fix(crypt): align AX error handling and cleanup checks
Co-Authored-By: Virgil <virgil@lethean.io>
This commit is contained in:
Virgil
parent
12281f9e76
commit
e80ef94552
7 changed files with 35 additions and 15 deletions
16
auth/auth.go
16
auth/auth.go
|
|
@ -323,7 +323,9 @@ func (a *Authenticator) ValidateSession(token string) (*Session, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if time.Now().After(session.ExpiresAt) {
|
if time.Now().After(session.ExpiresAt) {
|
||||||
_ = a.store.Delete(token)
|
if err := a.store.Delete(token); err != nil {
|
||||||
|
return nil, coreerr.E(op, "session expired", err)
|
||||||
|
}
|
||||||
return nil, coreerr.E(op, "session expired", nil)
|
return nil, coreerr.E(op, "session expired", nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -340,7 +342,9 @@ func (a *Authenticator) RefreshSession(token string) (*Session, error) {
|
||||||
}
|
}
|
||||||
|
|
||||||
if time.Now().After(session.ExpiresAt) {
|
if time.Now().After(session.ExpiresAt) {
|
||||||
_ = a.store.Delete(token)
|
if err := a.store.Delete(token); err != nil {
|
||||||
|
return nil, coreerr.E(op, "session expired", err)
|
||||||
|
}
|
||||||
return nil, coreerr.E(op, "session expired", nil)
|
return nil, coreerr.E(op, "session expired", nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -389,7 +393,9 @@ func (a *Authenticator) DeleteUser(userID string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Revoke any active sessions for this user
|
// Revoke any active sessions for this user
|
||||||
_ = a.store.DeleteByUser(userID)
|
if err := a.store.DeleteByUser(userID); err != nil {
|
||||||
|
return coreerr.E(op, "failed to delete user sessions", err)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
@ -565,7 +571,9 @@ func (a *Authenticator) RevokeKey(userID, password, reason string) error {
|
||||||
}
|
}
|
||||||
|
|
||||||
// Invalidate all sessions
|
// Invalidate all sessions
|
||||||
_ = a.store.DeleteByUser(userID)
|
if err := a.store.DeleteByUser(userID); err != nil {
|
||||||
|
return coreerr.E(op, "failed to delete user sessions", err)
|
||||||
|
}
|
||||||
|
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -49,7 +49,11 @@ func runTest(verbose, coverage, short bool, pkg, run string, race, jsonOutput bo
|
||||||
|
|
||||||
// Create command
|
// Create command
|
||||||
cmd := exec.Command("go", args...)
|
cmd := exec.Command("go", args...)
|
||||||
cmd.Dir, _ = os.Getwd()
|
cwd, err := os.Getwd()
|
||||||
|
if err != nil {
|
||||||
|
return coreerr.E("cmd.test", "failed to determine working directory", err)
|
||||||
|
}
|
||||||
|
cmd.Dir = cwd
|
||||||
|
|
||||||
// Set environment to suppress macOS linker warnings
|
// Set environment to suppress macOS linker warnings
|
||||||
cmd.Env = append(os.Environ(), getMacOSDeploymentTarget())
|
cmd.Env = append(os.Environ(), getMacOSDeploymentTarget())
|
||||||
|
|
@ -76,7 +80,7 @@ func runTest(verbose, coverage, short bool, pkg, run string, race, jsonOutput bo
|
||||||
cmd.Stderr = &stderr
|
cmd.Stderr = &stderr
|
||||||
}
|
}
|
||||||
|
|
||||||
err := cmd.Run()
|
err = cmd.Run()
|
||||||
exitCode := 0
|
exitCode := 0
|
||||||
if err != nil {
|
if err != nil {
|
||||||
if exitErr, ok := err.(*exec.ExitError); ok {
|
if exitErr, ok := err.(*exec.ExitError); ok {
|
||||||
|
|
|
||||||
|
|
@ -2,9 +2,10 @@ package chachapoly
|
||||||
|
|
||||||
import (
|
import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"errors"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
coreerr "dappco.re/go/core/log"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -12,7 +13,7 @@ import (
|
||||||
type mockReader struct{}
|
type mockReader struct{}
