authorization: pass and accept authed_as in receive task handler

for #566
2023-10-16 12:45:27 -07:00 · 2023-10-16 12:45:27 -07:00 · db3a5e7fd6
commit db3a5e7fd6
--- a/atproto.py
+++ b/atproto.py
@ -432,6 +432,7 @@ def poll_notifications():
            common.create_task(queue='receive', obj=obj.key.urlsafe(),
                               # TODO: should this be the receiving user?
                               # or the sending user?
-                               user=user.key.urlsafe())
+                               user=user.key.urlsafe(),
+                               authed_as=notif['author']['did'])

    return 'OK'
--- a/protocol.py
+++ b/protocol.py
@ -1134,10 +1134,13 @@ class Protocol:
 def receive_task():
    """Task handler for a newly received :class:`models.Object`.

+    Calls :meth:`Protocol.receive` with the form parameters.
+
    Parameters:
      obj (google.cloud.ndb.key.Key): :class:`models.Object` to handle
      user (google.cloud.ndb.key.Key): :class:`models.User` this activity is on
        behalf of. This user will be loaded into ``g.user``
+      authed_as (str): passed to :meth:`Protocol.receive`

    TODO: migrate incoming webmentions and AP inbox deliveries to this. The
    difficulty is that parts of :meth:`protocol.Protocol.receive` depend on
@ -1146,15 +1149,16 @@ def receive_task():
    :meth:`Protocol.receive` now loads), HTTP request details, etc. See stash
    for attempt at this for :class:`web.Web`.
    """
-    logger.info(f'Params: {list(request.form.items())}')
+    form = request.form.to_dict()
+    logger.info(f'Params: {list(form.items())}')

-    obj = ndb.Key(urlsafe=request.form['obj']).get()
+    obj = ndb.Key(urlsafe=form.pop('obj')).get()
    assert obj
-    if user_key := request.form.get('user'):
+    if user_key := form.pop('user', None):
        g.user = ndb.Key(urlsafe=user_key).get()

    try:
-        return PROTOCOLS[obj.source_protocol].receive(obj)
+        return PROTOCOLS[obj.source_protocol].receive(obj, **form)
    except ValueError as e:
        logger.warning(e, exc_info=True)
        error(e, status=304)
--- a/tests/test_atproto.py
+++ b/tests/test_atproto.py
@ -577,14 +577,17 @@ class ATProtoTest(TestCase):
        like_obj = Object.get_by_id('at://did:plc:d/app.bsky.feed.like/123')
        self.assertEqual(like, like_obj.bsky)
        self.assert_task(mock_create_task, 'receive', '/queue/receive',
-                         obj=like_obj.key.urlsafe(), user=user_a.key.urlsafe())
+                         obj=like_obj.key.urlsafe(), user=user_a.key.urlsafe(),
+                         authed_as='did:plc:eve')

        reply_obj = Object.get_by_id('at://did:plc:d/app.bsky.feed.post/456')
        self.assertEqual(reply, reply_obj.bsky)
        self.assert_task(mock_create_task, 'receive', '/queue/receive',
-                         obj=reply_obj.key.urlsafe(), user=user_a.key.urlsafe())
+                         obj=reply_obj.key.urlsafe(), user=user_a.key.urlsafe(),
+                         authed_as='did:plc:eve')

        follow_obj = Object.get_by_id('at://did:plc:d/app.bsky.graph.follow/789')
        self.assertEqual(follow, follow_obj.bsky)
        self.assert_task(mock_create_task, 'receive', '/queue/receive',
-                         obj=follow_obj.key.urlsafe(), user=user_c.key.urlsafe())
+                         obj=follow_obj.key.urlsafe(), user=user_c.key.urlsafe(),
+                         authed_as='did:plc:a')
--- a/tests/test_protocol.py
+++ b/tests/test_protocol.py
@ -1386,7 +1386,7 @@ class ProtocolReceiveTest(TestCase):
                           )
        self.assertEqual(2, Follower.query().count())

-    def test_task_handler(self):
+    def test_receive_task_handler(self):
        note = {
            'id': 'fake:post',
            'objectType': 'note',
@ -1399,6 +1399,25 @@ class ProtocolReceiveTest(TestCase):
        obj = Object.get_by_id('fake:post#bridgy-fed-create')
        self.assertEqual('ignored', obj.status)

+    def test_receive_task_handler_authed_as(self):
+        note = {
+            'id': 'fake:post',
+            'objectType': 'note',
+            'author': 'fake:other',
+        }
+        obj = self.store_object(id='fake:post', our_as1=note,
+                                source_protocol='fake')
+
+        with self.assertLogs() as logs:
+            self.client.post('/queue/receive', data={
+                'obj': obj.key.urlsafe(),
+                'authed_as': 'fake:eve',
+            })
+
+        self.assertIn(
+            "WARNING:protocol:actor fake:other isn't authed user fake:eve",
+            logs.output)
+
    def test_g_user_opted_out(self):
        self.make_followers()
        g.user.obj.our_as1 = {'summary': '#nobot'}