From 44ec6d6bc8d7fdf1749fb3b393d3e28e19537220 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C4=99drzej=20Stuczy=C5=84ski?= Date: Wed, 18 Jun 2025 09:17:54 +0100 Subject: [PATCH] bugfix: allow gateways to permit authentication from v4 clients (#5862) --- .../websocket/connection_handler/fresh.rs | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/gateway/src/node/client_handling/websocket/connection_handler/fresh.rs b/gateway/src/node/client_handling/websocket/connection_handler/fresh.rs index 8841f82d9f..bd66ee26f5 100644 --- a/gateway/src/node/client_handling/websocket/connection_handler/fresh.rs +++ b/gateway/src/node/client_handling/websocket/connection_handler/fresh.rs @@ -419,6 +419,13 @@ impl FreshHandler { return Ok(INITIAL_PROTOCOL_VERSION); }; + // ##### + // On backwards compat: + // Currently it is the case that gateways will understand all previous protocol versions + // and will downgrade accordingly, but this will now always be the case. + // For example, once we remove downgrade on legacy auth, anything below version 4 will be rejected + // ##### + // a v2 gateway will understand v1 requests, but v1 client will not understand v2 responses if client_protocol_version == 1 { return Ok(1); @@ -434,6 +441,11 @@ impl FreshHandler { return Ok(3); } + // a v5 gateway will understand v4 requests (key-rotation) + if client_protocol_version == 4 { + return Ok(4); + } + // we can't handle clients with higher protocol than ours // (perhaps we could try to negotiate downgrade on our end? sounds like a nice future improvement) if client_protocol_version <= CURRENT_PROTOCOL_VERSION {