b82293270c
* Add option to provide signed token to verify key ownership Currently we will only allow a key to be matched to a user if it matches an activated email address. This PR provides a different mechanism - if the user provides a signature for automatically generated token (based on the timestamp, user creation time, user ID, username and primary email. * Ensure verified keys can act for all active emails for the user * Add code to mark keys as verified * Slight UI adjustments * Slight UI adjustments 2 * Simplify signature verification slightly * fix postgres test * add api routes * handle swapped primary-keys * Verify the no-reply address for verified keys * Only add email addresses that are activated to keys * Fix committer shortcut properly * Restructure gpg_keys.go * Use common Verification Token code Signed-off-by: Andrew Thornton <art27@cantab.net> |
||
---|---|---|
.. | ||
analyze | ||
auth | ||
avatar | ||
base | ||
cache | ||
charset | ||
context | ||
convert | ||
cron | ||
csv | ||
doctor | ||
emoji | ||
eventsource | ||
generate | ||
git | ||
gitgraph | ||
graceful | ||
hcaptcha | ||
highlight | ||
httpcache | ||
httplib | ||
indexer | ||
lfs | ||
log | ||
markup | ||
matchlist | ||
metrics | ||
migrations | ||
nosql | ||
notification | ||
options | ||
password | ||
pprof | ||
private | ||
process | ||
public | ||
queue | ||
recaptcha | ||
references | ||
repofiles | ||
repository | ||
secret | ||
session | ||
setting | ||
ssh | ||
storage | ||
structs | ||
svg | ||
sync | ||
task | ||
templates | ||
test | ||
timeutil | ||
translation | ||
typesniffer | ||
upload | ||
uri | ||
user | ||
util | ||
validation | ||
web |