From 9c4cbdbafb0324ae259e10865b90ed1ed0255bdd Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 18 Mar 2019 21:00:55 +0100
Subject: Add Keybase integration (#10297)
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

* create account_identity_proofs table

* add endpoint for keybase to check local proofs

* add async task to update validity and liveness of proofs from keybase

* first pass keybase proof CRUD

* second pass keybase proof creation

* clean up proof list and add badges

* add avatar url to keybase api

* Always highlight the “Identity Proofs” navigation item when interacting with proofs.

* Update translations.

* Add profile URL.

* Reorder proofs.

* Add proofs to bio.

* Update settings/identity_proofs front-end.

* Use `link_to`.

* Only encode query params if they exist.

URLs without params had a trailing `?`.

* Only show live proofs.

* change valid to active in proof list and update liveness before displaying

* minor fixes

* add keybase config at well-known path

* extremely naive feature flagging off the identity proof UI

* fixes for rubocop

* make identity proofs page resilient to potential keybase issues

* normalize i18n

* tweaks for brakeman

* remove two unused translations

* cleanup and add more localizations

* make keybase_contacts an admin setting

* fix ExternalProofService my_domain

* use Addressable::URI in identity proofs

* use active model serializer for keybase proof config

* more cleanup of keybase proof config

* rename proof is_valid and is_live to proof_valid and proof_live

* cleanup

* assorted tweaks for more robust communication with keybase

* Clean up

* Small fixes

* Display verified identity identically to verified links

* Clean up unused CSS

* Add caching for Keybase avatar URLs

* Remove keybase_contacts setting
---
 app/controllers/api/proofs_controller.rb           | 30 +++++++++++++++
 .../settings/identity_proofs_controller.rb         | 45 ++++++++++++++++++++++
 .../well_known/keybase_proof_config_controller.rb  |  9 +++++
 3 files changed, 84 insertions(+)
 create mode 100644 app/controllers/api/proofs_controller.rb
 create mode 100644 app/controllers/settings/identity_proofs_controller.rb
 create mode 100644 app/controllers/well_known/keybase_proof_config_controller.rb

(limited to 'app/controllers')

diff --git a/app/controllers/api/proofs_controller.rb b/app/controllers/api/proofs_controller.rb
new file mode 100644
index 000000000..a84ad2014
--- /dev/null
+++ b/app/controllers/api/proofs_controller.rb
@@ -0,0 +1,30 @@
+# frozen_string_literal: true
+
+class Api::ProofsController < Api::BaseController
+  before_action :set_account
+  before_action :set_provider
+  before_action :check_account_approval
+  before_action :check_account_suspension
+
+  def index
+    render json: @account, serializer: @provider.serializer_class
+  end
+
+  private
+
+  def set_provider
+    @provider = ProofProvider.find(params[:provider]) || raise(ActiveRecord::RecordNotFound)
+  end
+
+  def set_account
+    @account = Account.find_local!(params[:username])
+  end
+
+  def check_account_approval
+    not_found if @account.user_pending?
+  end
+
+  def check_account_suspension
+    gone if @account.suspended?
+  end
+end
diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb
new file mode 100644
index 000000000..4a3b89a5e
--- /dev/null
+++ b/app/controllers/settings/identity_proofs_controller.rb
@@ -0,0 +1,45 @@
+# frozen_string_literal: true
+
+class Settings::IdentityProofsController < Settings::BaseController
+  layout 'admin'
+
+  before_action :authenticate_user!
+  before_action :check_required_params, only: :new
+
+  def index
+    @proofs = AccountIdentityProof.where(account: current_account).order(provider: :asc, provider_username: :asc)
+    @proofs.each(&:refresh!)
+  end
+
+  def new
+    @proof = current_account.identity_proofs.new(
+      token: params[:token],
+      provider: params[:provider],
+      provider_username: params[:provider_username]
+    )
+
+    render layout: 'auth'
+  end
+
+  def create
+    @proof = current_account.identity_proofs.where(provider: resource_params[:provider], provider_username: resource_params[:provider_username]).first_or_initialize(resource_params)
+    @proof.token = resource_params[:token]
+
+    if @proof.save
+      redirect_to @proof.on_success_path(params[:user_agent])
+    else
+      flash[:alert] = I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize)
+      redirect_to settings_identity_proofs_path
+    end
+  end
+
+  private
+
+  def check_required_params
+    redirect_to settings_identity_proofs_path unless [:provider, :provider_username, :token].all? { |k| params[k].present? }
+  end
+
+  def resource_params
+    params.require(:account_identity_proof).permit(:provider, :provider_username, :token)
+  end
+end
diff --git a/app/controllers/well_known/keybase_proof_config_controller.rb b/app/controllers/well_known/keybase_proof_config_controller.rb
new file mode 100644
index 000000000..eb41e586f
--- /dev/null
+++ b/app/controllers/well_known/keybase_proof_config_controller.rb
@@ -0,0 +1,9 @@
+# frozen_string_literal: true
+
+module WellKnown
+  class KeybaseProofConfigController < ActionController::Base
+    def show
+      render json: {}, serializer: ProofProvider::Keybase::ConfigSerializer
+    end
+  end
+end
-- 
cgit 


