From 08949c518a09a9b569f5e8228a99c405d31ebbec Mon Sep 17 00:00:00 2001 From: John Berthels Date: Mon, 18 May 2026 17:44:37 +0200 Subject: [PATCH] fix: expose API fields for ssh keys (#12517) (#12625) The original issue only mentions 'Verified', but 'Updated' was also missing and so is also included. The integration test only covers the initial `false` state. Attempting to cover the flip to true seemed to introduce more problems than benefits (as outlined in `tests/integration/api_keys_test.go`) Manual testing was performed to check that verifying the key in the web ui caused the return value to change from false to true in the API response (using `curl`). ## Checklist The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org). ### Tests for Go changes (can be removed for JavaScript changes) - I added test coverage for Go changes... - [ ] in their respective `*_test.go` for unit tests. - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server. - I ran... - [x] `make pr-go` before pushing ### Tests for JavaScript changes (can be removed for Go changes) - I added test coverage for JavaScript changes... - [ ] in `web_src/js/*.test.js` if it can be unit tested. - [ ] in `tests/e2e/*.test.e2e.js` if it requires interactions with a live Forgejo server (see also the [developer guide for JavaScript testing](https://codeberg.org/forgejo/forgejo/src/branch/forgejo/tests/e2e/README.md#end-to-end-tests)). ### Documentation - [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change. - [x] I did not document these changes and I do not expect someone else to do it. ### Release notes - [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change. - [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change. Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12625 Reviewed-by: Cyborus Reviewed-by: Mathieu Fenniak --- modules/structs/user_key.go | 3 +++ services/convert/convert.go | 2 ++ templates/swagger/v1_json.tmpl | 9 +++++++++ tests/integration/api_keys_test.go | 19 ++++++++++++++++++- 4 files changed, 32 insertions(+), 1 deletion(-) diff --git a/modules/structs/user_key.go b/modules/structs/user_key.go index b92552b200..a984a813f3 100644 --- a/modules/structs/user_key.go +++ b/modules/structs/user_key.go @@ -19,4 +19,7 @@ type PublicKey struct { Owner *User `json:"user,omitempty"` ReadOnly bool `json:"read_only,omitempty"` KeyType string `json:"key_type,omitempty"` + // swagger:strfmt date-time + Updated time.Time `json:"updated_at,omitzero"` + Verified bool `json:"verified"` } diff --git a/services/convert/convert.go b/services/convert/convert.go index 1f52511188..49949ac0e0 100644 --- a/services/convert/convert.go +++ b/services/convert/convert.go @@ -259,6 +259,8 @@ func ToPublicKey(apiLink string, key *asymkey_model.PublicKey) *api.PublicKey { Title: key.Name, Fingerprint: key.Fingerprint, Created: key.CreatedUnix.AsTime(), + Updated: key.UpdatedUnix.AsTime(), + Verified: key.Verified, } } diff --git a/templates/swagger/v1_json.tmpl b/templates/swagger/v1_json.tmpl index 66a1f01515..e70ed513fb 100644 --- a/templates/swagger/v1_json.tmpl +++ b/templates/swagger/v1_json.tmpl @@ -28498,12 +28498,21 @@ "type": "string", "x-go-name": "Title" }, + "updated_at": { + "type": "string", + "format": "date-time", + "x-go-name": "Updated" + }, "url": { "type": "string", "x-go-name": "URL" }, "user": { "$ref": "#/definitions/User" + }, + "verified": { + "type": "boolean", + "x-go-name": "Verified" } }, "x-go-package": "forgejo.org/modules/structs" diff --git a/tests/integration/api_keys_test.go b/tests/integration/api_keys_test.go index a6f0fbe69b..036896b663 100644 --- a/tests/integration/api_keys_test.go +++ b/tests/integration/api_keys_test.go @@ -144,11 +144,11 @@ func TestCreateUserKey(t *testing.T) { }) // Search by fingerprint + var fingerprintPublicKeys []api.PublicKey req = NewRequest(t, "GET", fmt.Sprintf("/api/v1/user/keys?fingerprint=%s", newPublicKey.Fingerprint)). AddTokenAuth(token) resp = MakeRequest(t, req, http.StatusOK) - var fingerprintPublicKeys []api.PublicKey DecodeJSON(t, resp, &fingerprintPublicKeys) assert.Equal(t, newPublicKey.Fingerprint, fingerprintPublicKeys[0].Fingerprint) assert.Equal(t, newPublicKey.ID, fingerprintPublicKeys[0].ID) @@ -210,4 +210,21 @@ func TestCreateUserKey(t *testing.T) { DecodeJSON(t, resp, &fingerprintPublicKeys) assert.Empty(t, fingerprintPublicKeys) + + // ------------- + + // Key is initially unverified + var respPublicKeys []api.PublicKey + req = NewRequestWithJSON(t, "GET", "/api/v1/user/keys", rawKeyBody). + AddTokenAuth(token) + resp = MakeRequest(t, req, http.StatusOK) + DecodeJSON(t, resp, &respPublicKeys) + assert.False(t, respPublicKeys[0].Verified) + assert.Equal(t, respPublicKeys[0].Created, newPublicKey.Updated) + + // Ideally we would flip the verified bit here, but this currently would require: + // a) (i) having the private key to hand to generate a signature AND (ii) hitting the web UI (no API to verify) + // OR + // b) or adding code to flip the bool in the db. This requires bypassing the current + // cryptographic validation guarding that update), which weakens the codebase doesn't add much value. }