external/aurweb
0
0
Fork 0
mirror of https://gitlab.archlinux.org/archlinux/aurweb.git synced 2025-02-03 10:43:03 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

fix: same ssh key entered multiple times

Browse source 
Users might accidentally past their ssh key multiple times
when they try to register or edit their account.

Convert our of list of keys to a set, removing any double keys.

Signed-off-by: moson <moson@archlinux.org>
This commit is contained in:
moson 2023-07-09 14:52:15 +02:00
parent 225ce23761
commit 5ccfa7c0fd
No known key found for this signature in database
GPG key ID: 4A4760AB4EE15296
2 changed files with 27 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
aurweb/util.py
View file

@ -192,9 +192,9 @@ def parse_ssh_key(string: str) -> Tuple[str, str]:
return prefix, key return prefix, key
def parse_ssh_keys(string: str) -> list[Tuple[str, str]]: def parse_ssh_keys(string: str) -> set[Tuple[str, str]]:
"""Parse a list of SSH public keys.""" """Parse a list of SSH public keys."""
return [parse_ssh_key(e) for e in string.strip().splitlines(True) if e.strip()] return set([parse_ssh_key(e) for e in string.strip().splitlines(True) if e.strip()])
def shell_exec(cmdline: str, cwd: str) -> Tuple[int, str, str]: def shell_exec(cmdline: str, cwd: str) -> Tuple[int, str, str]:

25
test/test_accounts_routes.py
View file

@ -644,6 +644,18 @@ def test_post_register_with_ssh_pubkey(client: TestClient):
assert response.status_code == int(HTTPStatus.OK) assert response.status_code == int(HTTPStatus.OK)
# Let's create another user accidentally pasting their key twice
with db.begin():
db.query(SSHPubKey).delete()
pk_double = pk + "\n" + pk
with client as request:
response = post_register(
request, U="doubleKey", E="doubleKey@email.org", PK=pk_double
)
assert response.status_code == int(HTTPStatus.OK)
def test_get_account_edit_tu_as_tu(client: TestClient, tu_user: User): def test_get_account_edit_tu_as_tu(client: TestClient, tu_user: User):
"""Test edit get route of another TU as a TU.""" """Test edit get route of another TU as a TU."""
@ -1082,6 +1094,19 @@ def test_post_account_edit_ssh_pub_key(client: TestClient, user: User):
assert response.status_code == int(HTTPStatus.OK) assert response.status_code == int(HTTPStatus.OK)
# Accidentally enter the same key twice
pk = make_ssh_pubkey()
post_data["PK"] = pk + "\n" + pk
with client as request:
request.cookies = {"AURSID": sid}
response = request.post(
"/account/test/edit",
data=post_data,
)
assert response.status_code == int(HTTPStatus.OK)
def test_post_account_edit_missing_ssh_pubkey(client: TestClient, user: User): def test_post_account_edit_missing_ssh_pubkey(client: TestClient, user: User):
request = Request() request = Request()