From b82293270c7d2d36d79cb9c5731d07c3f5b33f6b Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 13 Jul 2021 14:28:07 +0100 Subject: Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton --- modules/structs/user_gpgkey.go | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'modules/structs/user_gpgkey.go') diff --git a/modules/structs/user_gpgkey.go b/modules/structs/user_gpgkey.go index f501a09cb9..a2ebf7df93 100644 --- a/modules/structs/user_gpgkey.go +++ b/modules/structs/user_gpgkey.go @@ -20,6 +20,7 @@ type GPGKey struct { CanEncryptComms bool `json:"can_encrypt_comms"` CanEncryptStorage bool `json:"can_encrypt_storage"` CanCertify bool `json:"can_certify"` + Verified bool `json:"verified"` // swagger:strfmt date-time Created time.Time `json:"created_at,omitempty"` // swagger:strfmt date-time @@ -40,4 +41,14 @@ type CreateGPGKeyOption struct { // required: true // unique: true ArmoredKey string `json:"armored_public_key" binding:"Required"` + Signature string `json:"armored_signature,omitempty"` +} + +// VerifyGPGKeyOption options verifies user GPG key +type VerifyGPGKeyOption struct { + // An Signature for a GPG key token + // + // required: true + KeyID string `json:"key_id" binding:"Required"` + Signature string `json:"armored_signature" binding:"Required"` } -- cgit v1.2.3