kallithea Changeset - 3cab6bc45cc3

Changeset - 3cab6bc45cc3

Parent rev.

Child rev.

[Not reviewed]

stable

0 7 0

Mads Kiilerich - 6 years ago 2019-12-29 15:11:13
mads@kiilerich.com

Grafted from: 7e353be4c536

ssh: use fingerprint when deleting public keys

Avoid relying on a database index of the full public key string.

7 files changed with 13 insertions and 13 deletions:

kallithea/controllers/admin/my_account.py

kallithea/controllers/admin/users.py

kallithea/model/ssh_key.py

kallithea/templates/admin/my_account/my_account_ssh_keys.html

kallithea/templates/admin/users/user_edit_ssh_keys.html

kallithea/tests/functional/test_admin_users.py

kallithea/tests/functional/test_my_account.py

0 comments (0 inline, 0 general)

kallithea/controllers/admin/my_account.py

➞

Show inline comments

@@ @@ -285,9 +285,9 @@ class MyAccountController(BaseController @@
     @IfSshEnabled
     def my_account_ssh_keys_delete(self):
-        public_key = request.POST.get('del_public_key')
+        fingerprint = request.POST.get('del_public_key_fingerprint')
         try:
-            SshKeyModel().delete(public_key, request.authuser.user_id)
+            SshKeyModel().delete(fingerprint, request.authuser.user_id)
             Session().commit()
             SshKeyModel().write_authorized_keys()
             h.flash(_("SSH key successfully deleted"), category='success')

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -462,9 +462,9 @@ class UsersController(BaseController): @@
     def ssh_keys_delete(self, id):
         c.user = self._get_user_or_raise_if_default(id)
-        public_key = request.POST.get('del_public_key')
+        fingerprint = request.POST.get('del_public_key_fingerprint')
         try:
-            SshKeyModel().delete(public_key, c.user.user_id)
+            SshKeyModel().delete(fingerprint, c.user.user_id)
             Session().commit()
             SshKeyModel().write_authorized_keys()
             h.flash(_("SSH key successfully deleted"), category='success')

kallithea/model/ssh_key.py

➞

Show inline comments

@@ @@ -72,13 +72,13 @@ class SshKeyModel(object): @@
         return new_ssh_key
-    def delete(self, public_key, user=None):
+    def delete(self, fingerprint, user=None):
         """
         Deletes given public_key, if user is set it also filters the object for
         deletion by given user.
         Deletes ssh key with given fingerprint. If user is set, it also filters
         the object for deletion by given user.
         Will raise SshKeyModelException on errors
         """
-        ssh_key = UserSshKeys.query().filter(UserSshKeys._public_key == public_key)
+        ssh_key = UserSshKeys.query().filter(UserSshKeys.fingerprint == fingerprint)
         if user:
             user = User.guess_instance(user)
@@ @@ -86,7 +86,7 @@ class SshKeyModel(object): @@
         ssh_key = ssh_key.scalar()
         if ssh_key is None:
-            raise SshKeyModelException(_('SSH key %r not found') % safe_str(public_key))
+            raise SshKeyModelException(_('SSH key with fingerprint %r found') % safe_str(fingerprint))
         Session().delete(ssh_key)
     def get_ssh_keys(self, user):

kallithea/templates/admin/my_account/my_account_ssh_keys.html

➞

Show inline comments

@@ @@ -23,7 +23,7 @@ @@
             </td>
             <td>
                 ${h.form(url('my_account_ssh_keys_delete'))}
-                    ${h.hidden('del_public_key', ssh_key.public_key)}
+                    ${h.hidden('del_public_key_fingerprint', ssh_key.fingerprint)}
                     <button class="btn btn-danger btn-xs" type="submit"
                             onclick="return confirm('${_('Confirm to remove this SSH key: %s') % ssh_key.fingerprint}');">
                         <i class="icon-trashcan"></i>

kallithea/templates/admin/users/user_edit_ssh_keys.html

➞

Show inline comments

@@ @@ -23,7 +23,7 @@ @@
             </td>
             <td>
                 ${h.form(url('edit_user_ssh_keys_delete', id=c.user.user_id))}
-                    ${h.hidden('del_public_key', ssh_key.public_key)}
+                    ${h.hidden('del_public_key_fingerprint', ssh_key.fingerprint)}
                     <button class="btn btn-danger btn-xs" type="submit"
                             onclick="return confirm('${_('Confirm to remove this SSH key: %s') % ssh_key.fingerprint}');">
                         <i class="icon-trashcan"></i>

kallithea/tests/functional/test_admin_users.py

➞

Show inline comments

@@ @@ -556,7 +556,7 @@ class TestAdminUsersController(TestContr @@
         assert ssh_key.description == u'me@localhost'
         response = self.app.post(url('edit_user_ssh_keys_delete', id=user_id),
-                                 {'del_public_key': ssh_key.public_key,
+                                 {'del_public_key_fingerprint': ssh_key.fingerprint,
                                   '_session_csrf_secret_token': self.session_csrf_secret_token()})
         self.checkSessionFlash(response, 'SSH key successfully deleted')
         keys = UserSshKeys.query().all()

kallithea/tests/functional/test_my_account.py

➞

Show inline comments

@@ @@ -289,7 +289,7 @@ class TestMyAccountController(TestContro @@
         assert ssh_key.description == u'me@localhost'
         response = self.app.post(url('my_account_ssh_keys_delete'),
-                                 {'del_public_key': ssh_key.public_key,
+                                 {'del_public_key_fingerprint': ssh_key.fingerprint,
                                   '_session_csrf_secret_token': self.session_csrf_secret_token()})
         self.checkSessionFlash(response, 'SSH key successfully deleted')
         keys = UserSshKeys.query().all()

0 comments (0 inline, 0 general)