From 9cf66bf29871dad6523f421ae72125d584ac4c9a Mon Sep 17 00:00:00 2001
From: tobi <31960611+tsmethurst@users.noreply.github.com>
Date: Tue, 26 Apr 2022 18:10:11 +0200
Subject: [chore] Return more useful errors from auth failure (#494)

* try rsa_sha256 sig algo first

* return more informative errors from auth

* adapt to reworked auth function
---
 internal/federation/federatingprotocol.go | 20 +++++++++++---------
 1 file changed, 11 insertions(+), 9 deletions(-)

(limited to 'internal/federation/federatingprotocol.go')

diff --git a/internal/federation/federatingprotocol.go b/internal/federation/federatingprotocol.go
index 789959810..7bcefc147 100644
--- a/internal/federation/federatingprotocol.go
+++ b/internal/federation/federatingprotocol.go
@@ -119,15 +119,17 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 		return nil, false, fmt.Errorf("could not fetch receiving account with username %s: %s", username, err)
 	}
 
-	publicKeyOwnerURI, authenticated, err := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
-	if err != nil {
-		l.Debugf("request not authenticated: %s", err)
-		return ctx, false, err
-	}
-
-	if !authenticated {
-		w.WriteHeader(http.StatusForbidden)
-		return ctx, false, nil
+	publicKeyOwnerURI, errWithCode := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
+	if errWithCode != nil {
+		switch errWithCode.Code() {
+		case http.StatusUnauthorized, http.StatusForbidden, http.StatusBadRequest:
+			// if 400, 401, or 403, obey the interface by writing the header and bailing
+			w.WriteHeader(errWithCode.Code())
+			return ctx, false, nil
+		default:
+			// if not, there's been a proper error
+			return ctx, false, err
+		}
 	}
 
 	// authentication has passed, so add an instance entry for this instance if it hasn't been done already
-- 
cgit v1.2.3