Update authn and authz functions to have intuitive return values
このコミットが含まれているのは:
コミット
1e5f5f9c86
|
@ -154,10 +154,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.
|
|||
return true, nil
|
||||
}
|
||||
// Check the peer request is authentic.
|
||||
shouldReturn, err := b.delegate.AuthenticatePostInbox(c, w, r)
|
||||
authenticated, err := b.delegate.AuthenticatePostInbox(c, w, r)
|
||||
if err != nil {
|
||||
return true, err
|
||||
} else if shouldReturn {
|
||||
} else if !authenticated {
|
||||
return true, nil
|
||||
}
|
||||
// Begin processing the request, but have not yet applied
|
||||
|
@ -188,10 +188,10 @@ func (b *baseActor) PostInbox(c context.Context, w http.ResponseWriter, r *http.
|
|||
return true, nil
|
||||
}
|
||||
// Check authorization of the activity.
|
||||
shouldReturn, err = b.delegate.AuthorizePostInbox(c, w, activity)
|
||||
authorized, err := b.delegate.AuthorizePostInbox(c, w, activity)
|
||||
if err != nil {
|
||||
return true, err
|
||||
} else if shouldReturn {
|
||||
} else if !authorized {
|
||||
return true, nil
|
||||
}
|
||||
// Post the activity to the actor's inbox and trigger side effects for
|
||||
|
@ -230,10 +230,10 @@ func (b *baseActor) GetInbox(c context.Context, w http.ResponseWriter, r *http.R
|
|||
return false, nil
|
||||
}
|
||||
// Delegate authenticating and authorizing the request.
|
||||
shouldReturn, err := b.delegate.AuthenticateGetInbox(c, w, r)
|
||||
authenticated, err := b.delegate.AuthenticateGetInbox(c, w, r)
|
||||
if err != nil {
|
||||
return true, err
|
||||
} else if shouldReturn {
|
||||
} else if !authenticated {
|
||||
return true, nil
|
||||
}
|
||||
// Everything is good to begin processing the request.
|
||||
|
@ -283,10 +283,10 @@ func (b *baseActor) PostOutbox(c context.Context, w http.ResponseWriter, r *http
|
|||
return true, nil
|
||||
}
|
||||
// Delegate authenticating and authorizing the request.
|
||||
shouldReturn, err := b.delegate.AuthenticatePostOutbox(c, w, r)
|
||||
authenticated, err := b.delegate.AuthenticatePostOutbox(c, w, r)
|
||||
if err != nil {
|
||||
return true, err
|
||||
} else if shouldReturn {
|
||||
} else if !authenticated {
|
||||
return true, nil
|
||||
}
|
||||
// Everything is good to begin processing the request.
|
||||
|
@ -370,10 +370,10 @@ func (b *baseActor) GetOutbox(c context.Context, w http.ResponseWriter, r *http.
|
|||
return false, nil
|
||||
}
|
||||
// Delegate authenticating and authorizing the request.
|
||||
shouldReturn, err := b.delegate.AuthenticateGetOutbox(c, w, r)
|
||||
authenticated, err := b.delegate.AuthenticateGetOutbox(c, w, r)
|
||||
if err != nil {
|
||||
return true, err
|
||||
} else if shouldReturn {
|
||||
} else if !authenticated {
|
||||
return true, nil
|
||||
}
|
||||
// Everything is good to begin processing the request.
