From 1e5f5f9c86618ad2da1dd2bb9cd4163ac6a2ce2a Mon Sep 17 00:00:00 2001 From: Cory Slep Date: Tue, 19 Feb 2019 20:40:26 +0100 Subject: [PATCH] Update authn and authz functions to have intuitive return values --- pub/base_actor.go | 20 +++++------ pub/base_actor_test.go | 62 +++++++++++++++++------------------ pub/common_behavior.go | 16 ++++----- pub/delegate_actor.go | 42 ++++++++++++------------ pub/federating_protocol.go | 12 +++---- pub/side_effect_actor.go | 17 ++++++---- pub/side_effect_actor_test.go | 8 ++--- pub/social_protocol.go | 8 ++--- 8 files changed, 94 insertions(+), 91 deletions(-) diff --git a/pub/base_actor.go b/pub/base_actor.go index eda9542..b74674e 100644 --- a/pub/base_actor.go +++ b/pub/base_actor.go @@ -154,10 +154,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http. return true, nil } // Check the peer request is authentic. - shouldReturn, err := b.delegate.AuthenticatePostInbox(c, w, r) + authenticated, err := b.delegate.AuthenticatePostInbox(c, w, r) if err != nil { return true, err - } else if shouldReturn { + } else if !authenticated { return true, nil } // Begin processing the request, but have not yet applied @@ -188,10 +188,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http. return true, nil } // Check authorization of the activity. - shouldReturn, err = b.delegate.AuthorizePostInbox(c, w, activity) + authorized, err := b.delegate.AuthorizePostInbox(c, w, activity) if err != nil { return true, err - } else if shouldReturn { + } else if !authorized { return true, nil } // Post the activity to the actor's inbox and trigger side effects for @@ -230,10 +230,10 @@ func (b *baseActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.R return false, nil } // Delegate authenticating and authorizing the request. - shouldReturn, err := b.delegate.AuthenticateGetInbox(c, w, r) + authenticated, err := b.delegate.AuthenticateGetInbox(c, w, r) if err != nil { return true, err - } else if shouldReturn { + } else if !authenticated { return true, nil } // Everything is good to begin processing the request. @@ -283,10 +283,10 @@ func (b *baseActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http return true, nil } // Delegate authenticating and authorizing the request. - shouldReturn, err := b.delegate.AuthenticatePostOutbox(c, w, r) + authenticated, err := b.delegate.AuthenticatePostOutbox(c, w, r) if err != nil { return true, err - } else if shouldReturn { + } else if !authenticated { return true, nil } // Everything is good to begin processing the request. @@ -370,10 +370,10 @@ func (b *baseActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http. return false, nil } // Delegate authenticating and authorizing the request. - shouldReturn, err := b.delegate.AuthenticateGetOutbox(c, w, r) + authenticated, err := b.delegate.AuthenticateGetOutbox(c, w, r) if err != nil { return true, err - } else if shouldReturn { + } else if !authenticated { return true, nil } // Everything is good to begin processing the request. diff --git a/pub/base_actor_test.go b/pub/base_actor_test.go index ea3c427..52d6070 100644 --- a/pub/base_actor_test.go +++ b/pub/base_actor_test.go @@ -79,7 +79,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { req := toAPRequest(toGetInboxRequest()) delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.GetInbox(ctx, resp, req) @@ -95,7 +95,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, clock, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toGetInboxRequest()) - delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) clock.EXPECT().Now().Return(now()) // Run the test @@ -119,7 +119,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, clock, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toGetInboxRequest()) - delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil) clock.EXPECT().Now().Return(now()) // Run the test @@ -154,7 +154,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { req := toAPRequest(toPostOutboxRequest(testCreateNoId)) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.PostOutbox(ctx, resp, req) @@ -170,7 +170,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxUnknownRequest()) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) // Run the test handled, err := a.PostOutbox(ctx, resp, req) // Verify results @@ -185,7 +185,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testCreateNoId)) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { activity = withNewId(activity) return nil @@ -212,7 +212,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testMyNote)) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().WrapInCreate(ctx, toDeserializedForm(testMyNote), mustParse(testMyOutboxIRI)).DoAndReturn(func(c context.Context, t vocab.Type, u *url.URL) (vocab.ActivityStreamsCreate, error) { return wrappedInCreate(t), nil }) @@ -240,7 +240,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testCreateNoId)) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { activity = withNewId(activity) return nil @@ -265,7 +265,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testCreateNoId)) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { activity = withNewId(activity) return nil @@ -306,7 +306,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { req := toAPRequest(toGetOutboxRequest()) delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.GetOutbox(ctx, resp, req) @@ -322,7 +322,7 @@ func TestBaseActorSocialProtocol(t *testing.T) { delegate, clock, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toGetOutboxRequest()) - delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) clock.EXPECT().Now().Return(now()) // Run the test @@ -381,7 +381,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { req := toAPRequest(toPostInboxRequest(testCreate)) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.PostInbox(ctx, resp, req) @@ -397,7 +397,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostInboxUnknownRequest()) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) // Run the test handled, err := a.PostInbox(ctx, resp, req) // Verify results @@ -412,7 +412,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testCreateNoId)) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) // Run the test handled, err := a.PostInbox(ctx, resp, req) // Verify results @@ -427,10 +427,10 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostInboxRequest(testCreate)) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, activity Activity) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.PostInbox(ctx, resp, req) @@ -446,8 +446,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostInboxRequest(testCreate)) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) - delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) + delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) // Run the test @@ -464,8 +464,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostInboxRequest(testCreate)) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) - delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) + delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrObjectRequired) // Run the test handled, err := a.PostInbox(ctx, resp, req) @@ -481,8 +481,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostInboxRequest(testCreate)) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) - delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) + delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrTargetRequired) // Run the test handled, err := a.PostInbox(ctx, resp, req) @@ -514,7 +514,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { req := toAPRequest(toGetInboxRequest()) delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.GetInbox(ctx, resp, req) @@ -530,7 +530,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, clock, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toGetInboxRequest()) - delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) clock.EXPECT().Now().Return(now()) // Run the test @@ -554,7 +554,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, clock, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toGetInboxRequest()) - delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil) clock.EXPECT().Now().Return(now()) // Run the test @@ -617,7 +617,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { req := toAPRequest(toGetOutboxRequest()) delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { resp.WriteHeader(http.StatusForbidden) - return true, nil + return false, nil }) // Run the test handled, err := a.GetOutbox(ctx, resp, req) @@ -633,7 +633,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) { delegate, clock, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toGetOutboxRequest()) - delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) clock.EXPECT().Now().Return(now()) // Run the test @@ -676,8 +676,8 @@ func TestBaseActor(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostInboxRequest(testCreate)) - delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) - delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) + delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil) + delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) // Run the test @@ -694,7 +694,7 @@ func TestBaseActor(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testCreateNoId)) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { activity = withNewId(activity) return nil @@ -721,7 +721,7 @@ func TestBaseActor(t *testing.T) { delegate, _, a := setupFn(ctl) resp := httptest.NewRecorder() req := toAPRequest(toPostOutboxRequest(testCreateNoId)) - delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) + delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil) delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { activity = withNewId(activity) return nil diff --git a/pub/common_behavior.go b/pub/common_behavior.go index 2c64f2e..504b514 100644 --- a/pub/common_behavior.go +++ b/pub/common_behavior.go @@ -21,17 +21,17 @@ type CommonBehavior interface { // If an error is returned, it is passed back to the caller of // GetInbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // AuthenticateGetOutbox delegates the authentication of a GET to an // outbox. // @@ -41,17 +41,17 @@ type CommonBehavior interface { // If an error is returned, it is passed back to the caller of // GetOutbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // NewTransport returns a new Transport on behalf of a specific actor. // // The actorBoxIRI will be either the inbox or outbox of an actor who is diff --git a/pub/delegate_actor.go b/pub/delegate_actor.go index 0bf0cf3..8f46d44 100644 --- a/pub/delegate_actor.go +++ b/pub/delegate_actor.go @@ -31,17 +31,17 @@ type DelegateActor interface { // If an error is returned, it is passed back to the caller of // PostInbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // AuthenticateGetInbox delegates the authentication of a GET to an // inbox. // @@ -51,17 +51,17 @@ type DelegateActor interface { // If an error is returned, it is passed back to the caller of // GetInbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // AuthorizePostInbox delegates the authorization of an activity that // has been sent by POST to an inbox. // @@ -70,16 +70,16 @@ type DelegateActor interface { // If an error is returned, it is passed back to the caller of // PostInbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authorized' is ignored. // - // If no error is returned, but authorization fails, then shouldReturn - // must be true and error nil. It is expected that the implementation + // If no error is returned, but authorization fails, then authorized + // must be false and error nil. It is expected that the implementation // handles writing to the ResponseWriter in this case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authorized must be true and error nil. The request will continue // to be processed. - AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error) + AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) // PostInbox delegates the side effects of adding to the inbox and // determining if it is a request that should be blocked. // @@ -155,17 +155,17 @@ type DelegateActor interface { // If an error is returned, it