kallithea Changeset - 44e18bd4c3b2

Changeset - 44e18bd4c3b2

Parent rev.

Child rev.

[Not reviewed]

stable

0 1 0

Mads Kiilerich (mads) - 6 years ago 2019-12-30 01:38:59
mads@kiilerich.com

ssh: make it clear that SshKeyModel.delete has user as mandatory parameter

It is already provided in the two uses:
kallithea/controllers/admin/my_account.py: SshKeyModel().delete(fingerprint, request.authuser.user_id)
kallithea/controllers/admin/users.py: SshKeyModel().delete(fingerprint, c.user.user_id)

1 file changed with 4 insertions and 6 deletions:

kallithea/model/ssh_key.py

0 comments (0 inline, 0 general)

kallithea/model/ssh_key.py

➞

Show inline comments

@@ @@ -27,107 +27,105 @@ import tempfile @@
 from tg import config
 from tg.i18n import ugettext as _
 from kallithea.lib import ssh
 from kallithea.lib.utils2 import safe_str, str2bool
 from kallithea.model.db import User, UserSshKeys
 from kallithea.model.meta import Session
 log = logging.getLogger(__name__)
 class SshKeyModelException(Exception):
     """Exception raised by SshKeyModel methods to report errors"""
 class SshKeyModel(object):
     def create(self, user, description, public_key):
         """
         :param user: user or user_id
         :param description: description of SshKey
         :param publickey: public key text
         Will raise SshKeyModelException on errors
         """
         try:
             keytype, pub, comment = ssh.parse_pub_key(public_key)
         except ssh.SshKeyParseError as e:
             raise SshKeyModelException(_('SSH key %r is invalid: %s') % (safe_str(public_key), e.message))
         if not description.strip():
             description = comment.strip()
         user = User.guess_instance(user)
         new_ssh_key = UserSshKeys()
         new_ssh_key.user_id = user.user_id
         new_ssh_key.description = description
         new_ssh_key.public_key = public_key
         for ssh_key in UserSshKeys.query().filter(UserSshKeys.fingerprint == new_ssh_key.fingerprint).all():
             raise SshKeyModelException(_('SSH key %s is already used by %s') %
                                        (new_ssh_key.fingerprint, ssh_key.user.username))
         Session().add(new_ssh_key)
         return new_ssh_key
-    def delete(self, fingerprint, user=None):
     def delete(self, fingerprint, user):
         """
         Deletes ssh key with given fingerprint. If user is set, it also filters
         the object for deletion by given user.
         Deletes ssh key with given fingerprint for the given user.
         Will raise SshKeyModelException on errors
         """
         ssh_key = UserSshKeys.query().filter(UserSshKeys.fingerprint == fingerprint)
         if user:
             user = User.guess_instance(user)
             ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)
         user = User.guess_instance(user)
         ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)
         ssh_key = ssh_key.scalar()
         if ssh_key is None:
             raise SshKeyModelException(_('SSH key with fingerprint %r found') % safe_str(fingerprint))
         Session().delete(ssh_key)
     def get_ssh_keys(self, user):
         user = User.guess_instance(user)
         user_ssh_keys = UserSshKeys.query() \
             .filter(UserSshKeys.user_id == user.user_id).all()
         return user_ssh_keys
     def write_authorized_keys(self):
         if not str2bool(config.get('ssh_enabled', False)):
             log.error("Will not write SSH authorized_keys file - ssh_enabled is not configured")
             return
         authorized_keys = config.get('ssh_authorized_keys')
         kallithea_cli_path = config.get('kallithea_cli_path', 'kallithea-cli')
         if not authorized_keys:
             log.error('Cannot write SSH authorized_keys file - ssh_authorized_keys is not configured')
             return
         log.info('Writing %s', authorized_keys)
         authorized_keys_dir = os.path.dirname(authorized_keys)
         try:
             os.makedirs(authorized_keys_dir)
             os.chmod(authorized_keys_dir, stat.S_IRUSR | stat.S_IWUSR | stat.S_IXUSR) # ~/.ssh/ must be 0700
         except OSError as exception:
             if exception.errno != errno.EEXIST:
                 raise
         # Now, test that the directory is or was created in a readable way by previous.
         if not (os.path.isdir(authorized_keys_dir) and
                 os.access(authorized_keys_dir, os.W_OK)):
             raise Exception("Directory of authorized_keys cannot be written to so authorized_keys file %s cannot be written" % (authorized_keys))
         # Make sure we don't overwrite a key file with important content
         if os.path.exists(authorized_keys):
             with open(authorized_keys) as f:
                 for l in f:
                     if not l.strip() or l.startswith('#'):
                         pass # accept empty lines and comments
                     elif ssh.SSH_OPTIONS in l and ' ssh-serve ' in l:
                         pass # Kallithea entries are ok to overwrite
                     else:
                         raise Exception("Safety check failed, found %r in %s - please review and remove it" % (l.strip(), authorized_keys))
         fh, tmp_authorized_keys = tempfile.mkstemp('.authorized_keys', dir=os.path.dirname(authorized_keys))
         with os.fdopen(fh, 'w') as f:

0 comments (0 inline, 0 general)