Browse Source

Fix Keybase verification using wrong domain for remote accounts (#10547)

Eugen Rochko 3 months ago
parent
commit
a9f130b8d8
No account linked to committer's email address

+ 12
- 4
app/lib/proof_provider/keybase.rb View File

@@ -2,7 +2,7 @@
2 2
 
3 3
 class ProofProvider::Keybase
4 4
   BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
5
-  DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
5
+  DOMAIN   = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
6 6
 
7 7
   class Error < StandardError; end
8 8
 
@@ -50,12 +50,20 @@ class ProofProvider::Keybase
50 50
   end
51 51
 
52 52
   def badge
53
-    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
53
+    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
54
+  end
55
+
56
+  def verifier
57
+    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
54 58
   end
55 59
 
56 60
   private
57 61
 
58
-  def verifier
59
-    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
62
+  def domain
63
+    if @proof.account.local?
64
+      DOMAIN
65
+    else
66
+      @proof.account.domain
67
+    end
60 68
   end
61 69
 end

+ 3
- 6
app/lib/proof_provider/keybase/badge.rb View File

@@ -3,10 +3,11 @@
3 3
 class ProofProvider::Keybase::Badge
4 4
   include RoutingHelper
5 5
 
6
-  def initialize(local_username, provider_username, token)
6
+  def initialize(local_username, provider_username, token, domain)
7 7
     @local_username    = local_username
8 8
     @provider_username = provider_username
9 9
     @token             = token
10
+    @domain            = domain
10 11
   end
11 12
 
12 13
   def proof_url
@@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
18 19
   end
19 20
 
20 21
   def icon_url
21
-    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
22
+    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
22 23
   end
23 24
 
24 25
   def avatar_url
@@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
41 42
   def default_avatar_url
42 43
     asset_pack_path('media/images/proof_providers/keybase.png')
43 44
   end
44
-
45
-  def domain
46
-    Rails.configuration.x.local_domain
47
-  end
48 45
 end

+ 3
- 2
app/lib/proof_provider/keybase/verifier.rb View File

@@ -1,10 +1,11 @@
1 1
 # frozen_string_literal: true
2 2
 
3 3
 class ProofProvider::Keybase::Verifier
4
-  def initialize(local_username, provider_username, token)
4
+  def initialize(local_username, provider_username, token, domain)
5 5
     @local_username    = local_username
6 6
     @provider_username = provider_username
7 7
     @token             = token
8
+    @domain            = domain
8 9
   end
9 10
 
10 11
   def valid?
@@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
49 50
 
50 51
   def query_params
51 52
     {
52
-      domain: ProofProvider::Keybase::DOMAIN,
53
+      domain: @domain,
53 54
       kb_username: @provider_username,
54 55
       username: @local_username,
55 56
       sig_hash: @token,

+ 2
- 3
app/lib/proof_provider/keybase/worker.rb View File

@@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
19 19
   end
20 20
 
21 21
   def perform(proof_id)
22
-    proof    = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
23
-    verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
24
-    status   = verifier.status
22
+    proof  = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
23
+    status = proof.provider_instance.verifier.status
25 24
 
26 25
     # If Keybase thinks the proof is valid, and it exists here in Mastodon,
27 26
     # then it should be live. Keybase just has to notice that it's here

+ 2
- 2
app/models/account_identity_proof.rb View File

@@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
30 30
 
31 31
   delegate :refresh!, :on_success_path, :badge, to: :provider_instance
32 32
 
33
-  private
34
-
35 33
   def provider_instance
36 34
     @provider_instance ||= ProofProvider.find(provider, self)
37 35
   end
38 36
 
37
+  private
38
+
39 39
   def queue_worker
40 40
     provider_instance.worker_class.perform_async(id)
41 41
   end

+ 1
- 1
spec/lib/proof_provider/keybase/verifier_spec.rb View File

@@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
10 10
       token: '11111111111111111111111111'
11 11
     )
12 12
 
13
-    described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
13
+    described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
14 14
   end
15 15
 
16 16
   let(:query_params) do

Loading…
Cancel
Save