suwako
/
activity
1
0
フォーク 0
コード イシュー プルリクエスト パッケージ プロジェクト リリース Wiki アクティビティ

Update authn and authz functions to have intuitive return values

このコミットが含まれているのは:
Cory Slep 2019-02-19 20:40:26 +01:00
b41491e2c2
コミット 1e5f5f9c86
8個のファイルの変更94行の追加91行の削除
統計情報を表示 Patchファイルをダウンロード Diffファイルをダウンロード すべてのファイルを展開 すべてのファイルを折り畳む

20
pub/base_actor.go
ファイルの表示

@ -154,10 +154,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.
return true, nil return true, nil
} }
// Check the peer request is authentic. // Check the peer request is authentic.
shouldReturn, err := b.delegate.AuthenticatePostInbox(c, w, r) authenticated, err := b.delegate.AuthenticatePostInbox(c, w, r)
if err != nil { if err != nil {
return true, err return true, err
} else if shouldReturn { } else if !authenticated {
return true, nil return true, nil
} }
// Begin processing the request, but have not yet applied // Begin processing the request, but have not yet applied
@ -188,10 +188,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.
return true, nil return true, nil
} }
// Check authorization of the activity. // Check authorization of the activity.
shouldReturn, err = b.delegate.AuthorizePostInbox(c, w, activity) authorized, err := b.delegate.AuthorizePostInbox(c, w, activity)
if err != nil { if err != nil {
return true, err return true, err
} else if shouldReturn { } else if !authorized {
return true, nil return true, nil
} }
// Post the activity to the actor's inbox and trigger side effects for // Post the activity to the actor's inbox and trigger side effects for
@ -230,10 +230,10 @@ func (b *baseActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.R
return false, nil return false, nil
} }
// Delegate authenticating and authorizing the request. // Delegate authenticating and authorizing the request.
shouldReturn, err := b.delegate.AuthenticateGetInbox(c, w, r) authenticated, err := b.delegate.AuthenticateGetInbox(c, w, r)
if err != nil { if err != nil {
return true, err return true, err
} else if shouldReturn { } else if !authenticated {
return true, nil return true, nil
} }
// Everything is good to begin processing the request. // Everything is good to begin processing the request.
@ -283,10 +283,10 @@ func (b *baseActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http
return true, nil return true, nil
} }
// Delegate authenticating and authorizing the request. // Delegate authenticating and authorizing the request.
shouldReturn, err := b.delegate.AuthenticatePostOutbox(c, w, r) authenticated, err := b.delegate.AuthenticatePostOutbox(c, w, r)
if err != nil { if err != nil {
return true, err return true, err
} else if shouldReturn { } else if !authenticated {
return true, nil return true, nil
} }
// Everything is good to begin processing the request. // Everything is good to begin processing the request.
@ -370,10 +370,10 @@ func (b *baseActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.
return false, nil return false, nil
} }
// Delegate authenticating and authorizing the request. // Delegate authenticating and authorizing the request.
shouldReturn, err := b.delegate.AuthenticateGetOutbox(c, w, r) authenticated, err := b.delegate.AuthenticateGetOutbox(c, w, r)
if err != nil { if err != nil {
return true, err return true, err
} else if shouldReturn { } else if !authenticated {
return true, nil return true, nil
} }
// Everything is good to begin processing the request. // Everything is good to begin processing the request.

