Add option to provide signature for a token to verify key ownership (#14054)

* Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-05-21 09:21:15 +00:00 · 2021-07-13 14:28:07 +01:00 · 2021-07-13 14:28:07 +01:00 · b82293270c
commit b82293270c
parent 67f135ca5d
20 changed files with 1276 additions and 727 deletions
--- a/routers/api/v1/user/gpg_key.go
+++ b/routers/api/v1/user/gpg_key.go
@ -5,6 +5,7 @@
 package user

 import (
+	"fmt"
 	"net/http"

 	"code.gitea.io/gitea/models"
@ -119,14 +120,84 @@ func GetGPGKey(ctx *context.APIContext) {

 // CreateUserGPGKey creates new GPG key to given user by ID.
 func CreateUserGPGKey(ctx *context.APIContext, form api.CreateGPGKeyOption, uid int64) {
-	keys, err := models.AddGPGKey(uid, form.ArmoredKey)
+	token := models.VerificationToken(ctx.User, 1)
+	lastToken := models.VerificationToken(ctx.User, 0)
+
+	keys, err := models.AddGPGKey(uid, form.ArmoredKey, token, form.Signature)
+	if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
+		keys, err = models.AddGPGKey(uid, form.ArmoredKey, lastToken, form.Signature)
+	}
 	if err != nil {
-		HandleAddGPGKeyError(ctx, err)
+		HandleAddGPGKeyError(ctx, err, token)
 		return
 	}
 	ctx.JSON(http.StatusCreated, convert.ToGPGKey(keys[0]))
 }

+// GetVerificationToken returns the current token to be signed for this user
+func GetVerificationToken(ctx *context.APIContext) {
+	// swagger:operation GET /user/gpg_key_token user getVerificationToken
+	// ---
+	// summary: Get a Token to verify
+	// produces:
+	// - text/plain
+	// parameters:
+	// responses:
+	//   "200":
+	//     "$ref": "#/responses/string"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+
+	token := models.VerificationToken(ctx.User, 1)
+	ctx.PlainText(http.StatusOK, []byte(token))
+}
+
+// VerifyUserGPGKey creates new GPG key to given user by ID.
+func VerifyUserGPGKey(ctx *context.APIContext) {
+	// swagger:operation POST /user/gpg_key_verify user userVerifyGPGKey
+	// ---
+	// summary: Verify a GPG key
+	// consumes:
+	// - application/json
+	// produces:
+	// - application/json
+	// responses:
+	//   "201":
+	//     "$ref": "#/responses/GPGKey"
+	//   "404":
+	//     "$ref": "#/responses/notFound"
+	//   "422":
+	//     "$ref": "#/responses/validationError"
+
+	form := web.GetForm(ctx).(*api.VerifyGPGKeyOption)
+	token := models.VerificationToken(ctx.User, 1)
+	lastToken := models.VerificationToken(ctx.User, 0)
+
+	_, err := models.VerifyGPGKey(ctx.User.ID, form.KeyID, token, form.Signature)
+	if err != nil && models.IsErrGPGInvalidTokenSignature(err) {
+		_, err = models.VerifyGPGKey(ctx.User.ID, form.KeyID, lastToken, form.Signature)
+	}
+
+	if err != nil {
+		if models.IsErrGPGInvalidTokenSignature(err) {
+			ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
+			return
+		}
+		ctx.Error(http.StatusInternalServerError, "VerifyUserGPGKey", err)
+	}
+
+	key, err := models.GetGPGKeysByKeyID(form.KeyID)
+	if err != nil {
+		if models.IsErrGPGKeyNotExist(err) {
+			ctx.NotFound()
+		} else {
+			ctx.Error(http.StatusInternalServerError, "GetGPGKeysByKeyID", err)
+		}
+		return
+	}
+	ctx.JSON(http.StatusOK, convert.ToGPGKey(key[0]))
+}
+
 // swagger:parameters userCurrentPostGPGKey
 type swaggerUserCurrentPostGPGKey struct {
 	// in:body
@ -189,7 +260,7 @@ func DeleteGPGKey(ctx *context.APIContext) {
 }

 // HandleAddGPGKeyError handle add GPGKey error
-func HandleAddGPGKeyError(ctx *context.APIContext, err error) {
+func HandleAddGPGKeyError(ctx *context.APIContext, err error, token string) {
 	switch {
 	case models.IsErrGPGKeyAccessDenied(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyAccessDenied", "You do not have access to this GPG key")
@ -198,7 +269,9 @@ func HandleAddGPGKeyError(ctx *context.APIContext, err error) {
 	case models.IsErrGPGKeyParsing(err):
 		ctx.Error(http.StatusUnprocessableEntity, "GPGKeyParsing", err)
 	case models.IsErrGPGNoEmailFound(err):
-		ctx.Error(http.StatusNotFound, "GPGNoEmailFound", err)
+		ctx.Error(http.StatusNotFound, "GPGNoEmailFound", fmt.Sprintf("None of the emails attached to the GPG key could be found. It may still be added if you provide a valid signature for the token: %s", token))
+	case models.IsErrGPGInvalidTokenSignature(err):
+		ctx.Error(http.StatusUnprocessableEntity, "GPGInvalidSignature", fmt.Sprintf("The provided GPG key, signature and token do not match or token is out of date. Provide a valid signature for the token: %s", token))
 	default:
 		ctx.Error(http.StatusInternalServerError, "AddGPGKey", err)
 	}