Fix HTTP responses for salmon and ActivityPub inbox processing (#5200)

* Return sensible HTTP status for ActivityPub inbox processing

* Return sensible HTTP status for salmon slap processing

* Return additional information to debug signature verification failures
This commit is contained in:
ThibG 2017-10-03 23:21:19 +02:00 committed by Eugen Rochko
parent e6543d5fc4
commit dfaa219f88
4 changed files with 17 additions and 6 deletions

View File

@ -9,9 +9,9 @@ class ActivityPub::InboxesController < Api::BaseController
if signed_request_account if signed_request_account
upgrade_account upgrade_account
process_payload process_payload
head 201
else
head 202 head 202
else
[signature_verification_failure_reason, 401]
end end
end end

View File

@ -7,9 +7,11 @@ class Api::SalmonController < Api::BaseController
def update def update
if verify_payload? if verify_payload?
process_salmon process_salmon
head 201
else
head 202 head 202
elsif payload.present?
[signature_verification_failure_reason, 401]
else
head 400
end end
end end

View File

@ -9,10 +9,15 @@ module SignatureVerification
request.headers['Signature'].present? request.headers['Signature'].present?
end end
def signature_verification_failure_reason
return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason)
end
def signed_request_account def signed_request_account
return @signed_request_account if defined?(@signed_request_account) return @signed_request_account if defined?(@signed_request_account)
unless signed_request? unless signed_request?
@signature_verification_failure_reason = 'Request not signed'
@signed_request_account = nil @signed_request_account = nil
return return
end end
@ -27,6 +32,7 @@ module SignatureVerification
end end
if incompatible_signature?(signature_params) if incompatible_signature?(signature_params)
@signature_verification_failure_reason = 'Incompatible request signature'
@signed_request_account = nil @signed_request_account = nil
return return
end end
@ -34,6 +40,7 @@ module SignatureVerification
account = account_from_key_id(signature_params['keyId']) account = account_from_key_id(signature_params['keyId'])
if account.nil? if account.nil?
@signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
@signed_request_account = nil @signed_request_account = nil
return return
end end
@ -51,9 +58,11 @@ module SignatureVerification
@signed_request_account = account @signed_request_account = account
@signed_request_account @signed_request_account
else else
@signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
@signed_request_account = nil @signed_request_account = nil
end end
else else
@signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
@signed_request_account = nil @signed_request_account = nil
end end
end end

View File

@ -46,8 +46,8 @@ RSpec.describe Api::SalmonController, type: :controller do
post :update, params: { id: account.id } post :update, params: { id: account.id }
end end
it 'returns http success' do it 'returns http client error' do
expect(response).to have_http_status(202) expect(response).to have_http_status(400)
end end
end end
end end