Fix Keybase verification using wrong domain for remote accounts (#10547)
parent
793b0513eb
commit
a9f130b8d8
|
@ -2,7 +2,7 @@
|
||||||
|
|
||||||
class ProofProvider::Keybase
|
class ProofProvider::Keybase
|
||||||
BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
|
BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
|
||||||
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
|
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
|
||||||
|
|
||||||
class Error < StandardError; end
|
class Error < StandardError; end
|
||||||
|
|
||||||
|
@ -50,12 +50,20 @@ class ProofProvider::Keybase
|
||||||
end
|
end
|
||||||
|
|
||||||
def badge
|
def badge
|
||||||
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
|
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
|
||||||
|
end
|
||||||
|
|
||||||
|
def verifier
|
||||||
|
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
|
||||||
end
|
end
|
||||||
|
|
||||||
private
|
private
|
||||||
|
|
||||||
def verifier
|
def domain
|
||||||
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
|
if @proof.account.local?
|
||||||
|
DOMAIN
|
||||||
|
else
|
||||||
|
@proof.account.domain
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
@ -3,10 +3,11 @@
|
||||||
class ProofProvider::Keybase::Badge
|
class ProofProvider::Keybase::Badge
|
||||||
include RoutingHelper
|
include RoutingHelper
|
||||||
|
|
||||||
def initialize(local_username, provider_username, token)
|
def initialize(local_username, provider_username, token, domain)
|
||||||
@local_username = local_username
|
@local_username = local_username
|
||||||
@provider_username = provider_username
|
@provider_username = provider_username
|
||||||
@token = token
|
@token = token
|
||||||
|
@domain = domain
|
||||||
end
|
end
|
||||||
|
|
||||||
def proof_url
|
def proof_url
|
||||||
|
@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
|
||||||
end
|
end
|
||||||
|
|
||||||
def icon_url
|
def icon_url
|
||||||
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
|
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
|
||||||
end
|
end
|
||||||
|
|
||||||
def avatar_url
|
def avatar_url
|
||||||
|
@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
|
||||||
def default_avatar_url
|
def default_avatar_url
|
||||||
asset_pack_path('media/images/proof_providers/keybase.png')
|
asset_pack_path('media/images/proof_providers/keybase.png')
|
||||||
end
|
end
|
||||||
|
|
||||||
def domain
|
|
||||||
Rails.configuration.x.local_domain
|
|
||||||
end
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -1,10 +1,11 @@
|
||||||
# frozen_string_literal: true
|
# frozen_string_literal: true
|
||||||
|
|
||||||
class ProofProvider::Keybase::Verifier
|
class ProofProvider::Keybase::Verifier
|
||||||
def initialize(local_username, provider_username, token)
|
def initialize(local_username, provider_username, token, domain)
|
||||||
@local_username = local_username
|
@local_username = local_username
|
||||||
@provider_username = provider_username
|
@provider_username = provider_username
|
||||||
@token = token
|
@token = token
|
||||||
|
@domain = domain
|
||||||
end
|
end
|
||||||
|
|
||||||
def valid?
|
def valid?
|
||||||
|
@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
|
||||||
|
|
||||||
def query_params
|
def query_params
|
||||||
{
|
{
|
||||||
domain: ProofProvider::Keybase::DOMAIN,
|
domain: @domain,
|
||||||
kb_username: @provider_username,
|
kb_username: @provider_username,
|
||||||
username: @local_username,
|
username: @local_username,
|
||||||
sig_hash: @token,
|
sig_hash: @token,
|
||||||
|
|
|
@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
|
||||||
end
|
end
|
||||||
|
|
||||||
def perform(proof_id)
|
def perform(proof_id)
|
||||||
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
|
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
|
||||||
verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
|
status = proof.provider_instance.verifier.status
|
||||||
status = verifier.status
|
|
||||||
|
|
||||||
# If Keybase thinks the proof is valid, and it exists here in Mastodon,
|
# If Keybase thinks the proof is valid, and it exists here in Mastodon,
|
||||||
# then it should be live. Keybase just has to notice that it's here
|
# then it should be live. Keybase just has to notice that it's here
|
||||||
|
|
|
@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
|
||||||
|
|
||||||
delegate :refresh!, :on_success_path, :badge, to: :provider_instance
|
delegate :refresh!, :on_success_path, :badge, to: :provider_instance
|
||||||
|
|
||||||
private
|
|
||||||
|
|
||||||
def provider_instance
|
def provider_instance
|
||||||
@provider_instance ||= ProofProvider.find(provider, self)
|
@provider_instance ||= ProofProvider.find(provider, self)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
private
|
||||||
|
|
||||||
def queue_worker
|
def queue_worker
|
||||||
provider_instance.worker_class.perform_async(id)
|
provider_instance.worker_class.perform_async(id)
|
||||||
end
|
end
|
||||||
|
|
|
@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
|
||||||
token: '11111111111111111111111111'
|
token: '11111111111111111111111111'
|
||||||
)
|
)
|
||||||
|
|
||||||
described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
|
described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
|
||||||
end
|
end
|
||||||
|
|
||||||
let(:query_params) do
|
let(:query_params) do
|
||||||
|
|
Reference in New Issue