2044: Vault/rspamd: don't return any key for relayed domains r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR 

Don't return any key for relayed domains. We may want to revisit this (ARC signing)... but in the meantime it saves from a scary message in rspamd.
    
```signing failure: cannot request data from the vault url: /internal/rspamd/vault/v1/dkim/ ...```


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
master
bors[bot] 3 years ago committed by GitHub
commit 56cbc56df7
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -14,17 +14,14 @@ def vault_error(*messages, status=404):
@internal.route("/rspamd/vault/v1/dkim/<domain_name>", methods=['GET']) @internal.route("/rspamd/vault/v1/dkim/<domain_name>", methods=['GET'])
def rspamd_dkim_key(domain_name): def rspamd_dkim_key(domain_name):
domain = models.Domain.query.get(domain_name) or flask.abort(vault_error('unknown domain')) selectors = []
key = domain.dkim_key or flask.abort(vault_error('no dkim key', status=400)) if domain := models.Domain.query.get(domain_name):
return flask.jsonify({ if key := domain.dkim_key:
'data': { selectors.append(
'selectors': [
{ {
'domain' : domain.name, 'domain' : domain.name,
'key' : key.decode('utf8'), 'key' : key.decode('utf8'),
'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'), 'selector': flask.current_app.config.get('DKIM_SELECTOR', 'dkim'),
} }
] )
} return flask.jsonify({'data': {'selectors': selectors}})
})

@ -38,7 +38,7 @@ def login():
flask.session.regenerate() flask.session.regenerate()
flask_login.login_user(user) flask_login.login_user(user)
response = flask.redirect(destination) response = flask.redirect(destination)
response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login')) response.set_cookie('rate_limit', utils.limiter.device_cookie(username), max_age=31536000, path=flask.url_for('sso.login'), secure=app.config['SESSION_COOKIE_SECURE'], httponly=True)
flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip}.') flask.current_app.logger.info(f'Login succeeded for {username} from {client_ip}.')
return response return response
else: else:

Loading…
Cancel
Save