Fix Keybase verification using wrong domain for remote accounts (#10547)

This commit is contained in:
Eugen Rochko 2019-04-10 20:28:43 +02:00 committed by GitHub
parent 793b0513eb
commit a9f130b8d8
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
6 changed files with 23 additions and 18 deletions

View file

@ -2,7 +2,7 @@
class ProofProvider::Keybase class ProofProvider::Keybase
BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io') BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain) DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
class Error < StandardError; end class Error < StandardError; end
@ -50,12 +50,20 @@ class ProofProvider::Keybase
end end
def badge def badge
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token) @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
end
def verifier
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
end end
private private
def verifier def domain
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token) if @proof.account.local?
DOMAIN
else
@proof.account.domain
end
end end
end end

View file

@ -3,10 +3,11 @@
class ProofProvider::Keybase::Badge class ProofProvider::Keybase::Badge
include RoutingHelper include RoutingHelper
def initialize(local_username, provider_username, token) def initialize(local_username, provider_username, token, domain)
@local_username = local_username @local_username = local_username
@provider_username = provider_username @provider_username = provider_username
@token = token @token = token
@domain = domain
end end
def proof_url def proof_url
@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
end end
def icon_url def icon_url
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}" "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
end end
def avatar_url def avatar_url
@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
def default_avatar_url def default_avatar_url
asset_pack_path('media/images/proof_providers/keybase.png') asset_pack_path('media/images/proof_providers/keybase.png')
end end
def domain
Rails.configuration.x.local_domain
end
end end

View file

@ -1,10 +1,11 @@
# frozen_string_literal: true # frozen_string_literal: true
class ProofProvider::Keybase::Verifier class ProofProvider::Keybase::Verifier
def initialize(local_username, provider_username, token) def initialize(local_username, provider_username, token, domain)
@local_username = local_username @local_username = local_username
@provider_username = provider_username @provider_username = provider_username
@token = token @token = token
@domain = domain
end end
def valid? def valid?
@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
def query_params def query_params
{ {
domain: ProofProvider::Keybase::DOMAIN, domain: @domain,
kb_username: @provider_username, kb_username: @provider_username,
username: @local_username, username: @local_username,
sig_hash: @token, sig_hash: @token,

View file

@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
end end
def perform(proof_id) def perform(proof_id)
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id) proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token) status = proof.provider_instance.verifier.status
status = verifier.status
# If Keybase thinks the proof is valid, and it exists here in Mastodon, # If Keybase thinks the proof is valid, and it exists here in Mastodon,
# then it should be live. Keybase just has to notice that it's here # then it should be live. Keybase just has to notice that it's here

View file

@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
delegate :refresh!, :on_success_path, :badge, to: :provider_instance delegate :refresh!, :on_success_path, :badge, to: :provider_instance
private
def provider_instance def provider_instance
@provider_instance ||= ProofProvider.find(provider, self) @provider_instance ||= ProofProvider.find(provider, self)
end end
private
def queue_worker def queue_worker
provider_instance.worker_class.perform_async(id) provider_instance.worker_class.perform_async(id)
end end

View file

@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
token: '11111111111111111111111111' token: '11111111111111111111111111'
) )
described_class.new('alice', 'cryptoalice', '11111111111111111111111111') described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
end end
let(:query_params) do let(:query_params) do