|
||||||
|
|
||||||
func (r *mockReader) Read(p []byte) (n int, err error) {
|
func (r *mockReader) Read(p []byte) (n int, err error) {
|
||||||
return 0, errors.New("read error")
|
return 0, coreerr.E("chachapoly.mockReader.Read", "read error", nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestEncryptDecrypt(t *testing.T) {
|
func TestEncryptDecrypt(t *testing.T) {
|
||||||
|
|
|
||||||
|
|
@ -149,7 +149,9 @@ func (s *Service) DecryptPGP(privateKey, message, passphrase string, opts ...any
|
||||||
return "", coreerr.E("openpgp.DecryptPGP", "failed to decrypt private key", err)
|
return "", coreerr.E("openpgp.DecryptPGP", "failed to decrypt private key", err)
|
||||||
}
|
}
|
||||||
for _, subkey := range entity.Subkeys {
|
for _, subkey := range entity.Subkeys {
|
||||||
_ = subkey.PrivateKey.Decrypt([]byte(passphrase))
|
if err := subkey.PrivateKey.Decrypt([]byte(passphrase)); err != nil {
|
||||||
|
return "", coreerr.E("openpgp.DecryptPGP", "failed to decrypt subkey", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -34,7 +34,9 @@ func CreateKeyPair(name, email, password string) (*KeyPair, error) {
|
||||||
|
|
||||||
// Sign all the identities
|
// Sign all the identities
|
||||||
for _, id := range entity.Identities {
|
for _, id := range entity.Identities {
|
||||||
_ = id.SelfSignature.SignUserId(id.UserId.Id, entity.PrimaryKey, entity.PrivateKey, nil)
|
if err := id.SelfSignature.SignUserId(id.UserId.Id, entity.PrimaryKey, entity.PrivateKey, nil); err != nil {
|
||||||
|
return nil, coreerr.E(op, "failed to sign identity", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Encrypt private key with password if provided
|
// Encrypt private key with password if provided
|
||||||
|
|
@ -166,7 +168,9 @@ func Decrypt(data []byte, privateKeyArmor, password string) ([]byte, error) {
|
||||||
}
|
}
|
||||||
for _, subkey := range entity.Subkeys {
|
for _, subkey := range entity.Subkeys {
|
||||||
if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
|
if subkey.PrivateKey != nil && subkey.PrivateKey.Encrypted {
|
||||||
_ = subkey.PrivateKey.Decrypt([]byte(password))
|
if err := subkey.PrivateKey.Decrypt([]byte(password)); err != nil {
|
||||||
|
return nil, coreerr.E(op, "failed to decrypt subkey", err)
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -6,9 +6,10 @@ import (
|
||||||
"crypto/rand"
|
"crypto/rand"
|
||||||
"crypto/x509"
|
"crypto/x509"
|
||||||
"encoding/pem"
|
"encoding/pem"
|
||||||
"errors"
|
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
coreerr "dappco.re/go/core/log"
|
||||||
|
|
||||||
"github.com/stretchr/testify/assert"
|
"github.com/stretchr/testify/assert"
|
||||||
)
|
)
|
||||||
|
|
||||||
|
|
@ -16,7 +17,7 @@ import (
|
||||||
type mockReader struct{}
|
type mockReader struct{}
|
||||||
|
|
||||||
func (r *mockReader) Read(p []byte) (n int, err error) {
|
func (r *mockReader) Read(p []byte) (n int, err error) {
|
||||||
return 0, errors.New("read error")
|
return 0, coreerr.E("rsa.mockReader.Read", "read error", nil)
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestRSA_Good(t *testing.T) {
|
func TestRSA_Good(t *testing.T) {
|
||||||
|
|
|
||||||
|
|
@ -151,8 +151,8 @@ func (q *ApprovalQueue) Get(id string) *ApprovalRequest {
|
||||||
return nil
|
return nil
|
||||||
}
|
}
|
||||||
// Return a copy to prevent mutation.
|
// Return a copy to prevent mutation.
|
||||||
copy := *req
|
snapshot := *req
|
||||||
return ©
|
return &snapshot
|
||||||
}
|
}
|
||||||
|
|
||||||
// Pending returns all requests with ApprovalPending status.
|
// Pending returns all requests with ApprovalPending status.
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue