mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-12-30 00:56:16 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

change trace logging in authenticator

Browse source
This commit is contained in:
tsmethurst 2021-09-15 11:08:34 +02:00
commit d58a136349
1 changed files with 2 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

7
internal/federation/authenticate.go
View file

@ -102,10 +102,6 @@ func getPublicKeyFromResponse(c context.Context, b []byte, keyID *url.URL) (voca
// Authenticate in this case is defined as making sure that the http request is actually signed by whoever claims // Authenticate in this case is defined as making sure that the http request is actually signed by whoever claims
// to have signed it, by fetching the public key from the signature and checking it against the remote public key. // to have signed it, by fetching the public key from the signature and checking it against the remote public key.
// //
// To avoid making unnecessary http calls towards blocked domains, this function *does* bail early if an instance-level domain block exists
// for the request from the incoming domain. However, it does not check whether individual blocks exist between the requesting user or domain
// and the requested user: this should be done elsewhere.
//
// The provided username will be used to generate a transport for making remote requests/derefencing the public key ID of the request signature. // The provided username will be used to generate a transport for making remote requests/derefencing the public key ID of the request signature.
// Ideally you should pass in the username of the user *being requested*, so that the remote server can decide how to handle the request based on who's making it. // Ideally you should pass in the username of the user *being requested*, so that the remote server can decide how to handle the request based on who's making it.
// Ie., if the request on this server is for https://example.org/users/some_username then you should pass in the username 'some_username'. // Ie., if the request on this server is for https://example.org/users/some_username then you should pass in the username 'some_username'.
@ -227,7 +223,8 @@ func (f *federator) AuthenticateFederatedRequest(ctx context.Context, requestedU
for _, algo := range algos { for _, algo := range algos {
l.Tracef("trying algo: %s", algo) l.Tracef("trying algo: %s", algo)
if err := verifier.Verify(publicKey, algo); err == nil { err := verifier.Verify(publicKey, algo)
if err == nil {
l.Tracef("authentication for %s PASSED with algorithm %s", pkOwnerURI, algo) l.Tracef("authentication for %s PASSED with algorithm %s", pkOwnerURI, algo)
return pkOwnerURI, true, nil return pkOwnerURI, true, nil
} }