Merge pull request #551 from grycap/devel

Devel

app/__init__.py

@@ -1432,7 +1432,7 @@ def write_ssh_key():
 
         key = request.form['sshkey']
         desc = request.form['desc']
-        if key == "" or str(SSHKey.check_ssh_key(key.encode())) != "0":
+        if key == "" or not SSHKey.check_ssh_key(key):
             flash("Invaild SSH public key. Please insert a correct one.", 'warning')
             return redirect(url_for('get_ssh_keys'))
 

app/ssh_key.py

@@ -19,9 +19,7 @@
 # specific language governing permissions and limitations
 # under the License.
 """Class to manage user SSH key using a DB backend."""
-import base64
-import binascii
-import struct
+import paramiko
 from app.db import DataBase
 
 
@@ -78,33 +76,8 @@ def delete_ssh_key(self, userid, keyid):
 
     @staticmethod
     def check_ssh_key(key):
-        # credits to: https://gist.github.com/piyushbansal/5243418
-
-        array = key.split()
-
-        # Each rsa-ssh key has 2 or 3 different strings in it, first one being
-        # typeofkey second one being keystring third one being username (optional).
-        if len(array) not in [2, 3]:
-            return 1
-
-        typeofkey = array[0]
-        string = array[1]
-
-        # must have only valid rsa-ssh key characters ie binascii characters
         try:
-            data = base64.decodebytes(string)
-        except binascii.Error:
-            return 1
-
-        a = 4
-        # unpack the contents of data, from data[:4] , it must be equal to 7 , property of ssh key .
-        try:
-            str_len = struct.unpack('>I', data[:a])[0]
-        except struct.error:
-            return 1
-
-        # data[4:11] must have string which matches with the typeofkey , another ssh key property.
-        if data[a:a + str_len] == typeofkey and int(str_len) == int(7):
-            return 0
-        else:
-            return 1
+            paramiko.PublicBlob.from_string(key)
+        except Exception:
+            return False
+        return True

app/templates/modal_creds.html

@@ -40,10 +40,11 @@
       <input name="type" type="hidden" value="{{ cred_type }}"/>
       <div class="row form-group">
         <div class="col">
+          <small id="passwordHelpBlock" class="form-text text-muted">
+            Unique ID in your credentials (free-form e.g. SITE_NAME-VO_NAME).
+          </small>
         <input placeholder="ID" name="id" class="col-sm-12 form-control my-1" pattern="[a-zA-Z_.][\w\d_.-]*" type="text" id="id" value="{{ cred_id if cred_id else '' }}" required {{ 'readonly' if cred_id else '' }}/>
         </div>
-        <div class="col">
-        </div>
       </div>
 {% if cred_type == "EC2" %}
         <div class="row form-group">

app/tests/test_ssh_key.py

@@ -64,9 +64,29 @@ def test_check_ssh_key(self):
                "+ttuEqy3SM2ZBuhD6xrpAUGrr0TrJBJnVVBKL31zFSu6GcDtVyjoYGJhM/vU9VuBrUHO+qYIrcGP7VaPSOgTSj7V3OLD7pp8kYmFP"
                "vLKleDSI/eiKO0nH/J6W2mGa1J6FDFaIIsLIyERdgakjvrkecfv/YfqPWkUGp1xnzNugkOug1ZMQHfuSs7Ag+kVP3TDPQoAo8u2Yy"
                "EwbLK/vVSFlTe5eaotfCmiltVu3UaPYM8QylCCTW7QCncE= micafer")
-        res = SSHKey.check_ssh_key(key.encode())
-        self.assertFalse(res)
+        res = SSHKey.check_ssh_key(key)
+        self.assertTrue(res)
 
-        key = "ssh-rsa AAAAB3NzaC1yc2EAAAADA..."
-        res = SSHKey.check_ssh_key(key.encode())
+        key = ("ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBGTCowf1QVu0fi73aFWfsSnYixGeO6"
+               "03FxkmUtDAuBop2kNnjupKyf7QNSw6D8HJmWGjaeGUUhmL2r3PltoLjMA= micafer@some")
+        res = SSHKey.check_ssh_key(key)
+        self.assertTrue(res)
+
+        key = ("ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBC4bNaGHkWJW6xoQUmbpJaNzsVz22xsBYwAEBQkaL2A"
+               " micafer@DESKTOP-6VOC4C3")
+        res = SSHKey.check_ssh_key(key)
         self.assertTrue(res)
+
+        key = ("ssh-dss AAAAB3NzaC1kc3MAAACBAIUsxgWjdFpzAG8QJtg1ogDrWgkLXRNA+eXeB5Xq/9Z/NaJ2ZZFGpkgtyvJRInc0E+4RcetAk"
+               "5zRYNpefw2WRaxXtdyprpcch8O3InpatpSH9L3sIF8FnJLmX+s4V2PlanGFDBA8IvNfrV4IQvD3PoTi4OqlwJTuSMtOXTJ3NrRFA"
+               "AAAFQDh/v0Jma1BSBFTi4+wKfa7nhh06QAAAIAxcPrc+PomR9u+P9hIOoz8vpsqZ+V5V1Caev+Oiq/JyI4iRg0Hig5br47c6Ckb1"
+               "DupqgQAD9cJGQ8Fo7RCmNpdvcOmUxTCN3GDWrceCjv/d+ce1hDVPKlleQ5RNAbJr0/MULswhJb5wHq1aoHm/fnXgtAwwBMgZe+Z3r"
+               "uggLt7YgAAAIAfPpAYiobeANSlTgS/tDM9nYCjXENBOcpAwXtN9qMCYxf+DCygz6Jr6CCmxrcVPTHbMq6Pjn4gKiGYnQDoulctW9z"
+               "OWiX3SMc30N/ipkpPjau/ZJiQ2xXPLMfH+SYlYH9O7Mh8TLfKuf9Ketp2LUWRIGyzR2SkNYM/cw3X91Tbxw=="
+               " micafer@DESKTOP-6VOC4C3")
+        res = SSHKey.check_ssh_key(key)
+        self.assertTrue(res)
+
+        key = "ssh-rsa AAAAB3NzaC1yc2EAAAADA..."
+        res = SSHKey.check_ssh_key(key)
+        self.assertFalse(res)

requirements.txt

@@ -15,3 +15,4 @@ tosca-parser==2.10.0
 mysqlclient==2.2.4
 lxml==4.9.3
 defusedxml==0.7.1
+paramiko==3.4.0

sites.json

@@ -55,7 +55,8 @@
             "eosc-synergy.eu": "ddf0c468c8af4e0bbb9808bfc0288381",
             "worsica.vo.incd.pt": "a53ca78c534046e5b13f4537ae698411",
             "vo.imagine-ai.eu": "009f77df459b4a6389910e0fb20ddcaf",
-            "vo.ai4eosc.eu": "c61c1bb323414a248cb142eb6183d4b2"
+            "vo.ai4eosc.eu": "c61c1bb323414a248cb142eb6183d4b2",
+            "cloud.egi.eu": "6b042927bcfa466cb9eb56d3ea679987"
         }
     },
     {