##// END OF EJS Templates
ssh: added ssh key management into my account.
marcink -
r2044:384b6b2d default
parent child Browse files
Show More
@@ -0,0 +1,160 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2010-2017 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import pytest
22
23 from rhodecode.model.db import User, UserSshKeys
24
25 from rhodecode.tests import TestController, assert_session_flash
26 from rhodecode.tests.fixture import Fixture
27
28 fixture = Fixture()
29
30
31 def route_path(name, params=None, **kwargs):
32 import urllib
33 from rhodecode.apps._base import ADMIN_PREFIX
34
35 base_url = {
36 'my_account_ssh_keys':
37 ADMIN_PREFIX + '/my_account/ssh_keys',
38 'my_account_ssh_keys_generate':
39 ADMIN_PREFIX + '/my_account/ssh_keys/generate',
40 'my_account_ssh_keys_add':
41 ADMIN_PREFIX + '/my_account/ssh_keys/new',
42 'my_account_ssh_keys_delete':
43 ADMIN_PREFIX + '/my_account/ssh_keys/delete',
44 }[name].format(**kwargs)
45
46 if params:
47 base_url = '{}?{}'.format(base_url, urllib.urlencode(params))
48 return base_url
49
50
51 class TestMyAccountSshKeysView(TestController):
52 INVALID_KEY = """\
53 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk+77sjDzVeB6vevJsuZds1iNU5
54 LANOa5CU5G/9JYIA6RYsWWMO7mbsR82IUckdqOHmxSykfR1D1TdluyIpQLrwgH5kb
55 n8FkVI8zBMCKakxowvN67B0R7b1BT4PPzW2JlOXei/m9W12ZY484VTow6/B+kf2Q8
56 cP8tmCJmKWZma5Em7OTUhvjyQVNz3v7HfeY5Hq0Ci4ECJ59hepFDabJvtAXg9XrI6
57 jvdphZTc30I4fG8+hBHzpeFxUGvSGNtXPUbwaAY8j/oHYrTpMgkj6pUEFsiKfC5zP
58 qPFR5HyKTCHW0nFUJnZsbyFT5hMiF/hZkJc9A0ZbdSvJwCRQ/g3bmdL
59 your_email@example.com
60 """
61 VALID_KEY = 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDk+77sjDzVeB6vev' \
62 'JsuZds1iNU5LANOa5CU5G/9JYIA6RYsWWMO7mbsR82IUckdqOHmxSy' \
63 'kfR1D1TdluyIpQLrwgH5kbn8FkVI8zBMCKakxowvN67B0R7b1BT4PP' \
64 'zW2JlOXei/m9W12ZY484VTow6/B+kf2Q8cP8tmCJmKWZma5Em7OTUh' \
65 'vjyQVNz3v7HfeY5Hq0Ci4ECJ59hepFDabJvtAXg9XrI6jvdphZTc30' \
66 'I4fG8+hBHzpeFxUGvSGNtXPUbwaAY8j/oHYrTpMgkj6pUEFsiKfC5zPq' \
67 'PFR5HyKTCHW0nFUJnZsbyFT5hMiF/hZkJc9A0ZbdSvJwCRQ/g3bmdL ' \
68 'your_email@example.com'
69
70 def test_add_ssh_key_error(self, user_util):
71 user = user_util.create_user(password='qweqwe')
72 self.log_user(user.username, 'qweqwe')
73
74 key_data = self.INVALID_KEY
75
76 desc = 'MY SSH KEY'
77 response = self.app.post(
78 route_path('my_account_ssh_keys_add'),
79 {'description': desc, 'key_data': key_data,
80 'csrf_token': self.csrf_token})
81 assert_session_flash(response, 'An error occurred during ssh '
82 'key saving: Unable to decode the key')
83
84 def test_ssh_key_duplicate(self, user_util):
85 user = user_util.create_user(password='qweqwe')
86 self.log_user(user.username, 'qweqwe')
87 key_data = self.VALID_KEY
88
89 desc = 'MY SSH KEY'
90 response = self.app.post(
91 route_path('my_account_ssh_keys_add'),
92 {'description': desc, 'key_data': key_data,
93 'csrf_token': self.csrf_token})
94 assert_session_flash(response, 'Ssh Key successfully created')
