mirrors/forgejo
1
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2024-10-31 22:38:58 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/models/asymkey/gpg_key_commit_verification.go

64 lines
2.3 KiB
Go
Raw Normal View History

Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
// Copyright 2021 The Gitea Authors. All rights reserved.
Implement FSFE REUSE for golang files (#21840) Change all license headers to comply with REUSE specification. Fix #16132 Co-authored-by: flynnnnnnnnnn <flynnnnnnnnnn@github> Co-authored-by: John Olheiser <john.olheiser@gmail.com>
2022-11-27 18:20:29 +00:00
// SPDX-License-Identifier: MIT
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
Move keys to models/asymkey (#17917) * Move keys to models/keys * Rename models/keys -> models/asymkey * change the missed package name * Fix package alias * Fix test * Fix docs * Fix test * Fix test * merge
2021-12-10 08:14:24 +00:00
package asymkey
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
import (
Add context cache as a request level cache (#22294) To avoid duplicated load of the same data in an HTTP request, we can set a context cache to do that. i.e. Some pages may load a user from a database with the same id in different areas on the same page. But the code is hidden in two different deep logic. How should we share the user? As a result of this PR, now if both entry functions accept `context.Context` as the first parameter and we just need to refactor `GetUserByID` to reuse the user from the context cache. Then it will not be loaded twice on an HTTP request. But of course, sometimes we would like to reload an object from the database, that's why `RemoveContextData` is also exposed. The core context cache is here. It defines a new context ```go type cacheContext struct { ctx context.Context data map[any]map[any]any lock sync.RWMutex } var cacheContextKey = struct{}{} func WithCacheContext(ctx context.Context) context.Context { return context.WithValue(ctx, cacheContextKey, &cacheContext{ ctx: ctx, data: make(map[any]map[any]any), }) } ``` Then you can use the below 4 methods to read/write/del the data within the same context. ```go func GetContextData(ctx context.Context, tp, key any) any func SetContextData(ctx context.Context, tp, key, value any) func RemoveContextData(ctx context.Context, tp, key any) func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error) ``` Then let's take a look at how `system.GetString` implement it. ```go func GetSetting(ctx context.Context, key string) (string, error) { return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) { return cache.GetString(genSettingCacheKey(key), func() (string, error) { res, err := GetSettingNoCache(ctx, key) if err != nil { return "", err } return res.SettingValue, nil }) }) } ``` First, it will check if context data include the setting object with the key. If not, it will query from the global cache which may be memory or a Redis cache. If not, it will get the object from the database. In the end, if the object gets from the global cache or database, it will be set into the context cache. An object stored in the context cache will only be destroyed after the context disappeared.
2023-02-15 13:37:34 +00:00
"context"
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
Move repository model into models/repo (#17933) * Some refactors related repository model * Move more methods out of repository * Move repository into models/repo * Fix test * Fix test * some improvements * Remove unnecessary function
2021-12-10 01:27:50 +00:00
repo_model "code.gitea.io/gitea/models/repo"
Move EmailAddress & UserRedirect into models/user/ (#17607) * Move EmailAddress into models/user/ * Fix test * rename user_mail to user_email * Fix test * Move UserRedirect into models/user/ * Fix lint & test * Fix lint * Fix lint * remove nolint comment * Fix lint
2021-11-11 07:03:30 +00:00
user_model "code.gitea.io/gitea/models/user"
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
"code.gitea.io/gitea/modules/git"
)
// __________________ ________ ____ __.
// / _____/\______ \/ _____/ | |/ _|____ ___.__.
// / \ ___ | ___/ \ ___ | <_/ __ < | |
// \ \_\ \| | \ \_\ \ | | \ ___/\___ |
// \______ /|____| \______ / |____|__ \___ > ____|
// \/ \/ \/ \/\/
// _________ .__ __
// \_ ___ \ ____ _____ _____ |__|/ |_
// / \ \/ / _ \ / \ / \| \ __\
// \ \___( <_> ) Y Y \ Y Y \ || |
// \______ /\____/|__|_| /__|_| /__||__|
// \/ \/ \/
// ____ ____ .__ _____.__ __ .__
// \ \ / /___________|__|/ ____\__| ____ _____ _/ |_|__| ____ ____
// \ Y // __ \_ __ \ \ __\| |/ ___\\__ \\ __\ |/ _ \ / \
// \ /\ ___/| | \/ || | | \ \___ / __ \| | | ( <_> ) | \
// \___/ \___ >__| |__||__| |__|\___ >____ /__| |__|\____/|___| /
// \/ \/ \/ \/
// This file provides functions relating commit verification
// SignCommit represents a commit with validation of signature.
type SignCommit struct {
models/asymkey: Implement Tag verification This is, in large part, a refactoring: we rename `CommitVerification` to `ObjectVerification`, and adjust `ParseObjectWithSignature` (previously `ParseCommitWithSignature`) to work on an object, rather than a commit. This in turn, lets us implement `ParseTagWithSignature` on top of it, so commit & tag signature verification will share most of the code. Work sponsored by @glts. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-04 18:11:42 +00:00
Verification *ObjectVerification
Move user related model into models/user (#17781) * Move user related model into models/user * Fix lint for windows * Fix windows lint * Fix windows lint * Move some tests in models * Merge
2021-11-24 09:49:20 +00:00
*user_model.UserCommit
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
}
// ParseCommitsWithSignature checks if signaute of commits are corresponding to users gpg keys.