|
||||
|
|
|
@ -79,7 +79,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
req := toAPRequest(toGetInboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.GetInbox(ctx, resp, req)
|
||||
|
@ -95,7 +95,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, clock, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toGetInboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
|
||||
clock.EXPECT().Now().Return(now())
|
||||
// Run the test
|
||||
|
@ -119,7 +119,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, clock, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toGetInboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil)
|
||||
clock.EXPECT().Now().Return(now())
|
||||
// Run the test
|
||||
|
@ -154,7 +154,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.PostOutbox(ctx, resp, req)
|
||||
|
@ -170,7 +170,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxUnknownRequest())
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
// Run the test
|
||||
handled, err := a.PostOutbox(ctx, resp, req)
|
||||
// Verify results
|
||||
|
@ -185,7 +185,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
|
||||
activity = withNewId(activity)
|
||||
return nil
|
||||
|
@ -212,7 +212,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testMyNote))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().WrapInCreate(ctx, toDeserializedForm(testMyNote), mustParse(testMyOutboxIRI)).DoAndReturn(func(c context.Context, t vocab.Type, u *url.URL) (vocab.ActivityStreamsCreate, error) {
|
||||
return wrappedInCreate(t), nil
|
||||
})
|
||||
|
@ -240,7 +240,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
|
||||
activity = withNewId(activity)
|
||||
return nil
|
||||
|
@ -265,7 +265,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
|
||||
activity = withNewId(activity)
|
||||
return nil
|
||||
|
@ -306,7 +306,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
req := toAPRequest(toGetOutboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.GetOutbox(ctx, resp, req)
|
||||
|
@ -322,7 +322,7 @@ func TestBaseActorSocialProtocol(t *testing.T) {
|
|||
delegate, clock, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toGetOutboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
|
||||
clock.EXPECT().Now().Return(now())
|
||||
// Run the test
|
||||
|
@ -381,7 +381,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
req := toAPRequest(toPostInboxRequest(testCreate))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.PostInbox(ctx, resp, req)
|
||||
|
@ -397,7 +397,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostInboxUnknownRequest())
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
// Run the test
|
||||
handled, err := a.PostInbox(ctx, resp, req)
|
||||
// Verify results
|
||||
|
@ -412,7 +412,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
// Run the test
|
||||
handled, err := a.PostInbox(ctx, resp, req)
|
||||
// Verify results
|
||||
|
@ -427,10 +427,10 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostInboxRequest(testCreate))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, activity Activity) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.PostInbox(ctx, resp, req)
|
||||
|
@ -446,8 +446,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostInboxRequest(testCreate))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
|
||||
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
|
||||
delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
|
||||
// Run the test
|
||||
|
@ -464,8 +464,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostInboxRequest(testCreate))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
|
||||
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrObjectRequired)
|
||||
// Run the test
|
||||
handled, err := a.PostInbox(ctx, resp, req)
|
||||
|
@ -481,8 +481,8 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostInboxRequest(testCreate))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
|
||||
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(ErrTargetRequired)
|
||||
// Run the test
|
||||
handled, err := a.PostInbox(ctx, resp, req)
|
||||
|
@ -514,7 +514,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
req := toAPRequest(toGetInboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.GetInbox(ctx, resp, req)
|
||||
|
@ -530,7 +530,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, clock, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toGetInboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
|
||||
clock.EXPECT().Now().Return(now())
|
||||
// Run the test
|
||||
|
@ -554,7 +554,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, clock, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toGetInboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticateGetInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().GetInbox(ctx, req).Return(testOrderedCollectionDupedElems, nil)
|
||||
clock.EXPECT().Now().Return(now())
|
||||
// Run the test
|
||||
|
@ -617,7 +617,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
req := toAPRequest(toGetOutboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).DoAndReturn(func(ctx context.Context, resp http.ResponseWriter, req *http.Request) (bool, error) {
|
||||
resp.WriteHeader(http.StatusForbidden)
|
||||
return true, nil
|
||||
return false, nil
|
||||
})
|
||||
// Run the test
|
||||
handled, err := a.GetOutbox(ctx, resp, req)
|
||||
|
@ -633,7 +633,7 @@ func TestBaseActorFederatingProtocol(t *testing.T) {
|
|||
delegate, clock, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toGetOutboxRequest())
|
||||
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticateGetOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().GetOutbox(ctx, req).Return(testOrderedCollectionUniqueElems, nil)
|
||||
clock.EXPECT().Now().Return(now())
|
||||
// Run the test
|
||||
|
@ -676,8 +676,8 @@ func TestBaseActor(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostInboxRequest(testCreate))
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostInbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AuthorizePostInbox(ctx, resp, toDeserializedForm(testCreate)).Return(true, nil)
|
||||
delegate.EXPECT().PostInbox(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
|
||||
delegate.EXPECT().InboxForwarding(ctx, mustParse(testMyInboxIRI), toDeserializedForm(testCreate)).Return(nil)
|
||||
// Run the test
|
||||
|
@ -694,7 +694,7 @@ func TestBaseActor(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
|
||||
activity = withNewId(activity)
|
||||
return nil
|
||||
|
@ -721,7 +721,7 @@ func TestBaseActor(t *testing.T) {
|
|||
delegate, _, a := setupFn(ctl)
|
||||
resp := httptest.NewRecorder()
|
||||
req := toAPRequest(toPostOutboxRequest(testCreateNoId))
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(false, nil)
|
||||
delegate.EXPECT().AuthenticatePostOutbox(ctx, resp, req).Return(true, nil)
|
||||
delegate.EXPECT().AddNewIds(ctx, toDeserializedForm(testCreateNoId)).DoAndReturn(func(c context.Context, activity Activity) error {
|
||||
activity = withNewId(activity)
|
||||
return nil
|
||||
|
|
|
@ -21,17 +21,17 @@ type CommonBehavior interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// GetInbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// AuthenticateGetOutbox delegates the authentication of a GET to an
|
||||
// outbox.
