kosmos/akkounts
8
1
Fork 0
Code Issues 22 Pull Requests 1 Actions Packages Releases 12 Activity

Move nostr pubkeys to LDAP attribute
All checks were successful
continuous-integration/drone/push Build is passing
Details
continuous-integration/drone/pr Build is passing
Details
Release Drafter / Update release notes draft (pull_request) Successful in 4s
Details

Browse Source 
closes #173
This commit is contained in:
Râu Cao
2024-03-17 11:04:11 +01:00
parent 3715cb518b
commit 5a3adba603
12 changed files with 188 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/controllers/settings_controller.rb
View File

@@ -88,6 +88,7 @@ class SettingsController < ApplicationController
def set_nostr_pubkey
signed_event = nostr_event_params[:signed_event].to_h.symbolize_keys
is_valid_id = NostrManager::ValidateId.call(event: signed_event)
is_valid_sig = NostrManager::VerifySignature.call(event: signed_event)
is_correct_content = signed_event[:content] == "Connect my public key to #{current_user.address} (confirmation #{session[:shared_secret]})"
@@ -97,28 +98,24 @@ class SettingsController < ApplicationController
http_status :unprocessable_entity and return
end
pubkey_taken = User.all_except(current_user).where(
ou: current_user.ou, nostr_pubkey: signed_event[:pubkey]
).any?
user_with_pubkey = LdapManager::FetchUserByNostrKey.call(pubkey: signed_event[:pubkey])
if pubkey_taken
if user_with_pubkey.present? && (user_with_pubkey != current_user)
flash[:alert] = "Public key already in use for a different account"
http_status :unprocessable_entity and return
end
current_user.update! nostr_pubkey: signed_event[:pubkey]
LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: signed_event[:pubkey])
session[:shared_secret] = nil
flash[:success] = "Public key verification successful"
http_status :ok
rescue
flash[:alert] = "Public key could not be verified"
http_status :unprocessable_entity and return
end
# DELETE /settings/nostr_pubkey
def remove_nostr_pubkey
current_user.update! nostr_pubkey: nil
# TODO require current pubkey or password to delete
LdapManager::UpdateNostrKey.call(dn: current_user.dn, pubkey: nil)
redirect_to setting_path(:nostr), flash: {
success: 'Public key removed from account'
@@ -165,7 +162,7 @@ class SettingsController < ApplicationController
def nostr_event_params
params.permit(signed_event: [
:id, :pubkey, :created_at, :kind, :tags, :content, :sig
:id, :pubkey, :created_at, :kind, :content, :sig, tags: []
])
end