62
pub/base_actor_test.go
ファイルの表示

@ -79,7 +79,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
req := toAPRequest(toGetInboxRequest()) req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.GetInbox(ctx, resp, req) handled, err := a.GetInbox(ctx, resp, req)
@ -95,7 +95,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl) delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest()) req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now()) clock.EXPECT().Now().Return(now())
// Run the test // Run the test
@ -119,7 +119,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl) delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest()) req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil)
clock.EXPECT().Now().Return(now()) clock.EXPECT().Now().Return(now())
// Run the test // Run the test
@ -154,7 +154,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.PostOutbox(ctx, resp, req) handled, err := a.PostOutbox(ctx, resp, req)
@ -170,7 +170,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxUnknownRequest()) req := toAPRequest(toPostOutboxUnknownRequest())
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
// Run the test // Run the test
handled, err := a.PostOutbox(ctx, resp, req) handled, err := a.PostOutbox(ctx, resp, req)
// Verify results // Verify results
@ -185,7 +185,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity) activity = withNewId(activity)
return nil return nil
@ -212,7 +212,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testMyNote)) req := toAPRequest(toPostOutboxRequest(testMyNote))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().WrapInCreate(ctx, toDeserializedForm(testMyNote), mustParse(testMyOutboxIRI)).DoAndReturn(func(c context.Context, t vocab.Type, u *url.URL) (vocab.ActivityStreamsCreate, error) { delegate.EXPECT().WrapInCreate(ctx, toDeserializedForm(testMyNote), mustParse(testMyOutboxIRI)).DoAndReturn(func(c context.Context, t vocab.Type, u *url.URL) (vocab.ActivityStreamsCreate, error) {
return wrappedInCreate(t), nil return wrappedInCreate(t), nil
}) })
@ -240,7 +240,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity) activity = withNewId(activity)
return nil return nil
@ -265,7 +265,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity) activity = withNewId(activity)
return nil return nil
@ -306,7 +306,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
req := toAPRequest(toGetOutboxRequest()) req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.GetOutbox(ctx, resp, req) handled, err := a.GetOutbox(ctx, resp, req)
@ -322,7 +322,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl) delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toGetOutboxRequest()) req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now()) clock.EXPECT().Now().Return(now())
// Run the test // Run the test
@ -381,7 +381,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
req := toAPRequest(toPostInboxRequest(testCreate)) req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.PostInbox(ctx, resp, req) handled, err := a.PostInbox(ctx, resp, req)
@ -397,7 +397,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxUnknownRequest()) req := toAPRequest(toPostInboxUnknownRequest())
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
// Run the test // Run the test
handled, err := a.PostInbox(ctx, resp, req) handled, err := a.PostInbox(ctx, resp, req)
// Verify results // Verify results
@ -412,7 +412,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
// Run the test // Run the test
handled, err := a.PostInbox(ctx, resp, req) handled, err := a.PostInbox(ctx, resp, req)
// Verify results // Verify results
@ -427,10 +427,10 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate)) req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, activity Activity) (bool, error) { delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, activity Activity) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.PostInbox(ctx, resp, req) handled, err := a.PostInbox(ctx, resp, req)
@ -446,8 +446,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate)) req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
// Run the test // Run the test
@ -464,8 +464,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate)) req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrObjectRequired) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrObjectRequired)
// Run the test // Run the test
handled, err := a.PostInbox(ctx, resp, req) handled, err := a.PostInbox(ctx, resp, req)
@ -481,8 +481,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate)) req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrTargetRequired) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrTargetRequired)
// Run the test // Run the test
handled, err := a.PostInbox(ctx, resp, req) handled, err := a.PostInbox(ctx, resp, req)
@ -514,7 +514,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
req := toAPRequest(toGetInboxRequest()) req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.GetInbox(ctx, resp, req) handled, err := a.GetInbox(ctx, resp, req)
@ -530,7 +530,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl) delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest()) req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now()) clock.EXPECT().Now().Return(now())
// Run the test // Run the test
@ -554,7 +554,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl) delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toGetInboxRequest()) req := toAPRequest(toGetInboxRequest())
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil) delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil)
clock.EXPECT().Now().Return(now()) clock.EXPECT().Now().Return(now())
// Run the test // Run the test
@ -617,7 +617,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
req := toAPRequest(toGetOutboxRequest()) req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) { delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
resp.WriteHeader(http.StatusForbidden) resp.WriteHeader(http.StatusForbidden)
return true, nil return false, nil
}) })
// Run the test // Run the test
handled, err := a.GetOutbox(ctx, resp, req) handled, err := a.GetOutbox(ctx, resp, req)
@ -633,7 +633,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
delegate, clock, a := setupFn(ctl) delegate, clock, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toGetOutboxRequest()) req := toAPRequest(toGetOutboxRequest())
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil) delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
clock.EXPECT().Now().Return(now()) clock.EXPECT().Now().Return(now())
// Run the test // Run the test
@ -676,8 +676,8 @@ func TestBaseActor(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostInboxRequest(testCreate)) req := toAPRequest(toPostInboxRequest(testCreate))
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil) delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil) delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
// Run the test // Run the test
@ -694,7 +694,7 @@ func TestBaseActor(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity) activity = withNewId(activity)
return nil return nil
@ -721,7 +721,7 @@ func TestBaseActor(t *testing.T) {
delegate, _, a := setupFn(ctl) delegate, _, a := setupFn(ctl)
resp := httptest.NewRecorder() resp := httptest.NewRecorder()
req := toAPRequest(toPostOutboxRequest(testCreateNoId)) req := toAPRequest(toPostOutboxRequest(testCreateNoId))
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil) delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error { delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
activity = withNewId(activity) activity = withNewId(activity)
return nil return nil

