From adc699aeedbe4235949f4f5a65d92f8b81f09c58 Mon Sep 17 00:00:00 2001 From: s3lph Date: Wed, 29 Sep 2021 03:52:07 +0200 Subject: [PATCH] Add require_user_urlparam config option that makes the ?l= query optional. --- CHANGELOG.md | 14 ++++++++++++++ README.md | 3 +++ easywks/config.py | 22 +++++++++++++++++----- easywks/files.py | 6 ++++++ easywks/httpd.py | 12 ++++++------ package/debian/easywks/etc/easywks.yml | 3 +++ 6 files changed, 49 insertions(+), 11 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 5141201..11dd40c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,19 @@ # EasyWKS Changelog + +## Version 0.1.4 + +Fix HTTP server, compatibility with older HTTP clients + +### Changes + + +- Fix config loading bug in webserver. +- Add `require_user_urlparam` config option that makes the `?l=` query optional. + + + + ## Version 0.1.3 diff --git a/README.md b/README.md index 37f26f0..33ed5a4 100644 --- a/README.md +++ b/README.md @@ -94,6 +94,9 @@ permit_unsigned_response: false httpd: host: 127.0.0.1 port: 8080 + # Some older HTTP clients omit the ?l= query suffix. Set + # this to false in order to permit such clients to retrieve keys. + #require_user_urlparam: true # Defaults to stdout, supported: stdout, smtp mailing_method: smtp diff --git a/easywks/config.py b/easywks/config.py index 0dca122..6a7b57a 100644 --- a/easywks/config.py +++ b/easywks/config.py @@ -39,10 +39,21 @@ def _validate_smtp_config(value): def _validate_httpd_config(value): if not isinstance(value, dict): return f'must be a map, got {type(value)}' - if not isinstance(value['host'], str): - return f'host must be a str, got {type(value["host"])}' - if not isinstance(value['port'], int): - return f'port must be a int, got {type(value["port"])}' + if 'host' in value: + if not isinstance(value['host'], str): + return f'host must be a str, got {type(value["host"])}' + else: + value['host'] = 'localhost' + if 'port' in value: + if not isinstance(value['port'], int): + return f'port must be a int, got {type(value["port"])}' + else: + value['port'] = 8080 + if 'require_user_urlparam' in value: + if not isinstance(value['require_user_urlparam'], bool): + return f'port must be a bool, got {type(value["require_user_urlparam"])}' + else: + value['require_user_urlparam'] = True def _validate_lmtpd_config(value): @@ -141,7 +152,8 @@ Config = _GlobalConfig( permit_unsigned_response=_ConfigOption('permit_unsigned_response', bool, False), httpd=_ConfigOption('httpd', dict, { 'host': 'localhost', - 'port': 8080 + 'port': 8080, + 'require_user_urlparam': True }, validator=_validate_httpd_config), smtp=_ConfigOption('smtp', dict, { 'host': 'localhost', diff --git a/easywks/files.py b/easywks/files.py index 97a6231..9179964 100644 --- a/easywks/files.py +++ b/easywks/files.py @@ -52,6 +52,12 @@ def read_public_key(domain, user): return key +def read_hashed_public_key(domain, hu): + keyfile = os.path.join(Config.working_directory, domain, 'hu', hu) + key, _ = PGPKey.from_file(keyfile) + return key + + def write_public_key(domain, user, key): hu = hash_user_id(user) keyfile = os.path.join(Config.working_directory, domain, 'hu', hu) diff --git a/easywks/httpd.py b/easywks/httpd.py index 860c3ef..6b5de70 100644 --- a/easywks/httpd.py +++ b/easywks/httpd.py @@ -1,6 +1,6 @@ from .config import Config -from .files import read_public_key, make_submission_address_file, make_policy_file +from .files import read_hashed_public_key, make_submission_address_file, make_policy_file from .util import hash_user_id from bottle import get, run, abort, response, request @@ -26,12 +26,12 @@ def policy(domain: str): def hu(domain: str, userhash: str): if domain not in Config.domains: abort(404, 'Not Found') - userid = request.query.l - print(userid, userhash, hash_user_id(userid)) - if not userid or hash_user_id(userid) != userhash: - abort(404, 'Not Found') + if Config.httpd['require_user_urlparam']: + userid = request.query.l + if not userid or hash_user_id(userid) != userhash: + abort(404, 'Not Found') try: - pubkey = read_public_key(domain, userid) + pubkey = read_hashed_public_key(domain, userhash) response.add_header('Content-Type', 'application/octet-stream') return bytes(pubkey) except FileNotFoundError: diff --git a/package/debian/easywks/etc/easywks.yml b/package/debian/easywks/etc/easywks.yml index 2ea0e35..fff33a3 100644 --- a/package/debian/easywks/etc/easywks.yml +++ b/package/debian/easywks/etc/easywks.yml @@ -18,6 +18,9 @@ httpd: host: "::1" port: 8080 + # Some older HTTP clients omit the ?l= query suffix. Set + # this to false in order to permit such clients to retrieve keys. + #require_user_urlparam: true # Defaults to stdout, supported: stdout, smtp mailing_method: smtp