From 9c4cbdbafb0324ae259e10865b90ed1ed0255bdd Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 18 Mar 2019 21:00:55 +0100 Subject: Add Keybase integration (#10297) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting --- app/controllers/api/proofs_controller.rb | 30 +++++++++++++++ .../settings/identity_proofs_controller.rb | 45 ++++++++++++++++++++++ .../well_known/keybase_proof_config_controller.rb | 9 +++++ 3 files changed, 84 insertions(+) create mode 100644 app/controllers/api/proofs_controller.rb create mode 100644 app/controllers/settings/identity_proofs_controller.rb create mode 100644 app/controllers/well_known/keybase_proof_config_controller.rb (limited to 'app/controllers') diff --git a/app/controllers/api/proofs_controller.rb b/app/controllers/api/proofs_controller.rb new file mode 100644 index 000000000..a84ad2014 --- /dev/null +++ b/app/controllers/api/proofs_controller.rb @@ -0,0 +1,30 @@ +# frozen_string_literal: true + +class Api::ProofsController < Api::BaseController + before_action :set_account + before_action :set_provider + before_action :check_account_approval + before_action :check_account_suspension + + def index + render json: @account, serializer: @provider.serializer_class + end + + private + + def set_provider + @provider = ProofProvider.find(params[:provider]) || raise(ActiveRecord::RecordNotFound) + end + + def set_account + @account = Account.find_local!(params[:username]) + end + + def check_account_approval + not_found if @account.user_pending? + end + + def check_account_suspension + gone if @account.suspended? + end +end diff --git a/app/controllers/settings/identity_proofs_controller.rb b/app/controllers/settings/identity_proofs_controller.rb new file mode 100644 index 000000000..4a3b89a5e --- /dev/null +++ b/app/controllers/settings/identity_proofs_controller.rb @@ -0,0 +1,45 @@ +# frozen_string_literal: true + +class Settings::IdentityProofsController < Settings::BaseController + layout 'admin' + + before_action :authenticate_user! + before_action :check_required_params, only: :new + + def index + @proofs = AccountIdentityProof.where(account: current_account).order(provider: :asc, provider_username: :asc) + @proofs.each(&:refresh!) + end + + def new + @proof = current_account.identity_proofs.new( + token: params[:token], + provider: params[:provider], + provider_username: params[:provider_username] + ) + + render layout: 'auth' + end + + def create + @proof = current_account.identity_proofs.where(provider: resource_params[:provider], provider_username: resource_params[:provider_username]).first_or_initialize(resource_params) + @proof.token = resource_params[:token] + + if @proof.save + redirect_to @proof.on_success_path(params[:user_agent]) + else + flash[:alert] = I18n.t('identity_proofs.errors.failed', provider: @proof.provider.capitalize) + redirect_to settings_identity_proofs_path + end + end + + private + + def check_required_params + redirect_to settings_identity_proofs_path unless [:provider, :provider_username, :token].all? { |k| params[k].present? } + end + + def resource_params + params.require(:account_identity_proof).permit(:provider, :provider_username, :token) + end +end diff --git a/app/controllers/well_known/keybase_proof_config_controller.rb b/app/controllers/well_known/keybase_proof_config_controller.rb new file mode 100644 index 000000000..eb41e586f --- /dev/null +++ b/app/controllers/well_known/keybase_proof_config_controller.rb @@ -0,0 +1,9 @@ +# frozen_string_literal: true + +module WellKnown + class KeybaseProofConfigController < ActionController::Base + def show + render json: {}, serializer: ProofProvider::Keybase::ConfigSerializer + end + end +end -- cgit From 1217185cfa7fa13e78f979e8723fc82f93a28205 Mon Sep 17 00:00:00 2001 From: ThibG Date: Tue, 19 Mar 2019 16:33:30 +0100 Subject: Do not distribute Delete when rejecting unapproved accounts (#10321) --- app/controllers/admin/accounts_controller.rb | 2 +- app/services/suspend_account_service.