simonvareille
/
keyserver
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add regex for restriction and use.

esisar-restrictions
Simon Vareille 2020-02-08 12:15:36 +01:00
parent fe9bf831e5
commit 919a984471
No known key found for this signature in database
GPG Key ID: 008AE8E706CC19F9
2 changed files with 19 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
src/service/pgp.js
View File

@ -70,7 +70,7 @@ class PGP {
const {userIds, status} = await this.parseUserIds(key.users, primaryKey, verifyDate); const {userIds, status} = await this.parseUserIds(key.users, primaryKey, verifyDate);
if (!userIds.length) { if (!userIds.length) {
if (status == 1) { if (status == 1) {
util.throw(400, 'Invalid PGP key: no user ID comes from Esisar'); util.throw(400, 'Invalid PGP key: no user ID comes from a valid organisation');
} }
else { else {
util.throw(400, 'Invalid PGP key: invalid user IDs'); util.throw(400, 'Invalid PGP key: invalid user IDs');
@ -125,7 +125,7 @@ class PGP {
* @param {Object} primaryKey The primary key packet of the key * @param {Object} primaryKey The primary key packet of the key
* @param {Date} verifyDate Verify user IDs at this point in time * @param {Date} verifyDate Verify user IDs at this point in time
* @return {Array, integer} An array of user id objects and a satus indicator. * @return {Array, integer} An array of user id objects and a satus indicator.
* Values of status : 0 if no error, 1 if no address comes from Esisar. * Values of status : 0 if no error, 1 if no address comes from a specific organisation.
*/ */
async parseUserIds(users, primaryKey, verifyDate = new Date()) { async parseUserIds(users, primaryKey, verifyDate = new Date()) {
if (!users || !users.length) { if (!users || !users.length) {
@ -133,7 +133,7 @@ class PGP {
} }
// at least one user id must be valid, revoked or expired // at least one user id must be valid, revoked or expired
const result = []; const result = [];
var isFromEsisar = false; var isFromOrganisation = false;
for (const user of users) { for (const user of users) {
const userStatus = await user.verify(primaryKey, verifyDate); const userStatus = await user.verify(primaryKey, verifyDate);
if (userStatus !== openpgp.enums.keyStatus.invalid && user.userId && user.userId.userid) { if (userStatus !== openpgp.enums.keyStatus.invalid && user.userId && user.userId.userid) {
@ -147,14 +147,14 @@ class PGP {
email: util.normalizeEmail(uid.email), email: util.normalizeEmail(uid.email),
verified: false verified: false
}); });
if(/^([a-z0-9\-.]+)@([a-z0-9.\-]*)esisar\.grenoble-inp\.fr$/.test(util.normalizeEmail(uid.email))) if(util.isFromOrganisation(util.normalizeEmail(uid.email)))
isFromEsisar = true; isFromOrganisation = true;
} }
} catch (e) {} } catch (e) {}
} }
} }
var status = 0; var status = 0;
if(!isFromEsisar){ if(!isFromOrganisation){
result.length = 0; result.length = 0;
status = 1; status = 1;
} }

13
src/service/util.js
View File

@ -78,6 +78,19 @@ exports.isEmail = function(data) {
return re.test(data); return re.test(data);
}; };
/**
* Checks for a valid specific organisation email address.
* @param {string} data The email address
* @return {boolean} Wether the email address comes from organisation
*/
exports.isFromOrganisation = function(data) {
if (!this.isString(data)) {
return false;
}
const re = /^([a-z0-9\-.]+)@([a-z0-9.\-]*)esisar\.grenoble-inp\.fr$/;
return re.test(data);
};
/** /**
* Normalize email address to lowercase. * Normalize email address to lowercase.
* @param {string} email The email address * @param {string} email The email address