diff options
author | zeripath <art27@cantab.net> | 2021-07-13 14:28:07 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2021-07-13 15:28:07 +0200 |
commit | b82293270c7d2d36d79cb9c5731d07c3f5b33f6b (patch) | |
tree | a79131e08ecf19cc8e642fcc032bfee0e30959c0 /templates | |
parent | 67f135ca5ddfcab4391a00af4936d0260079cd97 (diff) | |
download | gitea-b82293270c7d2d36d79cb9c5731d07c3f5b33f6b.tar.gz gitea-b82293270c7d2d36d79cb9c5731d07c3f5b33f6b.zip |
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership
Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.
* Ensure verified keys can act for all active emails for the user
* Add code to mark keys as verified
* Slight UI adjustments
* Slight UI adjustments 2
* Simplify signature verification slightly
* fix postgres test
* add api routes
* handle swapped primary-keys
* Verify the no-reply address for verified keys
* Only add email addresses that are activated to keys
* Fix committer shortcut properly
* Restructure gpg_keys.go
* Use common Verification Token code
Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'templates')
-rw-r--r-- | templates/swagger/v1_json.tmpl | 54 | ||||
-rw-r--r-- | templates/user/settings/keys_gpg.tmpl | 60 |
2 files changed, 112 insertions, 2 deletions
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index de61b9dd29..297720cec9 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -10714,6 +10714,52 @@ } } }, + "/user/gpg_key_token": { + "get": { + "produces": [ + "text/plain" + ], + "tags": [ + "user" + ], + "summary": "Get a Token to verify", + "operationId": "getVerificationToken", + "responses": { + "200": { + "$ref": "#/responses/string" + }, + "404": { + "$ref": "#/responses/notFound" + } + } + } + }, + "/user/gpg_key_verify": { + "post": { + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "tags": [ + "user" + ], + "summary": "Verify a GPG key", + "operationId": "userVerifyGPGKey", + "responses": { + "201": { + "$ref": "#/responses/GPGKey" + }, + "404": { + "$ref": "#/responses/notFound" + }, + "422": { + "$ref": "#/responses/validationError" + } + } + } + }, "/user/gpg_keys": { "get": { "produces": [ @@ -12826,6 +12872,10 @@ "type": "string", "uniqueItems": true, "x-go-name": "ArmoredKey" + }, + "armored_signature": { + "type": "string", + "x-go-name": "Signature" } }, "x-go-package": "code.gitea.io/gitea/modules/structs" @@ -14484,6 +14534,10 @@ "$ref": "#/definitions/GPGKey" }, "x-go-name": "SubsKey" + }, + "verified": { + "type": "boolean", + "x-go-name": "Verified" } }, "x-go-package": "code.gitea.io/gitea/modules/structs" diff --git a/templates/user/settings/keys_gpg.tmpl b/templates/user/settings/keys_gpg.tmpl index 4e04d831d2..2d80d48156 100644 --- a/templates/user/settings/keys_gpg.tmpl +++ b/templates/user/settings/keys_gpg.tmpl @@ -15,12 +15,20 @@ <button class="ui red tiny button delete-button" id="delete-gpg" data-url="{{$.Link}}/delete?type=gpg" data-id="{{.ID}}"> {{$.i18n.Tr "settings.delete_key"}} </button> + {{if and (not .Verified) (ne $.VerifyingID .KeyID)}} + <a class="ui blue tiny show-panel button" href="{{$.Link}}?verify_gpg={{.KeyID}}">{{$.i18n.Tr "settings.gpg_key_verify"}}</a> + {{end}} </div> <div class="left floated content"> <span class="{{if or .ExpiredUnix.IsZero ($.PageStartTime.Before .ExpiredUnix.AsTime)}}green{{end}}">{{svg "octicon-key" 32}}</span> </div> <div class="content"> - {{range .Emails}}<strong>{{.Email}} </strong>{{end}} + {{if .Verified}} + <span class="poping up" data-content="{{$.i18n.Tr "settings.gpg_key_verified_long"}}">{{svg "octicon-shield-check"}} <strong>{{$.i18n.Tr "settings.gpg_key_verified"}}</strong></span> + {{end}} + {{if gt (len .Emails) 0}} + <span class="poping up" data-content="{{$.i18n.Tr "settings.gpg_key_matched_identities_long"}}">{{svg "octicon-mail"}} {{$.i18n.Tr "settings.gpg_key_matched_identities"}} {{range .Emails}}<strong>{{.Email}} </strong>{{end}}</span> + {{end}} <div class="print meta"> <b>{{$.i18n.Tr "settings.key_id"}}:</b> {{.KeyID}} <b>{{$.i18n.Tr "settings.subkeys"}}:</b> {{range .SubsKey}} {{.KeyID}} {{end}} @@ -32,6 +40,37 @@ </div> </div> </div> + {{if and (not .Verified) (eq $.VerifyingID .KeyID)}} + <div class="ui segment"> + <h4>{{$.i18n.Tr "settings.gpg_token_required"}}</h4> + <form class="ui form{{if $.HasGPGVerifyError}} error{{end}}" action="{{$.Link}}" method="post"> + {{$.CsrfTokenHtml}} + <input type="hidden" name="title" value="none"> + <input type="hidden" name="content" value="{{.KeyID}}"> + <input type="hidden" name="key_id" value="{{.KeyID}}"> + <div class="field"> + <label for="token">{{$.i18n.Tr "settings.gpg_token"}}</label> + <input readonly="" value="{{$.TokenToSign}}"> + <div class="help"> + <p>{{$.i18n.Tr "settings.gpg_token_help"}}</p> + <p><code>{{$.i18n.Tr "settings.gpg_token_code" $.TokenToSign .KeyID}}</code></p> + </div> + <br> + </div> + <div class="field"> + <label for="signature">{{$.i18n.Tr "settings.gpg_token_signature"}}</label> + <textarea id="gpg-key-signature" name="signature" placeholder="{{$.i18n.Tr "settings.key_signature_gpg_placeholder"}}" required>{{$.signature}}</textarea> + </div> + <input name="type" type="hidden" value="verify_gpg"> + <button class="ui green button"> + {{$.i18n.Tr "settings.gpg_key_verify"}} + </button> + <a class="ui red button" href="{{$.Link}}"> + {{$.i18n.Tr "settings.cancel"}} + </a> + </form> + </div> + {{end}} {{end}} </div> </div> @@ -42,13 +81,30 @@ {{.i18n.Tr "settings.add_new_gpg_key"}} </h4> <div class="ui attached segment"> - <form class="ui form" action="{{.Link}}" method="post"> + <form class="ui form{{if .HasGPGError}} error{{end}}" action="{{.Link}}" method="post"> {{.CsrfTokenHtml}} <input type="hidden" name="title" value="none"> <div class="field {{if .Err_Content}}error{{end}}"> <label for="content">{{.i18n.Tr "settings.key_content"}}</label> <textarea id="gpg-key-content" name="content" placeholder="{{.i18n.Tr "settings.key_content_gpg_placeholder"}}" required>{{.content}}</textarea> </div> + {{if .Err_Signature}} + <div class="ui error message"> + <p>{{.i18n.Tr "settings.gpg_token_required"}}</p> + </div> + <div class="field"> + <label for="token">{{.i18n.Tr "setting.gpg_token"}} + <input readonly="" value="{{.TokenToSign}}"> + <div class="help"> + <p>{{.i18n.Tr "settings.gpg_token_help"}}</p> + <p><code>{{$.i18n.Tr "settings.gpg_token_code" .TokenToSign .KeyID}}</code></p> + </div> + </div> + <div class="field"> + <label for="signature">{{.i18n.Tr "settings.gpg_token_signature"}}</label> + <textarea id="gpg-key-signature" name="signature" placeholder="{{.i18n.Tr "settings.key_signature_gpg_placeholder"}}" required>{{.signature}}</textarea> + </div> + {{end}} <input name="type" type="hidden" value="gpg"> <button class="ui green button"> {{.i18n.Tr "settings.add_key"}} |