feat(server): allow registering renewal for forgotten agents

internal/server/api/register_agent.go

@@ -50,8 +50,8 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
 	}
 
 	if !validSignature {
-		logger.Warn(ctx, "conflicting signature", logger.F("signature", registerAgentReq.Signature))
+		logger.Warn(ctx, "invalid thumbprint signature", logger.F("signature", registerAgentReq.Signature))
-		api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
+		api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
 
 		return
 	}
@@ -109,6 +109,7 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
 			return
 		}
 
+		if agent.Status != datastore.AgentStatusForgotten {
 			validSignature, err = jwk.Verify(agent.KeySet.Set, registerAgentReq.Signature, registerAgentReq.Thumbprint, registerAgentReq.Metadata)
 			if err != nil {
 				err = errors.WithStack(err)
@@ -121,17 +122,26 @@ func (m *Mount) registerAgent(w http.ResponseWriter, r *http.Request) {
 
 			if !validSignature {
 				logger.Error(ctx, "invalid signature")
-			api.ErrorResponse(w, http.StatusBadRequest, api.ErrCodeInvalidRequest, nil)
+				api.ErrorResponse(w, http.StatusConflict, ErrCodeConflict, nil)
 
 				return
 			}
+		}
+
+		updates := []datastore.AgentUpdateOptionFunc{
+			datastore.WithAgentUpdateKeySet(keySet),
+			datastore.WithAgentUpdateMetadata(metadata),
+			datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
+		}
+
+		if agent.Status == datastore.AgentStatusForgotten {
+			updates = append(updates, datastore.WithAgentUpdateStatus(datastore.AgentStatusPending))
+		}
 
 		agent, err = m.agentRepo.Update(
 			ctx,
 			agents[0].ID,
-			datastore.WithAgentUpdateKeySet(keySet),
+			updates...,
-			datastore.WithAgentUpdateMetadata(metadata),
-			datastore.WithAgentUpdateThumbprint(registerAgentReq.Thumbprint),
 		)
 		if err != nil {
 			err = errors.WithStack(err)