16
pub/common_behavior.go
ファイルの表示

@ -21,17 +21,17 @@ type CommonBehavior interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// GetInbox. In this case, the implementation must not write a // GetInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthenticateGetOutbox delegates the authentication of a GET to an // AuthenticateGetOutbox delegates the authentication of a GET to an
// outbox. // outbox.
// //
@ -41,17 +41,17 @@ type CommonBehavior interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// GetOutbox. In this case, the implementation must not write a // GetOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// NewTransport returns a new Transport on behalf of a specific actor. // NewTransport returns a new Transport on behalf of a specific actor.
// //
// The actorBoxIRI will be either the inbox or outbox of an actor who is // The actorBoxIRI will be either the inbox or outbox of an actor who is

42
pub/delegate_actor.go
ファイルの表示

@ -31,17 +31,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a // PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthenticateGetInbox delegates the authentication of a GET to an // AuthenticateGetInbox delegates the authentication of a GET to an
// inbox. // inbox.
// //
@ -51,17 +51,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// GetInbox. In this case, the implementation must not write a // GetInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthorizePostInbox delegates the authorization of an activity that // AuthorizePostInbox delegates the authorization of an activity that
// has been sent by POST to an inbox. // has been sent by POST to an inbox.
// //
@ -70,16 +70,16 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a // PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authorized' is ignored.
// //
// If no error is returned, but authorization fails, then shouldReturn // If no error is returned, but authorization fails, then authorized
// must be true and error nil. It is expected that the implementation // must be false and error nil. It is expected that the implementation
// handles writing to the ResponseWriter in this case. // handles writing to the ResponseWriter in this case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authorized must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error)
// PostInbox delegates the side effects of adding to the inbox and // PostInbox delegates the side effects of adding to the inbox and
// determining if it is a request that should be blocked. // determining if it is a request that should be blocked.
// //
@ -155,17 +155,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// PostOutbox. In this case, the implementation must not write a // PostOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// AuthenticateGetOutbox delegates the authentication of a GET to an // AuthenticateGetOutbox delegates the authentication of a GET to an
// outbox. // outbox.
// //
@ -175,17 +175,17 @@ type DelegateActor interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// GetOutbox. In this case, the implementation must not write a // GetOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// WrapInCreate wraps the provided object in a Create ActivityStreams // WrapInCreate wraps the provided object in a Create ActivityStreams
// activity. The provided URL is the actor's outbox endpoint. // activity. The provided URL is the actor's outbox endpoint.
// //

12
pub/federating_protocol.go
ファイルの表示

@ -22,17 +22,17 @@ type FederatingProtocol interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// PostInbox. In this case, the implementation must not write a // PostInbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// Blocked should determine whether to permit a set of actors given by // Blocked should determine whether to permit a set of actors given by
// their ids are able to interact with this particular end user due to // their ids are able to interact with this particular end user due to
// being blocked or other application-specific logic. // being blocked or other application-specific logic.
@ -41,11 +41,11 @@ type FederatingProtocol interface {
// PostInbox. // PostInbox.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. An http.StatusForbidden // then blocked must be true and error nil. An http.StatusForbidden
// will be written in the wresponse. // will be written in the wresponse.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // blocked must be false and error nil. The request will continue
// to be processed. // to be processed.
Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error) Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error)
// Callbacks returns the application logic that handles ActivityStreams // Callbacks returns the application logic that handles ActivityStreams

