tdsds.com/gitea
1
1
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2025-07-22 18:28:37 +00:00
Code Releases Activity

Add option to provide signature for a token to verify key ownership (#14054)

Browse Source 
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
This commit is contained in:
zeripath
2021-07-13 14:28:07 +01:00
committed by GitHub
parent 67f135ca5d
commit b82293270c
20 changed files with 1276 additions and 727 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
options/locale/locale_en-US.ini
View File

@@ -595,7 +595,20 @@ ssh_key_been_used = This SSH key has already been added to the server.
ssh_key_name_used = An SSH key with same name already exists on your account.
ssh_principal_been_used = This principal has already been added to the server.
gpg_key_id_used = A public GPG key with same ID already exists.
gpg_no_key_email_found = This GPG key is not usable with any email address associated with your account.
gpg_no_key_email_found = This GPG key does not match any activated email address associated with your account. It may still be added if you sign the provided token.
gpg_key_matched_identities = Matched Identities:
gpg_key_matched_identities_long=The embedded identities in this key match the following activated email addresses for this user and commits matching these email addresses can be verified with this key.
gpg_key_verified=Verified Key
gpg_key_verified_long=Key has been verified with a token and can be used to verify commits matching any activated email addresses for this user in addition to any matched identities for this key.
gpg_key_verify=Verify
gpg_invalid_token_signature = The provided GPG key, signature and token do not match or token is out-of-date.
gpg_token_required = You must provide a signature for the below token
gpg_token = Token
gpg_token_help = You can generate a signature using:
gpg_token_code = echo "%s" | gpg -a --default-key %s --detach-sig
gpg_token_signature = Armored GPG signature
key_signature_gpg_placeholder = Begins with '-----BEGIN PGP SIGNATURE-----'
verify_gpg_key_success = The GPG key '%s' has been verified.
subkeys = Subkeys
key_id = Key ID
key_name = Key Name