Commit Graph

32653 Commits

Author SHA1 Message Date
Josh Lehman
2f16a3b1b1
Merge pull request #6544 from morelazers/i/6514/noun-to-jam-mark
feat: noun to mime
2023-05-22 08:54:53 -07:00
yosoyubik
e440a443e5 ames: don't no-op if getting %ack on nack bone 2023-05-22 17:53:20 +02:00
yosoyubik
1921fd277c ames: add comment 2023-05-22 17:38:31 +02:00
Josh Lehman
799c49f873
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 08:37:32 -07:00
Ted Blackman
89d881f33b
Merge pull request #6604 from urbit/p/6593/early-abet
ames: more bugfixes after #6593
2023-05-22 11:11:54 -04:00
Tinnus Napbus
2ba8e45fd2 tests: fix tests for provenance 2023-05-23 01:55:55 +12:00
Amadeo Bellotti
0b53c12bb0 modified gall to prepend agent name to port path 2023-05-22 09:18:41 -04:00
Tinnus Napbus
de51f74dc2 gall: implement local provenance 2023-05-23 01:12:09 +12:00
yosoyubik
89da6d433b ames: fix incorrect handling of acks in |pack 2023-05-22 15:05:18 +02:00
jose
7df931b375
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 13:23:02 +02:00
yosoyubik
a765954cee ames: don't get ship-state in +enqueue-alien-todo
ship-state is retrieved in +send-blob only for sponsors of the ship
2023-05-22 12:49:00 +02:00
yosoyubik
7d153ba99a ames: fix no-op if getting %ack on nack-trace bone 2023-05-22 12:14:53 +02:00
yosoyubik
66b92800e3 ames: don't retrieve ship-state in +send-blob 2023-05-22 11:41:32 +02:00
yosoyubik
b427f1c321 ames: early abet in |fi after route update
Continuation of https://github.com/urbit/urbit/pull/6593
2023-05-22 10:58:50 +02:00
fang
7d4f9d1b57
eyre: properly redirect unauthed eauth confirms
We had naively changed the status code to a 403 "forbidden" response,
which is technically correct, but the "Location" header isn't respected
for that status code, leaving the user with a blank page instead of a
login prompt.
2023-05-19 22:53:02 +02:00
fang
a6acfe3c93
tests: add based happy-path eauth tests 2023-05-19 19:25:04 +02:00
fang
0762c7a127
eyre: only accept eauth approvals from ourselves
Instead of accepting POST requests from anyone who asks.
2023-05-19 19:23:24 +02:00
fang
3347e84811
eyre: rename authentication-state to auth
Only in the $server-state type, the lull typename remains unchanged (for
now). "authentication-state" is just such a mouthful!
2023-05-19 11:32:07 +02:00
fang
dd41df7d7c
tests: make eyre tests build & succeed again 2023-05-19 11:09:11 +02:00
fang
33c3474ae5
eyre: improve eauth login page ux
We improve the styling on the login mode switching "tabs", ensure
elements shared between the two modes are visually aligned, do loose
input validation on the name field, and simply don't render the eauth
option at all if the local ship does not yet have an +eauth-url.
2023-05-19 10:35:23 +02:00
fang
816706892c
dbug: support eyre eauth state & functionality 2023-05-18 23:40:16 +02:00
fang
02a2d116fe
Merge branch 'next/kelvin/412' into m/eyre-mirage 2023-05-18 23:15:55 +02:00
fang
8579b6c952
eyre: eauth, cross-ship authentication
aka "mirage" aka "eyre oauth"

With Eyre now supporting both local identity authentication, and fake
guest identities, the logical next step is to support authentication
with real non-local identities. Here, we implement that, building on top
of the groundwork laid by #6561.

The primary change is adding a %real case to Eyre's $identity type, and
implementing an http<->ames<->ames handshaking protocol into Eyre for
negotiating approval of login attempts made by unauthenticated HTTP
clients.

The authentication flow, where a "visitor" logs into a "~host" as their
own "~client" identity can be described in brief as follows:
1) Visitor makes an HTTP request saying they are ~client.
2) ~host tells ~client, over Ames, about its own public-facing hostname.
3) ~client responds with its own public-facing hostname.
4) ~host forwards the visitor to ~client's eauth page.
5) Visitor, there already logged in as ~client, approves the login
   attempt.
6) ~client shares a secret with ~host over Ames, and forwards the
   visitor to ~host's eauth page, including the secret in the request.
7) ~host sees that the secrets received over Ames and HTTP match, and
   gives the visitor a new session token, identifying them as ~client.

The negotiating of hostnames/URLs via Ames is crucial to keeping this
handshake sequence secure.

