diff options
| author |  tobi <31960611+tsmethurst@users.noreply.github.com> | 2022-06-08 20:38:03 +0200 |
|---|---|---|
| committer |  GitHub <noreply@github.com> | 2022-06-08 20:38:03 +0200 |
| commit | 1ede54ddf6dfd2d4ba039eb7e23b74bcac65b643 (patch) | |
| tree | 727436fb9bf9da25e30c5ded65c5b5ccaffe0cf0 /internal/federation | |
| parent | [bugfix] #621: add weak type handing to mapstructure decode (#625) (diff) | |
| download | gotosocial-1ede54ddf6dfd2d4ba039eb7e23b74bcac65b643.tar.xz | |
[feature] More consistent API error handling (#637)
* update templates
* start reworking api error handling
* update template
* return AP status at web endpoint if negotiated
* start making api error handling much more consistent
* update account endpoints to new error handling
* use new api error handling in admin endpoints
* go fmt ./...
* use api error logic in app
* use generic error handling in auth
* don't export generic error handler
* don't defer clearing session
* user nicer error handling on oidc callback handler
* tidy up the sign in handler
* tidy up the token handler
* use nicer error handling in blocksget
* auth emojis endpoint
* fix up remaining api endpoints
* fix whoopsie during login flow
* regenerate swagger docs
* change http error logging to debug
Diffstat (limited to 'internal/federation')
| -rw-r--r-- | internal/federation/authenticate.go | 22 |
1 files changed, 11 insertions, 11 deletions
diff --git a/internal/federation/authenticate.go b/internal/federation/authenticate.go index 1d0a4a7ef..5ca2f9806 100644 --- a/internal/federation/authenticate.go +++ b/internal/federation/authenticate.go @@ -126,7 +126,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU vi := ctx.Value(ap.ContextRequestingPublicKeyVerifier) if vi == nil { err := errors.New("http request wasn't signed or http signature was invalid") - errWithCode := gtserror.NewErrorNotAuthorized(err, err.Error()) + errWithCode := gtserror.NewErrorUnauthorized(err, err.Error()) l.Debug(errWithCode) return nil, errWithCode } @@ -134,7 +134,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU verifier, ok := vi.(httpsig.Verifier) if !ok { err := errors.New("http request wasn't signed or http signature was invalid") - errWithCode := gtserror.NewErrorNotAuthorized(err, err.Error()) + errWithCode := gtserror.NewErrorUnauthorized(err, err.Error()) l.Debug(errWithCode) return nil, errWithCode } @@ -143,7 +143,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU si := ctx.Value(ap.ContextRequestingPublicKeySignature) if si == nil { err := errors.New("http request wasn't signed or http signature was invalid") - errWithCode := gtserror.NewErrorNotAuthorized(err, err.Error()) + errWithCode := gtserror.NewErrorUnauthorized(err, err.Error()) l.Debug(errWithCode) return nil, errWithCode } @@ -151,7 +151,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU signature, ok := si.(string) if !ok { err := errors.New("http request wasn't signed or http signature was invalid") - errWithCode := gtserror.NewErrorNotAuthorized(err, err.Error()) + errWithCode := gtserror.NewErrorUnauthorized(err, err.Error()) l.Debug(errWithCode) return nil, errWithCode } @@ -209,7 +209,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU // The actual http call to the remote server is made right here in the Dereference function. b, err := transport.Dereference(ctx, requestingPublicKeyID) if err != nil { - errWithCode := gtserror.NewErrorNotAuthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err)) + errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error dereferencing public key %s: %s", requestingPublicKeyID, err)) l.Debug(errWithCode) return nil, errWithCode } @@ -217,7 +217,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU // if the key isn't in the response, we can't authenticate the request requestingPublicKey, err := getPublicKeyFromResponse(ctx, b, requestingPublicKeyID) if err != nil { - errWithCode := gtserror.NewErrorNotAuthorized(fmt.Errorf("error parsing public key %s: %s", requestingPublicKeyID, err)) + errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("error parsing public key %s: %s", requestingPublicKeyID, err)) l.Debug(errWithCode) return nil, errWithCode } @@ -225,7 +225,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU // we should be able to get the actual key embedded in the vocab.W3IDSecurityV1PublicKey pkPemProp := requestingPublicKey.GetW3IDSecurityV1PublicKeyPem() if pkPemProp == nil || !pkPemProp.IsXMLSchemaString() { - errWithCode := gtserror.NewErrorNotAuthorized(errors.New("publicKeyPem property is not provided or it is not embedded as a value")) + errWithCode := gtserror.NewErrorUnauthorized(errors.New("publicKeyPem property is not provided or it is not embedded as a value")) l.Debug(errWithCode) return nil, errWithCode } @@ -234,14 +234,14 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU pubKeyPem := pkPemProp.Get() block, _ := pem.Decode([]byte(pubKeyPem)) if block == nil || block.Type != "PUBLIC KEY" { - errWithCode := gtserror.NewErrorNotAuthorized(errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type")) + errWithCode := gtserror.NewErrorUnauthorized(errors.New("could not decode publicKeyPem to PUBLIC KEY pem block type")) l.Debug(errWithCode) return nil, errWithCode } publicKey, err = x509.ParsePKIXPublicKey(block.Bytes) if err != nil { - errWithCode := gtserror.NewErrorNotAuthorized(fmt.Errorf("could not parse public key %s from block bytes: %s", requestingPublicKeyID, err)) + errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("could not parse public key %s from block bytes: %s", requestingPublicKeyID, err)) l.Debug(errWithCode) return nil, errWithCode } @@ -249,7 +249,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU // all good! we just need the URI of the key owner to return pkOwnerProp := requestingPublicKey.GetW3IDSecurityV1Owner() if pkOwnerProp == nil || !pkOwnerProp.IsIRI() { - errWithCode := gtserror.NewErrorNotAuthorized(errors.New("publicKeyOwner property is not provided or it is not embedded as a value")) + errWithCode := gtserror.NewErrorUnauthorized(errors.New("publicKeyOwner property is not provided or it is not embedded as a value")) l.Debug(errWithCode) return nil, errWithCode } @@ -280,7 +280,7 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU l.Tracef("authentication for %s NOT PASSED with algorithm %s: %s", pkOwnerURI, algo, err) } - errWithCode := gtserror.NewErrorNotAuthorized(fmt.Errorf("authentication not passed for public key owner %s; signature value was '%s'", pkOwnerURI, signature)) + errWithCode := gtserror.NewErrorUnauthorized(fmt.Errorf("authentication not passed for public key owner %s; signature value was '%s'", pkOwnerURI, signature)) l.Debug(errWithCode) return nil, errWithCode } |