diff options
| author | zeripath <art27@cantab.net> | 2022-08-22 19:35:18 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-08-22 19:35:18 +0100 |
| commit | bf41958c16e36ce4dc74701520af828c99ecae5b (patch) | |
| tree | 5e34c7b01544b8db2df901069d48b4b2f5eb55f3 /routers/api | |
| parent | 033178f2fceeb7e9792736375ffacf24c7a89c79 (diff) | |
| download | gitea-bf41958c16e36ce4dc74701520af828c99ecae5b.tar.gz gitea-bf41958c16e36ce4dc74701520af828c99ecae5b.zip | |
Pad GPG Key ID with preceding zeroes (#20878) (#20885)
Backport #20878
The go crypto library does not pad keyIDs to 16 characters with preceding zeroes. This
is a somewhat confusing thing for most users who expect these to have preceding zeroes.
This PR prefixes any sub 16 length KeyID with preceding zeroes and removes preceding
zeroes from KeyIDs inputted on the API.
Fix #20876
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'routers/api')
| -rw-r--r-- | routers/api/v1/user/gpg_key.go | 7 |
1 files changed, 7 insertions, 0 deletions
diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index b211a24a0e..b87cf0041e 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -7,6 +7,7 @@ package user import ( "fmt" "net/http" + "strings" asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/db" @@ -177,6 +178,12 @@ func VerifyUserGPGKey(ctx *context.APIContext) { token := asymkey_model.VerificationToken(ctx.Doer, 1) lastToken := asymkey_model.VerificationToken(ctx.Doer, 0) + form.KeyID = strings.TrimLeft(form.KeyID, "0") + if form.KeyID == "" { + ctx.NotFound() + return + } + _, err := asymkey_model.VerifyGPGKey(ctx.Doer.ID, form.KeyID, token, form.Signature) if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) { _, err = asymkey_model.VerifyGPGKey(ctx.Doer.ID, form.KeyID, lastToken, form.Signature) |