diff --git a/keyserver/src/services/blob.js b/keyserver/src/services/blob.js --- a/keyserver/src/services/blob.js +++ b/keyserver/src/services/blob.js @@ -13,6 +13,7 @@ } from 'lib/utils/blob-service.js'; import { createHTTPAuthorizationHeader } from 'lib/utils/services-utils.js'; +import { clearIdentityInfo } from '../user/identity.js'; import { verifyUserLoggedIn } from '../user/login.js'; import { getContentSigningKey } from '../utils/olm-utils.js'; @@ -46,7 +47,11 @@ ): Promise { const { hash: blobHash, holder } = params; const headers = await createRequestHeaders(); - return assignBlobHolder({ blobHash, holder }, headers); + const assignResult = await assignBlobHolder({ blobHash, holder }, headers); + if (!assignResult.success && assignResult.reason === 'INVALID_CSAT') { + await clearIdentityInfo(); + } + return assignResult; } async function uploadBlobKeyserverWrapper( @@ -54,7 +59,11 @@ hash: string, ): Promise { const authHeaders = await createRequestHeaders(false); - return uploadBlob(blob, hash, authHeaders); + const uploadResult = await uploadBlob(blob, hash, authHeaders); + if (!uploadResult.success && uploadResult.reason === 'INVALID_CSAT') { + await clearIdentityInfo(); + } + return uploadResult; } async function upload( @@ -108,7 +117,14 @@ async function deleteBlob(params: BlobDescriptor, instant?: boolean) { const { hash: blobHash, holder } = params; const headers = await createRequestHeaders(); - await removeBlobHolder({ blobHash, holder }, headers, instant); + const removeResult = await removeBlobHolder( + { blobHash, holder }, + headers, + instant, + ); + if (!removeResult.success && removeResult.reason === 'INVALID_CSAT') { + await clearIdentityInfo(); + } } async function removeBlobHolders(holders: $ReadOnlyArray) { diff --git a/lib/actions/upload-actions.js b/lib/actions/upload-actions.js --- a/lib/actions/upload-actions.js +++ b/lib/actions/upload-actions.js @@ -129,6 +129,9 @@ defaultHeaders, ); if (!assignHolderResult.success) { + if (assignHolderResult.reason === 'INVALID_CSAT') { + throw new Error('invalid_csat'); + } const { status, statusText } = assignHolderResult; throw new Error(`Server responded with HTTP ${status}: ${statusText}`); } @@ -298,6 +301,9 @@ defaultHeaders, ); if (!assignHolderResult.success) { + if (assignHolderResult.reason === 'INVALID_CSAT') { + throw new Error('invalid_csat'); + } const { status, statusText } = assignHolderResult; throw new Error(`Server responded with HTTP ${status}: ${statusText}`); } diff --git a/lib/utils/blob-service.js b/lib/utils/blob-service.js --- a/lib/utils/blob-service.js +++ b/lib/utils/blob-service.js @@ -4,6 +4,7 @@ import uuid from 'uuid'; import { toBase64URL } from './base64.js'; +import { httpResponseIsInvalidCSAT } from './services-utils.js'; import { replacePathParams, type URLPathParams } from './url-utils.js'; import { assertWithValidator } from './validation-utils.js'; import type { BlobServiceHTTPEndpoint } from '../facts/blob-service.js'; @@ -79,7 +80,7 @@ } | { +success: false, - +reason: 'HASH_IN_USE' | 'OTHER', + +reason: 'HASH_IN_USE' | 'INVALID_CSAT' | 'OTHER', +status: number, +statusText: string, }; @@ -131,7 +132,14 @@ if (!uploadBlobResponse.ok) { const { status, statusText } = uploadBlobResponse; - const reason = status === 409 ? 'HASH_IN_USE' : 'OTHER'; + + let reason = 'OTHER'; + if (status === 409) { + reason = 'HASH_IN_USE'; + } else if (httpResponseIsInvalidCSAT(uploadBlobResponse)) { + reason = 'INVALID_CSAT'; + } + return { success: false, reason, @@ -165,7 +173,15 @@ if (!response.ok) { const { status, statusText } = response; - return { success: false, reason: 'OTHER', status, statusText }; + const reason = httpResponseIsInvalidCSAT(response) + ? 'INVALID_CSAT' + : 'OTHER'; + return { + success: false, + reason, + status, + statusText, + }; } return { success: true, response }; @@ -193,7 +209,15 @@ if (!response.ok) { const { status, statusText } = response; - return { success: false, reason: 'OTHER', status, statusText }; + const reason = httpResponseIsInvalidCSAT(response) + ? 'INVALID_CSAT' + : 'OTHER'; + return { + success: false, + reason, + status, + statusText, + }; } return { success: true, response }; diff --git a/lib/utils/services-utils.js b/lib/utils/services-utils.js --- a/lib/utils/services-utils.js +++ b/lib/utils/services-utils.js @@ -35,10 +35,16 @@ }; } +function httpResponseIsInvalidCSAT(response: Response): boolean { + const { status } = response; + return status === 401 || status === 403; +} + export { usingCommServicesAccessToken, supportingMultipleKeyservers, relyingOnAuthoritativeKeyserver, createHTTPAuthorizationHeader, createDefaultHTTPRequestHeaders, + httpResponseIsInvalidCSAT, };