mirror of https://github.com/tootsuite/mastodon
Fix Keybase verification using wrong domain for remote accounts (#10547)
parent
793b0513eb
commit
a9f130b8d8
|
@ -2,7 +2,7 @@
|
|||
|
||||
class ProofProvider::Keybase
|
||||
BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
|
||||
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
|
||||
DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
|
||||
|
||||
class Error < StandardError; end
|
||||
|
||||
|
@ -50,12 +50,20 @@ class ProofProvider::Keybase
|
|||
end
|
||||
|
||||
def badge
|
||||
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
|
||||
@badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
|
||||
end
|
||||
|
||||
def verifier
|
||||
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def verifier
|
||||
@verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
|
||||
def domain
|
||||
if @proof.account.local?
|
||||
DOMAIN
|
||||
else
|
||||
@proof.account.domain
|
||||
end
|
||||
end
|
||||
end
|
||||
|
|
|
@ -3,10 +3,11 @@
|
|||
class ProofProvider::Keybase::Badge
|
||||
include RoutingHelper
|
||||
|
||||
def initialize(local_username, provider_username, token)
|
||||
def initialize(local_username, provider_username, token, domain)
|
||||
@local_username = local_username
|
||||
@provider_username = provider_username
|
||||
@token = token
|
||||
@domain = domain
|
||||
end
|
||||
|
||||
def proof_url
|
||||
|
@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
|
|||
end
|
||||
|
||||
def icon_url
|
||||
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
|
||||
"#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
|
||||
end
|
||||
|
||||
def avatar_url
|
||||
|
@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
|
|||
def default_avatar_url
|
||||
asset_pack_path('media/images/proof_providers/keybase.png')
|
||||
end
|
||||
|
||||
def domain
|
||||
Rails.configuration.x.local_domain
|
||||
end
|
||||
end
|
||||
|
|
|
@ -1,10 +1,11 @@
|
|||
# frozen_string_literal: true
|
||||
|
||||
class ProofProvider::Keybase::Verifier
|
||||
def initialize(local_username, provider_username, token)
|
||||
def initialize(local_username, provider_username, token, domain)
|
||||
@local_username = local_username
|
||||
@provider_username = provider_username
|
||||
@token = token
|
||||
@domain = domain
|
||||
end
|
||||
|
||||
def valid?
|
||||
|
@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
|
|||
|
||||
def query_params
|
||||
{
|
||||
domain: ProofProvider::Keybase::DOMAIN,
|
||||
domain: @domain,
|
||||
kb_username: @provider_username,
|
||||
username: @local_username,
|
||||
sig_hash: @token,
|
||||
|
|
|
@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
|
|||
end
|
||||
|
||||
def perform(proof_id)
|
||||
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
|
||||
verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
|
||||
status = verifier.status
|
||||
proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
|
||||
status = proof.provider_instance.verifier.status
|
||||
|
||||
# If Keybase thinks the proof is valid, and it exists here in Mastodon,
|
||||
# then it should be live. Keybase just has to notice that it's here
|
||||
|
|
|
@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
|
|||
|
||||
delegate :refresh!, :on_success_path, :badge, to: :provider_instance
|
||||
|
||||
private
|
||||
|
||||
def provider_instance
|
||||
@provider_instance ||= ProofProvider.find(provider, self)
|
||||
end
|
||||
|
||||
private
|
||||
|
||||
def queue_worker
|
||||
provider_instance.worker_class.perform_async(id)
|
||||
end
|
||||
|
|
|
@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
|
|||
token: '11111111111111111111111111'
|
||||
)
|
||||
|
||||
described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
|
||||
described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
|
||||
end
|
||||
|
||||
let(:query_params) do
|
||||
|
|
Loading…
Reference in New Issue