Merge branch 'feature/remove_keypair' into 'develop'

removed rsa keypair from account table, it was a federation relic

See merge request gab/social/gab-social!63

app/controllers/auth/registrations_controller.rb

@@ -10,7 +10,11 @@ class Auth::RegistrationsController < Devise::RegistrationsController
   before_action :set_body_classes, only: [:new, :create, :edit, :update]
   before_action :set_cache_headers, only: [:edit, :update]
   prepend_before_action :check_if_password_email_identical, only: [:create]
-  prepend_before_action :check_captcha, only: [:create]
+  if ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').empty? || ENV.fetch('GAB_CAPTCHA_CLIENT_KEY', '').nil?
+    # captcha disabled if key not defined
+  else
+    prepend_before_action :check_captcha, only: [:create]
+  end
 
   def new
     set_challenge_buster

app/controllers/concerns/signature_verification.rb

@@ -4,123 +4,4 @@
 # <https://tools.ietf.org/html/draft-cavage-http-signatures-06>
 module SignatureVerification
   extend ActiveSupport::Concern
-
-  def signed_request?
-    request.headers['Signature'].present?
-  end
-
-  def signature_verification_failure_reason
-    return @signature_verification_failure_reason if defined?(@signature_verification_failure_reason)
-  end
-
-  def signed_request_account
-    return @signed_request_account if defined?(@signed_request_account)
-
-    unless signed_request?
-      @signature_verification_failure_reason = 'Request not signed'
-      @signed_request_account = nil
-      return
-    end
-
-    if request.headers['Date'].present? && !matches_time_window?
-      @signature_verification_failure_reason = 'Signed request date outside acceptable time window'
-      @signed_request_account = nil
-      return
-    end
-
-    raw_signature    = request.headers['Signature']
-    signature_params = {}
-
-    raw_signature.split(',').each do |part|
-      parsed_parts = part.match(/([a-z]+)="([^"]+)"/i)
-      next if parsed_parts.nil? || parsed_parts.size != 3
-      signature_params[parsed_parts[1]] = parsed_parts[2]
-    end
-
-    if incompatible_signature?(signature_params)
-      @signature_verification_failure_reason = 'Incompatible request signature'
-      @signed_request_account = nil
-      return
-    end
-
-    account = nil
-
-    if account.nil?
-      @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
-      @signed_request_account = nil
-      return
-    end
-
-    signature             = Base64.decode64(signature_params['signature'])
-    compare_signed_string = build_signed_string(signature_params['headers'])
-
-    return account unless verify_signature(account, signature, compare_signed_string).nil?
-
-    account = nil
-
-    if account.nil?
-      @signature_verification_failure_reason = "Public key not found for key #{signature_params['keyId']}"
-      @signed_request_account = nil
-      return
-    end
-
-    return account unless verify_signature(account, signature, compare_signed_string).nil?
-
-    # : todo :
-    @signature_verification_failure_reason = "Verification failed for #{account.username}@#{account.domain} #{account.uri}"
-    @signed_request_account = nil
-  end
-
-  def request_body
-    @request_body ||= request.raw_post
-  end
-
-  private
-
-  def verify_signature(account, signature, compare_signed_string)
-    if account.keypair.public_key.verify(OpenSSL::Digest::SHA256.new, signature, compare_signed_string)
-      @signed_request_account = account
-      @signed_request_account
-    end
-  rescue OpenSSL::PKey::RSAError
-    nil
-  end
-
-  def build_signed_string(signed_headers)
-    signed_headers = 'date' if signed_headers.blank?
-
-    signed_headers.downcase.split(' ').map do |signed_header|
-      if signed_header == Request::REQUEST_TARGET
-        "#{Request::REQUEST_TARGET}: #{request.method.downcase} #{request.path}"
-      elsif signed_header == 'digest'
-        "digest: #{body_digest}"
-      else
-        "#{signed_header}: #{request.headers[to_header_name(signed_header)]}"
-      end
-    end.join("\n")
-  end
-
-  def matches_time_window?
-    begin
-      time_sent = Time.httpdate(request.headers['Date'])
-    rescue ArgumentError
-      return false
-    end
-
-    (Time.now.utc - time_sent).abs <= 12.hours
-  end
-
-  def body_digest
-    "SHA-256=#{Digest::SHA256.base64digest(request_body)}"
-  end
-
-  def to_header_name(name)
-    name.split(/-/).map(&:capitalize).join('-')
-  end
-
-  def incompatible_signature?(signature_params)
-    signature_params['keyId'].blank? ||
-      signature_params['signature'].blank?
-  end
-
 end

