kallithea Pull Request #221 · Our Own Kallithea

Pull request #221 from kallithea-incoming#stable

Title: Fixes for stable (Closed)

Description:

I think this addresses most of what has been reported. And a bit extra.
I don't know how far you want to go. The last changes might just be nice-to-haves for 'default'.
Feel free to pick and choose and push ... or comment/approve.

Voting Result:

Closed, Under review

Origin:

kallithea-incoming#stable (635495344cd4)

Target:

kallithea#stable

Pull changes:

hg pull https://kallithea-scm.org/repos/kallithea-incoming -r 635495344cd4

Created on:

2019-12-30 00:42:28

Owner:

Mads Kiilerich (kiilerix)
mads@kiilerich.com

Next iteration:

This pull request has been closed and can not be updated.

Reviewers

Thomas De Schampheleire (patrickdp)

Pull Request Content

3 comments (0 inline, 3 general) First comment

Showing 13 commits

13	kiilerix	635495344cd4	5 years ago	hooks: slight improvement of get_hook_environment Extinct Draft stable
12	kiilerix	e9430059036b	5 years ago	auth: accept both unix bcrypt and windows sha256 passwords on all platforms auth: accept both unix bcrypt and windows sha256 passwords on all platforms Give less surprises when changing platform. bcrypt "hashes" will have length 60 and start with '$' and will thus immediately skip the sha256 check. The change should be safe: Users can't influence what kind of hashed key will be in the database and can thus not influence their key strength. (We really should use bcrypt on Windows too ... or change to something more state of the art.) 4 Unstable Draft stable
11	kiilerix	18d586713a99	5 years ago	ssh: extra paranoid check for authorized_keys lines having safe content 2 Unstable Draft stable
10	kiilerix	21e6ea2a8f51	5 years ago	ssh: tweak some exception message to make them more helpful in context Draft stable
9	kiilerix	727e4c4a9ada	5 years ago	ssh: let SshKeyModelException inherit from vcs RepositoryError - such exceptions are shown nicely in the UI Draft stable
8	kiilerix	712a20a2c6a7	5 years ago	ssh: add WARNING comment as first line in .authorized_keys managed by Kallithea Draft stable
7	kiilerix	a1d3b812eba4	5 years ago	git: more elegant handling of installed pre/post-receive hook failing on direct repo access git: more elegant handling of installed pre/post-receive hook failing on direct repo access The hook would fail with a long backtrace when get_hook_environment raise an error exception. Instead, as first thing in the entry point from the hook, catch that situation and report it nicely before "quietly" skipping the hook: [mk@here myrepo]$ git push Enumerating objects: 3, done. Counting objects: 100% (3/3), done. Writing objects: 100% (3/3), 204 bytes \| 204.00 KiB/s, done. Total 3 (delta 0), reused 0 (delta 0) remote: Skipping Kallithea Git post-recieve hook 'hooks/post-receive'. remote: Git was apparently not invoked by Kallithea: Environment variable KALLITHEA_EXTRAS not found To /tmp/somerepo * [new branch] master -> master [mk@here myrepo]$ We could be paranoid and let it (and the pre hook) fail ... but that doesn't seem helpful. Draft stable
6	Wolfgang Scherer	583a731d45ff	5 years ago	logging: always invoke fileConfig with '__file__' and 'here' logging: always invoke fileConfig with '__file__' and 'here' WSGI servers tend to provide '__file__' and 'here' as 'defaults' when invoking fileConfig, so '%(here)s' string interpolation also can be used in logging configuration. Make sure we do the same when we initialize logging without using a WSGI server. It is annoying to have to do this, and it will only in rare cases make any difference ... but it seems like the best option. Patch also modified by Mads Kiilerich. Draft stable
5	kiilerix	3940d104af43	5 years ago	logging: drop fileConfig initialization in make_app - backout 0d4dd9380a45 logging: drop fileConfig initialization in make_app - backout 0d4dd9380a45 0d4dd9380a45 was a bit harmful, as it might overwrite existing good logging configuration. 0d4dd9380a45 longer seems relevant: Testing shows that logging for `gearbox serve` *is* activated anyway. gearbox/commands/serve.py will invoke "setup_logging" right before "loadapp". We must and can assume that logging has been initialized before make_app. Reported and based on analysis by Wolfgang Scherer. Draft stable
4	kiilerix	02b21765b52e	5 years ago	ssh: drop usk_public_key_idx again ssh: drop usk_public_key_idx again Essentially a backout of d2a97f73fa1f and the 4851d15bc437_db_migration_step_after_95c01895c006_ alembic step. We can't reliably have full index on fields with unbounded length. The upgrade step has been reported to fail on MySQL. And we really don't need this index ... especially now when we use fingerprints for key deletion instead of looking up by the full public key. Draft stable
3	kiilerix	fb81276014ed	5 years ago	ssh: make it clear that SshKeyModel.delete has user as mandatory parameter ssh: make it clear that SshKeyModel.delete has user as mandatory parameter It is already provided in the two uses: kallithea/controllers/admin/my_account.py: SshKeyModel().delete(fingerprint, request.authuser.user_id) kallithea/controllers/admin/users.py: SshKeyModel().delete(fingerprint, c.user.user_id) Draft stable
2	kiilerix	331b608e0daa	5 years ago	ssh: use fingerprint when deleting public keys ssh: use fingerprint when deleting public keys Avoid relying on indexing of the full public key string. Draft stable
1	kiilerix	010dd8bdb220	5 years ago	login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350) login: fix incorrect CSRF rejection of "Reset Your Password" form (Issue #350) /_admin/password_reset_confirmation is the only place where we allow request parameters to be used as "default" in the form using htmlfill.render . But by default, htmlfill will clear all input fields that doesn't have a new "default" value provided. That would clear the CSRF protection cookie already inserted as a hidden field in the form. Fixed by setting force_defaults to False - see http://www.formencode.org/en/1.2-branch/modules/htmlfill.html 3 Draft stable