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/admin/accounts_controller.rb b/app/controllers/admin/accounts_controller.rb index e160c603a..e7795e95c 100644 --- a/app/controllers/admin/accounts_controller.rb +++ b/app/controllers/admin/accounts_controller.rb @@ -53,7 +53,7 @@ module Admin def reject authorize @account.user, :reject? - SuspendAccountService.new.call(@account, including_user: true, destroy: true) + SuspendAccountService.new.call(@account, including_user: true, destroy: true, skip_distribution: true) redirect_to admin_accounts_path(pending: '1') end diff --git a/app/services/suspend_account_service.rb b/app/services/suspend_account_service.rb index 24fa1be69..6c2ecad30 100644 --- a/app/services/suspend_account_service.rb +++ b/app/services/suspend_account_service.rb @@ -68,7 +68,7 @@ class SuspendAccountService < BaseService end def purge_content! - distribute_delete_actor! if @account.local? + distribute_delete_actor! if @account.local? && !@options[:skip_distribution] @account.statuses.reorder(nil).find_in_batches do |statuses| BatchedRemoveStatusService.new.call(statuses, skip_side_effects: @options[:destroy]) -- cgit From 66d945209278c9344d503fe4e7a58d5c6f040e50 Mon Sep 17 00:00:00 2001 From: ThibG Date: Wed, 20 Mar 2019 17:20:16 +0100 Subject: Do not try fetching keys of unknown accounts on a Delete from them (#10326) --- app/controllers/activitypub/inboxes_controller.rb | 16 +++++++++++++--- spec/controllers/activitypub/inboxes_controller_spec.rb | 4 ++-- 2 files changed, 15 insertions(+), 5 deletions(-) (limited to 'app/controllers') diff --git a/app/controllers/activitypub/inboxes_controller.rb b/app/controllers/activitypub/inboxes_controller.rb index 8f5e1887e..1501b914e 100644 --- a/app/controllers/activitypub/inboxes_controller.rb +++ b/app/controllers/activitypub/inboxes_controller.rb @@ -2,11 +2,14 @@ class ActivityPub::InboxesController < Api::BaseController include SignatureVerification + include JsonLdHelper before_action :set_account def create - if signed_request_account + if unknown_deleted_account? + head 202 + elsif signed_request_account upgrade_account process_payload head 202 @@ -17,12 +20,19 @@ class ActivityPub::InboxesController < Api::BaseController private + def unknown_deleted_account? + json = Oj.load(body, mode: :strict) + json['type'] == 'Delete' && json['actor'].present? && json['actor'] == value_or_id(json['object']) && !Account.where(uri: json['actor']).exists? + rescue Oj::ParseError + false + end + def set_account @account = Account.find_local!(params[:account_username]) if params[:account_username] end def body - @body ||= request.body.read + @body ||= request.body.read.force_encoding('UTF-8') end def upgrade_account @@ -36,6 +46,6 @@ class ActivityPub::InboxesController < Api::BaseController end def process_payload - ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body.force_encoding('UTF-8'), @account&.id) + ActivityPub::ProcessingWorker.perform_async(signed_request_account.id, body, @account&.id) end end diff --git a/spec/controllers/activitypub/inboxes_controller_spec.rb b/spec/controllers/activitypub/inboxes_controller_spec.rb index 4055d9342..eab4b8c3e 100644 --- a/spec/controllers/activitypub/inboxes_controller_spec.rb +++ b/spec/controllers/activitypub/inboxes_controller_spec.rb @@ -10,7 +10,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do Fabricate(:account) end - post :create + post :create, body: '{}' expect(response).to have_http_status(202) end end @@ -21,7 +21,7 @@ RSpec.describe ActivityPub::InboxesController, type: :controller do false end - post :create + post :create, body: '{}' expect(response).to have_http_status(401) end end -- cgit