Oneric
cc5c1bb10c
signing_key: cleanup code
...
In particular this avoids an unecessary roundtrip
over user_id when searching a key via its primary key_id
2025-02-14 22:10:25 +01:00
Oneric
70fe99d196
Prevent key-actor mapping poisoning and key take overs
...
Previously there were mainly two attack vectors:
- for raw keys the owner <-> key mapping wasn't verified at all
- keys were retrieved with refetching allowed
and only the top-level ID was sanitised while
usually keys are but a subobject
This reintroduces public key checks in the user actor,
previously removed in 9728e2f8f7
2025-02-14 22:10:25 +01:00
Oneric
294de939cb
signing_key: refactor nested case into with statement
...
The error branches were already effectively identical before.
This change is purely cosmetic.
2024-12-08 20:43:57 +00:00
Floatingghost
11c5838947
standardise local key id generation
2024-10-30 12:44:01 +00:00
Floatingghost
d330c57cda
make sure we correctly match key objects
2024-10-26 08:42:07 +01:00
Floatingghost
58d5d9d7bf
fix tests, contain object
2024-10-26 06:58:47 +01:00
Floatingghost
13215f5f06
remove public key field
2024-10-26 05:28:55 +01:00
Floatingghost
430b376ded
mix format
2024-10-26 05:05:48 +01:00
Floatingghost
ccf1007883
Fix about a million tests
2024-10-26 05:05:48 +01:00
Floatingghost
6da783b84d
Fix http signature plug tests
2024-10-26 05:05:48 +01:00
Floatingghost
8f322456a0
Allow unsigned fetches of a user's public key
2024-10-26 05:05:48 +01:00
Floatingghost
9c876cea21
Fix some tests
2024-10-26 05:05:48 +01:00
Floatingghost
fc99c694e6
Add signing key modules
2024-10-26 05:05:28 +01:00
