From ab08d30d2a77c5da6e85cd3bd21ed6185f9db11e Mon Sep 17 00:00:00 2001
From: William Petit <wpetit@cadoles.com>
Date: Mon, 4 Mar 2024 18:52:19 +0100
Subject: [PATCH] feat(server): allow registering renewal for forgotten agents

---
 internal/server/api/register_agent.go | 40 +++++++++++++++++----------
 1 file changed, 25 insertions(+), 15 deletions(-)

diff --git a/internal/server/api/register_agent.go b/internal/server/api/register_agent.go
index 891355c..123e051 100644
--- a/internal/server/api/register_agent.go
+++ b/internal/server/api/register_agent.go
@@ -50,8 +50,8 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !validSignature {
-		logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature))
-		api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
+		logger.Warn(ctx, "invalid thumbprint signature", logger.F("signature", registerAgentReq.Signature))
+		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
 
 		return
 	}
@@ -109,29 +109,39 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
-		validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
-		if err != nil {
-			err = errors.WithStack(err)
-			logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err))
+		if agent.Status != datastore.AgentStatusForgotten {
+			validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
+			if err != nil {
+				err = errors.WithStack(err)
+				logger.Error(ctx, "could not validate signature using previous keyset", logger.CapturedE(err))
 
-			api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
+				api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
 
-			return
+				return
+			}
+
+			if !validSignature {
+				logger.Error(ctx, "invalid signature")
+				api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
+
+				return
+			}
 		}
 
-		if !validSignature {
-			logger.Error(ctx, "invalid signature")
-			api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
+		updates := []datastore.AgentUpdateOptionFunc{
+			datastore.WithAgentUpdateKeySet(keySet),
+			datastore.WithAgentUpdateMetadata(metadata),
+			datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
+		}
 
-			return
+		if agent.Status == datastore.AgentStatusForgotten {
+			updates = append(updates, datastore.WithAgentUpdateStatus(datastore.AgentStatusPending))
 		}
 
 		agent, err = m.agentRepo.Update(
 			ctx,
 			agents[0].ID,
-			datastore.WithAgentUpdateKeySet(keySet),
-			datastore.WithAgentUpdateMetadata(metadata),
-			datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
+			updates...,
 		)
 		if err != nil {
 			err = errors.WithStack(err)