forked from AkkomaGang/akkoma
Move local keys out of user.info
This commit is contained in:
parent
9e34919dcd
commit
fefbd31c6e
8 changed files with 33 additions and 14 deletions
|
@ -48,7 +48,7 @@ def refetch_public_key(conn) do
|
||||||
end
|
end
|
||||||
|
|
||||||
def sign(%User{} = user, headers) do
|
def sign(%User{} = user, headers) do
|
||||||
with {:ok, %{info: %{keys: keys}}} <- User.ensure_keys_present(user),
|
with {:ok, %{keys: keys}} <- User.ensure_keys_present(user),
|
||||||
{:ok, private_key, _} <- Keys.keys_from_pem(keys) do
|
{:ok, private_key, _} <- Keys.keys_from_pem(keys) do
|
||||||
HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
|
HTTPSignatures.sign(private_key, user.ap_id <> "#main-key", headers)
|
||||||
end
|
end
|
||||||
|
|
|
@ -51,6 +51,7 @@ defmodule Pleroma.User do
|
||||||
field(:password_hash, :string)
|
field(:password_hash, :string)
|
||||||
field(:password, :string, virtual: true)
|
field(:password, :string, virtual: true)
|
||||||
field(:password_confirmation, :string, virtual: true)
|
field(:password_confirmation, :string, virtual: true)
|
||||||
|
field(:keys, :string)
|
||||||
field(:following, {:array, :string}, default: [])
|
field(:following, {:array, :string}, default: [])
|
||||||
field(:ap_id, :string)
|
field(:ap_id, :string)
|
||||||
field(:avatar, :map)
|
field(:avatar, :map)
|
||||||
|
@ -1554,11 +1555,14 @@ def get_mascot(%{info: %{mascot: mascot}}) when is_nil(mascot) do
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
def ensure_keys_present(%{info: %{keys: keys}} = user) when not is_nil(keys), do: {:ok, user}
|
def ensure_keys_present(%{keys: keys} = user) when not is_nil(keys), do: {:ok, user}
|
||||||
|
|
||||||
def ensure_keys_present(%User{} = user) do
|
def ensure_keys_present(%User{} = user) do
|
||||||
with {:ok, pem} <- Keys.generate_rsa_pem() do
|
with {:ok, pem} <- Keys.generate_rsa_pem() do
|
||||||
update_info(user, &User.Info.set_keys(&1, pem))
|
user
|
||||||
|
|> cast(%{keys: pem}, [:keys])
|
||||||
|
|> validate_required([:keys])
|
||||||
|
|> update_and_set_cache()
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -33,7 +33,7 @@ def render("endpoints.json", _), do: %{}
|
||||||
|
|
||||||
def render("service.json", %{user: user}) do
|
def render("service.json", %{user: user}) do
|
||||||
{:ok, user} = User.ensure_keys_present(user)
|
{:ok, user} = User.ensure_keys_present(user)
|
||||||
{:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
|
{:ok, _, public_key} = Keys.keys_from_pem(user.keys)
|
||||||
public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
|
public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
|
||||||
public_key = :public_key.pem_encode([public_key])
|
public_key = :public_key.pem_encode([public_key])
|
||||||
|
|
||||||
|
@ -69,7 +69,7 @@ def render("user.json", %{user: %User{nickname: "internal." <> _} = user}),
|
||||||
|
|
||||||
def render("user.json", %{user: user}) do
|
def render("user.json", %{user: user}) do
|
||||||
{:ok, user} = User.ensure_keys_present(user)
|
{:ok, user} = User.ensure_keys_present(user)
|
||||||
{:ok, _, public_key} = Keys.keys_from_pem(user.info.keys)
|
{:ok, _, public_key} = Keys.keys_from_pem(user.keys)
|
||||||
public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
|
public_key = :public_key.pem_entry_encode(:SubjectPublicKeyInfo, public_key)
|
||||||
public_key = :public_key.pem_encode([public_key])
|
public_key = :public_key.pem_encode([public_key])
|
||||||
|
|
||||||
|
|
|
@ -202,7 +202,7 @@ def is_representable?(_), do: false
|
||||||
@spec publish(User.t(), Pleroma.Activity.t()) :: none
|
@spec publish(User.t(), Pleroma.Activity.t()) :: none
|
||||||
def publish(user, activity)
|
def publish(user, activity)
