slipenkomk/sequoia-sq
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Revert "Refine sq pki {authenticate,lookup}'s user ID designators."

Browse Source 
- This reverts commit cc8657f53581f96691a4a5e5d2177e025ee9fee2.

  - The old semantics were better.
This commit is contained in:
Neal H. Walfield 2024-12-16 09:57:51 +01:00
parent a007a80269
commit 12a47e2121
No known key found for this signature in database
GPG Key ID: 6863C9AD5B4D22D3
7 changed files with 33 additions and 92 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
NEWS
View File

@ -29,15 +29,6 @@
<alice@example.org>" to link.
- Add `sq pki link retract --userid-by-email`, which selects a
self-signed user ID with the specified email address.
- Change `sq pki authenticate --email` and `sq pki lookup --email`
to match user IDs with the specified email address. For example,
if a certificate has the user ID "Alice <alice@example.org>",
then `--email alice@example.org` no longer selects it.
- Add `sq pki authenticate --userid-by-email`, and `sq pki lookup
--userid-by-email`, which match user IDs with the specified email
address. For example, if a certificate has the user ID "Alice
<alice@example.org>", then `--userid-by-email alice@example.org`
selects it.
- Change `sq pki vouch add --email` and `sq pki vouch authorize
--email` to use a user ID with just the specified email address,
if the email address is part of a self-signed user ID. That is,

4
src/cli/pki/authenticate.rs
View File

@ -48,7 +48,7 @@ pub struct Command {
#[command(flatten)]
pub userid: UserIDDesignators<
userid_designator::PlainAddAndByArgs,
userid_designator::PlainByArgs,
userid_designator::OneValueNoLinting,
userid_designator::AnyDocumentation>,
@ -88,7 +88,7 @@ address for the given certificate.",
).command(&[
"sq", "pki", "authenticate",
"--cert", "EB28F26E2739A4870ECC47726F0073F60FD0CBF0",
"--userid-by-email", "alice@example.org",
"--email", "alice@example.org",
]).build(),
],
};

4
src/cli/pki/lookup.rs
View File

@ -34,7 +34,7 @@ use crate::cli::types::UserIDDesignators;
pub struct Command {
#[command(flatten)]
pub userid: UserIDDesignators<
userid_designator::PlainAddAndByArgs,
userid_designator::PlainByArgs,
userid_designator::OneValueNoLinting,
userid_designator::AnyDocumentation>,
@ -72,7 +72,7 @@ const EXAMPLES: Actions = Actions {
address, and that user ID can be authenticated.",
).command(&[
"sq", "pki", "lookup",
"--userid-by-email", "alice@example.org",
"--email", "alice@example.org",
]).build(),
],
};

4
tests/integration/sq_autocrypt.rs
View File

@ -41,7 +41,7 @@ fn sq_autocrypt_import() -> Result<()>
cmd.arg("pki").arg("authenticate")
.arg("--amount=40")
.arg("--cert").arg("A614C91D0392D83EE6B1C4A4DD4147FEF78AD630")
.arg("--userid-by-email").arg("pink@probier.email");
.arg("--email").arg("pink@probier.email");
eprintln!("Running: {:?}", cmd);
eprintln!("pre: {}", time_as_string(std::time::SystemTime::now().into()));
sq.run(cmd, true);
@ -96,7 +96,7 @@ fn sq_autocrypt_import_signed() -> Result<()>
cmd.arg("pki").arg("authenticate")
.arg("--amount=40")
.arg("--cert").arg("64F4DD76866EA6896E4A869BA0FCAE2B43465576")
.arg("--userid-by-email").arg("patrick@enigmail.net");
.arg("--email").arg("patrick@enigmail.net");
eprintln!("Running: {:?}", cmd);
sq.run(cmd, true);

