Fix the response unwrapping

jasikpark · jasikpark · commit 6fb5a7a21ca0 · 2025-10-27T13:59:18.000-05:00
diff --git a/client.go b/client.go
@@ -420,8 +420,26 @@ func (c *Client) Reauthenticate(ctx context.Context, creds keys.Credentials) (*m
 		return nil, err
 	}
 
+	resultWrapper := message.SignedResponseWrapper{}
+	err = json.Unmarshal(resp, &resultWrapper)
+	if err != nil {
+		return nil, fmt.Errorf("failed to unmarshal signed response wrapper: %s", err)
+	}
+
+	// Verify the signature
+	valid := false
+	for _, caPubkey := range creds.TrustedKeys {
+		if caPubkey.Verify(resultWrapper.Data.Message, resultWrapper.Data.Signature) {
+			valid = true
+			break
+		}
+	}
+	if !valid {
+		return nil, fmt.Errorf("failed to verify signed API result")
+	}
+
 	var response message.ReauthenticateResponse
-	if err := json.Unmarshal(resp, &response); err != nil {
+	if err := json.Unmarshal(resultWrapper.Data.Message, &response); err != nil {
 		return nil, fmt.Errorf("failed to unmarshal DNClient response: %s", err)
 	}
 
diff --git a/client_test.go b/client_test.go
@@ -994,6 +994,7 @@ func TestReauthenticate(t *testing.T) {
 	// make sure we got a login URL back
 	assert.NotEmpty(t, resp)
 	assert.NotEmpty(t, resp.LoginURL)
+	assert.Equal(t, "https://auth.example.com/login?authcode=123", resp.LoginURL)
 
 }
 

Original file line number	Diff line number	Diff line change
`@@ -994,6 +994,7 @@ func TestReauthenticate(t *testing.T) {`
`994`	`994`	`// make sure we got a login URL back`
`995`	`995`	`assert.NotEmpty(t, resp)`
`996`	`996`	`assert.NotEmpty(t, resp.LoginURL)`
	`997`	`+ assert.Equal(t, "https://auth.example.com/login?authcode=123", resp.LoginURL)`
`997`	`998`
`998`	`999`	`}`
`999`	`1000`