From 1217185cfa7fa13e78f979e8723fc82f93a28205 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Tue, 19 Mar 2019 16:33:30 +0100
Subject: Do not distribute Delete when rejecting unapproved accounts (#10321)

---
 app/controllers/admin/accounts_controller.rb | 2 +-
 app/services/suspend_account_service.rb      | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb
index e160c603a..e7795e95c 100644
--- a/app/controllers/admin/accounts_controller.rb
+++ b/app/controllers/admin/accounts_controller.rb
@@ -53,7 +53,7 @@ module Admin
 
     def reject
       authorize @account.user, :reject?
-      SuspendAccountService.new.call(@account, including_user: true, destroy: true)
+      SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true)
       redirect_to admin_accounts_path(pending: '1')
     end
 
diff --git a/app/services/suspend_account_service.rb b/app/services/suspend_account_service.rb
index 24fa1be69..6c2ecad30 100644
--- a/app/services/suspend_account_service.rb
+++ b/app/services/suspend_account_service.rb
@@ -68,7 +68,7 @@ class SuspendAccountService < BaseService
   end
 
   def purge_content!
-    distribute_delete_actor! if @account.local?
+    distribute_delete_actor! if @account.local? && !@options[:skip_distribution]
 
     @account.statuses.reorder(nil).find_in_batches do |statuses|
       BatchedRemoveStatusService.new.call(statuses, skip_side_effects: @options[:destroy])
-- 
cgit 


From 66d945209278c9344d503fe4e7a58d5c6f040e50 Mon Sep 17 00:00:00 2001
From: ThibG <thib@sitedethib.com>
Date: Wed, 20 Mar 2019 17:20:16 +0100
Subject: Do not try fetching keys of unknown accounts on a Delete from them
 (#10326)

---
 app/controllers/activitypub/inboxes_controller.rb       | 16 +++++++++++++---
 spec/controllers/activitypub/inboxes_controller_spec.rb |  4 ++--
 2 files changed, 15 insertions(+), 5 deletions(-)

(limited to 'app/controllers')

diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb
index 8f5e1887e..1501b914e 100644
--- a/app/controllers/activitypub/inboxes_controller.rb
+++ b/app/controllers/activitypub/inboxes_controller.rb
@@ -2,11 +2,14 @@
 
 class ActivityPub::InboxesController < Api::BaseController
   include SignatureVerification
+  include JsonLdHelper
 
   before_action :set_account
 
   def create
-    if signed_request_account
+    if unknown_deleted_account?
+      head 202
+    elsif signed_request_account
       upgrade_account
       process_payload
       head 202
@@ -17,12 +20,19 @@ class ActivityPub::InboxesController < Api::BaseController
 
   private
 
+  def unknown_deleted_account?
+    json = Oj.load(body, mode: :strict)
+    json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists?
+  rescue Oj::ParseError
+    false
+  end
+
   def set_account
     @account = Account.find_local!(params[:account_username]) if params[:account_username]
   end
 
   def body
-    @body ||= request.body.read
+    @body ||= request.body.read.force_encoding('UTF-8')
   end
 
   def upgrade_account
@@ -36,6 +46,6 @@ class ActivityPub::InboxesController < Api::BaseController
   end
 
   def process_payload
-    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id)
+    ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id)
   end
 end
diff --git a/spec/controllers/activitypub/inboxes_controller_spec.rb b/spec/controllers/activitypub/inboxes_controller_spec.rb
index 4055d9342..eab4b8c3e 100644
--- a/spec/controllers/activitypub/inboxes_controller_spec.rb
+++ b/spec/controllers/activitypub/inboxes_controller_spec.rb
@@ -10,7 +10,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do
           Fabricate(:account)
         end
 
-        post :create
+        post :create, body: '{}'
         expect(response).to have_http_status(202)
       end
     end
@@ -21,7 +21,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do
           false
         end
 
-        post :create
+        post :create, body: '{}'
         expect(response).to have_http_status(401)
       end
     end
-- 
cgit