BryanDavis has uploaded a new change for review. (
https://gerrit.wikimedia.org/r/364139 )
Change subject: Check to see if ssh key is a duplicate
......................................................................
Check to see if ssh key is a duplicate
Our LDAP schema does not allow the same key to be set multiple times for
the same user (reasonable). Check provided key against existing keys
when validating the user's input. As a belt and suspenders protection,
also catch LDAP save errors and turn them into nicer messages for the
user.
Change-Id: I2e229ac11a15fa60587f026e203cf725ed9bffcd
Bugs: T167931
---
M striker/profile/forms.py
M striker/profile/views.py
2 files changed, 28 insertions(+), 9 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/labs/striker
refs/changes/39/364139/1
diff --git a/striker/profile/forms.py b/striker/profile/forms.py
index aa9cca9..6a878a7 100644
--- a/striker/profile/forms.py
+++ b/striker/profile/forms.py
@@ -66,6 +66,10 @@
required=True,
)
+ def __init__(self, *args, **kwargs):
+ self.keys = kwargs.pop('keys', [])
+ super(SshKeyForm, self).__init__(*args, **kwargs)
+
def clean_public_key(self):
pub_key = self.cleaned_data.get('public_key').strip()
key = utils.parse_ssh_key(pub_key)
@@ -78,6 +82,11 @@
# of extracting the public key from an unencrypted private key.
raise forms.ValidationError(
_('Invalid public key.'), code='key_invalid')
+ if pub_key in self.keys:
+ raise forms.ValidationError(
+ _('Public key {hash} already in use.').format(
+ hash=key.hash_sha256()),
+ code='key_duplicate')
self.key = key
return pub_key
diff --git a/striker/profile/views.py b/striker/profile/views.py
index 9f84b04..93bb5ed 100644
--- a/striker/profile/views.py
+++ b/striker/profile/views.py
@@ -29,6 +29,8 @@
from django.views.decorators.debug import sensitive_post_parameters
from django.utils.translation import ugettext_lazy as _
+import ldap
+
from striker import decorators
from striker import phabricator
from striker.profile import forms
@@ -111,19 +113,27 @@
@login_required
def ssh_key_add(req):
if req.method == 'POST':
- form = forms.SshKeyForm(data=req.POST)
+ ldapuser = req.user.ldapuser
+ keys = ldapuser.ssh_keys
+ form = forms.SshKeyForm(data=req.POST, keys=keys)
if form.is_valid():
- ldapuser = req.user.ldapuser
- keys = ldapuser.ssh_keys
keys.append(form.cleaned_data.get('public_key'))
ldapuser.ssh_keys = keys
- ldapuser.save()
- messages.info(
- req,
- _('Added SSH key {key_hash}').format(
- key_hash=form.key.hash_sha256()))
+ try:
+ ldapuser.save()
+ messages.info(
+ req,
+ _('Added SSH key {key_hash}').format(
+ key_hash=form.key.hash_sha256()))
+ except ldap.TYPE_OR_VALUE_EXISTS as e:
+ logger.exception('Failed to add ssh key')
+ messages.error(
+ req,
+ _('Error saving ssh key. [req id: {id}]').format(
+ id=req.id))
else:
- messages.error(req, _('Invalid public key.'))
+ # Pull the error message out of the form's errors
+ messages.error(req, form.errors['public_key'][0])
return shortcuts.redirect(urlresolvers.reverse('profile:ssh_keys'))
--
To view, visit https://gerrit.wikimedia.org/r/364139
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I2e229ac11a15fa60587f026e203cf725ed9bffcd
Gerrit-PatchSet: 1
Gerrit-Project: labs/striker
Gerrit-Branch: master
Gerrit-Owner: BryanDavis <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