17
pub/side_effect_actor.go
ファイルの表示

@ -30,22 +30,22 @@ type sideEffectActor struct {
} }
// AuthenticatePostInbox defers to the delegate to authenticate the request. // AuthenticatePostInbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.s2s.AuthenticatePostInbox(c, w, r) return a.s2s.AuthenticatePostInbox(c, w, r)
} }
// AuthenticateGetInbox defers to the delegate to authenticate the request. // AuthenticateGetInbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.common.AuthenticateGetInbox(c, w, r) return a.common.AuthenticateGetInbox(c, w, r)
} }
// AuthenticatePostOutbox defers to the delegate to authenticate the request. // AuthenticatePostOutbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.c2s.AuthenticatePostOutbox(c, w, r) return a.c2s.AuthenticatePostOutbox(c, w, r)
} }
// AuthenticateGetOutbox defers to the delegate to authenticate the request. // AuthenticateGetOutbox defers to the delegate to authenticate the request.
func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) { func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
return a.common.AuthenticateGetOutbox(c, w, r) return a.common.AuthenticateGetOutbox(c, w, r)
} }
@ -64,7 +64,8 @@ func (a *sideEffectActor) GetInbox(c context.Context, r *http.Request) (vocab.Ac
// AuthorizePostInbox defers to the federating protocol whether the peer request // AuthorizePostInbox defers to the federating protocol whether the peer request
// is authorized based on the actors' ids. // is authorized based on the actors' ids.
func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error) { func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) {
authorized = false
actor := activity.GetActivityStreamsActor() actor := activity.GetActivityStreamsActor()
var iris []*url.URL var iris []*url.URL
for i := 0; i < actor.Len(); i++ { for i := 0; i < actor.Len(); i++ {
@ -79,12 +80,14 @@ func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseW
} }
} }
// Determine if the actor(s) sending this request are blocked. // Determine if the actor(s) sending this request are blocked.
if shouldReturn, err = a.s2s.Blocked(c, iris); err != nil { var blocked bool
if blocked, err = a.s2s.Blocked(c, iris); err != nil {
return return
} else if shouldReturn { } else if blocked {
w.WriteHeader(http.StatusForbidden) w.WriteHeader(http.StatusForbidden)
return return
} }
authorized = true
return return
} }

8
pub/side_effect_actor_test.go
ファイルの表示

@ -141,7 +141,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run // Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate) b, err := a.AuthorizePostInbox(ctx, resp, testCreate)
// Verify // Verify
assertEqual(t, b, false) assertEqual(t, b, true)
assertEqual(t, err, nil) assertEqual(t, err, nil)
}) })
t.Run("ActorNotAuthorized", func(t *testing.T) { t.Run("ActorNotAuthorized", func(t *testing.T) {
@ -153,7 +153,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run // Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate) b, err := a.AuthorizePostInbox(ctx, resp, testCreate)
// Verify // Verify
assertEqual(t, b, true) assertEqual(t, b, false)
assertEqual(t, err, nil) assertEqual(t, err, nil)
}) })
t.Run("AllActorsAuthorized", func(t *testing.T) { t.Run("AllActorsAuthorized", func(t *testing.T) {
@ -165,7 +165,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run // Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate2) b, err := a.AuthorizePostInbox(ctx, resp, testCreate2)
// Verify // Verify
assertEqual(t, b, false) assertEqual(t, b, true)
assertEqual(t, err, nil) assertEqual(t, err, nil)
}) })
t.Run("OneActorNotAuthorized", func(t *testing.T) { t.Run("OneActorNotAuthorized", func(t *testing.T) {
@ -177,7 +177,7 @@ func TestAuthorizePostInbox(t *testing.T) {
// Run // Run
b, err := a.AuthorizePostInbox(ctx, resp, testCreate2) b, err := a.AuthorizePostInbox(ctx, resp, testCreate2)
// Verify // Verify
assertEqual(t, b, true) assertEqual(t, b, false)
assertEqual(t, err, nil) assertEqual(t, err, nil)
}) })
} }

8
pub/social_protocol.go
ファイルの表示

@ -23,17 +23,17 @@ type SocialProtocol interface {
// If an error is returned, it is passed back to the caller of // If an error is returned, it is passed back to the caller of
// PostOutbox. In this case, the implementation must not write a // PostOutbox. In this case, the implementation must not write a
// response to the ResponseWriter as is expected that the client will // response to the ResponseWriter as is expected that the client will
// do so when handling the error. The 'shouldReturn' is ignored. // do so when handling the error. The 'authenticated' is ignored.
// //
// If no error is returned, but authentication or authorization fails, // If no error is returned, but authentication or authorization fails,
// then shouldReturn must be true and error nil. It is expected that // then authenticated must be false and error nil. It is expected that
// the implementation handles writing to the ResponseWriter in this // the implementation handles writing to the ResponseWriter in this
// case. // case.
// //
// Finally, if the authentication and authorization succeeds, then // Finally, if the authentication and authorization succeeds, then
// shouldReturn must be false and error nil. The request will continue // authenticated must be true and error nil. The request will continue
// to be processed. // to be processed.
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
// Callbacks returns the application logic that handles ActivityStreams // Callbacks returns the application logic that handles ActivityStreams
// received from C2S clients. // received from C2S clients.
// //