One-time use tokens for AnyCable

[ryan-pratt]

No description provided.

[codecov]

Codecov Report

❌ Patch coverage is 73.58491% with 14 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.41%. Comparing base (c629a3b) to head (9cefde1).
⚠️ Report is 38 commits behind head on main.

Files with missing lines	Patch %	Lines
openc3/lib/openc3/utilities/authentication.rb	69.23%	8 Missing ⚠️
...mos-cmd-tlm-api/app/controllers/auth_controller.rb	25.00%	3 Missing ⚠️
openc3/lib/openc3/utilities/authorization.rb	60.00%	2 Missing ⚠️
openc3/lib/openc3/script/web_socket_api.rb	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2911      +/-   ##
==========================================
+ Coverage   78.24%   78.41%   +0.17%     
==========================================
  Files         673      673              
  Lines       55204    55246      +42     
  Branches      728      728              
==========================================
+ Hits        43196    43323     +127     
+ Misses      11930    11845      -85     
  Partials       78       78              

Flag	Coverage Δ
python	79.71% <ø> (+0.38%)	⬆️
ruby-api	79.98% <25.00%> (+0.28%)	⬆️
ruby-backend	82.16% <77.55%> (-0.01%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[ryanmelt]

This should affect the Ruby and Python SDKs as well.

[jmthomas]

So this change makes all cable connections first generate a one time password (token) and then upon connection deletes the token? This is better because if someone grabs the token during the cable connection it doesn't matter because it is immediately invalidated. Is that the gist?

[ryan-pratt]

So this change makes all cable connections first generate a one time password (token) and then upon connection deletes the token? This is better because if someone grabs the token during the cable connection it doesn't matter because it is immediately invalidated. Is that the gist?

Correct

[jmthomas]

Makes sense to me. Not sure what @ryanmelt is asking for via the Ruby and Python APIs.

[ryanmelt]

We use websockets in the Ruby and Python code too. Do they not use query parameters? If they don't then we're good. If they do then they need to be updated too

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[ryan-pratt]

Do they not use query parameters? If they don't then we're good.

They do. Just changed that, and tested using the streaming scripts in the demo plugin: