Add OpenPGP key to LDAP directory and User model
All checks were successful
continuous-integration/drone/push Build is passing
All checks were successful
continuous-integration/drone/push Build is passing
This commit is contained in:
@@ -3,9 +3,10 @@ require 'nostr'
|
||||
class User < ApplicationRecord
|
||||
include EmailValidatable
|
||||
|
||||
attr_accessor :display_name
|
||||
attr_accessor :avatar_new
|
||||
attr_accessor :current_password
|
||||
attr_accessor :avatar_new
|
||||
attr_accessor :display_name
|
||||
attr_accessor :pgp_pubkey
|
||||
|
||||
serialize :preferences, coder: UserPreferences
|
||||
|
||||
@@ -51,6 +52,8 @@ class User < ApplicationRecord
|
||||
|
||||
validate :acceptable_avatar
|
||||
|
||||
validate :acceptable_pgp_key_format, if: -> { defined?(@pgp_pubkey) && @pgp_pubkey != "" }
|
||||
|
||||
#
|
||||
# Scopes
|
||||
#
|
||||
@@ -165,6 +168,23 @@ class User < ApplicationRecord
|
||||
Nostr::PublicKey.new(nostr_pubkey).to_bech32
|
||||
end
|
||||
|
||||
def pgp_pubkey
|
||||
@pgp_pubkey ||= ldap_entry[:pgp_key]
|
||||
end
|
||||
|
||||
def gnupg_key
|
||||
return nil unless pgp_pubkey.present?
|
||||
@gnupg_key ||= GPGME::Key.get(pgp_fpr)
|
||||
end
|
||||
|
||||
def pgp_pubkey_contains_user_address?
|
||||
gnupg_key.uids.map(&:email).include?(address)
|
||||
end
|
||||
|
||||
def wkd_hash
|
||||
ZBase32.encode(Digest::SHA1.digest(cn))
|
||||
end
|
||||
|
||||
def avatar
|
||||
@avatar_base64 ||= LdapManager::FetchAvatar.call(cn: cn)
|
||||
end
|
||||
@@ -214,4 +234,10 @@ class User < ApplicationRecord
|
||||
errors.add(:avatar, "must be a JPEG or PNG file")
|
||||
end
|
||||
end
|
||||
|
||||
def acceptable_pgp_key_format
|
||||
unless GPGME::Key.valid?(pgp_pubkey)
|
||||
errors.add(:pgp_pubkey, 'is not a valid armored PGP public key block')
|
||||
end
|
||||
end
|
||||
end
|
||||
|
||||
@@ -58,7 +58,7 @@ class LdapService < ApplicationService
|
||||
|
||||
attributes = %w[
|
||||
dn cn uid mail displayName admin serviceEnabled
|
||||
mailRoutingAddress mailpassword nostrKey
|
||||
mailRoutingAddress mailpassword nostrKey pgpKey
|
||||
]
|
||||
filter = Net::LDAP::Filter.eq("uid", args[:uid] || "*")
|
||||
|
||||
@@ -73,7 +73,8 @@ class LdapService < ApplicationService
|
||||
services_enabled: e.try(:serviceEnabled),
|
||||
email_maildrop: e.try(:mailRoutingAddress),
|
||||
email_password: e.try(:mailpassword),
|
||||
nostr_key: e.try(:nostrKey) ? e.nostrKey.first : nil
|
||||
nostr_key: e.try(:nostrKey) ? e.nostrKey.first : nil,
|
||||
pgp_key: e.try(:pgpKey) ? e.pgpKey.first : nil
|
||||
}
|
||||
end
|
||||
end
|
||||
@@ -101,7 +102,7 @@ class LdapService < ApplicationService
|
||||
dn = "ou=#{ou},cn=users,#{ldap_suffix}"
|
||||
|
||||
aci = <<-EOS
|
||||
(target="ldap:///cn=*,ou=#{ou},cn=users,#{ldap_suffix}")(targetattr="cn || sn || uid || userPassword || mail || mailRoutingAddress || serviceEnabled || nostrKey || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{ldap_suffix}";)
|
||||
(target="ldap:///cn=*,ou=#{ou},cn=users,#{ldap_suffix}")(targetattr="cn || sn || uid || userPassword || mail || mailRoutingAddress || serviceEnabled || nostrKey || pgpKey || nsRole || objectClass") (version 3.0; acl "service-#{ou.gsub(".", "-")}-read-search"; allow (read,search) userdn="ldap:///uid=service,ou=#{ou},cn=applications,#{ldap_suffix}";)
|
||||
EOS
|
||||
|
||||
attrs = {
|
||||
|
||||
Reference in New Issue
Block a user