Discovering a ship's public-facing hostname happens when successful
local logins are made by reading out the Host header from the request.
Users may hard-code a value to override this.

Each eauth login attempt comes with a unique nonce. Both the host and
client track the lifetime of these. The corresponding Ames flow (which
goes from ~host -> ~client) is corked when the login attempt gets
aborted, or its associated session expires.

The logout functionality has been updated to let clients ask to be
logged out of sessions on other ships.
2023-05-18 23:13:15 +02:00
Ted Blackman
58aed9ccfa
Merge pull request #6595 from urbit/jb/stir-ames-rift
ames: add %rift to %stir
2023-05-17 20:31:33 -04:00
Joe Bryan
15440d3dda ames: add %rift to %stir 2023-05-17 16:51:12 -04:00
mopfel-winrux
7feaf4b6f3
Merge branch 'urbit:develop' into lick 2023-05-17 14:54:03 -04:00
Ted Blackman
5c92856d1b
Merge pull request #6593 from urbit/philip/ames
ames: packet retry tweaks
2023-05-17 11:21:17 -04:00
fang
4019cfba79
Merge pull request #6561 from urbit/m/the-open-eyre
eyre: session identities for all
2023-05-17 13:03:14 +02:00
Philip Monk
8cba74630f ames: bugfixes 2023-05-16 23:05:17 -07:00
Ted Blackman
07797dc792
Merge pull request #6591 from urbit/jb/clay-cast
clay: shortcircuit identity casts
2023-05-16 18:22:18 -04:00
Joe Bryan
40c52743e1 Merge branch 'develop' into next/kelvin/412 2023-05-16 18:07:46 -04:00
Joe Bryan
bbd43cc7d4 clay: clarify +compose-cast trace messages 2023-05-16 16:42:13 -04:00
Joe Bryan
401776545c clay: shortcircuit identity casts 2023-05-16 15:59:04 -04:00
Joe Bryan
c84cf7359b clay: adds trace level 4 for mark conversion details 2023-05-16 15:58:55 -04:00
fang
b8ff52d79a
tests: remove trailing whitespace in eyre tests 2023-05-16 21:47:23 +02:00
fang
637992475b
eyre: refactor guest name generation
Concatenating before we truncate, instead of truncating the entropy by
itself, is slightly simpler.

Because this slightly changes the naming algorithm, we must update the
eyre tests to match.
2023-05-16 21:46:48 +02:00
Joe Bryan
75901ebb01
Merge pull request #6590 from ngzax/w-p/clarify-vat-message
clarify +vats usage in +vat deprecation msg
2023-05-16 15:24:26 -04:00
Daryl Richter
8ef86629ec clarify +vats usage in +vat deprecation msg 2023-05-16 14:40:08 -04:00
Ted Blackman
0760248300
Merge pull request #6555 from urbit/story-fix
Fix story (commit message system).
2023-05-16 11:30:57 -04:00
Ted Blackman
0113f8a01d
Merge pull request #6586 from urbit/i/6584/rift-life-gen
gen: add +ames-keys generator
2023-05-16 11:22:05 -04:00
Ted Blackman
9804a11315
Merge pull request #6588 from urbit/philip/clay
Clay/gall: make pings fast
2023-05-16 11:21:58 -04:00
Philip Monk
48b10dcdc7 clay: add fast-path for permissions check 2023-05-15 16:15:52 -07:00
yosoyubik
6135349d85 gen: don't crash if alien 2023-05-12 10:27:30 +02:00
yosoyubik
f224d5be60 gen: add +ames-keys generator 2023-05-12 09:20:43 +02:00
fang
cde9458c0e
Merge pull request #6563 from urbit/philip/mare
eyre: refactor tests
2023-05-11 20:20:36 +02:00
Philip Monk
c3dc248b30 Merge remote-tracking branch 'origin/m/the-open-eyre' into philip/mare 2023-05-11 11:19:25 -07:00
Pyry Kovanen
65fd1cc179
Merge pull request #6581 from urbit/master
Merge ames on-take-wake fix from master to develop
2023-05-10 19:01:03 +03:00
Pyry Kovanen
2fe6cac423
Merge pull request #6580 from urbit/yu/fix-fine-timer
ames: on-take-wake no-op if not path for keen
2023-05-10 18:42:39 +03:00
yosoyubik
42c22bf4f3 ames: on-take-wake no-op if not path for keen 2023-05-10 17:18:31 +02:00
~wicrum-wicrun
f0360e69a2
Merge pull request #6578 from urbit/master
Merge clay null tako fix from master back to develop
2023-05-10 16:53:08 +02:00