~sircmpwn/sr.ht-dev

This thread contains a patchset. You're looking at the original emails, but you may wish to use the patch review UI. Review patch
2 2

[PATCH core-go v2] Fix (some) user PGP key lookups from meta.sr.ht

Details
Message ID
<20220202201713.508626-1-ch@bitfehler.net>
DKIM signature
missing
Download raw message
Patch: +6 -44
The authForUsername() function uses a closure that is almost identical
to the LookupUser() function, but is missing the handling for the PGP
key if called from meta.sr.ht. This causes at least the email
notifications for new OAuth2 tokens to be sent unencrypted. This commit
fixes that (and reduces code duplication) by calling LookupUser()
instead.

This requires the context for the tests to have a value for the calling
service, so add that to the mock.
---
 auth/middleware.go      | 44 +----------------------------------------
 auth/middleware_test.go |  6 +++++-
 2 files changed, 6 insertions(+), 44 deletions(-)

diff --git a/auth/middleware.go b/auth/middleware.go
index cb78aad..6a91df2 100644
--- a/auth/middleware.go
+++ b/auth/middleware.go
@@ -101,49 +101,7 @@ func authError(w http.ResponseWriter, reason string, code int) {

func authForUsername(ctx context.Context, username string) (*AuthContext, error) {
	var auth AuthContext
	if err := database.WithTx(ctx, &sql.TxOptions{
		Isolation: 0,
		ReadOnly:  true,
	}, func(tx *sql.Tx) error {
		var (
			err  error
			rows *sql.Rows
		)
		query := database.
			Select(ctx, []string{
				`u.id`, `u.username`,
				`u.created`, `u.updated`,
				`u.email`,
				`u.user_type`,
				`u.url`, `u.location`, `u.bio`,
				`u.suspension_notice`,
			}).
			From(`"user" u`).
			Where(`u.username = ?`, username)
		if rows, err = query.RunWith(tx).Query(); err != nil {
			panic(err)
		}
		defer rows.Close()

		if !rows.Next() {
			if err := rows.Err(); err != nil {
				panic(err)
			}
			return fmt.Errorf("Authenticating for unknown user %s", username)
		}
		if err := rows.Scan(&auth.UserID, &auth.Username, &auth.Created,
			&auth.Updated, &auth.Email, &auth.UserType, &auth.URL, &auth.Location,
			&auth.Bio, &auth.SuspensionNotice); err != nil {
			panic(err)
		}
		if rows.Next() {
			if err := rows.Err(); err != nil {
				panic(err) // Invariant
			}
			panic(errors.New("Multiple matching user accounts; invariant broken"))
		}
		return nil
	}); err != nil {
	if err := LookupUser(ctx, username, &auth); err != nil {
		return nil, err
	}

diff --git a/auth/middleware_test.go b/auth/middleware_test.go
index 59fbe0c..1efe99e 100644
--- a/auth/middleware_test.go
+++ b/auth/middleware_test.go
@@ -12,6 +12,7 @@ import (
	"github.com/stretchr/testify/assert"
	"github.com/vaughan0/go-ini"

	"git.sr.ht/~sircmpwn/core-go/config"
	"git.sr.ht/~sircmpwn/core-go/crypto"
	"git.sr.ht/~sircmpwn/core-go/database"
)
@@ -185,7 +186,10 @@ func dbctx() (context.Context, sqlmock.Sqlmock) {
	if err != nil {
		panic(err)
	}
	ctx := database.Context(context.Background(), db)
	ctx := config.Context(
		database.Context(context.Background(), db),
		nil, "git.sr.ht",
	)
	return ctx, mock
}

-- 
2.35.1

[core-go/patches/alpine.yml] build success

builds.sr.ht <builds@sr.ht>
Details
Message ID
<CHLU7N32822P.34YUK5V4DSXH5@cirno2>
In-Reply-To
<20220202201713.508626-1-ch@bitfehler.net> (view parent)
DKIM signature
missing
Download raw message
core-go/patches/alpine.yml: SUCCESS in 1m3s

[Fix (some) user PGP key lookups from meta.sr.ht][0] v2 from [Conrad Hoffmann][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/28978
[1]: ch@bitfehler.net

✓ #686789 SUCCESS core-go/patches/alpine.yml https://builds.sr.ht/~sircmpwn/job/686789
Details
Message ID
<CHMCE7OEG7LL.FEM29JHM8PRG@taiga>
In-Reply-To
<20220202201713.508626-1-ch@bitfehler.net> (view parent)
DKIM signature
missing
Download raw message
Thanks!

To git@git.sr.ht:~sircmpwn/core-go
   75dfa29..b2c8e81  master -> master
Reply to thread Export thread (mbox)