34
tests/integration/sq_pki.rs
View File

@ -313,28 +313,28 @@ fn authenticate_email() -> Result<()> {
let alice_fpr: Fingerprint =
"85DAB65713B2D0ABFC5A4F28BC10C9CE4A699D8D"
.parse().expect("valid fingerprint");
// Yes, UserIDArg::ByEmail, not UserIDArg::UserID. We're testing
// what --userid-by-email matches!
// Yes, UserIDArg::Email, not UserIDArg::UserID. We're testing
// what --email matches!
let alice_uid
= UserIDArg::ByEmail("<alice@example.org>");
= UserIDArg::Email("<alice@example.org>");
let dave_fpr: Fingerprint =
"329D5AAF73DC70B4E3DD2D11677CB70FFBFE1281"
.parse().expect("valid fingerprint");
// Yes, UserIDArg::ByEmail, not UserIDArg::UserID.
// Yes, UserIDArg::Email, not UserIDArg::UserID.
let dave_uid
= UserIDArg::ByEmail("<dave@example.org>");
let dave_email = UserIDArg::ByEmail("dave@example.org");
let dave_email_uc1 = UserIDArg::ByEmail("DAVE@example.org");
let dave_email_uc2 = UserIDArg::ByEmail("DAVE@EXAMPLE.ORG");
= UserIDArg::Email("<dave@example.org>");
let dave_email = UserIDArg::Email("dave@example.org");
let dave_email_uc1 = UserIDArg::Email("DAVE@example.org");
let dave_email_uc2 = UserIDArg::Email("DAVE@EXAMPLE.ORG");
let ellen_fpr: Fingerprint =
"A7319A9B166AB530A5FBAC8AB43CA77F7C176AF4"
.parse().expect("valid fingerprint");
// Yes, UserIDArg::ByEmail, not UserIDArg::UserID.
// Yes, UserIDArg::Email, not UserIDArg::UserID.
let ellen_uid
= UserIDArg::ByEmail("<ellen@example.org>");
let ellen_email = UserIDArg::ByEmail("ellen@example.org");
= UserIDArg::Email("<ellen@example.org>");
let ellen_email = UserIDArg::Email("ellen@example.org");
// Certified by: 329D5AAF73DC70B4E3DD2D11677CB70FFBFE1281
// defaults
@ -529,7 +529,7 @@ fn authenticate_email() -> Result<()> {
let alice_uid
= UserIDArg::UserID("<alice@example.org>");
let alice_email
= UserIDArg::ByEmail("alice@example.org");
= UserIDArg::Email("alice@example.org");
let hans_fpr: Fingerprint =
"74767C4F2B15F57F3394FCA99DE867E6CA6A2756"
@ -539,13 +539,13 @@ fn authenticate_email() -> Result<()> {
// Certified by: B8DA8B318149B1C8C0CBD1ECB1CEC6D3CD00E69D
let hans_email
= UserIDArg::ByEmail("hÄNS@bücher.tld");
= UserIDArg::Email("hÄNS@bücher.tld");
let hans_email_lowercase
= UserIDArg::ByEmail("häns@bücher.tld");
= UserIDArg::Email("häns@bücher.tld");
let hans_email_punycode
= UserIDArg::ByEmail("hÄNS@xn--bcher-kva.tld");
= UserIDArg::Email("hÄNS@xn--bcher-kva.tld");
let hans_email_punycode_lowercase
= UserIDArg::ByEmail("häns@xn--bcher-kva.tld");
= UserIDArg::Email("häns@xn--bcher-kva.tld");
let carol_fpr: Fingerprint =
"7432C123761B94EC50D50CF6562B9ADEE7F789F6"
@ -555,7 +555,7 @@ fn authenticate_email() -> Result<()> {
// Certified by: 74767C4F2B15F57F3394FCA99DE867E6CA6A2756
let carol_email
= UserIDArg::ByEmail("carol@example.org");
= UserIDArg::Email("carol@example.org");
// defaults
let keyring = "puny-code.pgp";