Add context cache as a request level cache (#22294) To avoid duplicated load of the same data in an HTTP request, we can set a context cache to do that. i.e. Some pages may load a user from a database with the same id in different areas on the same page. But the code is hidden in two different deep logic. How should we share the user? As a result of this PR, now if both entry functions accept `context.Context` as the first parameter and we just need to refactor `GetUserByID` to reuse the user from the context cache. Then it will not be loaded twice on an HTTP request. But of course, sometimes we would like to reload an object from the database, that's why `RemoveContextData` is also exposed. The core context cache is here. It defines a new context ```go type cacheContext struct { ctx context.Context data map[any]map[any]any lock sync.RWMutex } var cacheContextKey = struct{}{} func WithCacheContext(ctx context.Context) context.Context { return context.WithValue(ctx, cacheContextKey, &cacheContext{ ctx: ctx, data: make(map[any]map[any]any), }) } ``` Then you can use the below 4 methods to read/write/del the data within the same context. ```go func GetContextData(ctx context.Context, tp, key any) any func SetContextData(ctx context.Context, tp, key, value any) func RemoveContextData(ctx context.Context, tp, key any) func GetWithContextCache[T any](ctx context.Context, cacheGroupKey string, cacheTargetID any, f func() (T, error)) (T, error) ``` Then let's take a look at how `system.GetString` implement it. ```go func GetSetting(ctx context.Context, key string) (string, error) { return cache.GetWithContextCache(ctx, contextCacheKey, key, func() (string, error) { return cache.GetString(genSettingCacheKey(key), func() (string, error) { res, err := GetSettingNoCache(ctx, key) if err != nil { return "", err } return res.SettingValue, nil }) }) } ``` First, it will check if context data include the setting object with the key. If not, it will query from the global cache which may be memory or a Redis cache. If not, it will get the object from the database. In the end, if the object gets from the global cache or database, it will be set into the context cache. An object stored in the context cache will only be destroyed after the context disappeared.
2023-02-15 13:37:34 +00:00
func ParseCommitsWithSignature(ctx context.Context, oldCommits []*user_model.UserCommit, repoTrustModel repo_model.TrustModelType, isOwnerMemberCollaborator func(*user_model.User) (bool, error)) []*SignCommit {
Replace `list.List` with slices (#16311) * Replaced list with slice. * Fixed usage of pointer to temporary variable. * Replaced LIFO list with slice. * Lint * Removed type check. * Removed duplicated code. * Lint * Fixed merge. Co-authored-by: 6543 <6543@obermui.de>
2021-08-09 18:08:51 +00:00
newCommits := make([]*SignCommit, 0, len(oldCommits))
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
keyMap := map[string]bool{}
Replace `list.List` with slices (#16311) * Replaced list with slice. * Fixed usage of pointer to temporary variable. * Replaced LIFO list with slice. * Lint * Removed type check. * Removed duplicated code. * Lint * Fixed merge. Co-authored-by: 6543 <6543@obermui.de>
2021-08-09 18:08:51 +00:00
for _, c := range oldCommits {
models/asymkey: Implement Tag verification This is, in large part, a refactoring: we rename `CommitVerification` to `ObjectVerification`, and adjust `ParseObjectWithSignature` (previously `ParseCommitWithSignature`) to work on an object, rather than a commit. This in turn, lets us implement `ParseTagWithSignature` on top of it, so commit & tag signature verification will share most of the code. Work sponsored by @glts. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-04 18:11:42 +00:00
o := commitToGitObject(c.Commit)
Replace `list.List` with slices (#16311) * Replaced list with slice. * Fixed usage of pointer to temporary variable. * Replaced LIFO list with slice. * Lint * Removed type check. * Removed duplicated code. * Lint * Fixed merge. Co-authored-by: 6543 <6543@obermui.de>
2021-08-09 18:08:51 +00:00
signCommit := &SignCommit{
UserCommit: c,
models/asymkey: Implement Tag verification This is, in large part, a refactoring: we rename `CommitVerification` to `ObjectVerification`, and adjust `ParseObjectWithSignature` (previously `ParseCommitWithSignature`) to work on an object, rather than a commit. This in turn, lets us implement `ParseTagWithSignature` on top of it, so commit & tag signature verification will share most of the code. Work sponsored by @glts. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-04 18:11:42 +00:00
Verification: ParseObjectWithSignature(ctx, &o),
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
}
Collaborator trust model should trust collaborators (#18539) * Collaborator trust model should trust collaborators There was an unintended regression in #17917 which leads to only repository admin commits being trusted. This PR restores the old logic. Fix #18501 Signed-off-by: Andrew Thornton <art27@cantab.net>
2022-02-02 10:10:06 +00:00
_ = CalculateTrustStatus(signCommit.Verification, repoTrustModel, isOwnerMemberCollaborator, &keyMap)
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
Replace `list.List` with slices (#16311) * Replaced list with slice. * Fixed usage of pointer to temporary variable. * Replaced LIFO list with slice. * Lint * Removed type check. * Removed duplicated code. * Lint * Fixed merge. Co-authored-by: 6543 <6543@obermui.de>
2021-08-09 18:08:51 +00:00
newCommits = append(newCommits, signCommit)
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
}
return newCommits
}
models/asymkey: Implement Tag verification This is, in large part, a refactoring: we rename `CommitVerification` to `ObjectVerification`, and adjust `ParseObjectWithSignature` (previously `ParseCommitWithSignature`) to work on an object, rather than a commit. This in turn, lets us implement `ParseTagWithSignature` on top of it, so commit & tag signature verification will share most of the code. Work sponsored by @glts. Signed-off-by: Gergely Nagy <forgejo@gergo.csillger.hu>
2024-03-04 18:11:42 +00:00
func ParseCommitWithSignature(ctx context.Context, c *git.Commit) *ObjectVerification {
o := commitToGitObject(c)
return ParseObjectWithSignature(ctx, &o)
Add option to provide signature for a token to verify key ownership (#14054) * Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net>
2021-07-13 13:28:07 +00:00
}
Reference in a new issue Copy permalink