95 response.follow() # flush session flash
96
97 # add the same key AGAIN
98 desc = 'MY SSH KEY'
99 response = self.app.post(
100 route_path('my_account_ssh_keys_add'),
101 {'description': desc, 'key_data': key_data,
102 'csrf_token': self.csrf_token})
103 assert_session_flash(response, 'An error occurred during ssh key '
104 'saving: Such key already exists, '
105 'please use a different one')
106
107 def test_add_ssh_key(self, user_util):
108 user = user_util.create_user(password='qweqwe')
109 self.log_user(user.username, 'qweqwe')
110
111 key_data = self.VALID_KEY
112
113 desc = 'MY SSH KEY'
114 response = self.app.post(
115 route_path('my_account_ssh_keys_add'),
116 {'description': desc, 'key_data': key_data,
117 'csrf_token': self.csrf_token})
118 assert_session_flash(response, 'Ssh Key successfully created')
119
120 response = response.follow()
121 response.mustcontain(desc)
122
123 def test_delete_ssh_key(self, user_util):
124 user = user_util.create_user(password='qweqwe')
125 user_id = user.user_id
126 self.log_user(user.username, 'qweqwe')
127
128 key_data = self.VALID_KEY
129
130 desc = 'MY SSH KEY'
131 response = self.app.post(
132 route_path('my_account_ssh_keys_add'),
133 {'description': desc, 'key_data': key_data,
134 'csrf_token': self.csrf_token})
135 assert_session_flash(response, 'Ssh Key successfully created')
136 response = response.follow() # flush the Session flash
137
138 # now delete our key
139 keys = UserSshKeys.query().filter(UserSshKeys.user_id == user_id).all()
140 assert 1 == len(keys)
141
142 response = self.app.post(
143 route_path('my_account_ssh_keys_delete'),
144 {'del_ssh_key': keys[0].ssh_key_id,
145 'csrf_token': self.csrf_token})
146
147 assert_session_flash(response, 'Ssh key successfully deleted')
148 keys = UserSshKeys.query().filter(UserSshKeys.user_id == user_id).all()
149 assert 0 == len(keys)
150
151 def test_generate_keypair(self, user_util):
152 user = user_util.create_user(password='qweqwe')
153 self.log_user(user.username, 'qweqwe')
154
155 response = self.app.get(
156 route_path('my_account_ssh_keys_generate'))
157
158 response.mustcontain('Private key')
159 response.mustcontain('Public key')
160 response.mustcontain('-----BEGIN RSA PRIVATE KEY-----')
@@ -0,0 +1,151 b''
1 # -*- coding: utf-8 -*-
2
3 # Copyright (C) 2016-2017 RhodeCode GmbH
4 #
5 # This program is free software: you can redistribute it and/or modify
6 # it under the terms of the GNU Affero General Public License, version 3
7 # (only), as published by the Free Software Foundation.
8 #
9 # This program is distributed in the hope that it will be useful,
10 # but WITHOUT ANY WARRANTY; without even the implied warranty of
11 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 # GNU General Public License for more details.
13 #
14 # You should have received a copy of the GNU Affero General Public License
15 # along with this program. If not, see <http://www.gnu.org/licenses/>.
