aboutsummaryrefslogtreecommitdiffstats
path: root/templates
diff options
context:
space:
mode:
authorzeripath <art27@cantab.net>2021-07-13 14:28:07 +0100
committerGitHub <noreply@github.com>2021-07-13 15:28:07 +0200
commitb82293270c7d2d36d79cb9c5731d07c3f5b33f6b (patch)
treea79131e08ecf19cc8e642fcc032bfee0e30959c0 /templates
parent67f135ca5ddfcab4391a00af4936d0260079cd97 (diff)
downloadgitea-b82293270c7d2d36d79cb9c5731d07c3f5b33f6b.tar.gz
gitea-b82293270c7d2d36d79cb9c5731d07c3f5b33f6b.zip
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
Diffstat (limited to 'templates')
-rw-r--r--templates/swagger/v1_json.tmpl54
-rw-r--r--templates/user/settings/keys_gpg.tmpl60
2 files changed, 112 insertions, 2 deletions
diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl
index de61b9dd29..297720cec9 100644
--- a/templates/swagger/v1_json.tmpl
+++ b/templates/swagger/v1_json.tmpl
@@ -10714,6 +10714,52 @@
}
}
},
+ "/user/gpg_key_token": {
+ "get": {
+ "produces": [
+ "text/plain"
+ ],
+ "tags": [
+ "user"
+ ],
+ "summary": "Get a Token to verify",
+ "operationId": "getVerificationToken",
+ "responses": {
+ "200": {
+ "$ref": "#/responses/string"
+ },
+ "404": {
+ "$ref": "#/responses/notFound"
+ }
+ }
+ }
+ },
+ "/user/gpg_key_verify": {
+ "post": {
+ "consumes": [
+ "application/json"
+ ],
+ "produces": [
+ "application/json"
+ ],
+ "tags": [
+ "user"
+ ],
+ "summary": "Verify a GPG key",
+ "operationId": "userVerifyGPGKey",
+ "responses": {
+ "201": {
+ "$ref": "#/responses/GPGKey"
+ },
+ "404": {
+ "$ref": "#/responses/notFound"
+ },
+ "422": {
+ "$ref": "#/responses/validationError"
+ }
+ }
+ }
+ },
"/user/gpg_keys": {
"get": {
"produces": [
@@ -12826,6 +12872,10 @@
"type": "string",
"uniqueItems": true,
"x-go-name": "ArmoredKey"
+ },
+ "armored_signature": {
+ "type": "string",
+ "x-go-name": "Signature"
}
},
"x-go-package": "code.gitea.io/gitea/modules/structs"
@@ -14484,6 +14534,10 @@
"$ref": "#/definitions/GPGKey"
},
"x-go-name": "SubsKey"
+ },
+ "verified": {
+ "type": "boolean",
+ "x-go-name": "Verified"
}
},
"x-go-package": "code.gitea.io/gitea/modules/structs"
diff --git a/templates/user/settings/keys_gpg.tmpl b/templates/user/settings/keys_gpg.tmpl
index 4e04d831d2..2d80d48156 100644
--- a/templates/user/settings/keys_gpg.tmpl
+++ b/templates/user/settings/keys_gpg.tmpl
@@ -15,12 +15,20 @@
<button class="ui red tiny button delete-button" id="delete-gpg" data-url="{{$.Link}}/delete?type=gpg" data-id="{{.ID}}">
{{$.i18n.Tr "settings.delete_key"}}
</button>
+ {{if and (not .Verified) (ne $.VerifyingID .KeyID)}}
+ <a class="ui blue tiny show-panel button" href="{{$.Link}}?verify_gpg={{.KeyID}}">{{$.i18n.Tr "settings.gpg_key_verify"}}</a>
+ {{end}}
</div>
<div class="left floated content">
<span class="{{if or .ExpiredUnix.IsZero ($.PageStartTime.Before .ExpiredUnix.AsTime)}}green{{end}}">{{svg "octicon-key" 32}}</span>
</div>
<div class="content">
- {{range .Emails}}<strong>{{.Email}} </strong>{{end}}
+ {{if .Verified}}
+ <span class="poping up" data-content="{{$.i18n.Tr "settings.gpg_key_verified_long"}}">{{svg "octicon-shield-check"}} <strong>{{$.i18n.Tr "settings.gpg_key_verified"}}</strong></span>