Common ancestor: 01dbd21d206c

21 files changed with 134 insertions and 54 deletions:

docs/setup.rst

kallithea/alembic/env.py

kallithea/alembic/versions/4851d15bc437_db_migration_step_after_95c01895c006_.py

kallithea/alembic/versions/d7ec25b66e47_ssh_drop_usk_public_key_idx_again.py

kallithea/bin/kallithea_cli_base.py

kallithea/bin/kallithea_cli_iis.py

kallithea/bin/kallithea_cli_ssh.py

kallithea/config/middleware.py

kallithea/controllers/admin/my_account.py

kallithea/controllers/admin/users.py

kallithea/controllers/login.py

kallithea/lib/auth.py

kallithea/lib/hooks.py

kallithea/lib/ssh.py

kallithea/lib/utils2.py

kallithea/model/db.py

kallithea/model/ssh_key.py

kallithea/templates/admin/my_account/my_account_ssh_keys.html

kallithea/templates/admin/users/user_edit_ssh_keys.html

kallithea/tests/functional/test_admin_users.py

kallithea/tests/functional/test_my_account.py

docs/setup.rst

➞

Show inline comments

@@ @@ -562,7 +562,7 @@ that, you'll need to: @@
       ini = '/srv/kallithea/my.ini'
       from logging.config import fileConfig
       fileConfig(ini)
+      fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})
       from paste.deploy import loadapp
       application = loadapp('config:' + ini)
@@ @@ -578,7 +578,7 @@ that, you'll need to: @@
       ini = '/srv/kallithea/kallithea.ini'
       from logging.config import fileConfig
       fileConfig(ini)
+      fileConfig(ini, {'__file__': ini, 'here': '/srv/kallithea'})
       from paste.deploy import loadapp
       application = loadapp('config:' + ini)

kallithea/alembic/env.py

➞

Show inline comments

@@ @@ -43,7 +43,9 @@ logging.getLogger('alembic').setLevel(lo @@
 # stamping during "kallithea-cli db-create"), config_file_name is not available,
 # and loggers are assumed to already have been configured.
 if config.config_file_name:
     fileConfig(config.config_file_name, disable_existing_loggers=False)
     fileConfig(config.config_file_name,
         {'__file__': config.config_file_name, 'here': os.path.dirname(config.config_file_name)},
         disable_existing_loggers=False)
 def include_in_autogeneration(object, name, type, reflected, compare_to):

