~sircmpwn/sr.ht-dev

core-go: Fix (some) user PGP key lookups from meta.sr.ht v2 APPLIED

Conrad Hoffmann <ch@bitfehler.net>
1 year, 1 month ago 
Conrad Hoffmann: 1
 Fix (some) user PGP key lookups from meta.sr.ht

 2 files changed, 6 insertions(+), 44 deletions(-)
#686789 alpine.yml success
Export patchset (mbox)
How do I use this?

Copy & paste the following snippet into your terminal to import this patchset into git: 

curl -s https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/28978/mbox | git am -3
Learn more about email & git
Reply to thread View this thread in the archives

[PATCH core-go v2] Fix (some) user PGP key lookups from meta.sr.ht Export this patch

Conrad Hoffmann <ch@bitfehler.net>
1 year, 1 month ago 
The authForUsername() function uses a closure that is almost identical
to the LookupUser() function, but is missing the handling for the PGP
key if called from meta.sr.ht. This causes at least the email
notifications for new OAuth2 tokens to be sent unencrypted. This commit
fixes that (and reduces code duplication) by calling LookupUser()
instead.

This requires the context for the tests to have a value for the calling
service, so add that to the mock.
---
 auth/middleware.go      | 44 +----------------------------------------
 auth/middleware_test.go |  6 +++++-
 2 files changed, 6 insertions(+), 44 deletions(-)

diff --git a/auth/middleware.go b/auth/middleware.go
index cb78aad..6a91df2 100644
--- a/auth/middleware.go
+++ b/auth/middleware.go
@@ -101,49 +101,7 @@ func authError(w http.ResponseWriter, reason string, code int) {

func authForUsername(ctx context.Context, username string) (*AuthContext, error) {
	var auth AuthContext
	if err := database.WithTx(ctx, &sql.TxOptions{
		Isolation: 0,
		ReadOnly:  true,
	}, func(tx *sql.Tx) error {
		var (
			err  error
			rows *sql.Rows
		)
		query := database.
			Select(ctx, []string{
				`u.id`, `u.username`,
				`u.created`, `u.updated`,
				`u.email`,
				`u.user_type`,
				`u.url`, `u.location`, `u.bio`,
				`u.suspension_notice`,
			}).
			From(`"user" u`).
			Where(`u.username = ?`, username)
		if rows, err = query.RunWith(tx).Query(); err != nil {
			panic(err)
		}
		defer rows.Close()

		if !rows.Next() {
			if err := rows.Err(); err != nil {
				panic(err)
			}
			return fmt.Errorf("Authenticating for unknown user %s", username)
		}
		if err := rows.Scan(&auth.UserID, &auth.Username, &auth.Created,
			&auth.Updated, &auth.Email, &auth.UserType, &auth.URL, &auth.Location,
			&auth.Bio, &auth.SuspensionNotice); err != nil {
			panic(err)
		}
		if rows.Next() {
			if err := rows.Err(); err != nil {
				panic(err) // Invariant
			}
			panic(errors.New("Multiple matching user accounts; invariant broken"))
		}
		return nil
	}); err != nil {
	if err := LookupUser(ctx, username, &auth); err != nil {
		return nil, err
	}

diff --git a/auth/middleware_test.go b/auth/middleware_test.go
index 59fbe0c..1efe99e 100644
--- a/auth/middleware_test.go
+++ b/auth/middleware_test.go
@@ -12,6 +12,7 @@ import (
	"github.com/stretchr/testify/assert"
	"github.com/vaughan0/go-ini"

	"git.sr.ht/~sircmpwn/core-go/config"
	"git.sr.ht/~sircmpwn/core-go/crypto"
	"git.sr.ht/~sircmpwn/core-go/database"
)
@@ -185,7 +186,10 @@ func dbctx() (context.Context, sqlmock.Sqlmock) {
	if err != nil {
		panic(err)
	}
	ctx := database.Context(context.Background(), db)
	ctx := config.Context(
		database.Context(context.Background(), db),
		nil, "git.sr.ht",
	)
	return ctx, mock
}

-- 
2.35.1
builds.sr.ht <builds@sr.ht>
1 year, 1 month ago 
core-go/patches/alpine.yml: SUCCESS in 1m3s

[Fix (some) user PGP key lookups from meta.sr.ht][0] v2 from [Conrad Hoffmann][1]

[0]: https://lists.sr.ht/~sircmpwn/sr.ht-dev/patches/28978
[1]: mailto:ch@bitfehler.net

✓ #686789 SUCCESS core-go/patches/alpine.yml https://builds.sr.ht/~sircmpwn/job/686789
Drew DeVault <sir@cmpwn.com>
1 year, 1 month ago 
Thanks!

To git@git.sr.ht:~sircmpwn/core-go
   75dfa29..b2c8e81  master -> master