}
|
|
|
|
private class AccessTokenRequestPassword : AccessTokenRequest
|
|
{
|
|
internal readonly string Username;
|
|
internal readonly string Password;
|
|
|
|
internal AccessTokenRequestPassword(string username, string password)
|
|
{
|
|
Username = username;
|
|
Password = password;
|
|
GrantType = @"password";
|
|
}
|
|
|
|
protected override void PrePerform()
|
|
{
|
|
AddParameter("username", Username);
|
|
AddParameter("password", Password);
|
|
|
|
base.PrePerform();
|
|
}
|
|
}
|
|
|
|
private class AccessTokenRequest : OsuJsonWebRequest<OAuthToken>
|
|
{
|
|
protected string GrantType;
|
|
|
|
internal string ClientId;
|
|
internal string ClientSecret;
|
|
|
|
protected override void PrePerform()
|
|
{
|
|
AddParameter("grant_type", GrantType);
|
|
AddParameter("client_id", ClientId);
|
|
AddParameter("client_secret", ClientSecret);
|
|
AddParameter("scope", "*");
|
|
|
|
base.PrePerform();
|
|
}
|
|
}
|
|
|
|
private class OAuthError
|
|
{
|
|
public string UserDisplayableError => !string.IsNullOrEmpty(Hint) ? Hint : ErrorIdentifier;
|
|
|
|
[JsonProperty("error")]
|
|
public string ErrorIdentifier { get; set; }
|
|
|
|
[JsonProperty("hint")]
|
|
public string Hint { get; set; }
|
|
|
|
[JsonProperty("message")]
|
|
public string Message { get; set; }
|
|
}
|
|
}
|
|
}
|