|
||||||
|
|
||||||
def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity)
|
def publish(%{keys: keys} = user, %{data: %{"type" => type}} = activity)
|
||||||
when type in @supported_activities do
|
when type in @supported_activities do
|
||||||
feed = ActivityRepresenter.to_simple_form(activity, user, true)
|
feed = ActivityRepresenter.to_simple_form(activity, user, true)
|
||||||
|
|
||||||
|
@ -238,7 +238,7 @@ def publish(%{info: %{keys: keys}} = user, %{data: %{"type" => type}} = activity
|
||||||
def publish(%{id: id}, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
|
def publish(%{id: id}, _), do: Logger.debug(fn -> "Keys missing for user #{id}" end)
|
||||||
|
|
||||||
def gather_webfinger_links(%User{} = user) do
|
def gather_webfinger_links(%User{} = user) do
|
||||||
{:ok, _private, public} = Keys.keys_from_pem(user.info.keys)
|
{:ok, _private, public} = Keys.keys_from_pem(user.keys)
|
||||||
magic_key = encode_key(public)
|
magic_key = encode_key(public)
|
||||||
|
|
||||||
[
|
[
|
||||||
|
|
9
priv/repo/migrations/20191006123824_add_keys_column.exs
Normal file
9
priv/repo/migrations/20191006123824_add_keys_column.exs
Normal file
|
@ -0,0 +1,9 @@
|
||||||
|
defmodule Pleroma.Repo.Migrations.AddKeysColumn do
|
||||||
|
use Ecto.Migration
|
||||||
|
|
||||||
|
def change do
|
||||||
|
alter table("users") do
|
||||||
|
add_if_not_exists :keys, :text
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,7 @@
|
||||||
|
defmodule Pleroma.Repo.Migrations.MoveKeysToSeparateColumn do
|
||||||
|
use Ecto.Migration
|
||||||
|
|
||||||
|
def change do
|
||||||
|
execute("update users set keys = info->>'keys' where local", "update users set info = jsonb_set(info, '{keys}'::text[], to_jsonb(keys)) where local")
|
||||||
|
end
|
||||||
|
end
|
|
@ -80,7 +80,7 @@ test "it returns signature headers" do
|
||||||
user =
|
user =
|
||||||
insert(:user, %{
|
insert(:user, %{
|
||||||
ap_id: "https://mastodon.social/users/lambadalambda",
|
ap_id: "https://mastodon.social/users/lambadalambda",
|
||||||
info: %{keys: @private_key}
|
keys: @private_key
|
||||||
})
|
})
|
||||||
|
|
||||||
assert Signature.sign(
|
assert Signature.sign(
|
||||||
|
@ -94,8 +94,7 @@ test "it returns signature headers" do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it returns error" do
|
test "it returns error" do
|
||||||
user =
|
user = insert(:user, %{ap_id: "https://mastodon.social/users/lambadalambda", keys: ""})
|
||||||
insert(:user, %{ap_id: "https://mastodon.social/users/lambadalambda", info: %{keys: ""}})
|
|
||||||
|
|
||||||
assert Signature.sign(
|
assert Signature.sign(
|
||||||
user,
|
user,
|
||||||
|
|
|
@ -1457,15 +1457,15 @@ test "if user is unconfirmed" do
|
||||||
describe "ensure_keys_present" do
|
describe "ensure_keys_present" do
|
||||||
test "it creates keys for a user and stores them in info" do
|
test "it creates keys for a user and stores them in info" do
|
||||||
user = insert(:user)
|
user = insert(:user)
|
||||||
refute is_binary(user.info.keys)
|
refute is_binary(user.keys)
|
||||||
{:ok, user} = User.ensure_keys_present(user)
|
{:ok, user} = User.ensure_keys_present(user)
|
||||||
assert is_binary(user.info.keys)
|
assert is_binary(user.keys)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it doesn't create keys if there already are some" do
|
test "it doesn't create keys if there already are some" do
|
||||||
user = insert(:user, %{info: %{keys: "xxx"}})
|
user = insert(:user, keys: "xxx")
|
||||||
{:ok, user} = User.ensure_keys_present(user)
|
{:ok, user} = User.ensure_keys_present(user)
|
||||||
assert user.info.keys == "xxx"
|
assert user.keys == "xxx"
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in a new issue