16 #
17 # This program is dual-licensed. If you wish to learn more about the
18 # RhodeCode Enterprise Edition, including its added features, Support services,
19 # and proprietary license terms, please see https://rhodecode.com/licenses/
20
21 import logging
22
23 from pyramid.httpexceptions import HTTPFound
24 from pyramid.view import view_config
25
26 from rhodecode.apps._base import BaseAppView, DataGridAppView
27 from rhodecode.apps.ssh_support import SshKeyFileChangeEvent
28 from rhodecode.events import trigger
29 from rhodecode.lib import helpers as h
30 from rhodecode.lib import audit_logger
31 from rhodecode.lib.auth import LoginRequired, NotAnonymous, CSRFRequired
32 from rhodecode.model.db import IntegrityError, UserSshKeys
33 from rhodecode.model.meta import Session
34 from rhodecode.model.ssh_key import SshKeyModel
35
36 log = logging.getLogger(__name__)
37
38
39 class MyAccountSshKeysView(BaseAppView, DataGridAppView):
40
41 def load_default_context(self):
42 c = self._get_local_tmpl_context()
43 c.user = c.auth_user.get_instance()
44 self._register_global_c(c)
45 return c
46
47 @LoginRequired()
48 @NotAnonymous()
49 @view_config(
50 route_name='my_account_ssh_keys', request_method='GET',
51 renderer='rhodecode:templates/admin/my_account/my_account.mako')
52 def my_account_ssh_keys(self):
53 _ = self.request.translate
54
55 c = self.load_default_context()
56 c.active = 'ssh_keys'
57 c.default_key = self.request.GET.get('default_key')
58 c.user_ssh_keys = SshKeyModel().get_ssh_keys(c.user.user_id)
59 return self._get_template_context(c)
60
61 @LoginRequired()
62 @NotAnonymous()
63 @view_config(
64 route_name='my_account_ssh_keys_generate', request_method='GET',
65 renderer='rhodecode:templates/admin/my_account/my_account.mako')
66 def ssh_keys_generate_keypair(self):
67 _ = self.request.translate
68 c = self.load_default_context()
69
70 c.active = 'ssh_keys_generate'
71 comment = 'RhodeCode-SSH {}'.format(c.user.email or '')
72 c.private, c.public = SshKeyModel().generate_keypair(comment=comment)
73 c.target_form_url = h.route_path(
74 'my_account_ssh_keys', _query=dict(default_key=c.public))
75 return self._get_template_context(c)
76
77 @LoginRequired()
78 @NotAnonymous()
79 @CSRFRequired()
80 @view_config(
81 route_name='my_account_ssh_keys_add', request_method='POST',)
82 def my_account_ssh_keys_add(self):
83 _ = self.request.translate
84 c = self.load_default_context()
85
86 user_data = c.user.get_api_data()
87 key_data = self.request.POST.get('key_data')
88 description = self.request.POST.get('description')
89
90 try:
91 if not key_data:
92 raise ValueError('Please add a valid public key')
93
94 key = SshKeyModel().parse_key(key_data.strip())
95 fingerprint = key.hash_md5()
96
97 ssh_key = SshKeyModel().create(
98 c.user.user_id, fingerprint, key_data, description)
99 ssh_key_data = ssh_key.get_api_data()
100
101 audit_logger.store_web(
102 'user.edit.ssh_key.add', action_data={
103 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
104 user=self._rhodecode_user, )
105 Session().commit()
106
107 # Trigger an event on change of keys.
108 trigger(SshKeyFileChangeEvent(), self.request.registry)
109
110 h.flash(_("Ssh Key successfully created"), category='success')
111
112 except IntegrityError:
113 log.exception("Exception during ssh key saving")
114 h.flash(_('An error occurred during ssh key saving: {}').format(
115 'Such key already exists, please use a different one'),
116 category='error')
117 except Exception as e:
118 log.exception("Exception during ssh key saving")
119 h.flash(_('An error occurred during ssh key saving: {}').format(e),
120 category='error')
121
122 return HTTPFound(h.route_path('my_account_ssh_keys'))
123
124 @LoginRequired()
125 @NotAnonymous()
126 @CSRFRequired()
127 @view_config(
128 route_name='my_account_ssh_keys_delete', request_method='POST')
129 def my_account_ssh_keys_delete(self):
130 _ = self.request.translate
131 c = self.load_default_context()
132
133 user_data = c.user.get_api_data()
134
135 del_ssh_key = self.request.POST.get('del_ssh_key')
136
137 if del_ssh_key:
138 ssh_key = UserSshKeys.get_or_404(del_ssh_key)
139 ssh_key_data = ssh_key.get_api_data()
140
141 SshKeyModel().delete(del_ssh_key, c.user.user_id)
142 audit_logger.store_web(
143 'user.edit.ssh_key.delete', action_data={
144 'data': {'ssh_key': ssh_key_data, 'user': user_data}},
145 user=self._rhodecode_user,)
146 Session().commit()
147 # Trigger an event on change of keys.
