use 401 instead of 403

pfefferle · pfefferle · commit b55c5d1666df · 2023-10-23T14:54:40.000+02:00
diff --git a/includes/class-signature.php b/includes/class-signature.php
@@ -259,7 +259,7 @@ public static function verify_http_signature( $request ) {
 		}
 
 		if ( ! isset( $headers['signature'] ) ) {
-			return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		if ( array_key_exists( 'signature', $headers ) ) {
@@ -269,7 +269,7 @@ public static function verify_http_signature( $request ) {
 		}
 
 		if ( ! isset( $signature_block ) || ! $signature_block ) {
-			return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		$signed_headers = $signature_block['headers'];
@@ -279,12 +279,12 @@ public static function verify_http_signature( $request ) {
 
 		$signed_data = self::get_signed_data( $signed_headers, $signature_block, $headers );
 		if ( ! $signed_data ) {
-			return new WP_Error( 'activitypub_signature', __( 'Signed request date outside acceptable time window', 'activitypub' ), array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Signed request date outside acceptable time window', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		$algorithm = self::get_signature_algorithm( $signature_block );
 		if ( ! $algorithm ) {
-			return new WP_Error( 'activitypub_signature', __( 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', 'activitypub' ), array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', 'activitypub' ), array( 'status' => 401 ) );
 		}
 
 		if ( \in_array( 'digest', $signed_headers, true ) && isset( $body ) ) {
@@ -300,7 +300,7 @@ public static function verify_http_signature( $request ) {
 			}
 
 			if ( \base64_encode( \hash( $hashalg, $body, true ) ) !== $digest[1] ) { // phpcs:ignore
-				return new WP_Error( 'activitypub_signature', __( 'Invalid Digest header', 'activitypub' ), array( 'status' => 403 ) );
+				return new WP_Error( 'activitypub_signature', __( 'Invalid Digest header', 'activitypub' ), array( 'status' => 401 ) );
 			}
 		}
 
@@ -313,7 +313,7 @@ public static function verify_http_signature( $request ) {
 		$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, $algorithm ) > 0;
 
 		if ( ! $verified ) {
-			return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 403 ) );
+			return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 401 ) );
 		}
 		return $verified;
 	}
@@ -333,7 +333,7 @@ public static function get_remote_key( $key_id ) { // phpcs:ignore
 		if ( isset( $actor['publicKey']['publicKeyPem'] ) ) {
 			return \rtrim( $actor['publicKey']['publicKeyPem'] ); // phpcs:ignore
 		}
-		return new WP_Error( 'activitypub_no_remote_key_found', __( 'No Public-Key found', 'activitypub' ), array( 'status' => 403 ) );
+		return new WP_Error( 'activitypub_no_remote_key_found', __( 'No Public-Key found', 'activitypub' ), array( 'status' => 401 ) );
 	}
 
 	/**

Original file line number	Diff line number	Diff line change
`@@ -259,7 +259,7 @@ public static function verify_http_signature( $request ) {`
`259`	`259`	`}`
`260`	`260`
`261`	`261`	`if ( ! isset( $headers['signature'] ) ) {`
`262`		`- return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 403 ) );`
	`262`	`+ return new WP_Error( 'activitypub_signature', __( 'Request not signed', 'activitypub' ), array( 'status' => 401 ) );`
`263`	`263`	`}`
`264`	`264`
`265`	`265`	`if ( array_key_exists( 'signature', $headers ) ) {`
`@@ -269,7 +269,7 @@ public static function verify_http_signature( $request ) {`
`269`	`269`	`}`
`270`	`270`
`271`	`271`	`if ( ! isset( $signature_block ) \|\| ! $signature_block ) {`
`272`		`- return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 403 ) );`
	`272`	`+ return new WP_Error( 'activitypub_signature', __( 'Incompatible request signature. keyId and signature are required', 'activitypub' ), array( 'status' => 401 ) );`
`273`	`273`	`}`
`274`	`274`
`275`	`275`	`$signed_headers = $signature_block['headers'];`
`@@ -279,12 +279,12 @@ public static function verify_http_signature( $request ) {`
`279`	`279`
`280`	`280`	`$signed_data = self::get_signed_data( $signed_headers, $signature_block, $headers );`
`281`	`281`	`if ( ! $signed_data ) {`
`282`		`- return new WP_Error( 'activitypub_signature', __( 'Signed request date outside acceptable time window', 'activitypub' ), array( 'status' => 403 ) );`
	`282`	`+ return new WP_Error( 'activitypub_signature', __( 'Signed request date outside acceptable time window', 'activitypub' ), array( 'status' => 401 ) );`
`283`	`283`	`}`
`284`	`284`
`285`	`285`	`$algorithm = self::get_signature_algorithm( $signature_block );`
`286`	`286`	`if ( ! $algorithm ) {`
`287`		`- return new WP_Error( 'activitypub_signature', __( 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', 'activitypub' ), array( 'status' => 403 ) );`
	`287`	`+ return new WP_Error( 'activitypub_signature', __( 'Unsupported signature algorithm (only rsa-sha256 and hs2019 are supported)', 'activitypub' ), array( 'status' => 401 ) );`
`288`	`288`	`}`
`289`	`289`
`290`	`290`	`if ( \in_array( 'digest', $signed_headers, true ) && isset( $body ) ) {`
`@@ -300,7 +300,7 @@ public static function verify_http_signature( $request ) {`
`300`	`300`	`}`
`301`	`301`
`302`	`302`	`if ( \base64_encode( \hash( $hashalg, $body, true ) ) !== $digest[1] ) { // phpcs:ignore`
`303`		`- return new WP_Error( 'activitypub_signature', __( 'Invalid Digest header', 'activitypub' ), array( 'status' => 403 ) );`
	`303`	`+ return new WP_Error( 'activitypub_signature', __( 'Invalid Digest header', 'activitypub' ), array( 'status' => 401 ) );`
`304`	`304`	`}`
`305`	`305`	`}`
`306`	`306`
`@@ -313,7 +313,7 @@ public static function verify_http_signature( $request ) {`
`313`	`313`	`$verified = \openssl_verify( $signed_data, $signature_block['signature'], $public_key, $algorithm ) > 0;`
`314`	`314`
`315`	`315`	`if ( ! $verified ) {`
`316`		`- return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 403 ) );`
	`316`	`+ return new WP_Error( 'activitypub_signature', __( 'Invalid signature', 'activitypub' ), array( 'status' => 401 ) );`
`317`	`317`	`}`
`318`	`318`	`return $verified;`
`319`	`319`	`}`
`@@ -333,7 +333,7 @@ public static function get_remote_key( $key_id ) { // phpcs:ignore`
`333`	`333`	`if ( isset( $actor['publicKey']['publicKeyPem'] ) ) {`
`334`	`334`	`return \rtrim( $actor['publicKey']['publicKeyPem'] ); // phpcs:ignore`
`335`	`335`	`}`
`336`		`- return new WP_Error( 'activitypub_no_remote_key_found', __( 'No Public-Key found', 'activitypub' ), array( 'status' => 403 ) );`
	`336`	`+ return new WP_Error( 'activitypub_no_remote_key_found', __( 'No Public-Key found', 'activitypub' ), array( 'status' => 401 ) );`
`337`	`337`	`}`
`338`	`338`
`339`	`339`	`/**`