[chore] Return more useful errors from auth failure (#494)

* try rsa_sha256 sig algo first * return more informative errors from auth * adapt to reworked auth function
2025-11-02 04:32:24 -06:00 · 2022-04-26 18:10:11 +02:00 · 2022-04-26 18:10:11 +02:00 · 9cf66bf298
commit 9cf66bf298
parent 728c4a5e38
9 changed files with 92 additions and 65 deletions
--- a/internal/federation/federatingprotocol.go
+++ b/internal/federation/federatingprotocol.go
@ -119,15 +119,17 @@ func (f *federator) AuthenticatePostInbox(ctx context.Context, w http.ResponseWr
 		return nil, false, fmt.Errorf("could not fetch receiving account with username %s: %s", username, err)
 	}

-	publicKeyOwnerURI, authenticated, err := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
-	if err != nil {
-		l.Debugf("request not authenticated: %s", err)
-		return ctx, false, err
-	}
-
-	if !authenticated {
-		w.WriteHeader(http.StatusForbidden)
-		return ctx, false, nil
+	publicKeyOwnerURI, errWithCode := f.AuthenticateFederatedRequest(ctx, receivingAccount.Username)
+	if errWithCode != nil {
+		switch errWithCode.Code() {
+		case http.StatusUnauthorized, http.StatusForbidden, http.StatusBadRequest:
+			// if 400, 401, or 403, obey the interface by writing the header and bailing
+			w.WriteHeader(errWithCode.Code())
+			return ctx, false, nil
+		default:
+			// if not, there's been a proper error
+			return ctx, false, err
+		}
 	}

 	// authentication has passed, so add an instance entry for this instance if it hasn't been done already