kallithea/alembic/versions/4851d15bc437_db_migration_step_after_95c01895c006_.py

➞

Show inline comments

@@ @@ -31,14 +31,20 @@ from alembic import op @@
 def upgrade():
     meta = sa.MetaData()
     meta.reflect(bind=op.get_bind())
     pass
     # The following upgrade step turned out to be a bad idea. A later step
     # "d7ec25b66e47_ssh_drop_usk_public_key_idx_again" will remove the index
     # again if it exists ... but we shouldn't even try to create it.
     if not any(i.name == 'usk_public_key_idx' for i in meta.tables['user_ssh_keys'].indexes):
         with op.batch_alter_table('user_ssh_keys', schema=None) as batch_op:
             batch_op.create_index('usk_public_key_idx', ['public_key'], unique=False)
     #meta = sa.MetaData()
     #meta.reflect(bind=op.get_bind())
     #if not any(i.name == 'usk_public_key_idx' for i in meta.tables['user_ssh_keys'].indexes):
     #    with op.batch_alter_table('user_ssh_keys', schema=None) as batch_op:
     #        batch_op.create_index('usk_public_key_idx', ['public_key'], unique=False)
 def downgrade():
     with op.batch_alter_table('user_ssh_keys', schema=None) as batch_op:
         batch_op.drop_index('usk_public_key_idx')
     if any(i.name == 'usk_public_key_idx' for i in meta.tables['user_ssh_keys'].indexes):
         with op.batch_alter_table('user_ssh_keys', schema=None) as batch_op:
             batch_op.drop_index('usk_public_key_idx')

kallithea/alembic/versions/d7ec25b66e47_ssh_drop_usk_public_key_idx_again.py

➞

Show inline comments

@@ new file 100644 @@
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU General Public License as published by
 # the Free Software Foundation, either version 3 of the License, or
 # (at your option) any later version.
+#
 # This program is distributed in the hope that it will be useful,
 # but WITHOUT ANY WARRANTY; without even the implied warranty of
 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 # GNU General Public License for more details.
+#
 # You should have received a copy of the GNU General Public License
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """ssh: drop usk_public_key_idx again
 Revision ID: d7ec25b66e47
 Revises: 4851d15bc437
 Create Date: 2019-12-29 15:33:10.982003
 """
 # The following opaque hexadecimal identifiers ("revisions") are used
 # by Alembic to track this migration script and its relations to others.
 revision = 'd7ec25b66e47'
 down_revision = '4851d15bc437'
 branch_labels = None
 depends_on = None
 import sqlalchemy as sa
 from alembic import op
 def upgrade():
     meta = sa.MetaData()
     meta.reflect(bind=op.get_bind())
     if any(i.name == 'usk_public_key_idx' for i in meta.tables['user_ssh_keys'].indexes):
         with op.batch_alter_table('user_ssh_keys', schema=None) as batch_op:
             batch_op.drop_index('usk_public_key_idx')
 def downgrade():
     pass

kallithea/bin/kallithea_cli_base.py

➞

Show inline comments

@@ @@ -72,7 +72,8 @@ def register_command(config_file=False, @@
                 path_to_ini_file = os.path.realpath(config_file)
                 kallithea.CONFIG = paste.deploy.appconfig('config:' + path_to_ini_file)
                 config_bytes = read_config(path_to_ini_file, strip_section_prefix=annotated.__name__)
                 logging.config.fileConfig(cStringIO.StringIO(config_bytes))
                 logging.config.fileConfig(cStringIO.StringIO(config_bytes),
                     {'__file__': path_to_ini_file, 'here': os.path.dirname(path_to_ini_file)})
                 if config_file_initialize_app:
                     kallithea.config.middleware.make_app_without_logging(kallithea.CONFIG.global_conf, **kallithea.CONFIG.local_conf)
                     kallithea.lib.utils.setup_cache_regions(kallithea.CONFIG)

kallithea/bin/kallithea_cli_iis.py

➞

Show inline comments

@@ @@ -33,7 +33,8 @@ import os @@
 def __ExtensionFactory__():
     from paste.deploy import loadapp
     from logging.config import fileConfig
     fileConfig('%(inifile)s')
     fileConfig('%(inifile)s', {'__file__': '%(inifile)s', 'here': '%(inifiledir)s'})
     application = loadapp('config:%(inifile)s')
     def app(environ, start_response):
@@ @@ -75,6 +76,7 @@ def iis_install(virtualdir): @@
     with open(dispatchfile, 'w') as f:
         f.write(dispath_py_template % {
             'inifile': config_file_abs.replace('\\', '\\\\'),
             'inifiledir': os.path.dirname(config_file_abs).replace('\\', '\\\\'),
             'virtualdir': virtualdir,
             })

kallithea/bin/kallithea_cli_ssh.py

➞

Show inline comments

@@ @@ -25,7 +25,7 @@ import kallithea.bin.kallithea_cli_base @@
 from kallithea.lib.utils2 import str2bool
 from kallithea.lib.vcs.backends.git.ssh import GitSshHandler
 from kallithea.lib.vcs.backends.hg.ssh import MercurialSshHandler
 from kallithea.model.ssh_key import SshKeyModel
+from kallithea.model.ssh_key import SshKeyModel, SshKeyModelException
 log = logging.getLogger(__name__)
@@ @@ -83,5 +83,8 @@ def ssh_update_authorized_keys(): @@
     The file is usually maintained automatically, but this command will also re-write it.
     """
     SshKeyModel().write_authorized_keys()
     try:
         SshKeyModel().write_authorized_keys()
     except SshKeyModelException as e:
         sys.stderr.write("%s\n" % e)
         sys.exit(1)

kallithea/config/middleware.py

➞

Show inline comments

@@ @@ -13,8 +13,6 @@ @@
 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
 """WSGI middleware initialization for the Kallithea application."""
 import logging.config
 from kallithea.config.app_cfg import base_config
 from kallithea.config.environment import load_environment
@@ @@ -49,5 +47,4 @@ def make_app(global_conf, full_stack=Tru @@
     ``app_conf`` contains all the application-specific settings (those defined
     under ``[app:main]``.
     """
     logging.config.fileConfig(global_conf['__file__'])
     return make_app_without_logging(global_conf, full_stack=full_stack, **app_conf)

kallithea/controllers/admin/my_account.py

➞

Show inline comments

@@ @@ -285,9 +285,9 @@ class MyAccountController(BaseController @@
     @IfSshEnabled
     def my_account_ssh_keys_delete(self):
-        public_key = request.POST.get('del_public_key')
+        fingerprint = request.POST.get('del_public_key_fingerprint')
         try:
-            SshKeyModel().delete(public_key, request.authuser.user_id)
+            SshKeyModel().delete(fingerprint, request.authuser.user_id)
             Session().commit()
             SshKeyModel().write_authorized_keys()
             h.flash(_("SSH key successfully deleted"), category='success')

kallithea/controllers/admin/users.py

➞

Show inline comments

@@ @@ -462,9 +462,9 @@ class UsersController(BaseController): @@
     def ssh_keys_delete(self, id):
         c.user = self._get_user_or_raise_if_default(id)
-        public_key = request.POST.get('del_public_key')
+        fingerprint = request.POST.get('del_public_key_fingerprint')
         try:
-            SshKeyModel().delete(public_key, c.user.user_id)
+            SshKeyModel().delete(fingerprint, c.user.user_id)
             Session().commit()
             SshKeyModel().write_authorized_keys()
             h.flash(_("SSH key successfully deleted"), category='success')

kallithea/controllers/login.py

➞

Show inline comments

@@ @@ -215,6 +215,7 @@ class LoginController(BaseController): @@
             return htmlfill.render(
                 render('/password_reset_confirmation.html'),
                 defaults=dict(request.params),
                 force_defaults=False,  # don't clear form _session_csrf_secret_token which isn't in defaults
                 encoding='UTF-8')
         form = PasswordResetConfirmationForm()()

kallithea/lib/auth.py

➞

Show inline comments

@@ @@ -27,6 +27,7 @@ Original author and date, and relevant c @@
 import hashlib
 import itertools
 import logging
 import string
 import os
 import ipaddr
@@ @@ -48,6 +49,11 @@ from kallithea.model.db import ( @@
 from kallithea.model.meta import Session
 from kallithea.model.user import UserModel
 try:
     import bcrypt
     bcrypt.checkpw
 except ImportError:
     bcrypt = None
 log = logging.getLogger(__name__)
@@ @@ -91,10 +97,9 @@ def get_crypt_password(password): @@
     :param password: password to hash
     """
     if is_windows:
+    if is_windows or bcrypt is None:
         return hashlib.sha256(password).hexdigest()
     elif is_unix:
         import bcrypt
         return bcrypt.hashpw(safe_str(password), bcrypt.gensalt(10))
     else:
         raise Exception('Unknown or unsupported platform %s'
@@ @@ -110,19 +115,17 @@ def check_password(password, hashed): @@
     :param hashed: password in hashed form
     """
-    if is_windows:
+    if len(hashed) == 64 and all(x in string.hexdigits for x in hashed):
         return hashlib.sha256(password).hexdigest() == hashed
     elif is_unix:
         import bcrypt
     if bcrypt is not None:
         try:
             return bcrypt.checkpw(safe_str(password), safe_str(hashed))
         except ValueError as e:
             # bcrypt will throw ValueError 'Invalid hashed_password salt' on all password errors
             log.error('error from bcrypt checking password: %s', e)
             return False
     else:
         raise Exception('Unknown or unsupported platform %s'
                         % __platform__)
     log.error('check_password failed - no method found for hash length %s and bcrypt %s', len(hashed), bcrypt)
     return False
 def _cached_perms_data(user_id, user_is_admin):

