Make sure cable closes the connection if open when responding to an i…

…nvalid request
shunyama · Nov 4, 2015 · 7c1631f · 7c1631f
1 parent df20d87
commit 7c1631f
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 3 deletions.
diff --git a/lib/action_cable/connection/base.rb b/lib/action_cable/connection/base.rb
@@ -151,7 +151,6 @@ def on_open
           server.add_connection(self)
         rescue ActionCable::Connection::Authorization::UnauthorizedError
           respond_to_invalid_request
-          close
         end
 
         def on_message(message)
@@ -186,6 +185,8 @@ def respond_to_successful_request
         end
 
         def respond_to_invalid_request
+          close if websocket.alive?
+
           logger.info finished_request_message
           [ 404, { 'Content-Type' => 'text/plain' }, [ 'Page not found' ] ]
         end

diff --git a/test/connection/authorization_test.rb b/test/connection/authorization_test.rb
@@ -8,17 +8,25 @@ class Connection < ActionCable::Connection::Base
     def connect
       reject_unauthorized_connection
     end
+
+    def send_async(method, *args)
+      # Bypass Celluloid
+      send method, *args
+    end
   end
 
   test "unauthorized connection" do
     run_in_eventmachine do
       server = TestServer.new
-      env = Rack::MockRequest.env_for "/test", 'HTTP_CONNECTION' => 'upgrade', 'HTTP_UPGRADE' => 'websocket'
+      server.config.allowed_request_origins = %w( http://rubyonrails.com )
+
+      env = Rack::MockRequest.env_for "/test", 'HTTP_CONNECTION' => 'upgrade', 'HTTP_UPGRADE' => 'websocket',
+        'HTTP_ORIGIN' => 'http://rubyonrails.com'
 
       connection = Connection.new(server, env)
       connection.websocket.expects(:close)
+
       connection.process
-      connection.send :on_open
     end
   end
 end