is passed back to the caller of // PostOutbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // AuthenticateGetOutbox delegates the authentication of a GET to an // outbox. // @@ -175,17 +175,17 @@ type DelegateActor interface { // If an error is returned, it is passed back to the caller of // GetOutbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // WrapInCreate wraps the provided object in a Create ActivityStreams // activity. The provided URL is the actor's outbox endpoint. // diff --git a/pub/federating_protocol.go b/pub/federating_protocol.go index 5ada8fa..dcdc09d 100644 --- a/pub/federating_protocol.go +++ b/pub/federating_protocol.go @@ -22,17 +22,17 @@ type FederatingProtocol interface { // If an error is returned, it is passed back to the caller of // PostInbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // Blocked should determine whether to permit a set of actors given by // their ids are able to interact with this particular end user due to // being blocked or other application-specific logic. @@ -41,11 +41,11 @@ type FederatingProtocol interface { // PostInbox. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. An http.StatusForbidden + // then blocked must be true and error nil. An http.StatusForbidden // will be written in the wresponse. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // blocked must be false and error nil. The request will continue // to be processed. Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error) // Callbacks returns the application logic that handles ActivityStreams diff --git a/pub/side_effect_actor.go b/pub/side_effect_actor.go index a69d85f..4ff427f 100644 --- a/pub/side_effect_actor.go +++ b/pub/side_effect_actor.go @@ -30,22 +30,22 @@ type sideEffectActor struct { } // AuthenticatePostInbox defers to the delegate to authenticate the request. -func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { +func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) { return a.s2s.AuthenticatePostInbox(c, w, r) } // AuthenticateGetInbox defers to the delegate to authenticate the request. -func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { +func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) { return a.common.AuthenticateGetInbox(c, w, r) } // AuthenticatePostOutbox defers to the delegate to authenticate the request. -func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { +func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) { return a.c2s.AuthenticatePostOutbox(c, w, r) } // AuthenticateGetOutbox defers to the delegate to authenticate the request. -func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { +func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) { return a.common.AuthenticateGetOutbox(c, w, r) } @@ -64,7 +64,8 @@ func (a *sideEffectActor) GetInbox(c context.Context, r *http.Request) (vocab.Ac // AuthorizePostInbox defers to the federating protocol whether the peer request // is authorized based on the actors' ids. -func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error) { +func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) { + authorized = false actor := activity.GetActivityStreamsActor() var iris []*url.URL for i := 0; i < actor.Len(); i++ { @@ -79,12 +80,14 @@ func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseW } } // Determine if the actor(s) sending this request are blocked. - if shouldReturn, err = a.s2s.Blocked(c, iris); err != nil { + var blocked bool + if blocked, err = a.s2s.Blocked(c, iris); err != nil { return - } else if shouldReturn { + } else if blocked { w.WriteHeader(http.StatusForbidden) return } + authorized = true return } diff --git a/pub/side_effect_actor_test.go b/pub/side_effect_actor_test.go index 62db06d..001424c 100644 --- a/pub/side_effect_actor_test.go +++ b/pub/side_effect_actor_test.go @@ -141,7 +141,7 @@ func TestAuthorizePostInbox(t *testing.T) { // Run b, err := a.AuthorizePostInbox(ctx, resp, testCreate) // Verify - assertEqual(t, b, false) + assertEqual(t, b, true) assertEqual(t, err, nil) }) t.Run("ActorNotAuthorized", func(t *testing.T) { @@ -153,7 +153,7 @@ func TestAuthorizePostInbox(t *testing.T) { // Run b, err := a.AuthorizePostInbox(ctx, resp, testCreate) // Verify - assertEqual(t, b, true) + assertEqual(t, b, false) assertEqual(t, err, nil) }) t.Run("AllActorsAuthorized", func(t *testing.T) { @@ -165,7 +165,7 @@ func TestAuthorizePostInbox(t *testing.T) { // Run b, err := a.AuthorizePostInbox(ctx, resp, testCreate2) // Verify - assertEqual(t, b, false) + assertEqual(t, b, true) assertEqual(t, err, nil) }) t.Run("OneActorNotAuthorized", func(t *testing.T) { @@ -177,7 +177,7 @@ func TestAuthorizePostInbox(t *testing.T) { // Run b, err := a.AuthorizePostInbox(ctx, resp, testCreate2) // Verify - assertEqual(t, b, true) + assertEqual(t, b, false) assertEqual(t, err, nil) }) } diff --git a/pub/social_protocol.go b/pub/social_protocol.go index ae6c94e..fd7456d 100644 --- a/pub/social_protocol.go +++ b/pub/social_protocol.go @@ -23,17 +23,17 @@ type SocialProtocol interface { // If an error is returned, it is passed back to the caller of // PostOutbox. In this case, the implementation must not write a // response to the ResponseWriter as is expected that the client will - // do so when handling the error. The 'shouldReturn' is ignored. + // do so when handling the error. The 'authenticated' is ignored. // // If no error is returned, but authentication or authorization fails, - // then shouldReturn must be true and error nil. It is expected that + // then authenticated must be false and error nil. It is expected that // the implementation handles writing to the ResponseWriter in this // case. // // Finally, if the authentication and authorization succeeds, then - // shouldReturn must be false and error nil. The request will continue + // authenticated must be true and error nil. The request will continue // to be processed. - AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) + AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) // Callbacks returns the application logic that handles ActivityStreams // received from C2S clients. //