kallithea/lib/hooks.py

➞

Show inline comments

@@ @@ -27,12 +27,13 @@ Original author and date, and relevant c @@
 import binascii
 import os
 import sys
 import time
 from kallithea.lib import helpers as h
 from kallithea.lib.exceptions import UserCreationError
 from kallithea.lib.utils import action_logger, make_ui, setup_cache_regions
 from kallithea.lib.utils2 import get_hook_environment, safe_str, safe_unicode
+from kallithea.lib.utils2 import get_hook_environment, safe_str, safe_unicode, HookEnvironmentError
 from kallithea.lib.vcs.backends.base import EmptyChangeset
 from kallithea.lib.vcs.utils.hgcompat import revrange
 from kallithea.model.db import Repository, User
@@ @@ -340,7 +341,11 @@ def handle_git_pre_receive(repo_path, gi @@
 def handle_git_post_receive(repo_path, git_stdin_lines):
     """Called from Git post-receive hook"""
     baseui, repo = _hook_environment(repo_path)
     try:
         baseui, repo = _hook_environment(repo_path)
     except HookEnvironmentError as e:
         sys.stderr.write("Skipping Kallithea Git post-recieve hook %r.\nGit was apparently not invoked by Kallithea: %s\n" % (sys.argv[0], e))
         return 0
     # the post push hook should never use the cached instance
     scm_repo = repo.scm_instance_no_cache()

kallithea/lib/ssh.py

➞

Show inline comments

@@ @@ -46,7 +46,7 @@ def parse_pub_key(ssh_key): @@
     >>> parse_pub_key('''AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ''')
     Traceback (most recent call last):
     ...
     SshKeyParseError: Incorrect SSH key - it must have both a key type and a base64 part
+    SshKeyParseError: Incorrect SSH key - it must have both a key type and a base64 part, like 'ssh-rsa ASRNeaZu4FA...xlJp='
     >>> parse_pub_key('''abc AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ''')
     Traceback (most recent call last):
     ...
@@ @@ -74,7 +74,7 @@ def parse_pub_key(ssh_key): @@
     parts = ssh_key.split(None, 2)
     if len(parts) < 2:
         raise SshKeyParseError(_("Incorrect SSH key - it must have both a key type and a base64 part"))
+        raise SshKeyParseError(_("Incorrect SSH key - it must have both a key type and a base64 part, like 'ssh-rsa ASRNeaZu4FA...xlJp='"))
     keytype, keyvalue, comment = (parts + [''])[:3]
     if keytype not in ('ssh-rsa', 'ssh-dss', 'ssh-ed25519'):
@@ @@ -97,6 +97,18 @@ def parse_pub_key(ssh_key): @@
 SSH_OPTIONS = 'no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding'
 def _safe_check(s, rec = re.compile('^[a-zA-Z0-9+/]+={0,3}$')):
     """Return true if s really has the right content for base64 encoding and only contain safe characters
     >>> _safe_check('asdf')
     True
     >>> _safe_check('as df')
     False
     >>> _safe_check('AAAAB3NzaC1yc2EAAAALVGhpcyBpcyBmYWtlIQ==')
     True
     """
     return rec.match(s) is not None
 def authorized_keys_line(kallithea_cli_path, config_file, key):
     """
     Return a line as it would appear in .authorized_keys
@@ @@ -113,6 +125,8 @@ def authorized_keys_line(kallithea_cli_p @@
     except SshKeyParseError:
         return '# Invalid Kallithea SSH key: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)
     mimekey = decoded.encode('base64').replace('\n', '')
     if not _safe_check(mimekey):
         return '# Invalid Kallithea SSH key - bad base64 encoding: %s %s\n' % (key.user.user_id, key.user_ssh_key_id)
     return '%s,command="%s ssh-serve -c %s %s %s" %s %s\n' % (
         SSH_OPTIONS, kallithea_cli_path, config_file,
         key.user.user_id, key.user_ssh_key_id,

