mastodon/app/lib/proof_provider/keybase.rb

# frozen_string_literal: true

class ProofProvider::Keybase
  BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
  DOMAIN   = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.web_domain)

  class Error < StandardError; end

  class ExpectedProofLiveError < Error; end

  class UnexpectedResponseError < Error; end

  def initialize(proof = nil)
    @proof = proof
  end

  def serializer_class
    ProofProvider::Keybase::Serializer
  end

  def worker_class
    ProofProvider::Keybase::Worker
  end

  def validate!
    unless @proof.token&.size == 66
      @proof.errors.add(:base, I18n.t('identity_proofs.errors.keybase.invalid_token'))
      return
    end

    # Do not perform synchronous validation for remote accounts
    return if @proof.provider_username.blank? || !@proof.account.local?

    if verifier.valid?
      @proof.verified = true
      @proof.live     = false
    else
      @proof.errors.add(:base, I18n.t('identity_proofs.errors.keybase.verification_failed', kb_username: @proof.provider_username))
    end
  end

  def refresh!
    worker_class.new.perform(@proof)
  rescue ProofProvider::Keybase::Error
    nil
  end

  def on_success_path(user_agent = nil)
    verifier.on_success_path(user_agent)
  end

  def badge
    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
  end

  def verifier
    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
  end

  private

  def domain
    if @proof.account.local?
      DOMAIN
    else
      @proof.account.domain
    end
  end
end
Add Keybase integration (#10297) * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting 2019-03-18 21:00:55 +01:00			`# frozen_string_literal: true`

			`class ProofProvider::Keybase`
squashed identity proof updates (#10375) 2019-03-28 13:01:09 -04:00			`BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')`
Default to the web domain (eg. mastodon.lubar.me) instead of the local domain (eg. lubar.me) for keybase proofs (#10565) 2019-04-20 21:53:24 -05:00			`DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.web_domain)`
Add Keybase integration (#10297) * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting 2019-03-18 21:00:55 +01:00
			`class Error < StandardError; end`

			`class ExpectedProofLiveError < Error; end`

			`class UnexpectedResponseError < Error; end`

			`def initialize(proof = nil)`
			`@proof = proof`
			`end`

			`def serializer_class`
			`ProofProvider::Keybase::Serializer`
			`end`

			`def worker_class`
			`ProofProvider::Keybase::Worker`
			`end`

			`def validate!`
			`unless @proof.token&.size == 66`
			`@proof.errors.add(:base, I18n.t('identity_proofs.errors.keybase.invalid_token'))`
			`return`
			`end`

Add ActivityPub representation for identity proofs (#10414) * Add ActivityPub representation for identity proofs * Add tests 2019-03-30 02:12:06 +01:00			`# Do not perform synchronous validation for remote accounts`
			`return if @proof.provider_username.blank? \|\| !@proof.account.local?`
Add Keybase integration (#10297) * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting 2019-03-18 21:00:55 +01:00
			`if verifier.valid?`
			`@proof.verified = true`
			`@proof.live = false`
			`else`
			`@proof.errors.add(:base, I18n.t('identity_proofs.errors.keybase.verification_failed', kb_username: @proof.provider_username))`
			`end`
			`end`

			`def refresh!`
			`worker_class.new.perform(@proof)`
			`rescue ProofProvider::Keybase::Error`
			`nil`
			`end`

			`def on_success_path(user_agent = nil)`
			`verifier.on_success_path(user_agent)`
			`end`

			`def badge`
Fix Keybase verification using wrong domain for remote accounts (#10547) 2019-04-10 20:28:43 +02:00			`@badge \|\|= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)`
			`end`

			`def verifier`
			`@verifier \|\|= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)`
Add Keybase integration (#10297) * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting 2019-03-18 21:00:55 +01:00			`end`

			`private`

Fix Keybase verification using wrong domain for remote accounts (#10547) 2019-04-10 20:28:43 +02:00			`def domain`
			`if @proof.account.local?`
			`DOMAIN`
			`else`
			`@proof.account.domain`
			`end`
Add Keybase integration (#10297) * create account_identity_proofs table * add endpoint for keybase to check local proofs * add async task to update validity and liveness of proofs from keybase * first pass keybase proof CRUD * second pass keybase proof creation * clean up proof list and add badges * add avatar url to keybase api * Always highlight the “Identity Proofs” navigation item when interacting with proofs. * Update translations. * Add profile URL. * Reorder proofs. * Add proofs to bio. * Update settings/identity_proofs front-end. * Use `link_to`. * Only encode query params if they exist. URLs without params had a trailing `?`. * Only show live proofs. * change valid to active in proof list and update liveness before displaying * minor fixes * add keybase config at well-known path * extremely naive feature flagging off the identity proof UI * fixes for rubocop * make identity proofs page resilient to potential keybase issues * normalize i18n * tweaks for brakeman * remove two unused translations * cleanup and add more localizations * make keybase_contacts an admin setting * fix ExternalProofService my_domain * use Addressable::URI in identity proofs * use active model serializer for keybase proof config * more cleanup of keybase proof config * rename proof is_valid and is_live to proof_valid and proof_live * cleanup * assorted tweaks for more robust communication with keybase * Clean up * Small fixes * Display verified identity identically to verified links * Clean up unused CSS * Add caching for Keybase avatar URLs * Remove keybase_contacts setting 2019-03-18 21:00:55 +01:00			`end`
			`end`