148 trigger(SshKeyFileChangeEvent(), self.request.registry)
149 h.flash(_("Ssh key successfully deleted"), category='success')
150
151 return HTTPFound(h.route_path('my_account_ssh_keys'))
@@ -0,0 +1,78 b''
1 <div class="panel panel-default">
2 <div class="panel-heading">
3 <h3 class="panel-title">${_('SSH Keys')}</h3>
4 </div>
5 <div class="panel-body">
6 <div class="sshkeys_wrap">
7 <table class="rctable ssh_keys">
8 <tr>
9 <th>${_('Fingerprint')}</th>
10 <th>${_('Description')}</th>
11 <th>${_('Created')}</th>
12 <th>${_('Action')}</th>
13 </tr>
14 %if c.user_ssh_keys:
15 %for ssh_key in c.user_ssh_keys:
16 <tr class="">
17 <td class="">
18 <code>${ssh_key.ssh_key_fingerprint}</code>
19 </td>
20 <td class="td-wrap">${ssh_key.description}</td>
21 <td class="td-tags">${h.format_date(ssh_key.created_on)}</td>
22
23 <td class="td-action">
24 ${h.secure_form(h.route_path('my_account_ssh_keys_delete'), method='POST', request=request)}
25 ${h.hidden('del_ssh_key', ssh_key.ssh_key_id)}
26 <button class="btn btn-link btn-danger" type="submit"
27 onclick="return confirm('${_('Confirm to remove ssh key %s') % ssh_key.ssh_key_fingerprint}');">
28 ${_('Delete')}
29 </button>
30 ${h.end_form()}
31 </td>
32 </tr>
33 %endfor
34 %else:
35 <tr><td><div class="ip">${_('No additional ssh keys specified')}</div></td></tr>
36 %endif
37 </table>
38 </div>
39
40 <div class="user_ssh_keys">
41 ${h.secure_form(h.route_path('my_account_ssh_keys_add'), method='POST', request=request)}
42 <div class="form form-vertical">
43 <!-- fields -->
44 <div class="fields">
45 <div class="field">
46 <div class="label">
47 <label for="new_email">${_('New ssh key')}:</label>
48 </div>
49 <div class="input">
50 ${h.text('description', class_='medium', placeholder=_('Description'))}
51 <a href="${h.route_path('my_account_ssh_keys_generate')}">${_('Generate random RSA key')}</a>
52 </div>
53 </div>
54
55 <div class="field">
56 <div class="textarea text-area editor">
57 ${h.textarea('key_data',c.default_key, size=30, placeholder=_("Public key, begins with 'ssh-rsa', 'ssh-dss', 'ssh-ed25519', 'ecdsa-sha2-nistp256', 'ecdsa-sha2-nistp384', or 'ecdsa-sha2-nistp521'"))}
58 </div>
59 </div>
60
61 <div class="buttons">
62 ${h.submit('save',_('Add'),class_="btn")}
63 ${h.reset('reset',_('Reset'),class_="btn")}
64 </div>
65 </div>
66 </div>
67 ${h.end_form()}
68 </div>
69 </div>
70 </div>
71
72 <script>
73
74 $(document).ready(function(){
75
76
77 });
78 </script>
@@ -0,0 +1,2 b''
1 ## share the same template, it's very simple
2 <%include file='/admin/users/user_edit_ssh_keys_generate.mako'/> No newline at end of file
@@ -56,6 +56,20 b' def includeme(config):'
56 name='my_account_auth_tokens_delete',
56 name='my_account_auth_tokens_delete',
57 pattern=ADMIN_PREFIX + '/my_account/auth_tokens/delete')
57 pattern=ADMIN_PREFIX + '/my_account/auth_tokens/delete')
58
58
59 # my account ssh keys
60 config.add_route(
61 name='my_account_ssh_keys',
62 pattern=ADMIN_PREFIX + '/my_account/ssh_keys')
63 config.add_route(
64 name='my_account_ssh_keys_generate',
65 pattern=ADMIN_PREFIX + '/my_account/ssh_keys/generate')
66 config.add_route(
67 name='my_account_ssh_keys_add',
68 pattern=ADMIN_PREFIX + '/my_account/ssh_keys/new')
69 config.add_route(
70 name='my_account_ssh_keys_delete',
71 pattern=ADMIN_PREFIX + '/my_account/ssh_keys/delete')
72
59 # my account emails
73 # my account emails
60 config.add_route(
74 config.add_route(
61 name='my_account_emails',
75 name='my_account_emails',
@@ -42,6 +42,7 b' from sqlalchemy.orm import ('
42 relationship, joinedload, class_mapper, validates, aliased)
42 relationship, joinedload, class_mapper, validates, aliased)
43 from sqlalchemy.sql.expression import true
43 from sqlalchemy.sql.expression import true
44 from sqlalchemy.sql.functions import coalesce, count # noqa
44 from sqlalchemy.sql.functions import coalesce, count # noqa
