mapped signature plug: don't invalidate in cases where a signature is actually not present (testsuite)

This commit is contained in:
Ariadne Conill 2019-07-18 16:01:21 +00:00
parent cdf0038d0f
commit 5ea0cd69f7

View File

@ -36,12 +36,18 @@ def call(%{assigns: %{mapped_identity: _}} = conn, _opts), do: conn
# if this has payload make sure it is signed by the same actor that made it # if this has payload make sure it is signed by the same actor that made it
def call(%{assigns: %{valid_signature: true}, params: %{"actor" => actor}} = conn, _opts) do def call(%{assigns: %{valid_signature: true}, params: %{"actor" => actor}} = conn, _opts) do
with actor_id <- Utils.get_ap_id(actor), with actor_id <- Utils.get_ap_id(actor),
%User{} = user <- user_from_key_id(conn), {:user, %User{} = user} <- {:user, user_from_key_id(conn)},
true <- user.ap_id == actor_id do {:user_match, true} <- {:user_match, user.ap_id == actor_id} do
assign(conn, :mapped_identity, user) assign(conn, :mapped_identity, user)
else else
_ -> {:user_match, false} ->
Logger.debug("Failed to map identity from signature (payload actor mismatch?)") Logger.debug("Failed to map identity from signature (payload actor mismatch)")
Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}")
assign(conn, :valid_signature, false)
# remove me once testsuite uses mapped capabilities instead of what we do now
{:user, nil} ->
Logger.debug("Failed to map identity from signature (lookup failure)")
Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}") Logger.debug("key_id=#{key_id_from_conn(conn)}, actor=#{actor}")
conn conn
end end
@ -55,7 +61,7 @@ def call(%{assigns: %{valid_signature: true}} = conn, _opts) do
_ -> _ ->
Logger.debug("Failed to map identity from signature (no payload actor mismatch)") Logger.debug("Failed to map identity from signature (no payload actor mismatch)")
Logger.debug("key_id=#{key_id_from_conn(conn)}") Logger.debug("key_id=#{key_id_from_conn(conn)}")
conn assign(conn, :valid_signature, false)
end end
end end