From adc699aeedbe4235949f4f5a65d92f8b81f09c58 Mon Sep 17 00:00:00 2001
From: s3lph <account-gitlab-ideynizv@kernelpanic.lol>
Date: Wed, 29 Sep 2021 03:52:07 +0200
Subject: [PATCH] Add require_user_urlparam config option that makes the
 ?l=<user> query optional.

---
 CHANGELOG.md                           | 14 ++++++++++++++
 README.md                              |  3 +++
 easywks/config.py                      | 22 +++++++++++++++++-----
 easywks/files.py                       |  6 ++++++
 easywks/httpd.py                       | 12 ++++++------
 package/debian/easywks/etc/easywks.yml |  3 +++
 6 files changed, 49 insertions(+), 11 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 5141201..11dd40c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,19 @@
 # EasyWKS Changelog
 
+<!-- BEGIN RELEASE v0.1.4 -->
+## Version 0.1.4
+
+Fix HTTP server, compatibility with older HTTP clients
+
+### Changes
+
+<!-- BEGIN CHANGES 0.1.4 -->
+- Fix config loading bug in webserver.
+- Add `require_user_urlparam` config option that makes the `?l=<user>` query optional. 
+<!-- END CHANGES 0.1.4 -->
+
+<!-- END RELEASE v0.1.4 -->
+
 <!-- BEGIN RELEASE v0.1.3 -->
 ## Version 0.1.3
 
diff --git a/README.md b/README.md
index 37f26f0..33ed5a4 100644
--- a/README.md
+++ b/README.md
@@ -94,6 +94,9 @@ permit_unsigned_response: false
 httpd:
   host: 127.0.0.1
   port: 8080
+  # Some older HTTP clients omit the ?l=<userid> query suffix.  Set
+  # this to false in order to permit such clients to retrieve keys.
+  #require_user_urlparam: true
 
 # Defaults to stdout, supported: stdout, smtp
 mailing_method: smtp
diff --git a/easywks/config.py b/easywks/config.py
index 0dca122..6a7b57a 100644
--- a/easywks/config.py
+++ b/easywks/config.py
@@ -39,10 +39,21 @@ def _validate_smtp_config(value):
 def _validate_httpd_config(value):
     if not isinstance(value, dict):
         return f'must be a map, got {type(value)}'
-    if not isinstance(value['host'], str):
-        return f'host must be a str, got {type(value["host"])}'
-    if not isinstance(value['port'], int):
-        return f'port must be a int, got {type(value["port"])}'
+    if 'host' in value:
+        if not isinstance(value['host'], str):
+            return f'host must be a str, got {type(value["host"])}'
+    else:
+        value['host'] = 'localhost'
+    if 'port' in value:
+        if not isinstance(value['port'], int):
+            return f'port must be a int, got {type(value["port"])}'
+    else:
+        value['port'] = 8080
+    if 'require_user_urlparam' in value:
+        if not isinstance(value['require_user_urlparam'], bool):
+            return f'port must be a bool, got {type(value["require_user_urlparam"])}'
+    else:
+        value['require_user_urlparam'] = True
 
 
 def _validate_lmtpd_config(value):
@@ -141,7 +152,8 @@ Config = _GlobalConfig(
     permit_unsigned_response=_ConfigOption('permit_unsigned_response', bool, False),
     httpd=_ConfigOption('httpd', dict, {
         'host': 'localhost',
-        'port': 8080
+        'port': 8080,
+        'require_user_urlparam': True
     }, validator=_validate_httpd_config),
     smtp=_ConfigOption('smtp', dict, {
         'host': 'localhost',
diff --git a/easywks/files.py b/easywks/files.py
index 97a6231..9179964 100644
--- a/easywks/files.py
+++ b/easywks/files.py
@@ -52,6 +52,12 @@ def read_public_key(domain, user):
     return key
 
 
+def read_hashed_public_key(domain, hu):
+    keyfile = os.path.join(Config.working_directory, domain, 'hu', hu)
+    key, _ = PGPKey.from_file(keyfile)
+    return key
+
+
 def write_public_key(domain, user, key):
     hu = hash_user_id(user)
     keyfile = os.path.join(Config.working_directory, domain, 'hu', hu)
diff --git a/easywks/httpd.py b/easywks/httpd.py
index 860c3ef..6b5de70 100644
--- a/easywks/httpd.py
+++ b/easywks/httpd.py
@@ -1,6 +1,6 @@
 
 from .config import Config
-from .files import read_public_key, make_submission_address_file, make_policy_file
+from .files import read_hashed_public_key, make_submission_address_file, make_policy_file
 from .util import hash_user_id
 
 from bottle import get, run, abort, response, request
@@ -26,12 +26,12 @@ def policy(domain: str):
 def hu(domain: str, userhash: str):
     if domain not in Config.domains:
         abort(404, 'Not Found')
-    userid = request.query.l
-    print(userid, userhash, hash_user_id(userid))
-    if not userid or hash_user_id(userid) != userhash:
-        abort(404, 'Not Found')
+    if Config.httpd['require_user_urlparam']:
+        userid = request.query.l
+        if not userid or hash_user_id(userid) != userhash:
+            abort(404, 'Not Found')
     try:
-        pubkey = read_public_key(domain, userid)
+        pubkey = read_hashed_public_key(domain, userhash)
         response.add_header('Content-Type', 'application/octet-stream')
         return bytes(pubkey)
     except FileNotFoundError:
diff --git a/package/debian/easywks/etc/easywks.yml b/package/debian/easywks/etc/easywks.yml
index 2ea0e35..fff33a3 100644
--- a/package/debian/easywks/etc/easywks.yml
+++ b/package/debian/easywks/etc/easywks.yml
@@ -18,6 +18,9 @@
 httpd:
   host: "::1"
   port: 8080
+  # Some older HTTP clients omit the ?l=<userid> query suffix.  Set
+  # this to false in order to permit such clients to retrieve keys.
+  #require_user_urlparam: true
 
 # Defaults to stdout, supported: stdout, smtp
 mailing_method: smtp