Fix Keybase verification using wrong domain for remote accounts (#10547)

app/lib/proof_provider/keybase.rb

@@ -2,7 +2,7 @@
 
 class ProofProvider::Keybase
   BASE_URL = ENV.fetch('KEYBASE_BASE_URL', 'https://keybase.io')
-  DOMAIN = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
+  DOMAIN   = ENV.fetch('KEYBASE_DOMAIN', Rails.configuration.x.local_domain)
 
   class Error < StandardError; end
 
@@ -50,12 +50,20 @@ class ProofProvider::Keybase
   end
 
   def badge
-    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token)
+    @badge ||= ProofProvider::Keybase::Badge.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
+  end
+
+  def verifier
+    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token, domain)
   end
 
   private
 
-  def verifier
-    @verifier ||= ProofProvider::Keybase::Verifier.new(@proof.account.username, @proof.provider_username, @proof.token)
+  def domain
+    if @proof.account.local?
+      DOMAIN
+    else
+      @proof.account.domain
+    end
   end
 end

app/lib/proof_provider/keybase/badge.rb

@@ -3,10 +3,11 @@
 class ProofProvider::Keybase::Badge
   include RoutingHelper
 
-  def initialize(local_username, provider_username, token)
+  def initialize(local_username, provider_username, token, domain)
     @local_username    = local_username
     @provider_username = provider_username
     @token             = token
+    @domain            = domain
   end
 
   def proof_url
@@ -18,7 +19,7 @@ class ProofProvider::Keybase::Badge
   end
 
   def icon_url
-    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{domain}"
+    "#{ProofProvider::Keybase::BASE_URL}/#{@provider_username}/proof_badge/#{@token}?username=#{@local_username}&domain=#{@domain}"
   end
 
   def avatar_url
@@ -41,8 +42,4 @@ class ProofProvider::Keybase::Badge
   def default_avatar_url
     asset_pack_path('media/images/proof_providers/keybase.png')
   end
-
-  def domain
-    Rails.configuration.x.local_domain
-  end
 end

app/lib/proof_provider/keybase/verifier.rb

@@ -1,10 +1,11 @@
 # frozen_string_literal: true
 
 class ProofProvider::Keybase::Verifier
-  def initialize(local_username, provider_username, token)
+  def initialize(local_username, provider_username, token, domain)
     @local_username    = local_username
     @provider_username = provider_username
     @token             = token
+    @domain            = domain
   end
 
   def valid?
@@ -49,7 +50,7 @@ class ProofProvider::Keybase::Verifier
 
   def query_params
     {
-      domain: ProofProvider::Keybase::DOMAIN,
+      domain: @domain,
       kb_username: @provider_username,
       username: @local_username,
       sig_hash: @token,

app/lib/proof_provider/keybase/worker.rb

@@ -19,9 +19,8 @@ class ProofProvider::Keybase::Worker
   end
 
   def perform(proof_id)
-    proof    = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
-    verifier = ProofProvider::Keybase::Verifier.new(proof.account.username, proof.provider_username, proof.token)
-    status   = verifier.status
+    proof  = proof_id.is_a?(AccountIdentityProof) ? proof_id : AccountIdentityProof.find(proof_id)
+    status = proof.provider_instance.verifier.status
 
     # If Keybase thinks the proof is valid, and it exists here in Mastodon,
     # then it should be live. Keybase just has to notice that it's here

app/models/account_identity_proof.rb

@@ -30,12 +30,12 @@ class AccountIdentityProof < ApplicationRecord
 
   delegate :refresh!, :on_success_path, :badge, to: :provider_instance
 
-  private
-
   def provider_instance
     @provider_instance ||= ProofProvider.find(provider, self)
   end
 
+  private
+
   def queue_worker
     provider_instance.worker_class.perform_async(id)
   end

spec/lib/proof_provider/keybase/verifier_spec.rb

@@ -10,7 +10,7 @@ describe ProofProvider::Keybase::Verifier do
       token: '11111111111111111111111111'
     )
 
-    described_class.new('alice', 'cryptoalice', '11111111111111111111111111')
+    described_class.new('alice', 'cryptoalice', '11111111111111111111111111', my_domain)
   end
 
   let(:query_params) do