aboutsummaryrefslogtreecommitdiffstats
path: root/integrations
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-07-13 14:28:07 +0100
committerGitHub <noreply@github.com>2021-07-13 15:28:07 +0200
commitb82293270c7d2d36d79cb9c5731d07c3f5b33f6b (patch)
treea79131e08ecf19cc8e642fcc032bfee0e30959c0 /integrations
parent67f135ca5ddfcab4391a00af4936d0260079cd97 (diff)
downloadgitea-b82293270c7d2d36d79cb9c5731d07c3f5b33f6b.tar.gz
gitea-b82293270c7d2d36d79cb9c5731d07c3f5b33f6b.zip
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'integrations')
-rw-r--r--integrations/api_gpg_keys_test.go22
1 files changed, 4 insertions, 18 deletions
diff --git a/integrations/api_gpg_keys_test.go b/integrations/api_gpg_keys_test.go
index b4f19031af..8fc4124a48 100644
--- a/integrations/api_gpg_keys_test.go
+++ b/integrations/api_gpg_keys_test.go
@@ -29,10 +29,10 @@ func TestGPGKeys(t *testing.T) {
results []int
}{
{name: "NoLogin", makeRequest: MakeRequest, token: "",
- results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized},
+ results: []int{http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized, http.StatusUnauthorized},
},
{name: "LoggedAsUser2", makeRequest: session.MakeRequest, token: token,
- results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusUnprocessableEntity, http.StatusNotFound, http.StatusCreated, http.StatusCreated}},
+ results: []int{http.StatusOK, http.StatusOK, http.StatusNotFound, http.StatusNoContent, http.StatusUnprocessableEntity, http.StatusNotFound, http.StatusCreated, http.StatusNotFound, http.StatusCreated}},
}
for _, tc := range tt {
@@ -60,7 +60,7 @@ func TestGPGKeys(t *testing.T) {
t.Run("CreateValidGPGKey", func(t *testing.T) {
testCreateValidGPGKey(t, tc.makeRequest, tc.token, tc.results[6])
})
- t.Run("CreateValidSecondaryEmailGPGKey", func(t *testing.T) {
+ t.Run("CreateValidSecondaryEmailGPGKeyNotActivated", func(t *testing.T) {
testCreateValidSecondaryEmailGPGKey(t, tc.makeRequest, tc.token, tc.results[7])
})
})
@@ -74,6 +74,7 @@ func TestGPGKeys(t *testing.T) {
req := NewRequest(t, "GET", "/api/v1/user/gpg_keys?token="+token) //GET all keys
resp := session.MakeRequest(t, req, http.StatusOK)
DecodeJSON(t, resp, &keys)
+ assert.Len(t, keys, 1)
primaryKey1 := keys[0] //Primary key 1
assert.EqualValues(t, "38EA3BCED732982C", primaryKey1.KeyID)
@@ -85,12 +86,6 @@ func TestGPGKeys(t *testing.T) {
assert.EqualValues(t, "70D7C694D17D03AD", subKey.KeyID)
assert.Empty(t, subKey.Emails)
- primaryKey2 := keys[1] //Primary key 2
- assert.EqualValues(t, "3CEF46EF40BEFC3E", primaryKey2.KeyID)
- assert.Len(t, primaryKey2.Emails, 1)
- assert.EqualValues(t, "user2-2@example.com", primaryKey2.Emails[0].Email)
- assert.False(t, primaryKey2.Emails[0].Verified)
-
var key api.GPGKey
req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey1.ID, 10)+"?token="+token) //Primary key 1
resp = session.MakeRequest(t, req, http.StatusOK)
@@ -105,15 +100,6 @@ func TestGPGKeys(t *testing.T) {
DecodeJSON(t, resp, &key)
assert.EqualValues(t, "70D7C694D17D03AD", key.KeyID)
assert.Empty(t, key.Emails)
-
- req = NewRequest(t, "GET", "/api/v1/user/gpg_keys/"+strconv.FormatInt(primaryKey2.ID, 10)+"?token="+token) //Primary key 2
- resp = session.MakeRequest(t, req, http.StatusOK)
- DecodeJSON(t, resp, &key)
- assert.EqualValues(t, "3CEF46EF40BEFC3E", key.KeyID)
- assert.Len(t, key.Emails, 1)
- assert.EqualValues(t, "user2-2@example.com", key.Emails[0].Email)
- assert.False(t, key.Emails[0].Verified)
-
})
//Check state after basic add