From e558e979ff481148bb903ca21c7659b7ca43208d Mon Sep 17 00:00:00 2001
From: Kevin Morris <kevr@0cost.org>
Date: Wed, 24 Nov 2021 21:28:49 -0800
Subject: [PATCH] fix(fastapi): check ssh key prefixes against configured
 valid-keytypes

Signed-off-by: Kevin Morris <kevr@0cost.org>
---
 aurweb/util.py | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/aurweb/util.py b/aurweb/util.py
index b95fc6a3..62575c71 100644
--- a/aurweb/util.py
+++ b/aurweb/util.py
@@ -84,9 +84,8 @@ def valid_pgp_fingerprint(fp):
 
 
 def valid_ssh_pubkey(pk):
-    valid_prefixes = ("ssh-rsa", "ecdsa-sha2-nistp256",
-                      "ecdsa-sha2-nistp384", "ecdsa-sha2-nistp521",
-                      "ssh-ed25519")
+    valid_prefixes = aurweb.config.get("auth", "valid-keytypes")
+    valid_prefixes = set(valid_prefixes.split(" "))
 
     has_valid_prefix = False
     for prefix in valid_prefixes: