Fix HTTP responses for salmon and ActivityPub inbox processing (#5200)

* Return sensible HTTP status for ActivityPub inbox processing * Return sensible HTTP status for salmon slap processing * Return additional information to debug signature verification failures
2017-10-03 23:21:19 +02:00 · 2017-10-03 23:21:19 +02:00 · dfaa219f88
parent e6543d5fc4
commit dfaa219f88
4 changed files with 17 additions and 6 deletions
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@ -9,9 +9,9 @@ class ActivityPub::InboxesController < Api::BaseController
    if signed_request_account
      upgrade_account
      process_payload
-      head 201
-    else
      head 202
+    else
+      [signature_verification_failure_reason, 401]
    end
  end

--- a/app/controllers/api/salmon_controller.rb
+++ b/app/controllers/api/salmon_controller.rb
@ -7,9 +7,11 @@ class Api::SalmonController < Api::BaseController
  def update
    if verify_payload?
      process_salmon
-      head 201
-    else
      head 202
+    elsif payload.present?
+      [signature_verification_failure_reason, 401]
+    else
+      head 400
    end
  end

--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@ -9,10 +9,15 @@ module SignatureVerification
    request.headers['Signature'].present?
  end

+  def signature_verification_failure_reason
+    return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason)
+  end
+
  def signed_request_account
    return @signed_request_account if defined?(@signed_request_account)

    unless signed_request?
+      @signature_verification_failure_reason = 'Request not signed'
      @signed_request_account = nil
      return
    end
@ -27,6 +32,7 @@ module SignatureVerification
    end

    if incompatible_signature?(signature_params)
+      @signature_verification_failure_reason = 'Incompatible request signature'
      @signed_request_account = nil
      return
    end
@ -34,6 +40,7 @@ module SignatureVerification
    account = account_from_key_id(signature_params['keyId'])

    if account.nil?
+      @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
      @signed_request_account = nil
      return
    end
@ -51,9 +58,11 @@ module SignatureVerification
        @signed_request_account = account
        @signed_request_account
      else
+        @signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
        @signed_request_account = nil
      end
    else
+      @signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
      @signed_request_account = nil
    end
  end
--- a/spec/controllers/api/salmon_controller_spec.rb
+++ b/spec/controllers/api/salmon_controller_spec.rb
@ -46,8 +46,8 @@ RSpec.describe Api::SalmonController, type: :controller do
        post :update, params: { id: account.id }
      end

-      it 'returns http success' do
-        expect(response).to have_http_status(202)
+      it 'returns http client error' do
+        expect(response).to have_http_status(400)
      end
    end
  end