mirror of
https://gitlab.archlinux.org/archlinux/aurweb.git
synced 2025-02-03 10:43:03 +01:00
4c14a10b91
There was one blazing issue with the previous implementation regardless of the multiple records: we were generating fingerprints by storing the key into a file and reading it with ssh-keygen. This is absolutely terrible and was not meant to be left around (it was forgotten, my bad). Took this opportunity to clean up a few things: - simplify pubkey validation - centralize things a bit better Signed-off-by: Kevin Morris <kevr@0cost.org>
28 lines
848 B
Python
28 lines
848 B
Python
from subprocess import PIPE, Popen
|
|
|
|
from sqlalchemy.orm import backref, relationship
|
|
|
|
from aurweb import schema
|
|
from aurweb.models.declarative import Base
|
|
|
|
|
|
class SSHPubKey(Base):
|
|
__table__ = schema.SSHPubKeys
|
|
__tablename__ = __table__.name
|
|
__mapper_args__ = {"primary_key": [__table__.c.Fingerprint]}
|
|
|
|
User = relationship(
|
|
"User", backref=backref("ssh_pub_keys", lazy="dynamic"),
|
|
foreign_keys=[__table__.c.UserID])
|
|
|
|
def __init__(self, **kwargs):
|
|
super().__init__(**kwargs)
|
|
|
|
|
|
def get_fingerprint(pubkey: str) -> str:
|
|
proc = Popen(["ssh-keygen", "-l", "-f", "-"], stdin=PIPE, stdout=PIPE,
|
|
stderr=PIPE)
|
|
out, _ = proc.communicate(pubkey.encode())
|
|
if proc.returncode:
|
|
raise ValueError("The SSH public key is invalid.")
|
|
return out.decode().split()[1].split(":", 1)[1]
|