Do not reconnect gitter-realtime-client after 401/403
Do not reconnect gitter-realtime-client
after 401/403. This won't help the existing situation we have but is good to have for the future.
Background, https://gitlab.com/gitlab-org/gitter/webapp/issues/1937
Estimated Behavior
I think this is caused by the
gitter-realtime-client
usage within the desktop app (not within thewebapp
which has already signed them out). We use thegitter-realtime-client
separately in the desktop app to update the task bar and tray menu with unreads. The realtime client will handle "Reinitialisation of state after client disconnections" and doesn't have anything in place to stop reconnecting after a401
/403
like we have in thewebapp
.These people haven't noticed that Gitter has revoked them because they just leave it running in the background.
Current Behavior
Update: Tested with a revoked token in a barebones gitter-realtime-client
demo and we currently POST /bayeux
every 2 seconds when the response is 401 with the following advice in the response,
[
{
"id": "1v",
"channel": "/meta/handshake",
"error": "401::Unauthorized",
"successful": false,
"version": "1.0",
"supportedConnectionTypes": [
"long-polling",
"cross-origin-long-polling",
"callback-polling",
"websocket",
"eventsource",
"in-process"
],
"advice": {
"reconnect": "none",
"interval": 2000
}
}
]
The current code to sign out people in the desktop app on error/advice.reconnect === 'none'
is inside the subscription which is never reached if we stop them from handshaking,
Potential solution
Add the same accessTokenFailureExtension
like we have in the webapp, https://gitlab.com/gitlab-org/gitter/webapp/blob/490853994440454d41ec5784d4e4d6bb2bab1ca0/public/js/components/realtime.js#L68-84
Perhaps we should add this directly into the gitter-realtime-client
so other users of the library don't barrage us accidentally.
I am curious why advice.reconnect = 'none'
isn't working to stop the reconnects inside Halley. Update: It looks like this is fixed in the latest unreleased version of Halley but halley@0.4.8
which is used in the gitter-realtime-client
does not include this fix (see Halley 0.4.8
-> current master
diff)
We do have something here to sign out people but this doesn't help when we get a 401 when we POST /bayeux
to handshake.