Add option to provide signature for a token to verify key ownership (#14054)

* Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2025-07-22 18:28:37 +00:00 · 2021-07-13 14:28:07 +01:00
parent 67f135ca5d
commit b82293270c
20 changed files with 1276 additions and 727 deletions
--- a/models/gpg_key_import.go
+++ b/models/gpg_key_import.go
@@ -0,0 +1,38 @@
+// Copyright 2021 The Gitea Authors. All rights reserved.
+// Use of this source code is governed by a MIT-style
+// license that can be found in the LICENSE file.
+
+package models
+
+//    __________________  ________   ____  __.
+//   /  _____/\______   \/  _____/  |    |/ _|____ ___.__.
+//  /   \  ___ |     ___/   \  ___  |      <_/ __ <   |  |
+//  \    \_\  \|    |   \    \_\  \ |    |  \  ___/\___  |
+//   \______  /|____|    \______  / |____|__ \___  > ____|
+//          \/                  \/          \/   \/\/
+//  .___                              __
+//  |   | _____ ______   ____________/  |_
+//  |   |/     \\____ \ /  _ \_  __ \   __\
+//  |   |  Y Y  \  |_> >  <_> )  | \/|  |
+//  |___|__|_|  /   __/ \____/|__|   |__|
+//            \/|__|
+
+// This file contains functions related to the original import of a key
+
+// GPGKeyImport the original import of key
+type GPGKeyImport struct {
+	KeyID   string `xorm:"pk CHAR(16) NOT NULL"`
+	Content string `xorm:"TEXT NOT NULL"`
+}
+
+// GetGPGImportByKeyID returns the import public armored key by given KeyID.
+func GetGPGImportByKeyID(keyID string) (*GPGKeyImport, error) {
+	key := new(GPGKeyImport)
+	has, err := x.ID(keyID).Get(key)
+	if err != nil {
+		return nil, err
+	} else if !has {
+		return nil, ErrGPGKeyImportNotExist{keyID}
+	}
+	return key, nil
+}