From bf41958c16e36ce4dc74701520af828c99ecae5b Mon Sep 17 00:00:00 2001 From: zeripath Date: Mon, 22 Aug 2022 19:35:18 +0100 Subject: [PATCH] Pad GPG Key ID with preceding zeroes (#20878) (#20885) Backport #20878 The go crypto library does not pad keyIDs to 16 characters with preceding zeroes. This is a somewhat confusing thing for most users who expect these to have preceding zeroes. This PR prefixes any sub 16 length KeyID with preceding zeroes and removes preceding zeroes from KeyIDs inputted on the API. Fix #20876 Signed-off-by: Andrew Thornton --- models/asymkey/gpg_key.go | 9 +++++++++ routers/api/v1/user/gpg_key.go | 7 +++++++ templates/repo/commit_page.tmpl | 8 ++++---- templates/user/settings/keys_gpg.tmpl | 8 ++++---- 4 files changed, 24 insertions(+), 8 deletions(-) diff --git a/models/asymkey/gpg_key.go b/models/asymkey/gpg_key.go index a12cd2048350..78dc453e0de4 100644 --- a/models/asymkey/gpg_key.go +++ b/models/asymkey/gpg_key.go @@ -63,6 +63,15 @@ func (key *GPGKey) AfterLoad(session *xorm.Session) { } } +// PaddedKeyID show KeyID padded to 16 characters +func (key *GPGKey) PaddedKeyID() string { + if len(key.KeyID) > 15 { + return key.KeyID + } + zeros := "0000000000000000" + return zeros[0:16-len(key.KeyID)] + key.KeyID +} + // ListGPGKeys returns a list of public keys belongs to given user. func ListGPGKeys(ctx context.Context, uid int64, listOptions db.ListOptions) ([]*GPGKey, error) { sess := db.GetEngine(ctx).Table(&GPGKey{}).Where("owner_id=? AND primary_key_id=''", uid) diff --git a/routers/api/v1/user/gpg_key.go b/routers/api/v1/user/gpg_key.go index b211a24a0e0d..b87cf0041e19 100644 --- a/routers/api/v1/user/gpg_key.go +++ b/routers/api/v1/user/gpg_key.go @@ -7,6 +7,7 @@ package user import ( "fmt" "net/http" + "strings" asymkey_model "code.gitea.io/gitea/models/asymkey" "code.gitea.io/gitea/models/db" @@ -177,6 +178,12 @@ func VerifyUserGPGKey(ctx *context.APIContext) { token := asymkey_model.VerificationToken(ctx.Doer, 1) lastToken := asymkey_model.VerificationToken(ctx.Doer, 0) + form.KeyID = strings.TrimLeft(form.KeyID, "0") + if form.KeyID == "" { + ctx.NotFound() + return + } + _, err := asymkey_model.VerifyGPGKey(ctx.Doer.ID, form.KeyID, token, form.Signature) if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) { _, err = asymkey_model.VerifyGPGKey(ctx.Doer.ID, form.KeyID, lastToken, form.Signature) diff --git a/templates/repo/commit_page.tmpl b/templates/repo/commit_page.tmpl index 1e6296836338..d83e6cc0838a 100644 --- a/templates/repo/commit_page.tmpl +++ b/templates/repo/commit_page.tmpl @@ -222,7 +222,7 @@ {{.Verification.SigningSSHKey.Fingerprint}} {{else}} {{.i18n.Tr "repo.commits.gpg_key_id"}}: - {{.Verification.SigningKey.KeyID}} + {{.Verification.SigningKey.PaddedKeyID}} {{end}} {{else}} {{svg "octicon-shield-lock" 16 "mr-3"}} @@ -231,7 +231,7 @@ {{.Verification.SigningSSHKey.Fingerprint}} {{else}} {{.i18n.Tr "repo.commits.gpg_key_id"}}: - {{.Verification.SigningKey.KeyID}} + {{.Verification.SigningKey.PaddedKeyID}} {{end}} {{end}} {{else if .Verification.Warning}} @@ -241,14 +241,14 @@ {{.Verification.SigningSSHKey.Fingerprint}} {{else}} {{.i18n.Tr "repo.commits.gpg_key_id"}}: - {{.Verification.SigningKey.KeyID}} + {{.Verification.SigningKey.PaddedKeyID}} {{end}} {{else}} {{if .Verification.SigningKey}} {{if ne .Verification.SigningKey.KeyID ""}} {{svg "octicon-shield" 16 "mr-3"}} {{.i18n.Tr "repo.commits.gpg_key_id"}}: - {{.Verification.SigningKey.KeyID}} + {{.Verification.SigningKey.PaddedKeyID}} {{end}} {{end}} {{if .Verification.SigningSSHKey}} diff --git a/templates/user/settings/keys_gpg.tmpl b/templates/user/settings/keys_gpg.tmpl index 52fc0a5033aa..6bfbfe28cc8f 100644 --- a/templates/user/settings/keys_gpg.tmpl +++ b/templates/user/settings/keys_gpg.tmpl @@ -22,7 +22,7 @@

{{.i18n.Tr "settings.gpg_token_help"}}

-

{{$.i18n.Tr "settings.gpg_token_code" .TokenToSign .KeyID}}

+

{{$.i18n.Tr "settings.gpg_token_code" .TokenToSign .PaddedKeyID}}

@@ -64,8 +64,8 @@ {{svg "octicon-mail"}} {{$.i18n.Tr "settings.gpg_key_matched_identities"}} {{range .Emails}}{{.Email}} {{end}} {{end}}
- {{$.i18n.Tr "settings.key_id"}}: {{.KeyID}} - {{$.i18n.Tr "settings.subkeys"}}: {{range .SubsKey}} {{.KeyID}} {{end}} + {{$.i18n.Tr "settings.key_id"}}: {{.PaddedKeyID}} + {{$.i18n.Tr "settings.subkeys"}}: {{range .SubsKey}} {{.PaddedKeyID}} {{end}}
{{$.i18n.Tr "settings.add_on"}} {{.AddedUnix.FormatShort}} @@ -87,7 +87,7 @@

{{$.i18n.Tr "settings.gpg_token_help"}}

-

{{$.i18n.Tr "settings.gpg_token_code" $.TokenToSign .KeyID}}

+

{{$.i18n.Tr "settings.gpg_token_code" $.TokenToSign .PaddedKeyID}}