using the API to retrieve a source immediately after source creation returns *all* source keys #4005
Comments
|
There is a related bit of code in def getkey(self, name):
for key in self.gpg.list_keys():
for uid in key['uids']:
if name in uid:
return key['fingerprint']
return NoneIf we call this like Instead of listing all the keys and iterating through them, it may be better to use the GPG wrapper to extract exactly the key we want, then check that the extraction returned only one key. I'm fairly sure the wrapper supports this. If we do not make the change above, when we call def export_pubkey(self, identifier):
# 40 is the len of a fingerprint, scrypt filesystem_ids are longer than that
if not identifier and not len(identifier) > 40:
raise Exception("not today!")
return self.gpg.export_keys(identifier) |
|
As a related issue, if we use the code snippet above of exporting by identifier, this happens You can see in the above that I'm exporting once by @redshiftzero mentioned that this may be an upstream issue, but also we're far behind the latest version of |
|
Hmm, did you confirm that it is indeed the case that we should expect to be able to pass When I tested just now, it looks like the behavior when the identifier actually doesn't match anything is to still return a public-key looking return value (i.e. the underlying problem here could just be passing an unexpected arg to |
|
Yeah I just woke up and checked that with |
Description
Steps to Reproduce
Steps to reproduce
GET /api/v1/sourcesExpected Behavior
Exactly one or zero keys are returned for the new source.
Actual Behavior
All keys are returned for the new source.
Example:
{ "sources": [ { "add_star_url": "/api/v1/sources/d55335b0-5d7a-4151-bc3c-212f344e584a/add_star", "interaction_count": 4, "is_flagged": false, "is_starred": false, "journalist_designation": "rallying zoologist", "key": { "public": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBFGRfoABEADJ56nCxMuQeyp/LMhzEyRCQZ6UrYS3KVHtOPz7Q+N/4rWsS+Wu\nMO8X606xVA43JFVJgqeD+a4pcknmw9k0O7WzD+peswLCKulQ0s+yaZjP0G08CQH8\nS3nwG/zoCBxX+FXNnThtN+2u+XhGcKNACzWaiH8KiO9YUSUmiexCP3REBgMLucFF\nTnQK6RUcuVmYYS+VS87hYrEN4F6ANw5EeuENj++a36AJNFrzPO+QAfqZfe8UY64w\niyoXaELKCPKUMq3vka8oR6wUwPGw+053Epmd8BEy/7Ol6BdNbthB0bSrgMtnfEjX\nlU1LuusSPXOTAIXHr63+45oxAJ3MO8qoNXznWbPwElQAR/2xrsy2z20TDuvHCS2f\nrbITmB6oN76505YDFPjc19dXKWUurapQHsTkG1Bv/P/31/g46LA9TrULu+ZN7Dxz\nvvxDEvpPnrjKMjeew21v2w1P29DBhpoZwaxUhpMC7SF4yiEotaUXiZkaxCNkxT/l\n1UPQkS6XhuuGhsEv81BOuibPsI388nRNx5OUaCnXH9FxaFbyJyfmDek9IaymEXjV\nfD9gr1fePG0Wsa94D29nQ/GCegw4UhbDCZD6WX/Fi4kK8SBOOg0fU/5cW0eSZ8bp\nfTEXM++T0mKpbD+pz0QQMJHJuo46hZ7nWGslt7taCmqIPHI0KNNCKYPAfwARAQAB\ntHxBdXRvZ2VuZXJhdGVkIEtleSA8RkdWTUJPWFc2UVBSTDRJMlpBWjZUWktEV0Iy\nUEFNNjY3UE5HQ0tTRVROSEdBR1RVS1NHT1FNT0xJTFVTSk5YR0RZNUZPUjRJQUxP\nQ01TUjJXWE5GWlFKVFU2R01HVkpQR09SR0RQST0+iQI5BBMBCgAjBQJRkX6AAhsv\nBwsJCAcDAgEGFQgCCQoLBBYCAwECHgECF4AACgkQPaif/ttqPFxozg/+LgcbcStF\nBRxSzui0gZI2OEIdhL2ELZRSflhjOx650AfJO1hFZw3gHKrCv2AYwOXRqWhZHpwZ\n67qtkOTbwP2ENs2JNJodzk3CLRXm4YgoCABbH0QFd85osareTKA8qt1dIfzFwHup\nrJRCoc0cOI0vtzyK1fyWxAriRkn+Df2ue4FWJRI3LfvvCccr0+xkfac9RkgAUVIl\n46NyplnfRCwiHH0UkAzXYxOCSZ7NbT63HImZ8pkQifReFgANwljjtMpuNKw33otp\n7FMBK/VyeBcsHj/KhotMLbdmJvQ3Jwur5zT9/jR1F6Bh+JTHk8+sQZtefA9DTpFI\n6mBQl56toCqWMWfXB58tlv/YYb7GPhJI3dhc6UBJ8AHYA3Sgv698hITmAM4Yy+RB\nrGfAVKPpCwKr4wNh58BtHQ4J0oT4cLEgOr03QbnLIfg8EFBkIEfA+GP4/kwVrdAQ\nxqoRaksbWHXRUbXfaoraglYszAB9n004J5B0g0JwSgRRK0RpSrFLgW50bfCX6Nqe\nYTrxVL2tUXlZD8nKKu/tbmVymEgZameAVpR4sSU++9uBU3tsvqqqSR7SAKZDDz2k\nX8ofyvvqPeFXPQA4wyVcP9STgPUfYrn7tlSz6oq/fJHJcSw4TgY/zt7UZZxm0fJQ\ngN8384mxsBfcHYyblx4kMPnjwQ/B5067IuA=\n=3F/H\n-----END PGP PUBLIC KEY BLOCK-----\n", "type": "PGP" }, "last_updated": "2018-12-22T13:00:54.524845Z", "number_of_documents": 0, "number_of_messages": 2, "remove_star_url": "/api/v1/sources/d55335b0-5d7a-4151-bc3c-212f344e584a/remove_star", "replies_url": "/api/v1/sources/d55335b0-5d7a-4151-bc3c-212f344e584a/replies", "submissions_url": "/api/v1/sources/d55335b0-5d7a-4151-bc3c-212f344e584a/submissions", "url": "/api/v1/sources/d55335b0-5d7a-4151-bc3c-212f344e584a", "uuid": "d55335b0-5d7a-4151-bc3c-212f344e584a" }, { "add_star_url": "/api/v1/sources/dc17df20-6459-4317-8b3c-67b51997d3ce/add_star", "interaction_count": 1, "is_flagged": false, "is_starred": false, "journalist_designation": "atomistic leviathan", "key": { "public": "-----BEGIN PGP PUBLIC KEY BLOCK-----\n\nmQINBFJZi2ABEACZJJA53+pEAdkZyD99nxB995ZVTBw60SQ/6E/gws4kInv+YS7t\nwSMXGa5bR4SD9voWxzLgyulqbM93jUFKn5GcsSh2O/lxAvEDKsPmXCRP1eBg3pjU\n+8DRLm0TEFiywC+w6HF4PsOh+JlBWafUfL3vwrGKTXvrlKBsosvDmoogLjkMWomM\nKBF/97OKyQiMQf1BDJqZ88nScJEqwo0xz0PfcB04GAtfR7N6Qa8HpFc0VDQcILFB\n0aJx5+p7nw1LyR37LLoK8JbEY6QZd277Y0/U+O4v6WfH/2H5kQ8sC+P8hPwr3rSg\nu3SVbNRasB4ZHFpJZR9Kv21zmQb9U3rrCk2yg3Wm0qtZ0S5CECAAwG2LQkKouRw2\nak+Y8aolHDt6a785eF0AaAtgbPX4THMum/CNMksHO0PBBqxR+C9z7WSHXFHvv+8B\n5nRccS4m4klyYTbZOOJ45DuC3xDjTRwzzpkYhqf4pLAhwF3spKZsAczAFPmDyxFf\nCyIBiMZSK/j8PMJT1X5tgpL1NXImNdVIPV2Fy+W7PkNfG2FL/FQIUnK6ntukLW/7\nhV6VHcx52mMn1pVUc6v80LEb4BMDz41vlj9R8YVv8hycPtnN0QL5gIME1n7jbKJf\nyfWxkvBXMINDgHK/RysRMP6FXA6Mw65BGNIuO0Il0FTy12HuKI/coEsG2QARAQAB\ntDZTZWN1cmVEcm9wIFRlc3QvRGV2ZWxvcG1lbnQgKERPIE5PVCBVU0UgSU4gUFJP\nRFVDVElPTimJAjsEEwECACUCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheABQJS\nm8UzAhkBAAoJEMxA7xIoJxRB1hAP/jVoFRi1R3i4P3EhmaYg9VQUo5SRyfMDoE6r\nFyzOv2x3vRqPM1Bm4ihLQePfwKsJLDo7UVgjmTNEY4bpSYmKus/uo6Kx6yrxm6d/\nJzY0BER+LJi0iA0iyLTqYk3eXyxQmHmy6my8zVyag5k/f/DejSUQgckJZ9pAhr7r\nq4aTCWYapo/6fDM0XAo1T5Upt/iSqHet6NZR15JCDHIvGJYGAxVemccSNKFb1tsn\n5aIMuGDbNivCUIFav+eo2JIEy60BokcZCy68qWwtlO5nIao79MoNMNz2EFSOomOg\nb1sNadEj2vAkLfU4+dOVbYsFGUzOaV0mUHcaTNPYwnK+PgyOi5M05BX55a9FSBgi\nAsEwEnDK1lvzLfWEQxVQvsw9A9vnCbSX8PwC4/uUtokkKxVN9ICl8AfaT38+OUHW\niNl4NCgd26iRgTLhfMXpTjRyOb2RvFdzLByDEWIbvu5kCh247UFYSL0llk+suNh3\ncm0mOUdL1nZuEo4EyEF1dq+1opMfDMF98q0660wZdwvwUQIXBt/yK3FH0BGA66ai\nR78Z4pH1JqtYvzfDJx+XP8O2N9GYGd7kpak/5C2BTJzLVyzagB1yi8SmiYna5yQj\nEqW5Txeq0GGd2H4KtUETUevU4x0Rw3luHToaDd9d5sioF48o87PlGwk+OCofPfLj\nLnwFPNZcuQINBFJZi2ABEADzfv+9Ogb4KEWFom9zMF+xg8bcd/Ct72/sWLQW6Pz6\n+SkmLEHuklTO+k7xiQ6jdzXzj1rTfy317L7G51naBSb6Ekfv8mu2ogOwrvtgYnGC\nvfCpooUSxcfi+aEJzIJL29TAi1RCLZm15KRbkvEl8wS93BSLiag5w4/8eP1vXebq\n95GrCZwiNZdhdQs3qn4j3VRvTW/SZHIAdJY+mMfUMPjq4c4sA82os6kVrEnWeLGf\nT9d+knfm9J/2Rumy90bLAY6SFmRZ9/DxwKwbIsVy8CRvU3RVFSX8HCBQepRCQkls\n9r7KVBqYE2Wh+0a+9wHHHNI7VBxKGXPflrirxY1AB5vjLcX1hmXbCoyf4ytgdHyC\nKDz9Oc+xkgJeyVW6XwSqc5EhuNFXp3+C7BF7eQZ1REJLbL6CtEkeF0jHBaTeKM/p\nN4fVhjPiU/FsNmZGKxxLyxDnnDI5pY8bhphVxwBRZ5GtVNqiVNDw+rRACQalpT21\nOcAgLP+Rz+qf3TPyEZN6WPEx8/76ILuSHb8mpOH7W/514f5NuFaAlgmUnO3cT10h\nh4IwOQ+kvj0qMww8fASI9DJExXUYb3xDSCmOkJPhu1/Drr3gdFBha4/jAz7jBWls\nVr2RLJzilf8Mi9j8WpHIfP+WXtwWz3+iYPS0SPoB7g9DA0+Ei760pJJf73AEjD+f\nFwARAQABiQIfBBgBAgAJBQJSWYtgAhsMAAoJEMxA7xIoJxRBp/cP/3lJx9z5yzZA\n6UvLQR6pK+V1iy2hvZ+S+EwYRCiTgYTXekHzLXWwjWGfUYDTHMeaS9O9BMRMGOU3\ninyb47GZSoQ0N0bRVTzrY6/0ifhUSJ00MemOodI1bz4pAMk3uR8iWyhlaGn7JAIA\nKmCm+K0qkeJd61S9iyrx7s9QmaNPnupm5pc+bpOAkbKyq7sEFpWM5Qx82n1tVMtn\nIW2OoRPbz80JkkQB2pl6SjskXqZ89jcFWGI6IChYENKc65xafDt4uFuHU+5j4j2f\n4ySYSwfoWC97MOgJLqA/WimxeeNCYFhykUDWrL5mKBTgMXgH/sYk3GDo7fssaYbK\nn1xbbX4GXQl3+ru4zT6/F7CxZErjLb+evShyf4itM+5AdbKRiRzoraqKblBa4TfJ\nBSqHisdcxdZeBe19+jyY6a8ZMcGhrQeksiKxTRh7ylAk7CLVgLEIHLxXzHoZ0oAF\nz2ulG+zH9KS9Pe8MQxHCrlyfoQElQuJoYbrYBOu28itvGPgz6+5xgvZROvPoqIkI\nk8DYt9lJqUFBeZuFJd5W1TuHKLxueVYvSKeG+e3TjOYdJFvDZInM4cNWr8N92mYS\niphljiHAKVTQeIf1ma07QUH/ul3YC+g07F+BLonIIXA6uQVebv5iLxTgOzIQwHTJ\nVu4MPiQNn1h4dk1RonfV/aJ+de1+qjA8mQINBFGRfoABEADJ56nCxMuQeyp/LMhz\nEyRCQZ6UrYS3KVHtOPz7Q+N/4rWsS+WuMO8X606xVA43JFVJgqeD+a4pcknmw9k0\nO7WzD+peswLCKulQ0s+yaZjP0G08CQH8S3nwG/zoCBxX+FXNnThtN+2u+XhGcKNA\nCzWaiH8KiO9YUSUmiexCP3REBgMLucFFTnQK6RUcuVmYYS+VS87hYrEN4F6ANw5E\neuENj++a36AJNFrzPO+QAfqZfe8UY64wiyoXaELKCPKUMq3vka8oR6wUwPGw+053\nEpmd8BEy/7Ol6BdNbthB0bSrgMtnfEjXlU1LuusSPXOTAIXHr63+45oxAJ3MO8qo\nNXznWbPwElQAR/2xrsy2z20TDuvHCS2frbITmB6oN76505YDFPjc19dXKWUurapQ\nHsTkG1Bv/P/31/g46LA9TrULu+ZN7DxzvvxDEvpPnrjKMjeew21v2w1P29DBhpoZ\nwaxUhpMC7SF4yiEotaUXiZkaxCNkxT/l1UPQkS6XhuuGhsEv81BOuibPsI388nRN\nx5OUaCnXH9FxaFbyJyfmDek9IaymEXjVfD9gr1fePG0Wsa94D29nQ/GCegw4UhbD\nCZD6WX/Fi4kK8SBOOg0fU/5cW0eSZ8bpfTEXM++T0mKpbD+pz0QQMJHJuo46hZ7n\nWGslt7taCmqIPHI0KNNCKYPAfwARAQABtHxBdXRvZ2VuZXJhdGVkIEtleSA8RkdW\nTUJPWFc2UVBSTDRJMlpBWjZUWktEV0IyUEFNNjY3UE5HQ0tTRVROSEdBR1RVS1NH\nT1FNT0xJTFVTSk5YR0RZNUZPUjRJQUxPQ01TUjJXWE5GWlFKVFU2R01HVkpQR09S\nR0RQST0+iQI5BBMBCgAjBQJRkX6AAhsvBwsJCAcDAgEGFQgCCQoLBBYCAwECHgEC\nF4AACgkQPaif/ttqPFxozg/+LgcbcStFBRxSzui0gZI2OEIdhL2ELZRSflhjOx65\n0AfJO1hFZw3gHKrCv2AYwOXRqWhZHpwZ67qtkOTbwP2ENs2JNJodzk3CLRXm4Ygo\nCABbH0QFd85osareTKA8qt1dIfzFwHuprJRCoc0cOI0vtzyK1fyWxAriRkn+Df2u\ne4FWJRI3LfvvCccr0+xkfac9RkgAUVIl46NyplnfRCwiHH0UkAzXYxOCSZ7NbT63\nHImZ8pkQifReFgANwljjtMpuNKw33otp7FMBK/VyeBcsHj/KhotMLbdmJvQ3Jwur\n5zT9/jR1F6Bh+JTHk8+sQZtefA9DTpFI6mBQl56toCqWMWfXB58tlv/YYb7GPhJI\n3dhc6UBJ8AHYA3Sgv698hITmAM4Yy+RBrGfAVKPpCwKr4wNh58BtHQ4J0oT4cLEg\nOr03QbnLIfg8EFBkIEfA+GP4/kwVrdAQxqoRaksbWHXRUbXfaoraglYszAB9n004\nJ5B0g0JwSgRRK0RpSrFLgW50bfCX6NqeYTrxVL2tUXlZD8nKKu/tbmVymEgZameA\nVpR4sSU++9uBU3tsvqqqSR7SAKZDDz2kX8ofyvvqPeFXPQA4wyVcP9STgPUfYrn7\ntlSz6oq/fJHJcSw4TgY/zt7UZZxm0fJQgN8384mxsBfcHYyblx4kMPnjwQ/B5067\nIuA=\n=5Nq3\n-----END PGP PUBLIC KEY BLOCK-----\n", "type": "PGP" }, "last_updated": "2018-12-22T13:14:02.588646Z", "number_of_documents": 0, "number_of_messages": 1, "remove_star_url": "/api/v1/sources/dc17df20-6459-4317-8b3c-67b51997d3ce/remove_star", "replies_url": "/api/v1/sources/dc17df20-6459-4317-8b3c-67b51997d3ce/replies", "submissions_url": "/api/v1/sources/dc17df20-6459-4317-8b3c-67b51997d3ce/submissions", "url": "/api/v1/sources/dc17df20-6459-4317-8b3c-67b51997d3ce", "uuid": "dc17df20-6459-4317-8b3c-67b51997d3ce" } ] }If you import the above key into GPG, you will see that it contains:
Comments
The root cause is here:
if
Noneis passed toexport_keys, then it will return all pub keys.This bug will cause the following fatal error in the Qt client.
In additional to the error in Qt, it seems likely this will cause errors in the web UI too (both interfaces), but I haven't tested that yet.
The text was updated successfully, but these errors were encountered: