external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: support multiple SSHPubKey records per user

Browse source 
There was one blazing issue with the previous implementation regardless
of the multiple records: we were generating fingerprints by storing
the key into a file and reading it with ssh-keygen. This is absolutely
terrible and was not meant to be left around (it was forgotten, my bad).

Took this opportunity to clean up a few things:
- simplify pubkey validation
- centralize things a bit better

Signed-off-by: Kevin Morris <kevr@0cost.org>
This commit is contained in:
Kevin Morris 2022-02-08 07:50:15 -08:00
parent 660d57340a
commit 4c14a10b91
No known key found for this signature in database
GPG key ID: F7E46DED420788F3
11 changed files with 162 additions and 108 deletions
Download patch file Download diff file Expand all files Collapse all files

10
test/test_ssh_pub_key.py
View file

@ -1,3 +1,5 @@
from subprocess import PIPE, Popen
import pytest
from aurweb import db
@ -61,8 +63,12 @@ def test_pubkey_cs(user: User):
def test_pubkey_fingerprint():
assert get_fingerprint(TEST_SSH_PUBKEY) is not None
proc = Popen(["ssh-keygen", "-l", "-f", "-"], stdin=PIPE, stdout=PIPE)
out, _ = proc.communicate(TEST_SSH_PUBKEY.encode())
expected = out.decode().split()[1].split(":", 1)[1]
assert get_fingerprint(TEST_SSH_PUBKEY) == expected
def test_pubkey_invalid_fingerprint():
assert get_fingerprint("ssh-rsa fake and invalid") is None
with pytest.raises(ValueError):
get_fingerprint("invalid-prefix some-fake-content")