1
1
mirror of https://github.com/go-gitea/gitea synced 2024-10-31 23:34:25 +00:00
gitea/templates/user/settings/keys_gpg.tmpl
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00

126 lines
5.4 KiB
Handlebars

<h4 class="ui top attached header">
{{.i18n.Tr "settings.manage_gpg_keys"}}
<div class="ui right">
<div class="ui blue tiny show-panel button" data-panel="#add-gpg-key-panel">{{.i18n.Tr "settings.add_key"}}</div>
</div>
</h4>
<div class="ui attached segment">
<div class="ui key list">
<div class="item">
{{.i18n.Tr "settings.gpg_desc"}}
</div>
{{range .GPGKeys}}
<div class="item">
<div class="right floated content">
<button class="ui red tiny button delete-button" id="delete-gpg" data-url="{{$.Link}}/delete?type=gpg" data-id="{{.ID}}">
{{$.i18n.Tr "settings.delete_key"}}
</button>
{{if and (not .Verified) (ne $.VerifyingID .KeyID)}}
<a class="ui blue tiny show-panel button" href="{{$.Link}}?verify_gpg={{.KeyID}}">{{$.i18n.Tr "settings.gpg_key_verify"}}</a>
{{end}}
</div>
<div class="left floated content">
<span class="{{if or .ExpiredUnix.IsZero ($.PageStartTime.Before .ExpiredUnix.AsTime)}}green{{end}}">{{svg "octicon-key" 32}}</span>
</div>
<div class="content">
{{if .Verified}}
<span class="poping up" data-content="{{$.i18n.Tr "settings.gpg_key_verified_long"}}">{{svg "octicon-shield-check"}} <strong>{{$.i18n.Tr "settings.gpg_key_verified"}}</strong></span>
{{end}}
{{if gt (len .Emails) 0}}
<span class="poping up" data-content="{{$.i18n.Tr "settings.gpg_key_matched_identities_long"}}">{{svg "octicon-mail"}} {{$.i18n.Tr "settings.gpg_key_matched_identities"}} {{range .Emails}}<strong>{{.Email}} </strong>{{end}}</span>
{{end}}
<div class="print meta">
<b>{{$.i18n.Tr "settings.key_id"}}:</b> {{.KeyID}}
<b>{{$.i18n.Tr "settings.subkeys"}}:</b> {{range .SubsKey}} {{.KeyID}} {{end}}
</div>
<div class="activity meta">
<i>{{$.i18n.Tr "settings.add_on"}} <span>{{.AddedUnix.FormatShort}}</span></i>
-
<i>{{if not .ExpiredUnix.IsZero}}{{$.i18n.Tr "settings.valid_until"}} <span>{{.ExpiredUnix.FormatShort}}</span>{{else}}{{$.i18n.Tr "settings.valid_forever"}}{{end}}</i>
</div>
</div>
</div>
{{if and (not .Verified) (eq $.VerifyingID .KeyID)}}
<div class="ui segment">
<h4>{{$.i18n.Tr "settings.gpg_token_required"}}</h4>
<form class="ui form{{if $.HasGPGVerifyError}} error{{end}}" action="{{$.Link}}" method="post">
{{$.CsrfTokenHtml}}
<input type="hidden" name="title" value="none">
<input type="hidden" name="content" value="{{.KeyID}}">
<input type="hidden" name="key_id" value="{{.KeyID}}">
<div class="field">
<label for="token">{{$.i18n.Tr "settings.gpg_token"}}</label>
<input readonly="" value="{{$.TokenToSign}}">
<div class="help">
<p>{{$.i18n.Tr "settings.gpg_token_help"}}</p>
<p><code>{{$.i18n.Tr "settings.gpg_token_code" $.TokenToSign .KeyID}}</code></p>
</div>
<br>
</div>
<div class="field">
<label for="signature">{{$.i18n.Tr "settings.gpg_token_signature"}}</label>
<textarea id="gpg-key-signature" name="signature" placeholder="{{$.i18n.Tr "settings.key_signature_gpg_placeholder"}}" required>{{$.signature}}</textarea>
</div>
<input name="type" type="hidden" value="verify_gpg">
<button class="ui green button">
{{$.i18n.Tr "settings.gpg_key_verify"}}
</button>
<a class="ui red button" href="{{$.Link}}">
{{$.i18n.Tr "settings.cancel"}}
</a>
</form>
</div>
{{end}}
{{end}}
</div>
</div>
<br>
<p>{{.i18n.Tr "settings.gpg_helper" "https://docs.github.com/en/free-pro-team@latest/github/authenticating-to-github/about-commit-signature-verification#gpg-commit-signature-verification" | Str2html}}</p>
<div {{if not .HasGPGError}}class="hide"{{end}} id="add-gpg-key-panel">
<h4 class="ui top attached header">
{{.i18n.Tr "settings.add_new_gpg_key"}}
</h4>
<div class="ui attached segment">
<form class="ui form{{if .HasGPGError}} error{{end}}" action="{{.Link}}" method="post">
{{.CsrfTokenHtml}}
<input type="hidden" name="title" value="none">
<div class="field {{if .Err_Content}}error{{end}}">
<label for="content">{{.i18n.Tr "settings.key_content"}}</label>
<textarea id="gpg-key-content" name="content" placeholder="{{.i18n.Tr "settings.key_content_gpg_placeholder"}}" required>{{.content}}</textarea>
</div>
{{if .Err_Signature}}
<div class="ui error message">
<p>{{.i18n.Tr "settings.gpg_token_required"}}</p>
</div>
<div class="field">
<label for="token">{{.i18n.Tr "setting.gpg_token"}}
<input readonly="" value="{{.TokenToSign}}">
<div class="help">
<p>{{.i18n.Tr "settings.gpg_token_help"}}</p>
<p><code>{{$.i18n.Tr "settings.gpg_token_code" .TokenToSign .KeyID}}</code></p>
</div>
</div>
<div class="field">
<label for="signature">{{.i18n.Tr "settings.gpg_token_signature"}}</label>
<textarea id="gpg-key-signature" name="signature" placeholder="{{.i18n.Tr "settings.key_signature_gpg_placeholder"}}" required>{{.signature}}</textarea>
</div>
{{end}}
<input name="type" type="hidden" value="gpg">
<button class="ui green button">
{{.i18n.Tr "settings.add_key"}}
</button>
</form>
</div>
</div>
<div class="ui small basic delete modal" id="delete-gpg">
<div class="ui icon header">
{{svg "octicon-trash"}}
{{.i18n.Tr "settings.gpg_key_deletion"}}
</div>
<div class="content">
<p>{{.i18n.Tr "settings.gpg_key_deletion_desc"}}</p>
</div>
{{template "base/delete_modal_actions" .}}
</div>