Fix HTTP responses for salmon and ActivityPub inbox processing (#5200)
* Return sensible HTTP status for ActivityPub inbox processing * Return sensible HTTP status for salmon slap processing * Return additional information to debug signature verification failures
This commit is contained in:
		
							parent
							
								
									5b9ea85b62
								
							
						
					
					
						commit
						707cd936e8
					
				
					 4 changed files with 17 additions and 6 deletions
				
			
		|  | @ -9,9 +9,9 @@ class ActivityPub::InboxesController < Api::BaseController | ||||||
|     if signed_request_account |     if signed_request_account | ||||||
|       upgrade_account |       upgrade_account | ||||||
|       process_payload |       process_payload | ||||||
|       head 201 |  | ||||||
|     else |  | ||||||
|       head 202 |       head 202 | ||||||
|  |     else | ||||||
|  |       [signature_verification_failure_reason, 401] | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -7,9 +7,11 @@ class Api::SalmonController < Api::BaseController | ||||||
|   def update |   def update | ||||||
|     if verify_payload? |     if verify_payload? | ||||||
|       process_salmon |       process_salmon | ||||||
|       head 201 |  | ||||||
|     else |  | ||||||
|       head 202 |       head 202 | ||||||
|  |     elsif payload.present? | ||||||
|  |       [signature_verification_failure_reason, 401] | ||||||
|  |     else | ||||||
|  |       head 400 | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|  |  | ||||||
|  | @ -9,10 +9,15 @@ module SignatureVerification | ||||||
|     request.headers['Signature'].present? |     request.headers['Signature'].present? | ||||||
|   end |   end | ||||||
| 
 | 
 | ||||||
|  |   def signature_verification_failure_reason | ||||||
|  |     return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason) | ||||||
|  |   end | ||||||
|  | 
 | ||||||
|   def signed_request_account |   def signed_request_account | ||||||
|     return @signed_request_account if defined?(@signed_request_account) |     return @signed_request_account if defined?(@signed_request_account) | ||||||
| 
 | 
 | ||||||
|     unless signed_request? |     unless signed_request? | ||||||
|  |       @signature_verification_failure_reason = 'Request not signed' | ||||||
|       @signed_request_account = nil |       @signed_request_account = nil | ||||||
|       return |       return | ||||||
|     end |     end | ||||||
|  | @ -27,6 +32,7 @@ module SignatureVerification | ||||||
|     end |     end | ||||||
| 
 | 
 | ||||||
|     if incompatible_signature?(signature_params) |     if incompatible_signature?(signature_params) | ||||||
|  |       @signature_verification_failure_reason = 'Incompatible request signature' | ||||||
|       @signed_request_account = nil |       @signed_request_account = nil | ||||||
|       return |       return | ||||||
|     end |     end | ||||||
|  | @ -34,6 +40,7 @@ module SignatureVerification | ||||||
|     account = account_from_key_id(signature_params['keyId']) |     account = account_from_key_id(signature_params['keyId']) | ||||||
| 
 | 
 | ||||||
|     if account.nil? |     if account.nil? | ||||||
|  |       @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}" | ||||||
|       @signed_request_account = nil |       @signed_request_account = nil | ||||||
|       return |       return | ||||||
|     end |     end | ||||||
|  | @ -51,9 +58,11 @@ module SignatureVerification | ||||||
|         @signed_request_account = account |         @signed_request_account = account | ||||||
|         @signed_request_account |         @signed_request_account | ||||||
|       else |       else | ||||||
|  |         @signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}" | ||||||
|         @signed_request_account = nil |         @signed_request_account = nil | ||||||
|       end |       end | ||||||
|     else |     else | ||||||
|  |       @signed_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}" | ||||||
|       @signed_request_account = nil |       @signed_request_account = nil | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
|  |  | ||||||
|  | @ -46,8 +46,8 @@ RSpec.describe Api::SalmonController, type: :controller do | ||||||
|         post :update, params: { id: account.id } |         post :update, params: { id: account.id } | ||||||
|       end |       end | ||||||
| 
 | 
 | ||||||
|       it 'returns http success' do |       it 'returns http client error' do | ||||||
|         expect(response).to have_http_status(202) |         expect(response).to have_http_status(400) | ||||||
|       end |       end | ||||||
|     end |     end | ||||||
|   end |   end | ||||||
|  |  | ||||||
		Loading…
	
		Reference in a new issue