Merge pull request 'Add custom LDAP attributes to schema' (#181) from feature/custom_ldap_attributes into master
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
Reviewed-on: #181 Reviewed-by: greg <greg@noreply.kosmos.org>
This commit was merged in pull request #181.
This commit is contained in:
@@ -12,7 +12,7 @@ class SettingsController < ApplicationController
|
||||
end
|
||||
|
||||
def show
|
||||
if @settings_section == "experiments"
|
||||
if @settings_section == "nostr"
|
||||
session[:shared_secret] ||= SecureRandom.base64(12)
|
||||
end
|
||||
end
|
||||
@@ -88,6 +88,7 @@ class SettingsController < ApplicationController
|
||||
|
||||
def set_nostr_pubkey
|
||||
signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
|
||||
|
||||
is_valid_id = NostrManager::ValidateId.call(event: signed_event)
|
||||
is_valid_sig = NostrManager::VerifySignature.call(event: signed_event)
|
||||
is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
|
||||
@@ -97,30 +98,26 @@ class SettingsController < ApplicationController
|
||||
http_status :unprocessable_entity and return
|
||||
end
|
||||
|
||||
pubkey_taken = User.all_except(current_user).where(
|
||||
ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
|
||||
).any?
|
||||
user_with_pubkey = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event[:pubkey])
|
||||
|
||||
if pubkey_taken
|
||||
if user_with_pubkey.present? && (user_with_pubkey != current_user)
|
||||
flash[:alert] = "Public key already in use for a different account"
|
||||
http_status :unprocessable_entity and return
|
||||
end
|
||||
|
||||
current_user.update! nostr_pubkey: signed_event[:pubkey]
|
||||
LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: signed_event[:pubkey])
|
||||
session[:shared_secret] = nil
|
||||
|
||||
flash[:success] = "Public key verification successful"
|
||||
http_status :ok
|
||||
rescue
|
||||
flash[:alert] = "Public key could not be verified"
|
||||
http_status :unprocessable_entity and return
|
||||
end
|
||||
|
||||
# DELETE /settings/nostr_pubkey
|
||||
def remove_nostr_pubkey
|
||||
current_user.update! nostr_pubkey: nil
|
||||
# TODO require current pubkey or password to delete
|
||||
LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: nil)
|
||||
|
||||
redirect_to setting_path(:experiments), flash: {
|
||||
redirect_to setting_path(:nostr), flash: {
|
||||
success: 'Public key removed from account'
|
||||
}
|
||||
end
|
||||
@@ -134,8 +131,8 @@ class SettingsController < ApplicationController
|
||||
def set_settings_section
|
||||
@settings_section = params[:section]
|
||||
allowed_sections = [
|
||||
:profile, :account, :xmpp, :email, :lightning, :remotestorage,
|
||||
:experiments
|
||||
:profile, :account, :xmpp, :email,
|
||||
:lightning, :remotestorage, :nostr
|
||||
]
|
||||
|
||||
unless allowed_sections.include?(@settings_section.to_sym)
|
||||
@@ -165,7 +162,7 @@ class SettingsController < ApplicationController
|
||||
|
||||
def nostr_event_params
|
||||
params.permit(signed_event: [
|
||||
:id, :pubkey, :created_at, :kind, :tags, :content, :sig
|
||||
:id, :pubkey, :created_at, :kind, :content, :sig, tags: []
|
||||
])
|
||||
end
|
||||
|
||||
|
||||
Reference in New Issue
Block a user