From b82293270c7d2d36d79cb9c5731d07c3f5b33f6b Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 13 Jul 2021 14:28:07 +0100 Subject: Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton --- routers/api/v1/api.go | 3 +++ 1 file changed, 3 insertions(+) (limited to 'routers/api/v1/api.go') diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index b4f14bf2d1..4258ea5dc3 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -686,6 +686,9 @@ func Routes() *web.Route { Delete(user.DeleteGPGKey) }) + m.Get("/gpg_key_token", user.GetVerificationToken) + m.Post("/gpg_key_verify", bind(api.VerifyGPGKeyOption{}), user.VerifyUserGPGKey) + m.Combo("/repos").Get(user.ListMyRepos). Post(bind(api.CreateRepoOption{}), repo.Create) -- cgit v1.2.3