about summary refs log tree commit diff
diff options
context:
space:
mode:
authorEugen Rochko <eugen@zeonfederated.com>2019-04-10 20:28:43 +0200
committerGitHub <noreply@github.com>2019-04-10 20:28:43 +0200
commita9f130b8d8e1d92a10cb92b1295b12d274f3139c (patch)
tree58de8b07c047a8fd9545519cfcfcfd5c7ca0a2c1
parent793b0513eb14c08443e11202b3ffbee141e33df7 (diff)
Fix Keybase verification using wrong domain for remote accounts (#10547)
-rw-r--r--app/lib/proof_provider/keybase.rb16
-rw-r--r--app/lib/proof_provider/keybase/badge.rb9
-rw-r--r--app/lib/proof_provider/keybase/verifier.rb5
-rw-r--r--app/lib/proof_provider/keybase/worker.rb5
-rw-r--r--app/models/account_identity_proof.rb4
-rw-r--r--spec/lib/proof_provider/keybase/verifier_spec.rb2
6 files changed, 23 insertions, 18 deletions
diff --git a/app/lib/proof_provider/keybase.rb b/app/lib/proof_provider/keybase.rb
index 628972e9d..9680b90ee 100644
--- a/app/lib/proof_provider/keybase.rb
+++ b/app/lib/proof_provider/keybase.rb
@@ -2,7 +2,7 @@
 
 class ProofProvider::Keybase
   BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
-  DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
+  DOMAIN   = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
 
   class Error < StandardError; end
 
@@ -50,12 +50,20 @@ class ProofProvider::Keybase
   end
 
   def badge
-    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
+    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
+  end
+
+  def verifier
+    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
   end
 
   private
 
-  def verifier
-    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
+  def domain
+    if @proof.account.local?
+      DOMAIN
+    else
+      @proof.account.domain
+    end
   end
 end
diff --git a/app/lib/proof_provider/keybase/badge.rb b/app/lib/proof_provider/keybase/badge.rb
index 3aa067ecf..f587b1cc7 100644
--- a/app/lib/proof_provider/keybase/badge.rb
+++ b/app/lib/proof_provider/keybase/badge.rb
@@ -3,10 +3,11 @@
 class ProofProvider::Keybase::Badge
   include RoutingHelper
 
-  def initialize(local_username, provider_username, token)
+  def initialize(local_username, provider_username, token, domain)
     @local_username    = local_username
     @provider_username = provider_username
     @token             = token
+    @domain            = domain
   end
 
   def proof_url
@@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
   end
 
   def icon_url
-    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
+    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
   end
 
   def avatar_url
@@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
   def default_avatar_url
     asset_pack_path('media/images/proof_providers/keybase.png')
   end
-
-  def domain
-    Rails.configuration.x.local_domain
-  end
 end
diff --git a/app/lib/proof_provider/keybase/verifier.rb b/app/lib/proof_provider/keybase/verifier.rb
index ab1422323..af69b1bfc 100644
--- a/app/lib/proof_provider/keybase/verifier.rb
+++ b/app/lib/proof_provider/keybase/verifier.rb
@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
 class ProofProvider::Keybase::Verifier
-  def initialize(local_username, provider_username, token)
+  def initialize(local_username, provider_username, token, domain)
     @local_username    = local_username
     @provider_username = provider_username
     @token             = token
+    @domain            = domain
   end
 
   def valid?
@@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
 
   def query_params
     {
-      domain: ProofProvider::Keybase::DOMAIN,
+      domain: @domain,
       kb_username: @provider_username,
       username: @local_username,
       sig_hash: @token,
diff --git a/app/lib/proof_provider/keybase/worker.rb b/app/lib/proof_provider/keybase/worker.rb
index 2872f59c1..bcdd18cc5 100644
--- a/app/lib/proof_provider/keybase/worker.rb
+++ b/app/lib/proof_provider/keybase/worker.rb
@@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
   end
 
   def perform(proof_id)
-    proof    = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
-    verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
-    status   = verifier.status
+    proof  = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
+    status = proof.provider_instance.verifier.status
 
     # If Keybase thinks the proof is valid, and it exists here in Mastodon,
     # then it should be live. Keybase just has to notice that it's here
diff --git a/app/models/account_identity_proof.rb b/app/models/account_identity_proof.rb
index 5871d0e84..10b66cccf 100644
--- a/app/models/account_identity_proof.rb
+++ b/app/models/account_identity_proof.rb
@@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
 
   delegate :refresh!, :on_success_path, :badge, to: :provider_instance
 
-  private
-
   def provider_instance
     @provider_instance ||= ProofProvider.find(provider, self)
   end
 
+  private
+
   def queue_worker
     provider_instance.worker_class.perform_async(id)
   end
diff --git a/spec/lib/proof_provider/keybase/verifier_spec.rb b/spec/lib/proof_provider/keybase/verifier_spec.rb
index 4ce67da9c..0081a735d 100644
--- a/spec/lib/proof_provider/keybase/verifier_spec.rb
+++ b/spec/lib/proof_provider/keybase/verifier_spec.rb
@@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
       token: '11111111111111111111111111'
     )
 
-    described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
+    described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
   end
 
   let(:query_params) do