Fix Keybase verification using wrong domain for remote accounts (#10547)

author: Eugen Rochko <eugen@zeonfederated.com> 2019-04-10 20:28:43 +0200
committer: GitHub <noreply@github.com> 2019-04-10 20:28:43 +0200
commit: a9f130b8d8e1d92a10cb92b1295b12d274f3139c (patch)
tree: 58de8b07c047a8fd9545519cfcfcfd5c7ca0a2c1 /app/lib/proof_provider
parent: 793b0513eb14c08443e11202b3ffbee141e33df7 (diff)
4 files changed, 20 insertions, 15 deletions
diff --git a/app/lib/proof_provider/keybase.rb b/app/lib/proof_provider/keybase.rb
index 628972e9d..9680b90ee 100644
--- a/app/lib/proof_provider/keybase.rb
+++ b/app/lib/proof_provider/keybase.rb
@@ -2,7 +2,7 @@
 
 class ProofProvider::Keybase
   BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
-  DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
+  DOMAIN   = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
 
   class Error < StandardError; end
 
@@ -50,12 +50,20 @@ class ProofProvider::Keybase
   end
 
   def badge
-    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
+    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
+  end
+
+  def verifier
+    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
   end
 
   private
 
-  def verifier
-    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
+  def domain
+    if @proof.account.local?
+      DOMAIN
+    else
+      @proof.account.domain
+    end
   end
 end
diff --git a/app/lib/proof_provider/keybase/badge.rb b/app/lib/proof_provider/keybase/badge.rb
index 3aa067ecf..f587b1cc7 100644
--- a/app/lib/proof_provider/keybase/badge.rb
+++ b/app/lib/proof_provider/keybase/badge.rb
@@ -3,10 +3,11 @@
 class ProofProvider::Keybase::Badge
   include RoutingHelper
 
-  def initialize(local_username, provider_username, token)
+  def initialize(local_username, provider_username, token, domain)
     @local_username    = local_username
     @provider_username = provider_username
     @token             = token
+    @domain            = domain
   end
 
   def proof_url
@@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
   end
 
   def icon_url
-    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
+    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
   end
 
   def avatar_url
@@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
   def default_avatar_url
     asset_pack_path('media/images/proof_providers/keybase.png')
   end
-
-  def domain
-    Rails.configuration.x.local_domain
-  end
 end
diff --git a/app/lib/proof_provider/keybase/verifier.rb b/app/lib/proof_provider/keybase/verifier.rb
index ab1422323..af69b1bfc 100644
--- a/app/lib/proof_provider/keybase/verifier.rb
+++ b/app/lib/proof_provider/keybase/verifier.rb
@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
 class ProofProvider::Keybase::Verifier
-  def initialize(local_username, provider_username, token)
+  def initialize(local_username, provider_username, token, domain)
     @local_username    = local_username
     @provider_username = provider_username
     @token             = token
+    @domain            = domain
   end
 
   def valid?
@@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
 
   def query_params
     {
-      domain: ProofProvider::Keybase::DOMAIN,
+      domain: @domain,
       kb_username: @provider_username,
       username: @local_username,
       sig_hash: @token,
diff --git a/app/lib/proof_provider/keybase/worker.rb b/app/lib/proof_provider/keybase/worker.rb
index 2872f59c1..bcdd18cc5 100644
--- a/app/lib/proof_provider/keybase/worker.rb
+++ b/app/lib/proof_provider/keybase/worker.rb
@@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
   end
 
   def perform(proof_id)
-    proof    = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
-    verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
-    status   = verifier.status
+    proof  = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
+    status = proof.provider_instance.verifier.status
 
     # If Keybase thinks the proof is valid, and it exists here in Mastodon,
     # then it should be live. Keybase just has to notice that it's here
author	Eugen Rochko <eugen@zeonfederated.com>	2019-04-10 20:28:43 +0200
committer	GitHub <noreply@github.com>	2019-04-10 20:28:43 +0200
commit	a9f130b8d8e1d92a10cb92b1295b12d274f3139c (patch)
tree	58de8b07c047a8fd9545519cfcfcfd5c7ca0a2c1 /app/lib/proof_provider
parent	793b0513eb14c08443e11202b3ffbee141e33df7 (diff)