fix: respond with error on invalid pgp key

We used to just ignore the key. Also separated the code for handling key updates from other user updates. This should eventually be moved to a different route. Mixing the two makes the implementation really hard.
author: Azul <azul@riseup.net> 2017-11-16 13:18:55 +0100
committer: Azul <azul@riseup.net> 2017-11-16 13:18:55 +0100
commit: 1ce9a3355ee59181df0359ebb455efa9ef323bb6 (patch)
tree: c911f020eb11d0e1342c96ae225cf2a4a6ca57df /app/controllers/api/users_controller.rb
parent: ae0aa02d038f16bb0919eebee805624bb891f48f (diff)
1 files changed, 30 insertions, 12 deletions
diff --git a/app/controllers/api/users_controller.rb b/app/controllers/api/users_controller.rb
index cb7b7bc..65b80c7 100644
--- a/app/controllers/api/users_controller.rb
+++ b/app/controllers/api/users_controller.rb
@@ -34,14 +34,6 @@ module Api
       end
     end
 
-    def user_response
-      @user.to_hash.tap do |user_hash|
-        if @user == current_user
-          user_hash['is_admin'] = @user.is_admin?
-        end
-      end
-    end
-
     def create
       if current_user.is_monitor?
         create_test_account
@@ -53,8 +45,14 @@ module Api
     end
 
     def update
-      @user.account.update user_update_params
-      respond_with @user
+      if user_update_params.present?
+        @user.account.update user_update_params
+        respond_with @user
+      else
+        # TODO: move into identity controller
+        key = update_pgp_key(user_key_param[:public_key])
+        respond_with key
+      end
     end
 
     def destroy
@@ -67,13 +65,24 @@ module Api
 
     private
 
+    def user_response
+      @user.to_hash.tap do |user_hash|
+        if @user == current_user
+          user_hash['is_admin'] = @user.is_admin?
+        end
+      end
+    end
+
     def user_update_params
       params.require(:user).permit :login,
         :password_verifier,
         :password_salt,
         :recovery_code_verifier,
-        :recovery_code_salt,
-        :public_key
+        :recovery_code_salt
+    end
+
+    def user_key_param
+      params.require(:user).permit :public_key
     end
 
     def release_handles
@@ -99,5 +108,14 @@ module Api
       end
     end
 
+    def update_pgp_key(key)
+      PgpKey.new(key).tap do |key|
+        if key.valid?
+          identity = Identity.for(@user)
+          identity.set_key(:pgp, key)
+          identity.save
+        end
+      end
+    end
   end
 end
author	Azul <azul@riseup.net>	2017-11-16 13:18:55 +0100
committer	Azul <azul@riseup.net>	2017-11-16 13:18:55 +0100
commit	1ce9a3355ee59181df0359ebb455efa9ef323bb6 (patch)
tree	c911f020eb11d0e1342c96ae225cf2a4a6ca57df /app/controllers/api/users_controller.rb
parent	ae0aa02d038f16bb0919eebee805624bb891f48f (diff)