|
||||
//
|
||||
|
@ -41,17 +41,17 @@ type CommonBehavior interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// GetOutbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// NewTransport returns a new Transport on behalf of a specific actor.
|
||||
//
|
||||
// The actorBoxIRI will be either the inbox or outbox of an actor who is
|
||||
|
|
|
@ -31,17 +31,17 @@ type DelegateActor interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// PostInbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// AuthenticateGetInbox delegates the authentication of a GET to an
|
||||
// inbox.
|
||||
//
|
||||
|
@ -51,17 +51,17 @@ type DelegateActor interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// GetInbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// AuthorizePostInbox delegates the authorization of an activity that
|
||||
// has been sent by POST to an inbox.
|
||||
//
|
||||
|
@ -70,16 +70,16 @@ type DelegateActor interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// PostInbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authorized' is ignored.
|
||||
//
|
||||
// If no error is returned, but authorization fails, then shouldReturn
|
||||
// must be true and error nil. It is expected that the implementation
|
||||
// If no error is returned, but authorization fails, then authorized
|
||||
// must be false and error nil. It is expected that the implementation
|
||||
// handles writing to the ResponseWriter in this case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authorized must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error)
|
||||
AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error)
|
||||
// PostInbox delegates the side effects of adding to the inbox and
|
||||
// determining if it is a request that should be blocked.
|
||||
//
|
||||
|
@ -155,17 +155,17 @@ type DelegateActor interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// PostOutbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// AuthenticateGetOutbox delegates the authentication of a GET to an
|
||||
// outbox.
|
||||
//
|
||||
|
@ -175,17 +175,17 @@ type DelegateActor interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// GetOutbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// WrapInCreate wraps the provided object in a Create ActivityStreams
|
||||
// activity. The provided URL is the actor's outbox endpoint.
|
||||
//
|
||||
|
|
|
@ -22,17 +22,17 @@ type FederatingProtocol interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// PostInbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// Blocked should determine whether to permit a set of actors given by
|
||||
// their ids are able to interact with this particular end user due to
|
||||
// being blocked or other application-specific logic.
|
||||
|
@ -41,11 +41,11 @@ type FederatingProtocol interface {
|
|||
// PostInbox.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. An http.StatusForbidden
|
||||
// then blocked must be true and error nil. An http.StatusForbidden
|
||||
// will be written in the wresponse.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// blocked must be false and error nil. The request will continue
|
||||
// to be processed.
|
||||
Blocked(c context.Context, actorIRIs []*url.URL) (blocked bool, err error)
|
||||
// Callbacks returns the application logic that handles ActivityStreams
|
||||
|
|
|
@ -30,22 +30,22 @@ type sideEffectActor struct {
|
|||
}
|
||||
|
||||
// AuthenticatePostInbox defers to the delegate to authenticate the request.
|
||||
func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
|
||||
func (a *sideEffectActor) AuthenticatePostInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
|
||||
return a.s2s.AuthenticatePostInbox(c, w, r)
|
||||
}
|
||||
|
||||
// AuthenticateGetInbox defers to the delegate to authenticate the request.
|
||||
func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
|
||||
func (a *sideEffectActor) AuthenticateGetInbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
|
||||
return a.common.AuthenticateGetInbox(c, w, r)
|
||||
}
|
||||
|
||||
// AuthenticatePostOutbox defers to the delegate to authenticate the request.
|
||||
func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
|
||||
func (a *sideEffectActor) AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
|
||||
return a.c2s.AuthenticatePostOutbox(c, w, r)
|
||||
}
|
||||
|
||||
// AuthenticateGetOutbox defers to the delegate to authenticate the request.
|
||||
func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error) {
|
||||
func (a *sideEffectActor) AuthenticateGetOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error) {
|
||||
return a.common.AuthenticateGetOutbox(c, w, r)
|
||||
}
|
||||
|
||||
|
@ -64,7 +64,8 @@ func (a *sideEffectActor) GetInbox(c context.Context, r *http.Request) (vocab.Ac
|
|||
|
||||
// AuthorizePostInbox defers to the federating protocol whether the peer request
|
||||
// is authorized based on the actors' ids.
