0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2025-01-17 20:03:59 -05:00
forgejo/modules/structs/user_gpgkey.go
zeripath b82293270c
Add option to provide signature for a token to verify key ownership (#14054)
* Add option to provide signed token to verify key ownership

Currently we will only allow a key to be matched to a user if it matches
an activated email address. This PR provides a different mechanism - if
the user provides a signature for automatically generated token (based
on the timestamp, user creation time, user ID, username and primary
email.

* Ensure verified keys can act for all active emails for the user

* Add code to mark keys as verified

* Slight UI adjustments

* Slight UI adjustments 2

* Simplify signature verification slightly

* fix postgres test

* add api routes

* handle swapped primary-keys

* Verify the no-reply address for verified keys

* Only add email addresses that are activated to keys

* Fix committer shortcut properly

* Restructure gpg_keys.go

* Use common Verification Token code

Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 15:28:07 +02:00

54 lines
1.7 KiB
Go

// Copyright 2017 Gitea Authors. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package structs
import (
"time"
)
// GPGKey a user GPG key to sign commit and tag in repository
type GPGKey struct {
ID int64 `json:"id"`
PrimaryKeyID string `json:"primary_key_id"`
KeyID string `json:"key_id"`
PublicKey string `json:"public_key"`
Emails []*GPGKeyEmail `json:"emails"`
SubsKey []*GPGKey `json:"subkeys"`
CanSign bool `json:"can_sign"`
CanEncryptComms bool `json:"can_encrypt_comms"`
CanEncryptStorage bool `json:"can_encrypt_storage"`
CanCertify bool `json:"can_certify"`
Verified bool `json:"verified"`
// swagger:strfmt date-time
Created time.Time `json:"created_at,omitempty"`
// swagger:strfmt date-time
Expires time.Time `json:"expires_at,omitempty"`
}
// GPGKeyEmail an email attached to a GPGKey
// swagger:model GPGKeyEmail
type GPGKeyEmail struct {
Email string `json:"email"`
Verified bool `json:"verified"`
}
// CreateGPGKeyOption options create user GPG key
type CreateGPGKeyOption struct {
// An armored GPG key to add
//
// required: true
// unique: true
ArmoredKey string `json:"armored_public_key" binding:"Required"`
Signature string `json:"armored_signature,omitempty"`
}
// VerifyGPGKeyOption options verifies user GPG key
type VerifyGPGKeyOption struct {
// An Signature for a GPG key token
//
// required: true
KeyID string `json:"key_id" binding:"Required"`
Signature string `json:"armored_signature" binding:"Required"`
}