From b82293270c7d2d36d79cb9c5731d07c3f5b33f6b Mon Sep 17 00:00:00 2001 From: zeripath Date: Tue, 13 Jul 2021 14:28:07 +0100 Subject: Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton --- routers/api/v1/api.go | 3 ++ routers/api/v1/user/gpg_key.go | 81 +++++++++++++++++++++++++++++++++++++++--- 2 files changed, 80 insertions(+), 4 deletions(-) (limited to 'routers/api') diff --git a/routers/api/v1/api.go b/routers/api/v1/api.go index b4f14bf2d1..4258ea5dc3 100644 --- a/routers/api/v1/api.go +++ b/routers/api/v1/api.go @@ -686,6 +686,9 @@ func Routes() *web.Route { Delete(user.DeleteGPGKey) }) + m.Get("/gpg_key_token", user.GetVerificationToken) + m.Post("/gpg_key_verify", bind(api.VerifyGPGKeyOption{}), user.VerifyUserGPGKey) + m.Combo("/repos").Get(user.ListMyRepos). Post(bind(api.CreateRepoOption{}), repo.Create) diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index 51bcaeacc6..ec03e305ba 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -5,6 +5,7 @@ package user import ( + "fmt" "net/http" "code.gitea.io/gitea/models" @@ -119,14 +120,84 @@ func GetGPGKey(ctx *context.APIContext) { // CreateUserGPGKey creates new GPG key to given user by ID. func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) { - keys, err := models.AddGPGKey(uid, form.ArmoredKey) + token := models.VerificationToken(ctx.User, 1) + lastToken := models.VerificationToken(ctx.User, 0) + + keys, err := models.AddGPGKey(uid, form.ArmoredKey, token, form.Signature) + if err != nil && models.IsErrGPGInvalidTokenSignature(err) { + keys, err = models.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature) + } if err != nil { - HandleAddGPGKeyError(ctx, err) + HandleAddGPGKeyError(ctx, err, token) return } ctx.JSON(http.StatusCreated, convert.ToGPGKey(keys[0])) } +// GetVerificationToken returns the current token to be signed for this user +func GetVerificationToken(ctx *context.APIContext) { + // swagger:operation GET /user/gpg_key_token user getVerificationToken + // --- + // summary: Get a Token to verify + // produces: + // - text/plain + // parameters: + // responses: + // "200": + // "$ref": "#/responses/string" + // "404": + // "$ref": "#/responses/notFound" + + token := models.VerificationToken(ctx.User, 1) + ctx.PlainText(http.StatusOK, []byte(token)) +} + +// VerifyUserGPGKey creates new GPG key to given user by ID. +func VerifyUserGPGKey(ctx *context.APIContext) { + // swagger:operation POST /user/gpg_key_verify user userVerifyGPGKey + // --- + // summary: Verify a GPG key + // consumes: + // - application/json + // produces: + // - application/json + // responses: + // "201": + // "$ref": "#/responses/GPGKey" + // "404": + // "$ref": "#/responses/notFound" + // "422": + // "$ref": "#/responses/validationError" + + form := web.GetForm(ctx).(*api.VerifyGPGKeyOption) + token := models.VerificationToken(ctx.User, 1) + lastToken := models.VerificationToken(ctx.User, 0) + + _, err := models.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature) + if err != nil && models.IsErrGPGInvalidTokenSignature(err) { + _, err = models.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature) + } + + if err != nil { + if models.IsErrGPGInvalidTokenSignature(err) { + ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token)) + return + } + ctx.Error(http.StatusInternalServerError, "VerifyUserGPGKey", err) + } + + key, err := models.GetGPGKeysByKeyID(form.KeyID) + if err != nil { + if models.IsErrGPGKeyNotExist(err) { + ctx.NotFound() + } else { + ctx.Error(http.StatusInternalServerError, "GetGPGKeysByKeyID", err) + } + return + } + ctx.JSON(http.StatusOK, convert.ToGPGKey(key[0])) +} + // swagger:parameters userCurrentPostGPGKey type swaggerUserCurrentPostGPGKey struct { // in:body @@ -189,7 +260,7 @@ func DeleteGPGKey(ctx *context.APIContext) { } // HandleAddGPGKeyError handle add GPGKey error -func HandleAddGPGKeyError(ctx *context.APIContext, err error) { +func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) { switch { case models.IsErrGPGKeyAccessDenied(err): ctx.Error(http.StatusUnprocessableEntity, "GPGKeyAccessDenied", "You do not have access to this GPG key") @@ -198,7 +269,9 @@ func HandleAddGPGKeyError(ctx *context.APIContext, err error) { case models.IsErrGPGKeyParsing(err): ctx.Error(http.StatusUnprocessableEntity, "GPGKeyParsing", err) case models.IsErrGPGNoEmailFound(err): - ctx.Error(http.StatusNotFound, "GPGNoEmailFound", err) + ctx.Error(http.StatusNotFound, "GPGNoEmailFound", fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token)) + case models.IsErrGPGInvalidTokenSignature(err): + ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token)) default: ctx.Error(http.StatusInternalServerError, "AddGPGKey", err) } -- cgit v1.2.3