Mercurial > kallithea
changeset 8082:3cab6bc45cc3 stable
ssh: use fingerprint when deleting public keys
Avoid relying on a database index of the full public key string.
| author | Mads Kiilerich <mads@kiilerich.com> |
|---|---|
| date | Sun, 29 Dec 2019 15:11:13 +0100 |
| parents | 01dbd21d206c |
| children | 44e18bd4c3b2 |
| files | kallithea/controllers/admin/my_account.py kallithea/controllers/admin/users.py kallithea/model/ssh_key.py kallithea/templates/admin/my_account/my_account_ssh_keys.html kallithea/templates/admin/users/user_edit_ssh_keys.html kallithea/tests/functional/test_admin_users.py kallithea/tests/functional/test_my_account.py |
| diffstat | 7 files changed, 13 insertions(+), 13 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/controllers/admin/my_account.py Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/controllers/admin/my_account.py Sun Dec 29 15:11:13 2019 +0100 @@ -285,9 +285,9 @@ @IfSshEnabled def my_account_ssh_keys_delete(self): - public_key = request.POST.get('del_public_key') + fingerprint = request.POST.get('del_public_key_fingerprint') try: - SshKeyModel().delete(public_key, request.authuser.user_id) + SshKeyModel().delete(fingerprint, request.authuser.user_id) Session().commit() SshKeyModel().write_authorized_keys() h.flash(_("SSH key successfully deleted"), category='success')
--- a/kallithea/controllers/admin/users.py Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/controllers/admin/users.py Sun Dec 29 15:11:13 2019 +0100 @@ -462,9 +462,9 @@ def ssh_keys_delete(self, id): c.user = self._get_user_or_raise_if_default(id) - public_key = request.POST.get('del_public_key') + fingerprint = request.POST.get('del_public_key_fingerprint') try: - SshKeyModel().delete(public_key, c.user.user_id) + SshKeyModel().delete(fingerprint, c.user.user_id) Session().commit() SshKeyModel().write_authorized_keys() h.flash(_("SSH key successfully deleted"), category='success')
--- a/kallithea/model/ssh_key.py Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/model/ssh_key.py Sun Dec 29 15:11:13 2019 +0100 @@ -72,13 +72,13 @@ return new_ssh_key - def delete(self, public_key, user=None): + def delete(self, fingerprint, user=None): """ - Deletes given public_key, if user is set it also filters the object for - deletion by given user. + Deletes ssh key with given fingerprint. If user is set, it also filters + the object for deletion by given user. Will raise SshKeyModelException on errors """ - ssh_key = UserSshKeys.query().filter(UserSshKeys._public_key == public_key) + ssh_key = UserSshKeys.query().filter(UserSshKeys.fingerprint == fingerprint) if user: user = User.guess_instance(user) @@ -86,7 +86,7 @@ ssh_key = ssh_key.scalar() if ssh_key is None: - raise SshKeyModelException(_('SSH key %r not found') % safe_str(public_key)) + raise SshKeyModelException(_('SSH key with fingerprint %r found') % safe_str(fingerprint)) Session().delete(ssh_key) def get_ssh_keys(self, user):
--- a/kallithea/templates/admin/my_account/my_account_ssh_keys.html Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/templates/admin/my_account/my_account_ssh_keys.html Sun Dec 29 15:11:13 2019 +0100 @@ -23,7 +23,7 @@ </td> <td> ${h.form(url('my_account_ssh_keys_delete'))} - ${h.hidden('del_public_key', ssh_key.public_key)} + ${h.hidden('del_public_key_fingerprint', ssh_key.fingerprint)} <button class="btn btn-danger btn-xs" type="submit" onclick="return confirm('${_('Confirm to remove this SSH key: %s') % ssh_key.fingerprint}');"> <i class="icon-trashcan"></i>
--- a/kallithea/templates/admin/users/user_edit_ssh_keys.html Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/templates/admin/users/user_edit_ssh_keys.html Sun Dec 29 15:11:13 2019 +0100 @@ -23,7 +23,7 @@ </td> <td> ${h.form(url('edit_user_ssh_keys_delete', id=c.user.user_id))} - ${h.hidden('del_public_key', ssh_key.public_key)} + ${h.hidden('del_public_key_fingerprint', ssh_key.fingerprint)} <button class="btn btn-danger btn-xs" type="submit" onclick="return confirm('${_('Confirm to remove this SSH key: %s') % ssh_key.fingerprint}');"> <i class="icon-trashcan"></i>
--- a/kallithea/tests/functional/test_admin_users.py Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/tests/functional/test_admin_users.py Sun Dec 29 15:11:13 2019 +0100 @@ -556,7 +556,7 @@ assert ssh_key.description == u'me@localhost' response = self.app.post(url('edit_user_ssh_keys_delete', id=user_id), - {'del_public_key': ssh_key.public_key, + {'del_public_key_fingerprint': ssh_key.fingerprint, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'SSH key successfully deleted') keys = UserSshKeys.query().all()
--- a/kallithea/tests/functional/test_my_account.py Sat Nov 30 10:39:37 2019 +0100 +++ b/kallithea/tests/functional/test_my_account.py Sun Dec 29 15:11:13 2019 +0100 @@ -289,7 +289,7 @@ assert ssh_key.description == u'me@localhost' response = self.app.post(url('my_account_ssh_keys_delete'), - {'del_public_key': ssh_key.public_key, + {'del_public_key_fingerprint': ssh_key.fingerprint, '_session_csrf_secret_token': self.session_csrf_secret_token()}) self.checkSessionFlash(response, 'SSH key successfully deleted') keys = UserSshKeys.query().all()