Commit Graph

32668 Commits

Author SHA1 Message Date
yosoyubik
f6101569f5 ames: skip corks if pending acks for naxplanations 2023-05-24 12:35:38 +02:00
fang
5441692a1f
eyre: up priority on unexpected eauth traces
These are more "warning" or "error" as opposed to informational like all
the other ones at level 2.
2023-05-23 22:44:10 +02:00
fang
73ca5ea95d
eyre: make sure we always url-encode the redirect
Just for consistency, just in case.
2023-05-23 22:38:56 +02:00
fang
c133704866
eyre: move incoming eauth expiry logic into +eauth
+expiry:client:eauth, to be precise. This is a slightly cleaner
factoring.
2023-05-23 22:37:05 +02:00
fang
60eaf8a979
eyre: handle %lost and goof error cases correctly
We weren't handling these at all. Now we make them enter the same
codepath that %done nacks go into: deleting the attempt and maybe
telling the user if we can.

Note that Eyre will not receive %lost for %boons it crashes on until
2023-05-23 22:29:08 +02:00
fang
30cde41800
tests: add ames test for crashing on %boon
To detect regressions of the bug d8e11b6 fixed.
2023-05-23 22:12:21 +02:00
fang
d8e11b68c2
ames: correctly %lose a %boon we crashed on
Previously, if we noticed %boon handling had caused a crash, we would
transform any existing %boons into %losts, but still emit a new %boon
for the message we ostensibly crashed on.

Now, we make sure to just directly send a %lost if sending the %boon
caused a crash. We drop the existing-moves transformation entirely,
assuming it to vestigial.
2023-05-23 22:10:17 +02:00
fang
bf64e94ca3
tests: expand eyre eauth tests
For the server case, we add tests for http-first finalization, incorrect
eauth tokens, attempt expiration, client abort signalling, and client
deletion requests.

For the client case, we add a test for approving eauth attempts without
being locally authenticated.

To this end, we refactor the layout of the eauth tests. The +eauth core
now contains the tasks/gifts to be handled by the client/server, but no
longer does move checking. This happens within the test arms only. This
way, we may trivially re-run parts of the eauth flow under different
conditions.
2023-05-23 20:32:24 +02:00
fang
02e8120298
eyre: factor +eauth-error-page out of event core
This will make it easier to access for tests. The change to its
interface is also nice: in pretty much all scenarios in which we call
it, we already know whether we have redirect deets available to us, so
just provide those as arguments instead of having the function
re-derive.
2023-05-23 19:58:11 +02:00
Ted Blackman
89681e25b4
Merge branch 'next/kelvin/412' into yu/remove-num-live 2023-05-23 11:50:40 -04:00
Ted Blackman
579c3259ad merge develop into next/kelvin/412 2023-05-23 11:49:24 -04:00
Pyry Kovanen
77cfbe76c5
Merge pull request #6610 from urbit/release/urbit-os-v2.140
Release urbit-os-v2.140
2023-05-23 13:57:37 +03:00
yosoyubik
3554ab895d ames: remove num-live from pump-metrics 2023-05-23 06:48:15 +02:00
fang
87be9c9bef
eyre: add task for setting manual eauth base url 2023-05-22 21:08:11 +02:00
fang
f1ab9574e6
eyre: better styling for the eauth confirm page
Brief prompt describing the login attempt's target, properly styled
buttons.