kallithea/lib/utils2.py

➞

Show inline comments

@@ @@ -522,6 +522,9 @@ def obfuscate_url_pw(engine): @@
     return str(_url)
 class HookEnvironmentError(Exception): pass
 def get_hook_environment():
     """
     Get hook context by deserializing the global KALLITHEA_EXTRAS environment
@@ @@ -533,15 +536,16 @@ def get_hook_environment(): @@
     """
     try:
-        extras = json.loads(os.environ['KALLITHEA_EXTRAS'])
+        kallithea_extras = os.environ['KALLITHEA_EXTRAS']
     except KeyError:
-        raise Exception("Environment variable KALLITHEA_EXTRAS not found")
+        raise HookEnvironmentError("Environment variable KALLITHEA_EXTRAS not found")
     extras = json.loads(kallithea_extras)
     try:
         for k in ['username', 'repository', 'scm', 'action', 'ip']:
+        for k in ['username', 'repository', 'scm', 'action', 'ip', 'config']:
             extras[k]
     except KeyError:
-        raise Exception('Missing key %s in KALLITHEA_EXTRAS %s' % (k, extras))
+        raise HookEnvironmentError('Missing key %s in KALLITHEA_EXTRAS %s' % (k, extras))
     return AttributeDict(extras)

kallithea/model/db.py

➞

Show inline comments

@@ @@ -2518,7 +2518,6 @@ class Gist(Base, BaseDbModel): @@
 class UserSshKeys(Base, BaseDbModel):
     __tablename__ = 'user_ssh_keys'
     __table_args__ = (
         Index('usk_public_key_idx', 'public_key'),
         Index('usk_fingerprint_idx', 'fingerprint'),
         UniqueConstraint('fingerprint'),
         _table_args_default_dict

kallithea/model/ssh_key.py

➞

Show inline comments

@@ @@ -30,6 +30,7 @@ from tg.i18n import ugettext as _ @@
 from kallithea.lib import ssh
 from kallithea.lib.utils2 import safe_str, str2bool
 from kallithea.lib.vcs.exceptions import RepositoryError
 from kallithea.model.db import User, UserSshKeys
 from kallithea.model.meta import Session
@@ @@ -37,7 +38,7 @@ from kallithea.model.meta import Session @@
 log = logging.getLogger(__name__)
-class SshKeyModelException(Exception):
+class SshKeyModelException(RepositoryError):
     """Exception raised by SshKeyModel methods to report errors"""
@@ @@ -72,21 +73,19 @@ class SshKeyModel(object): @@
         return new_ssh_key
-    def delete(self, public_key, user=None):
+    def delete(self, fingerprint, user):
         """
         Deletes given public_key, if user is set it also filters the object for
         deletion by given user.
         Deletes ssh key with given fingerprint for the given user.
         Will raise SshKeyModelException on errors
         """
-        ssh_key = UserSshKeys.query().filter(UserSshKeys._public_key == public_key)
+        ssh_key = UserSshKeys.query().filter(UserSshKeys.fingerprint == fingerprint)
         if user:
             user = User.guess_instance(user)
             ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)
         user = User.guess_instance(user)
         ssh_key = ssh_key.filter(UserSshKeys.user_id == user.user_id)
         ssh_key = ssh_key.scalar()
         if ssh_key is None:
-            raise SshKeyModelException(_('SSH key %r not found') % safe_str(public_key))
+            raise SshKeyModelException(_('SSH key with fingerprint %r found') % safe_str(fingerprint))
         Session().delete(ssh_key)
     def get_ssh_keys(self, user):
@@ @@ -116,7 +115,7 @@ class SshKeyModel(object): @@
         # Now, test that the directory is or was created in a readable way by previous.
         if not (os.path.isdir(authorized_keys_dir) and
                 os.access(authorized_keys_dir, os.W_OK)):
-            raise Exception("Directory of authorized_keys cannot be written to so authorized_keys file %s cannot be written" % (authorized_keys))
+            raise SshKeyModelException("Directory of authorized_keys cannot be written to so authorized_keys file %s cannot be written" % (authorized_keys))
         # Make sure we don't overwrite a key file with important content
         if os.path.exists(authorized_keys):
@@ @@ -127,10 +126,11 @@ class SshKeyModel(object): @@
                     elif ssh.SSH_OPTIONS in l and ' ssh-serve ' in l:
                         pass # Kallithea entries are ok to overwrite
                     else:
-                        raise Exception("Safety check failed, found %r in %s - please review and remove it" % (l.strip(), authorized_keys))
+                        raise SshKeyModelException("Safety check failed, found %r line in %s - please remove it if Kallithea should manage the file" % (l.strip(), authorized_keys))
         fh, tmp_authorized_keys = tempfile.mkstemp('.authorized_keys', dir=os.path.dirname(authorized_keys))
         with os.fdopen(fh, 'w') as f:
             f.write("# WARNING: This .ssh/authorized_keys file is managed by Kallithea. Manual editing or adding new entries will make Kallithea back off.\n")
             for key in UserSshKeys.query().join(UserSshKeys.user).filter(User.active == True):
                 f.write(ssh.authorized_keys_line(kallithea_cli_path, config['__file__'], key))
         os.chmod(tmp_authorized_keys, stat.S_IRUSR | stat.S_IWUSR)

