Fix bug in authing to not chomp URLs for auth.

Add support for mailbox OOBI resolution.

Signed-off-by: pfeairheller <pfeairheller@gmail.com>

Author: pfeairheller

scripts/keri/cf/demo-witness-oobis.json

@@ -5,8 +5,8 @@
     "curls": ["http://127.0.0.1:3902/"]
   },
   "iurls": [
-    "http://127.0.0.1:5642/oobi/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha/controller",
-    "http://127.0.0.1:5643/oobi/BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM/controller",
-    "http://127.0.0.1:5644/oobi/BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX/controller"
+    "http://127.0.0.1:5642/oobi/BBilc4-L3tFUnfM_wJr4S4OJanAv_VmF_dJNN6vkf2Ha/controller?name=Wan&tag=witness",
+    "http://127.0.0.1:5643/oobi/BLskRTInXnMxWaGqcpSyMgo0nYbalW99cGZESrz3zapM/controller?name=Wes&tag=witness",
+    "http://127.0.0.1:5644/oobi/BIKKuvBwpmDVA4Ds-EpL5bt9OqPzWPja2LigFYZN2YfX/controller?name=Wil&tag=witness"
   ]
 }

src/keria/app/aiding.py

@@ -664,24 +664,46 @@ def on_get(req, rep, name):
         elif role in (kering.Roles.agent,):  # Fetch URL OOBIs for all witnesses
             roleUrls = hab.fetchRoleUrls(cid=hab.pre, role=kering.Roles.agent, scheme=kering.Schemes.http) or hab.fetchRoleUrls(cid=hab.pre, role=kering.Roles.agent, scheme=kering.Schemes.https)
             if kering.Roles.agent not in roleUrls:
-                raise falcon.HTTPNotFound(description=f"unable to query agent roles for {hab.pre}, no http endpoint")
-
-            aoobis = roleUrls[kering.Roles.agent]
-
-            oobis = list()
-            for agent in set(aoobis.keys()):
-                murls = aoobis.naball(agent)
-                for murl in murls:
-                    urls = []
-                    if kering.Schemes.http in murl:
-                        urls.extend(murl.naball(kering.Schemes.http))
-                    if kering.Schemes.https in murl:
-                        urls.extend(murl.naball(kering.Schemes.https))
-                    for url in urls:
-                        up = urlparse(url)
-                        oobis.append(urljoin(up.geturl(), f"/oobi/{hab.pre}/agent/{agent}"))
-
-            res["oobis"] = oobis
+                res['oobis'] = []
+            else:
+                aoobis = roleUrls[kering.Roles.agent]
+
+                oobis = list()
+                for agent in set(aoobis.keys()):
+                    murls = aoobis.naball(agent)
+                    for murl in murls:
+                        urls = []
+                        if kering.Schemes.http in murl:
+                            urls.extend(murl.naball(kering.Schemes.http))
+                        if kering.Schemes.https in murl:
+                            urls.extend(murl.naball(kering.Schemes.https))
+                        for url in urls:
+                            up = urlparse(url)
+                            oobis.append(urljoin(up.geturl(), f"/oobi/{hab.pre}/agent/{agent}"))
+
+                res["oobis"] = oobis
+        elif role in (kering.Roles.mailbox,):  # Fetch URL OOBIs for all witnesses
+            roleUrls = (hab.fetchRoleUrls(cid=hab.pre, role=kering.Roles.mailbox, scheme=kering.Schemes.http) or
+                        hab.fetchRoleUrls(cid=hab.pre, role=kering.Roles.mailbox, scheme=kering.Schemes.https))
+            if kering.Roles.mailbox not in roleUrls:
+                res['oobis'] = []
+            else:
+                aoobis = roleUrls[kering.Roles.mailbox]
+
+                oobis = list()
+                for mailbox in set(aoobis.keys()):
+                    murls = aoobis.naball(mailbox)
+                    for murl in murls:
+                        urls = []
+                        if kering.Schemes.http in murl:
+                            urls.extend(murl.naball(kering.Schemes.http))
+                        if kering.Schemes.https in murl:
+                            urls.extend(murl.naball(kering.Schemes.https))
+                        for url in urls:
+                            up = urlparse(url)
+                            oobis.append(urljoin(up.geturl(), f"/oobi/{hab.pre}/mailbox/{mailbox}"))
+
+                res["oobis"] = oobis
         else:
             raise falcon.HTTPBadRequest(description=f"unsupport role type {role} for oobi request")
 

src/keria/core/authing.py

@@ -4,7 +4,7 @@
 keria.core.authing module
 
 """
-
+from urllib.parse import quote, unquote
 import falcon
 from hio.help import Hict
 from keri import kering
@@ -167,9 +167,12 @@ def process_request(self, req, resp):
             if req.path.startswith(path):
                 return
 
+        req.path = quote(req.path)
+
         try:
             # Use Authenticater to verify the signature on the request
             if self.authn.verify(req):
+                req.path = unquote(req.path)
                 resource = self.authn.resource(req)
                 agent = self.agency.get(caid=resource)
 
@@ -198,6 +201,7 @@ def process_response(self, req, rep, resource, req_succeeded):
         """
 
         if hasattr(req.context, "agent"):
+            req.path = quote(req.path)
             agent = req.context.agent
             rep.set_header('Signify-Resource', agent.agentHab.pre)
             rep.set_header('Signify-Timestamp', helping.nowIso8601())