+ {{end}}
+ {{if gt (len .Emails) 0}}
+ <span class="poping up" data-content="{{$.i18n.Tr "settings.gpg_key_matched_identities_long"}}">{{svg "octicon-mail"}} {{$.i18n.Tr "settings.gpg_key_matched_identities"}} {{range .Emails}}<strong>{{.Email}} </strong>{{end}}</span>
+ {{end}}
<div class="print meta">
<b>{{$.i18n.Tr "settings.key_id"}}:</b> {{.KeyID}}
<b>{{$.i18n.Tr "settings.subkeys"}}:</b> {{range .SubsKey}} {{.KeyID}} {{end}}
@@ -32,6 +40,37 @@
</div>
</div>
</div>
+ {{if and (not .Verified) (eq $.VerifyingID .KeyID)}}
+ <div class="ui segment">
+ <h4>{{$.i18n.Tr "settings.gpg_token_required"}}</h4>
+ <form class="ui form{{if $.HasGPGVerifyError}} error{{end}}" action="{{$.Link}}" method="post">
+ {{$.CsrfTokenHtml}}
+ <input type="hidden" name="title" value="none">
+ <input type="hidden" name="content" value="{{.KeyID}}">
+ <input type="hidden" name="key_id" value="{{.KeyID}}">
+ <div class="field">
+ <label for="token">{{$.i18n.Tr "settings.gpg_token"}}</label>
+ <input readonly="" value="{{$.TokenToSign}}">
+ <div class="help">
+ <p>{{$.i18n.Tr "settings.gpg_token_help"}}</p>
+ <p><code>{{$.i18n.Tr "settings.gpg_token_code" $.TokenToSign .KeyID}}</code></p>
+ </div>
+ <br>
+ </div>
+ <div class="field">
+ <label for="signature">{{$.i18n.Tr "settings.gpg_token_signature"}}</label>
+ <textarea id="gpg-key-signature" name="signature" placeholder="{{$.i18n.Tr "settings.key_signature_gpg_placeholder"}}" required>{{$.signature}}</textarea>
+ </div>
+ <input name="type" type="hidden" value="verify_gpg">
+ <button class="ui green button">
+ {{$.i18n.Tr "settings.gpg_key_verify"}}
+ </button>
+ <a class="ui red button" href="{{$.Link}}">
+ {{$.i18n.Tr "settings.cancel"}}
+ </a>
+ </form>
+ </div>
+ {{end}}
{{end}}
</div>
</div>
@@ -42,13 +81,30 @@
{{.i18n.Tr "settings.add_new_gpg_key"}}
</h4>
<div class="ui attached segment">
- <form class="ui form" action="{{.Link}}" method="post">
+ <form class="ui form{{if .HasGPGError}} error{{end}}" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<input type="hidden" name="title" value="none">
<div class="field {{if .Err_Content}}error{{end}}">
<label for="content">{{.i18n.Tr "settings.key_content"}}</label>
<textarea id="gpg-key-content" name="content" placeholder="{{.i18n.Tr "settings.key_content_gpg_placeholder"}}" required>{{.content}}</textarea>
</div>
+ {{if .Err_Signature}}
+ <div class="ui error message">
+ <p>{{.i18n.Tr "settings.gpg_token_required"}}</p>
+ </div>
+ <div class="field">
+ <label for="token">{{.i18n.Tr "setting.gpg_token"}}
+ <input readonly="" value="{{.TokenToSign}}">
+ <div class="help">
+ <p>{{.i18n.Tr "settings.gpg_token_help"}}</p>
+ <p><code>{{$.i18n.Tr "settings.gpg_token_code" .TokenToSign .KeyID}}</code></p>
+ </div>
+ </div>
+ <div class="field">
+ <label for="signature">{{.i18n.Tr "settings.gpg_token_signature"}}</label>
+ <textarea id="gpg-key-signature" name="signature" placeholder="{{.i18n.Tr "settings.key_signature_gpg_placeholder"}}" required>{{.signature}}</textarea>
+ </div>
+ {{end}}
<input name="type" type="hidden" value="gpg">
<button class="ui green button">
{{.i18n.Tr "settings.add_key"}}