kallithea/templates/admin/my_account/my_account_ssh_keys.html

➞

Show inline comments

@@ @@ -23,7 +23,7 @@ @@
             </td>
             <td>
                 ${h.form(url('my_account_ssh_keys_delete'))}
-                    ${h.hidden('del_public_key', ssh_key.public_key)}
+                    ${h.hidden('del_public_key_fingerprint', ssh_key.fingerprint)}
                     <button class="btn btn-danger btn-xs" type="submit"
                             onclick="return confirm('${_('Confirm to remove this SSH key: %s') % ssh_key.fingerprint}');">
                         <i class="icon-trashcan"></i>

kallithea/templates/admin/users/user_edit_ssh_keys.html

➞

Show inline comments

@@ @@ -23,7 +23,7 @@ @@
             </td>
             <td>
                 ${h.form(url('edit_user_ssh_keys_delete', id=c.user.user_id))}
-                    ${h.hidden('del_public_key', ssh_key.public_key)}
+                    ${h.hidden('del_public_key_fingerprint', ssh_key.fingerprint)}
                     <button class="btn btn-danger btn-xs" type="submit"
                             onclick="return confirm('${_('Confirm to remove this SSH key: %s') % ssh_key.fingerprint}');">
                         <i class="icon-trashcan"></i>

kallithea/tests/functional/test_admin_users.py

➞

Show inline comments

@@ @@ -556,7 +556,7 @@ class TestAdminUsersController(TestContr @@
         assert ssh_key.description == u'me@localhost'
         response = self.app.post(url('edit_user_ssh_keys_delete', id=user_id),
-                                 {'del_public_key': ssh_key.public_key,
+                                 {'del_public_key_fingerprint': ssh_key.fingerprint,
                                   '_session_csrf_secret_token': self.session_csrf_secret_token()})
         self.checkSessionFlash(response, 'SSH key successfully deleted')
         keys = UserSshKeys.query().all()

kallithea/tests/functional/test_my_account.py

➞

Show inline comments

@@ @@ -289,7 +289,7 @@ class TestMyAccountController(TestContro @@
         assert ssh_key.description == u'me@localhost'
         response = self.app.post(url('my_account_ssh_keys_delete'),
-                                 {'del_public_key': ssh_key.public_key,
+                                 {'del_public_key_fingerprint': ssh_key.fingerprint,
                                   '_session_csrf_secret_token': self.session_csrf_secret_token()})
         self.checkSessionFlash(response, 'SSH key successfully deleted')
         keys = UserSshKeys.query().all()

3 comments (0 inline, 3 general) First comment

Previous comment

Mads Kiilerich (kiilerix) 5 years and 3 months ago comment on pull request "Fixes for stable" ¶

Status change: Under review

Mads Kiilerich (kiilerix) 5 years and 2 months ago comment on pull request "Fixes for stable" ¶

Also: https://kallithea-scm.org/repos/kallithea-incoming/changeset/ee69feb67613dceb1e5efd670570d34a3ceabf86 , per https://github.com/TurboGears/tg2/pull/115#issuecomment-570835499

Mads Kiilerich (kiilerix) 5 years and 2 months ago comment on pull request "Fixes for stable" ¶

Mostly pushed, replaced by https://kallithea-scm.org/repos/kallithea/pull-request/223/_/Stable_jan_9