app/models/account.rb

@@ -7,8 +7,6 @@
 #  username                :string           default(""), not null
 #  domain                  :string
 #  secret                  :string           default(""), not null
-#  private_key             :text
-#  public_key              :text             default(""), not null
 #  remote_url              :string           default(""), not null
 #  salmon_url              :string           default(""), not null
 #  hub_url                 :string           default(""), not null
@@ -54,6 +52,8 @@
 #
 
 class Account < ApplicationRecord
+  self.ignored_columns = ["private_key"]
+  self.ignored_columns = ["public_key"]
   USERNAME_RE = /[a-z0-9_]+([a-z0-9_\.-]+[a-z0-9_]+)?/i
   MENTION_RE  = /(?<=^|[^\/[:word:]])@((#{USERNAME_RE})(?:@[a-z0-9\.\-]+[a-z0-9]+)?)/i
   MIN_FOLLOWERS_DISCOVERY = 10
@@ -200,10 +200,6 @@ class Account < ApplicationRecord
     end
   end
 
-  def keypair
-    @keypair ||= OpenSSL::PKey::RSA.new(private_key || public_key)
-  end
-
   def tags_as_strings=(tag_names)
     tag_names.map! { |name| name.mb_chars.downcase.to_s }
     tag_names.uniq!
@@ -279,21 +275,6 @@ class Account < ApplicationRecord
     self.fields = tmp
   end
 
-  def magic_key
-    modulus, exponent = [keypair.public_key.n, keypair.public_key.e].map do |component|
-      result = []
-
-      until component.zero?
-        result << [component % 256].pack('C')
-        component >>= 8
-      end
-
-      result.reverse.join
-    end
-
-    (['RSA'] + [modulus, exponent].map { |n| Base64.urlsafe_encode64(n) }).join('.')
-  end
-
   def save_with_optional_media!
     save!
   rescue ActiveRecord::RecordInvalid
@@ -444,7 +425,6 @@ class Account < ApplicationRecord
     @emojis ||= CustomEmoji.from_text(emojifiable_text)
   end
 
-  before_create :generate_keys
   before_validation :prepare_contents, if: :local?
   before_validation :prepare_username, on: :create
   before_destroy :clean_feed_manager
@@ -460,14 +440,6 @@ class Account < ApplicationRecord
     username&.squish!
   end
 
-  def generate_keys
-    return unless local? && !Rails.env.test?
-
-    keypair = OpenSSL::PKey::RSA.new(2048)
-    self.private_key = keypair.to_pem
-    self.public_key  = keypair.public_key.to_pem
-  end
-
   def normalize_domain
     return if local?
 

app/models/group.rb

@@ -18,7 +18,7 @@
 #  member_count             :integer          default(0)
 #  slug                     :text
 #  is_private               :boolean          default(FALSE)
-#  is_visible               :boolean          default(FALSE)
+#  is_visible               :boolean          default(TRUE)
 #  tags                     :string           default([]), is an Array
 #  password                 :string
 #  group_category_id        :integer

app/models/list_account.rb

@@ -6,7 +6,7 @@
 #  id         :bigint(8)        not null, primary key
 #  list_id    :bigint(8)        not null
 #  account_id :bigint(8)        not null
-#  follow_id  :bigint(8)        default(1)
+#  follow_id  :bigint(8)
 #
 
 class ListAccount < ApplicationRecord