Browse Source

Keys should not verify revoked email addresses (#12486)

Fix #6778

Signed-off-by: Andrew Thornton <art27@cantab.net>
for-closed-social
zeripath 4 years ago
committed by GitHub
parent
commit
f50364a5b0
No known key found for this signature in database GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
  1. +3
    -0
      models/gpg_key.go

+ 3
- 0
models/gpg_key.go View File

@ -286,6 +286,9 @@ func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) {
emails := make([]*EmailAddress, 0, len(e.Identities)) emails := make([]*EmailAddress, 0, len(e.Identities))
for _, ident := range e.Identities { for _, ident := range e.Identities {
if ident.Revocation != nil {
continue
}
email := strings.ToLower(strings.TrimSpace(ident.UserId.Email)) email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))
for _, e := range userEmails { for _, e := range userEmails {
if e.Email == email { if e.Email == email {

Loading…
Cancel
Save