Fix Keybase verification using wrong domain for remote accounts (#10547)

This commit is contained in:
Eugen Rochko 2019-04-10 20:28:43 +02:00 committed by GitHub
parent 793b0513eb
commit a9f130b8d8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
6 changed files with 23 additions and 18 deletions

View File

@ -2,7 +2,7 @@
class ProofProvider::Keybase
BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
class Error < StandardError; end
@ -50,12 +50,20 @@ class ProofProvider::Keybase
end
def badge
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
end
def verifier
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
end
private
def verifier
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
def domain
if @proof.account.local?
DOMAIN
else
@proof.account.domain
end
end
end

View File

@ -3,10 +3,11 @@
class ProofProvider::Keybase::Badge
include RoutingHelper
def initialize(local_username, provider_username, token)
def initialize(local_username, provider_username, token, domain)
@local_username = local_username
@provider_username = provider_username
@token = token
@domain = domain
end
def proof_url
@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
end
def icon_url
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
end
def avatar_url
@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
def default_avatar_url
asset_pack_path('media/images/proof_providers/keybase.png')
end
def domain
Rails.configuration.x.local_domain
end
end

View File

@ -1,10 +1,11 @@
# frozen_string_literal: true
class ProofProvider::Keybase::Verifier
def initialize(local_username, provider_username, token)
def initialize(local_username, provider_username, token, domain)
@local_username = local_username
@provider_username = provider_username
@token = token
@domain = domain
end
def valid?
@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
def query_params
{
domain: ProofProvider::Keybase::DOMAIN,
domain: @domain,
kb_username: @provider_username,
username: @local_username,
sig_hash: @token,

View File

@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
end
def perform(proof_id)
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
status = verifier.status
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
status = proof.provider_instance.verifier.status
# If Keybase thinks the proof is valid, and it exists here in Mastodon,
# then it should be live. Keybase just has to notice that it's here

View File

@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
delegate :refresh!, :on_success_path, :badge, to: :provider_instance
private
def provider_instance
@provider_instance ||= ProofProvider.find(provider, self)
end
private
def queue_worker
provider_instance.worker_class.perform_async(id)
end

View File

@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
token: '11111111111111111111111111'
)
described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
end
let(:query_params) do