fix(asymkey): verify token + CRLF input

Window-based shells will add a CRLF when piping the token into ssh-keygen command resulting in verification error. This resolves go-gitea#21527.
nekrondev · Dec 7, 2023 · b4e31fe · b4e31fe
1 parent 4bf5653
commit b4e31fe
Showing 1 changed file with 3 additions and 1 deletion.
diff --git a/models/asymkey/ssh_key_verify.go b/models/asymkey/ssh_key_verify.go
@@ -30,7 +30,9 @@ func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signat
 		return "", ErrKeyNotExist{}
 	}
 
-	if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil {
+	// edge case for Windows based shells that will add CR LF if piped to ssh-keygen command
+	errcrlf := sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea")
+	if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil && errcrlf != nil {
 		log.Error("Unable to validate token signature. Error: %v", err)
 		return "", ErrSSHInvalidTokenSignature{
 			Fingerprint: key.Fingerprint,