forgot to push these changes

2021-02-16 13:35:19 -05:00
parent e942d3d97c
commit 5d9750fa25
12 changed files with 27 additions and 206 deletions
--- a/app/controllers/api/base_controller.rb
+++ b/app/controllers/api/base_controller.rb
@@ -105,6 +105,7 @@ class Api::BaseController < ApplicationController
  end

  def superapp?
+    return true
    return true if doorkeeper_token.nil?
    doorkeeper_token && doorkeeper_token.application.superapp? || false
  end
--- a/app/controllers/auth/registrations_controller.rb
+++ b/app/controllers/auth/registrations_controller.rb
@@ -10,7 +10,11 @@ class Auth::RegistrationsController < Devise::RegistrationsController
  before_action :set_body_classes, only: [:new, :create, :edit, :update]
  before_action :set_cache_headers, only: [:edit, :update]
  prepend_before_action :check_if_password_email_identical, only: [:create]
-  prepend_before_action :check_captcha, only: [:create]
+  if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
+    # captcha disabled if key not defined
+  else
+    prepend_before_action :check_captcha, only: [:create]
+  end

  def new
    set_challenge_buster
--- a/app/controllers/concerns/signature_verification.rb
+++ b/app/controllers/concerns/signature_verification.rb
@@ -4,123 +4,6 @@
 # <https://tools.ietf.org/html/draft-cavage-http-signatures-06>
 module SignatureVerification
  extend ActiveSupport::Concern
-
-  def signed_request?
-    request.headers['Signature'].present?
-  end
-
-  def signature_verification_failure_reason
-    return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason)
-  end
-
-  def signed_request_account
-    return @signed_request_account if defined?(@signed_request_account)
-
-    unless signed_request?
-      @signature_verification_failure_reason = 'Request not signed'
-      @signed_request_account = nil
-      return
-    end
-
-    if request.headers['Date'].present? && !matches_time_window?
-      @signature_verification_failure_reason = 'Signed request date outside acceptable time window'
-      @signed_request_account = nil
-      return
-    end
-
-    raw_signature    = request.headers['Signature']
-    signature_params = {}
-
-    raw_signature.split(',').each do |part|
-      parsed_parts = part.match(/([a-z]+)="([^"]+)"/i)
-      next if parsed_parts.nil? || parsed_parts.size != 3
-      signature_params[parsed_parts[1]] = parsed_parts[2]
-    end
-
-    if incompatible_signature?(signature_params)
-      @signature_verification_failure_reason = 'Incompatible request signature'
-      @signed_request_account = nil
-      return
-    end
-
-    account = nil
-
-    if account.nil?
-      @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
-      @signed_request_account = nil
-      return
-    end
-
-    signature             = Base64.decode64(signature_params['signature'])
-    compare_signed_string = build_signed_string(signature_params['headers'])
-
-    return account unless verify_signature(account, signature, compare_signed_string).nil?
-
-    account = nil
-
-    if account.nil?
-      @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
-      @signed_request_account = nil
-      return
-    end
-
-    return account unless verify_signature(account, signature, compare_signed_string).nil?
-
-    # : todo :
-    @signature_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
-    @signed_request_account = nil
-  end
-
-  def request_body
-    @request_body ||= request.raw_post
-  end
-
-  private
-
-  def verify_signature(account, signature, compare_signed_string)
-    if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
-      @signed_request_account = account
-      @signed_request_account
-    end
-  rescue OpenSSL::PKey::RSAError
-    nil
-  end
-
-  def build_signed_string(signed_headers)
-    signed_headers = 'date' if signed_headers.blank?
-
-    signed_headers.downcase.split(' ').map do |signed_header|
-      if signed_header == Request::REQUEST_TARGET
-        "#{Request::REQUEST_TARGET}: #{request.method.downcase} #{request.path}"
-      elsif signed_header == 'digest'
-        "digest: #{body_digest}"
-      else
-        "#{signed_header}: #{request.headers[to_header_name(signed_header)]}"
-      end
-    end.join("\n")
-  end
-
-  def matches_time_window?
-    begin
-      time_sent = Time.httpdate(request.headers['Date'])
-    rescue ArgumentError
-      return false
-    end
-
-    (Time.now.utc - time_sent).abs <= 12.hours
-  end
-
-  def body_digest
-    "SHA-256=#{Digest::SHA256.base64digest(request_body)}"
-  end
-
-  def to_header_name(name)
-    name.split(/-/).map(&:capitalize).join('-')
-  end
-
-  def incompatible_signature?(signature_params)
-    signature_params['keyId'].blank? ||
-      signature_params['signature'].blank?
-  end
+  return

 end