|
||||
func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (shouldReturn bool, err error) {
|
||||
func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseWriter, activity Activity) (authorized bool, err error) {
|
||||
authorized = false
|
||||
actor := activity.GetActivityStreamsActor()
|
||||
var iris []*url.URL
|
||||
for i := 0; i < actor.Len(); i++ {
|
||||
|
@ -79,12 +80,14 @@ func (a *sideEffectActor) AuthorizePostInbox(c context.Context, w http.ResponseW
|
|||
}
|
||||
}
|
||||
// Determine if the actor(s) sending this request are blocked.
|
||||
if shouldReturn, err = a.s2s.Blocked(c, iris); err != nil {
|
||||
var blocked bool
|
||||
if blocked, err = a.s2s.Blocked(c, iris); err != nil {
|
||||
return
|
||||
} else if shouldReturn {
|
||||
} else if blocked {
|
||||
w.WriteHeader(http.StatusForbidden)
|
||||
return
|
||||
}
|
||||
authorized = true
|
||||
return
|
||||
}
|
||||
|
||||
|
|
|
@ -141,7 +141,7 @@ func TestAuthorizePostInbox(t *testing.T) {
|
|||
// Run
|
||||
b, err := a.AuthorizePostInbox(ctx, resp, testCreate)
|
||||
// Verify
|
||||
assertEqual(t, b, false)
|
||||
assertEqual(t, b, true)
|
||||
assertEqual(t, err, nil)
|
||||
})
|
||||
t.Run("ActorNotAuthorized", func(t *testing.T) {
|
||||
|
@ -153,7 +153,7 @@ func TestAuthorizePostInbox(t *testing.T) {
|
|||
// Run
|
||||
b, err := a.AuthorizePostInbox(ctx, resp, testCreate)
|
||||
// Verify
|
||||
assertEqual(t, b, true)
|
||||
assertEqual(t, b, false)
|
||||
assertEqual(t, err, nil)
|
||||
})
|
||||
t.Run("AllActorsAuthorized", func(t *testing.T) {
|
||||
|
@ -165,7 +165,7 @@ func TestAuthorizePostInbox(t *testing.T) {
|
|||
// Run
|
||||
b, err := a.AuthorizePostInbox(ctx, resp, testCreate2)
|
||||
// Verify
|
||||
assertEqual(t, b, false)
|
||||
assertEqual(t, b, true)
|
||||
assertEqual(t, err, nil)
|
||||
})
|
||||
t.Run("OneActorNotAuthorized", func(t *testing.T) {
|
||||
|
@ -177,7 +177,7 @@ func TestAuthorizePostInbox(t *testing.T) {
|
|||
// Run
|
||||
b, err := a.AuthorizePostInbox(ctx, resp, testCreate2)
|
||||
// Verify
|
||||
assertEqual(t, b, true)
|
||||
assertEqual(t, b, false)
|
||||
assertEqual(t, err, nil)
|
||||
})
|
||||
}
|
||||
|
|
|
@ -23,17 +23,17 @@ type SocialProtocol interface {
|
|||
// If an error is returned, it is passed back to the caller of
|
||||
// PostOutbox. In this case, the implementation must not write a
|
||||
// response to the ResponseWriter as is expected that the client will
|
||||
// do so when handling the error. The 'shouldReturn' is ignored.
|
||||
// do so when handling the error. The 'authenticated' is ignored.
|
||||
//
|
||||
// If no error is returned, but authentication or authorization fails,
|
||||
// then shouldReturn must be true and error nil. It is expected that
|
||||
// then authenticated must be false and error nil. It is expected that
|
||||
// the implementation handles writing to the ResponseWriter in this
|
||||
// case.
|
||||
//
|
||||
// Finally, if the authentication and authorization succeeds, then
|
||||
// shouldReturn must be false and error nil. The request will continue
|
||||
// authenticated must be true and error nil. The request will continue
|
||||
// to be processed.
|
||||
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (shouldReturn bool, err error)
|
||||
AuthenticatePostOutbox(c context.Context, w http.ResponseWriter, r *http.Request) (authenticated bool, err error)
|
||||
// Callbacks returns the application logic that handles ActivityStreams
|
||||
// received from C2S clients.
|
||||
//
|
||||
|
|
読み込み中…
新しいイシューから参照