Pulls the CSS code for login pages out into its own arm for cleaner
sharing.
2023-05-22 19:48:28 +02:00
Josh Lehman
2f16a3b1b1
Merge pull request #6544 from morelazers/i/6514/noun-to-jam-mark
feat: noun to mime
2023-05-22 08:54:53 -07:00
yosoyubik
e440a443e5 ames: don't no-op if getting %ack on nack bone 2023-05-22 17:53:20 +02:00
yosoyubik
1921fd277c ames: add comment 2023-05-22 17:38:31 +02:00
Josh Lehman
799c49f873
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 08:37:32 -07:00
Ted Blackman
89d881f33b
Merge pull request #6604 from urbit/p/6593/early-abet
ames: more bugfixes after #6593
2023-05-22 11:11:54 -04:00
Tinnus Napbus
2ba8e45fd2 tests: fix tests for provenance 2023-05-23 01:55:55 +12:00
Amadeo Bellotti
0b53c12bb0 modified gall to prepend agent name to port path 2023-05-22 09:18:41 -04:00
Tinnus Napbus
de51f74dc2 gall: implement local provenance 2023-05-23 01:12:09 +12:00
yosoyubik
89da6d433b ames: fix incorrect handling of acks in |pack 2023-05-22 15:05:18 +02:00
jose
7df931b375
Merge branch 'develop' into i/6103/abet-pure 2023-05-22 13:23:02 +02:00
yosoyubik
a765954cee ames: don't get ship-state in +enqueue-alien-todo
ship-state is retrieved in +send-blob only for sponsors of the ship
2023-05-22 12:49:00 +02:00
yosoyubik
7d153ba99a ames: fix no-op if getting %ack on nack-trace bone 2023-05-22 12:14:53 +02:00
yosoyubik
66b92800e3 ames: don't retrieve ship-state in +send-blob 2023-05-22 11:41:32 +02:00
yosoyubik
b427f1c321 ames: early abet in |fi after route update
Continuation of https://github.com/urbit/urbit/pull/6593
2023-05-22 10:58:50 +02:00
fang
7d4f9d1b57
eyre: properly redirect unauthed eauth confirms
We had naively changed the status code to a 403 "forbidden" response,
which is technically correct, but the "Location" header isn't respected
for that status code, leaving the user with a blank page instead of a
login prompt.
2023-05-19 22:53:02 +02:00
fang
a6acfe3c93
tests: add based happy-path eauth tests 2023-05-19 19:25:04 +02:00
fang
0762c7a127
eyre: only accept eauth approvals from ourselves
Instead of accepting POST requests from anyone who asks.
2023-05-19 19:23:24 +02:00
fang
3347e84811
eyre: rename authentication-state to auth
Only in the $server-state type, the lull typename remains unchanged (for
now). "authentication-state" is just such a mouthful!
2023-05-19 11:32:07 +02:00
fang
dd41df7d7c
tests: make eyre tests build & succeed again 2023-05-19 11:09:11 +02:00
fang
33c3474ae5
eyre: improve eauth login page ux
We improve the styling on the login mode switching "tabs", ensure
elements shared between the two modes are visually aligned, do loose
input validation on the name field, and simply don't render the eauth
option at all if the local ship does not yet have an +eauth-url.
2023-05-19 10:35:23 +02:00
fang
816706892c
dbug: support eyre eauth state & functionality 2023-05-18 23:40:16 +02:00
fang
02a2d116fe
Merge branch 'next/kelvin/412' into m/eyre-mirage 2023-05-18 23:15:55 +02:00
fang
8579b6c952
eyre: eauth, cross-ship authentication
aka "mirage" aka "eyre oauth"

With Eyre now supporting both local identity authentication, and fake
guest identities, the logical next step is to support authentication
with real non-local identities. Here, we implement that, building on top
of the groundwork laid by #6561.

The primary change is adding a %real case to Eyre's $identity type, and
implementing an http<->ames<->ames handshaking protocol into Eyre for
negotiating approval of login attempts made by unauthenticated HTTP
clients.

The authentication flow, where a "visitor" logs into a "~host" as their
own "~client" identity can be described in brief as follows:
1) Visitor makes an HTTP request saying they are ~client.
2) ~host tells ~client, over Ames, about its own public-facing hostname.
3) ~client responds with its own public-facing hostname.
4) ~host forwards the visitor to ~client's eauth page.
5) Visitor, there already logged in as ~client, approves the login
   attempt.
6) ~client shares a secret with ~host over Ames, and forwards the
   visitor to ~host's eauth page, including the secret in the request.
7) ~host sees that the secrets received over Ames and HTTP match, and
   gives the visitor a new session token, identifying them as ~client.

The negotiating of hostnames/URLs via Ames is crucial to keeping this
handshake sequence secure.

Discovering a ship's public-facing hostname happens when successful
local logins are made by reading out the Host header from the request.
Users may hard-code a value to override this.

Each eauth login attempt comes with a unique nonce. Both the host and
client track the lifetime of these. The corresponding Ames flow (which
goes from ~host -> ~client) is corked when the login attempt gets
aborted, or its associated session expires.

The logout functionality has been updated to let clients ask to be
logged out of sessions on other ships.
2023-05-18 23:13:15 +02:00
Ted Blackman
58aed9ccfa
Merge pull request #6595 from urbit/jb/stir-ames-rift
ames: add %rift to %stir
2023-05-17 20:31:33 -04:00
Joe Bryan
15440d3dda ames: add %rift to %stir 2023-05-17 16:51:12 -04:00
mopfel-winrux
7feaf4b6f3
Merge branch 'urbit:develop' into lick 2023-05-17 14:54:03 -04:00
Ted Blackman
5c92856d1b
Merge pull request #6593 from urbit/philip/ames
ames: packet retry tweaks
2023-05-17 11:21:17 -04:00
fang
4019cfba79
Merge pull request #6561 from urbit/m/the-open-eyre
eyre: session identities for all
2023-05-17 13:03:14 +02:00
Philip Monk
8cba74630f ames: bugfixes 2023-05-16 23:05:17 -07:00
Ted Blackman
07797dc792
Merge pull request #6591 from urbit/jb/clay-cast
clay: shortcircuit identity casts
2023-05-16 18:22:18 -04:00
Joe Bryan
40c52743e1 Merge branch 'develop' into next/kelvin/412 2023-05-16 18:07:46 -04:00
Joe Bryan
bbd43cc7d4 clay: clarify +compose-cast trace messages 2023-05-16 16:42:13 -04:00
Joe Bryan
401776545c clay: shortcircuit identity casts 2023-05-16 15:59:04 -04:00
Joe Bryan
c84cf7359b clay: adds trace level 4 for mark conversion details 2023-05-16 15:58:55 -04:00
fang
b8ff52d79a
tests: remove trailing whitespace in eyre tests 2023-05-16 21:47:23 +02:00