From b66531d19d828d0205da2db4a29728ae70d3c37d Mon Sep 17 00:00:00 2001 From: Simon Vareille Date: Sat, 15 Feb 2020 15:15:15 +0100 Subject: [PATCH] Toggle organisation restriction from config file. --- config/default.js | 4 +++- config/development.js | 5 +++++ src/service/pgp.js | 3 ++- src/service/public-key.js | 16 ++++++++++++---- src/service/util.js | 3 ++- 5 files changed, 24 insertions(+), 7 deletions(-) diff --git a/config/default.js b/config/default.js index ee2ff16..5a9307d 100644 --- a/config/default.js +++ b/config/default.js @@ -41,7 +41,9 @@ module.exports = { }, publicKey: { - purgeTimeInDays: process.env.PUBLIC_KEY_PURGE_TIME || 30 + purgeTimeInDays: process.env.PUBLIC_KEY_PURGE_TIME || 30, + restrictUserOrigin: process.env.RESTRICT_USER_ORIGIN || false, + restrictionRegEx: process.env.RESTRICTION_REGEX } }; diff --git a/config/development.js b/config/development.js index 4e28b5d..8af9737 100755 --- a/config/development.js +++ b/config/development.js @@ -22,6 +22,11 @@ module.exports = { name: 'OpenPGP Key Server', email: 'user@gmail.com' } + }, + + publicKey: { + restrictUserOrigin: true, + restrictionRegEx: '^([a-z0-9\-.]+)@([a-z0-9.\-]*)esisar\.grenoble-inp\.fr$' } }; diff --git a/src/service/pgp.js b/src/service/pgp.js index 2d50c40..7036eb3 100644 --- a/src/service/pgp.js +++ b/src/service/pgp.js @@ -19,6 +19,7 @@ const log = require('winston'); const util = require('./util'); +const config = require('config'); const openpgp = require('openpgp'); const KEY_BEGIN = '-----BEGIN PGP PUBLIC KEY BLOCK-----'; @@ -154,7 +155,7 @@ class PGP { } } var status = 0; - if(!isFromOrganisation){ + if(config.publicKey.restrictUserOrigin && !isFromOrganisation ){ result.length = 0; status = 1; } diff --git a/src/service/public-key.js b/src/service/public-key.js index de39e10..865febc 100644 --- a/src/service/public-key.js +++ b/src/service/public-key.js @@ -103,10 +103,18 @@ class PublicKey { await this._addKeyArmored(key.userIds, key.publicKeyArmored); // new key, set armored to null key.publicKeyArmored = null; - // send mails to verify organisation's user ids - await this._sendVerifyOrganisationEmail(key, origin, ctx); - // store key in database - await this._persistKeyOrganisation(key); + if(config.publicKey.restrictUserOrigin) { + // send mails to verify organisation's user ids + await this._sendVerifyOrganisationEmail(key, origin, ctx); + // store key in database + await this._persistKeyOrganisation(key); + } + else { + // send mails to verify all user ids + await this._sendVerifyEmail(key, origin, ctx); + // store key in database + await this._persistKey(key); + } } } diff --git a/src/service/util.js b/src/service/util.js index 8ac7076..a79179a 100644 --- a/src/service/util.js +++ b/src/service/util.js @@ -18,6 +18,7 @@ 'use strict'; const crypto = require('crypto'); +const config = require('config'); /** * Checks for a valid string @@ -87,7 +88,7 @@ exports.isFromOrganisation = function(data) { if (!this.isString(data)) { return false; } - const re = /^([a-z0-9\-.]+)@([a-z0-9.\-]*)esisar\.grenoble-inp\.fr$/; + const re = new RegExp(config.publicKey.restrictionRegEx, 'g'); return re.test(data); };