36
tests/integration/sq_pki_authenticate.rs
View File

@ -11,9 +11,6 @@ fn userid_designators() {
let good_self_signed_userid
= &format!("Alice <{}>", good_self_signed_email);
let good_email_email = "alice@some.org";
let good_email_userid = &format!("<{}>", good_email_email);
let other_email = "alice@other.org";
let other_userid = &format!("Alice <{}>", other_email);
@ -22,7 +19,7 @@ fn userid_designators() {
= &format!("Alice <{}>", bad_self_signed_email);
let (cert, cert_path, _rev_path)
= sq.key_generate(&[], &[ good_self_signed_userid, good_email_userid ]);
= sq.key_generate(&[], &[ good_self_signed_userid ]);
let fpr = &cert.fingerprint().to_string();
sq.key_import(cert_path);
@ -30,9 +27,6 @@ fn userid_designators() {
// Link the good self-signed user ID.
sq.pki_link_add(&[], cert.key_handle(), &[ good_self_signed_userid ]);
// Link the good self-signed, email-only user ID.
sq.pki_link_add(&[], cert.key_handle(), &[ good_email_userid ]);
// Link a non-self-signed user ID.
sq.pki_link_add(&[], cert.key_handle(),
&[ UserIDArg::AddUserID(other_userid) ]);
@ -43,8 +37,6 @@ fn userid_designators() {
// Self signed and authenticated.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID(good_self_signed_userid)).is_ok());
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID(good_email_userid)).is_ok());
// Not self signed, but authenticated.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID(other_userid)).is_ok());
@ -59,34 +51,16 @@ fn userid_designators() {
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::UserID(bad_self_signed_email)).is_err());
// --userid-by-email matches user IDs that are authenticated. It
// doesn't matter if they are self-signed.
// --email matches user IDs that are authenticated. It doesn't
// matter if they are self-signed.
// Self signed and authenticated.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::ByEmail(good_self_signed_email)).is_ok());
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::ByEmail(good_email_email)).is_ok());
&[], &fpr, UserIDArg::Email(good_self_signed_email)).is_ok());
// Not self signed, but authenticated.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::ByEmail(other_email)).is_ok());
&[], &fpr, UserIDArg::Email(other_email)).is_ok());
// Self signed, but not authenticated.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::ByEmail(bad_self_signed_email)).is_err());
// --email matches user IDs with the specified email and nothing
// else.
// Self signed and authenticated, with a display name.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::Email(good_self_signed_email)).is_err());
// Self signed and authenticated, just an email address.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::Email(good_email_email)).is_ok());
// Not self signed, but authenticated and with a display name.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::Email(other_email)).is_err());
// Self signed, but not authenticated and with a display name.
assert!(sq.pki_authenticate(
&[], &fpr, UserIDArg::Email(bad_self_signed_email)).is_err());
}

34
tests/integration/sq_pki_lookup.rs
View File

@ -11,9 +11,6 @@ fn userid_designators() {
let good_self_signed_userid
= &format!("Alice <{}>", good_self_signed_email);
let good_email_email = "alice@some.org";
let good_email_userid = &format!("<{}>", good_email_email);
let other_email = "alice@other.org";
let other_userid = &format!("Alice <{}>", other_email);
@ -22,16 +19,13 @@ fn userid_designators() {
= &format!("Alice <{}>", bad_self_signed_email);
let (cert, cert_path, _rev_path)
= sq.key_generate(&[], &[ good_self_signed_userid, good_email_userid ]);
= sq.key_generate(&[], &[ good_self_signed_userid ]);
sq.key_import(cert_path);
// Link the good self-signed user ID.
sq.pki_link_add(&[], cert.key_handle(), &[ good_self_signed_userid ]);
// Link the good self-signed, email-only user ID.
sq.pki_link_add(&[], cert.key_handle(), &[ good_email_userid ]);
// Link a non-self-signed user ID.
sq.pki_link_add(&[], cert.key_handle(),
&[ UserIDArg::AddUserID(other_userid) ]);
@ -56,34 +50,16 @@ fn userid_designators() {
assert!(sq.pki_lookup(
&[], UserIDArg::UserID(bad_self_signed_email)).is_err());
// --userid-by-email matches user IDs that are authenticated. It
// doesn't matter if they are self-signed.
// --email matches user IDs that are authenticated. It doesn't
// matter if they are self-signed.
// Self signed and authenticated.
assert!(sq.pki_lookup(
&[], UserIDArg::ByEmail(good_self_signed_email)).is_ok());
assert!(sq.pki_lookup(
&[], UserIDArg::ByEmail(good_email_email)).is_ok());
&[], UserIDArg::Email(good_self_signed_email)).is_ok());
// Not self signed, but authenticated.
assert!(sq.pki_lookup(
&[], UserIDArg::ByEmail(other_email)).is_ok());
&[], UserIDArg::Email(other_email)).is_ok());
// Self signed, but not authenticated.
assert!(sq.pki_lookup(
&[], UserIDArg::ByEmail(bad_self_signed_email)).is_err());
// --email matches user IDs with the specified email and nothing
// else.
// Self signed and authenticated, with a display name.
assert!(sq.pki_lookup(
&[], UserIDArg::Email(good_self_signed_email)).is_err());
// Self signed and authenticated, just an email address.
assert!(sq.pki_lookup(
&[], UserIDArg::Email(good_email_email)).is_ok());
// Not self signed, but authenticated and with a display name.
assert!(sq.pki_lookup(
&[], UserIDArg::Email(other_email)).is_err());
// Self signed, but not authenticated and with a display name.
assert!(sq.pki_lookup(
&[], UserIDArg::Email(bad_self_signed_email)).is_err());
}