45 from sqlalchemy.exc import IntegrityError # noqa
45 from beaker.cache import cache_region
46 from beaker.cache import cache_region
46 from zope.cachedescriptors.property import Lazy as LazyProperty
47 from zope.cachedescriptors.property import Lazy as LazyProperty
47
48
@@ -221,6 +221,10 b' function registerRCRoutes() {'
221 pyroutes.register('my_account_auth_tokens', '/_admin/my_account/auth_tokens', []);
221 pyroutes.register('my_account_auth_tokens', '/_admin/my_account/auth_tokens', []);
222 pyroutes.register('my_account_auth_tokens_add', '/_admin/my_account/auth_tokens/new', []);
222 pyroutes.register('my_account_auth_tokens_add', '/_admin/my_account/auth_tokens/new', []);
223 pyroutes.register('my_account_auth_tokens_delete', '/_admin/my_account/auth_tokens/delete', []);
223 pyroutes.register('my_account_auth_tokens_delete', '/_admin/my_account/auth_tokens/delete', []);
224 pyroutes.register('my_account_ssh_keys', '/_admin/my_account/ssh_keys', []);
225 pyroutes.register('my_account_ssh_keys_generate', '/_admin/my_account/ssh_keys/generate', []);
226 pyroutes.register('my_account_ssh_keys_add', '/_admin/my_account/ssh_keys/new', []);
227 pyroutes.register('my_account_ssh_keys_delete', '/_admin/my_account/ssh_keys/delete', []);
224 pyroutes.register('my_account_emails', '/_admin/my_account/emails', []);
228 pyroutes.register('my_account_emails', '/_admin/my_account/emails', []);
225 pyroutes.register('my_account_emails_add', '/_admin/my_account/emails/new', []);
229 pyroutes.register('my_account_emails_add', '/_admin/my_account/emails/new', []);
226 pyroutes.register('my_account_emails_delete', '/_admin/my_account/emails/delete', []);
230 pyroutes.register('my_account_emails_delete', '/_admin/my_account/emails/delete', []);
@@ -29,6 +29,7 b''
29 <li class="${'active' if c.active=='profile' or c.active=='profile_edit' else ''}"><a href="${h.route_path('my_account_profile')}">${_('Profile')}</a></li>
29 <li class="${'active' if c.active=='profile' or c.active=='profile_edit' else ''}"><a href="${h.route_path('my_account_profile')}">${_('Profile')}</a></li>
30 <li class="${'active' if c.active=='password' else ''}"><a href="${h.route_path('my_account_password')}">${_('Password')}</a></li>
30 <li class="${'active' if c.active=='password' else ''}"><a href="${h.route_path('my_account_password')}">${_('Password')}</a></li>
31 <li class="${'active' if c.active=='auth_tokens' else ''}"><a href="${h.route_path('my_account_auth_tokens')}">${_('Auth Tokens')}</a></li>
31 <li class="${'active' if c.active=='auth_tokens' else ''}"><a href="${h.route_path('my_account_auth_tokens')}">${_('Auth Tokens')}</a></li>
32 <li class="${'active' if c.active in ['ssh_keys', 'ssh_keys_generate'] else ''}"><a href="${h.route_path('my_account_ssh_keys')}">${_('SSH Keys')}</a></li>
32 ## TODO: Find a better integration of oauth views into navigation.
33 ## TODO: Find a better integration of oauth views into navigation.
33 <% my_account_oauth_url = h.route_path_or_none('my_account_oauth') %>
34 <% my_account_oauth_url = h.route_path_or_none('my_account_oauth') %>
34 % if my_account_oauth_url:
35 % if my_account_oauth_url:
@@ -30,9 +30,12 b' chmod 0600 ~/.ssh/id_rsa_rhodecode_acces'
30
30
31 <input type="text" value="${c.public}" class="large text" size="100"/>
31 <input type="text" value="${c.public}" class="large text" size="100"/>
32 <p>
32 <p>
33 % if hasattr(c, 'target_form_url'):
34 <a href="${c.target_form_url}">${_('Add this generated key')}</a>
35 % else:
33 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Add this generated key')}</a>
36 <a href="${h.route_path('edit_user_ssh_keys', user_id=c.user.user_id, _query=dict(default_key=c.public))}">${_('Add this generated key')}</a>
37 % endif
34 </p>
38 </p>
35
36 </div>
39 </div>
37 </div>
40 </div>
38
41
General Comments 0
You need to be logged in to leave comments. Login now