From a9f130b8d8e1d92a10cb92b1295b12d274f3139c Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Wed, 10 Apr 2019 20:28:43 +0200 Subject: [PATCH] Fix Keybase verification using wrong domain for remote accounts (#10547) --- app/lib/proof_provider/keybase.rb | 16 ++++++++++++---- app/lib/proof_provider/keybase/badge.rb | 9 +++------ app/lib/proof_provider/keybase/verifier.rb | 5 +++-- app/lib/proof_provider/keybase/worker.rb | 5 ++--- app/models/account_identity_proof.rb | 4 ++-- spec/lib/proof_provider/keybase/verifier_spec.rb | 2 +- 6 files changed, 23 insertions(+), 18 deletions(-) diff --git a/app/lib/proof_provider/keybase.rb b/app/lib/proof_provider/keybase.rb index 628972e9d9..9680b90eed 100644 --- a/app/lib/proof_provider/keybase.rb +++ b/app/lib/proof_provider/keybase.rb @@ -2,7 +2,7 @@ class ProofProvider::Keybase BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io') - DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain) + DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain) class Error < StandardError; end @@ -50,12 +50,20 @@ class ProofProvider::Keybase end def badge - @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token) + @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain) + end + + def verifier + @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain) end private - def verifier - @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token) + def domain + if @proof.account.local? + DOMAIN + else + @proof.account.domain + end end end diff --git a/app/lib/proof_provider/keybase/badge.rb b/app/lib/proof_provider/keybase/badge.rb index 3aa067ecf4..f587b1cc74 100644 --- a/app/lib/proof_provider/keybase/badge.rb +++ b/app/lib/proof_provider/keybase/badge.rb @@ -3,10 +3,11 @@ class ProofProvider::Keybase::Badge include RoutingHelper - def initialize(local_username, provider_username, token) + def initialize(local_username, provider_username, token, domain) @local_username = local_username @provider_username = provider_username @token = token + @domain = domain end def proof_url @@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge end def icon_url - "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}" + "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}" end def avatar_url @@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge def default_avatar_url asset_pack_path('media/images/proof_providers/keybase.png') end - - def domain - Rails.configuration.x.local_domain - end end diff --git a/app/lib/proof_provider/keybase/verifier.rb b/app/lib/proof_provider/keybase/verifier.rb index ab14223239..af69b1bfc8 100644 --- a/app/lib/proof_provider/keybase/verifier.rb +++ b/app/lib/proof_provider/keybase/verifier.rb @@ -1,10 +1,11 @@ # frozen_string_literal: true class ProofProvider::Keybase::Verifier - def initialize(local_username, provider_username, token) + def initialize(local_username, provider_username, token, domain) @local_username = local_username @provider_username = provider_username @token = token + @domain = domain end def valid? @@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier def query_params { - domain: ProofProvider::Keybase::DOMAIN, + domain: @domain, kb_username: @provider_username, username: @local_username, sig_hash: @token, diff --git a/app/lib/proof_provider/keybase/worker.rb b/app/lib/proof_provider/keybase/worker.rb index 2872f59c10..bcdd18cc56 100644 --- a/app/lib/proof_provider/keybase/worker.rb +++ b/app/lib/proof_provider/keybase/worker.rb @@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker end def perform(proof_id) - proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id) - verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token) - status = verifier.status + proof = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id) + status = proof.provider_instance.verifier.status # If Keybase thinks the proof is valid, and it exists here in Mastodon, # then it should be live. Keybase just has to notice that it's here diff --git a/app/models/account_identity_proof.rb b/app/models/account_identity_proof.rb index 5871d0e849..10b66cccf9 100644 --- a/app/models/account_identity_proof.rb +++ b/app/models/account_identity_proof.rb @@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord delegate :refresh!, :on_success_path, :badge, to: :provider_instance - private - def provider_instance @provider_instance ||= ProofProvider.find(provider, self) end + private + def queue_worker provider_instance.worker_class.perform_async(id) end diff --git a/spec/lib/proof_provider/keybase/verifier_spec.rb b/spec/lib/proof_provider/keybase/verifier_spec.rb index 4ce67da9c5..0081a735df 100644 --- a/spec/lib/proof_provider/keybase/verifier_spec.rb +++ b/spec/lib/proof_provider/keybase/verifier_spec.rb @@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do token: '11111111111111111111111111' ) - described_class.new('alice', 'cryptoalice', '11111111111111111111111111') + described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain) end let(:query_params) do