[FIXED] Preserve websocket auth errors during connect#2058
Open
officialasishkumar wants to merge 1 commit intonats-io:mainfrom
Open
[FIXED] Preserve websocket auth errors during connect#2058officialasishkumar wants to merge 1 commit intonats-io:mainfrom
officialasishkumar wants to merge 1 commit intonats-io:mainfrom
Conversation
Coalesce CONNECT and PING into a single direct write so websocket connect handshakes are not split across frames during authentication failures. Preserve buffered protocol data when websocket and NATS readers receive data alongside EOF so initial -ERR lines are surfaced as ErrAuthorization instead of transport-level broken pipe or EOF errors. Add regression coverage for the reader edge cases and the public websocket auth-failure connect path. Signed-off-by: Asish Kumar <officialasishkumar@gmail.com>
|
Claude Code is working… I'll analyze this and get back to you. |
|
coverage: 85.399% (-0.1%) from 85.504% — officialasishkumar:fix-ws-connect-auth-errors into nats-io:main |
wallyqs
added a commit
to wallyqs/nats.go
that referenced
this pull request
Apr 9, 2026
Add TestWSMockServerAuthFailureWithEOF which reproduces the exact condition from issue nats-io#2024: a websocket server sends -ERR 'Authorization Violation' + close frame and immediately closes the TCP connection, so the error data and EOF may arrive on the same underlying read. Without the fixes in PR nats-io#2058, this test fails with "Expected ErrAuthorization, got: EOF". Also adds nats-server test dependency to go.mod so all tests compile. https://claude.ai/code/session_01364JzLu2QseCg45NmNVa31
wallyqs
added a commit
to wallyqs/nats.go
that referenced
this pull request
Apr 9, 2026
Add TestWSExpiredJWTAuthReturnsAuthError which sets up a full JWT auth infrastructure (operator trust + account resolver) on a websocket server and connects with an already-expired user JWT. This directly reproduces the scenario from issue nats-io#2024 where expired JWT tokens over websocket returned EOF instead of a proper auth error. Without the fixes in PR nats-io#2058, this test fails with: Expected auth error (ErrAuthorization or ErrAuthExpired), got: EOF https://claude.ai/code/session_01364JzLu2QseCg45NmNVa31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
-ERRlines are surfaced correctly during connectResolves #2024
Signed-off-by: Asish Kumar officialasishkumar@gmail.com