From 63cbb9bae653dae09fbed92c50b4d2e0fe8f1798 Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Sep 25 2015 23:34:04 +0000 Subject: Regenerate user key files Signed-off-by: Patrick Uiterwijk --- diff --git a/pagure/__init__.py b/pagure/__init__.py index d3878c6..41fb351 100644 --- a/pagure/__init__.py +++ b/pagure/__init__.py @@ -48,6 +48,7 @@ if 'PAGURE_CONFIG' in os.environ: import pagure.lib +import pagure.lib.git import pagure.mail_logging import pagure.doc_utils import pagure.forms @@ -160,39 +161,16 @@ def is_repo_admin(repo_obj): ) or (user in usergrps) -def generate_authorized_key_file(): # pragma: no cover - """ Regenerate the `authorized_keys` file used by gitolite. +def generate_user_key_files(): + """ Regenerate the key files used by gitolite. """ gitolite_home = APP.config.get('GITOLITE_HOME', None) if gitolite_home: users = pagure.lib.search_user(SESSION) - - authorized_file = os.path.join( - gitolite_home, '.ssh', 'authorized_keys') - with open(authorized_file, 'w') as stream: - stream.write('# gitolite start\n') - gitolite_version = APP.config.get('GITOLITE_VERSION', 3) - for user in users: - if not user.public_ssh_key: - continue - if gitolite_version == 2: - row = 'command="/usr/bin/gl-auth-command %s",' \ - 'no-port-forwarding,no-X11-forwarding,'\ - 'no-agent-forwarding,no-pty %s' % ( - user.user, user.public_ssh_key.strip()) - elif gitolite_version == 3: - row = 'command="HOME=%s '\ - '/usr/share/gitolite3/gitolite-shell %s",' \ - 'no-port-forwarding,no-X11-forwarding,'\ - 'no-agent-forwarding,no-pty %s' % ( - gitolite_home, user.user, - user.public_ssh_key.strip()) - else: - raise pagure.exceptions.PagureException( - 'Non-supported gitolite version "%s"' % - gitolite_version) - stream.write(row.encode('utf-8') + '\n') - stream.write('# gitolite end\n') + for user in users: + pagure.lib.update_user_ssh(SESSION, user, user.public_ssh_key, + APP.config.get('GITOLITE_KEYDIR', None)) + pagure.lib.git.generate_gitolite_acls() def cla_required(function): diff --git a/pagure/templates/admin_index.html b/pagure/templates/admin_index.html index e445eb3..3fd5302 100644 --- a/pagure/templates/admin_index.html +++ b/pagure/templates/admin_index.html @@ -19,7 +19,7 @@
  • + value="Re-generate user ssh key files"> {{ form.csrf_token }}
    • diff --git a/pagure/ui/admin.py b/pagure/ui/admin.py index f9ebb02..2588f5b 100644 --- a/pagure/ui/admin.py +++ b/pagure/ui/admin.py @@ -17,7 +17,7 @@ import pagure.exceptions import pagure.forms import pagure.lib import pagure.lib.git -from pagure import (APP, SESSION, +from pagure import (APP, SESSION, generate_user_key_files, is_admin, admin_session_timedout) # pylint: disable=E1101 @@ -73,12 +73,13 @@ def admin_generate_acl(): @APP.route('/admin/ssh', methods=['POST']) @admin_required def admin_refresh_ssh(): - """ Regenerate the gitolite ACL file. """ + """ Regenerate the user key files. """ form = pagure.forms.ConfirmationForm() if form.validate_on_submit(): try: - generate_authorized_key_file() - flask.flash('Authorized file updated') + generate_user_key_files() + pagure.lib.git.generate_gitolite_acls() + flask.flash('User key files regenerated') except pagure.exceptions.PagureException, err: flask.flash(str(err), 'error') return flask.redirect(flask.url_for('admin_index')) diff --git a/pagure/ui/app.py b/pagure/ui/app.py index 0de7c7c..74604d6 100644 --- a/pagure/ui/app.py +++ b/pagure/ui/app.py @@ -399,8 +399,6 @@ def user_settings(): ssh_key=ssh_key, keydir=APP.config.get('GITOLITE_KEYDIR', None), ) - if message != 'Nothing to update': - generate_authorized_key_file() SESSION.commit() flask.flash(message) return flask.redirect( diff --git a/tests/test_progit_flask_ui_admin.py b/tests/test_progit_flask_ui_admin.py index f177e0e..0057be0 100644 --- a/tests/test_progit_flask_ui_admin.py +++ b/tests/test_progit_flask_ui_admin.py @@ -72,7 +72,7 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) @patch('pagure.lib.git.write_gitolite_acls') def test_admin_generate_acl(self, wga): @@ -101,7 +101,7 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) self.assertFalse( '
  • Gitolite ACLs updated
    • ' in output.data) @@ -116,12 +116,12 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) self.assertTrue( '
  • Gitolite ACLs updated
    • ' in output.data) - @patch('pagure.generate_authorized_key_file') + @patch('pagure.generate_user_key_files') def test_admin_refresh_ssh(self, gakf): """ Test the admin_refresh_ssh endpoint. """ gakf.return_value = True @@ -148,7 +148,7 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) self.assertFalse( '
  • Authorized file updated
    • ' in output.data) @@ -163,9 +163,9 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) self.assertTrue( - '
  • Authorized file updated
    • ' + '
  • User key files regenerated
    • ' in output.data) def test_admin_generate_hook_token(self): @@ -193,7 +193,7 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) self.assertTrue( 'Re-generate hook-token for every projects' in output.data) @@ -207,7 +207,7 @@ class PagureFlaskAdmintests(tests.Modeltests): self.assertTrue('

    Admin section

    ' in output.data) self.assertTrue('Re-generate gitolite ACLs file' in output.data) self.assertTrue( - 'Re-generate ssh authorized_key file' in output.data) + 'Re-generate user ssh key files' in output.data) self.assertTrue( 'Re-generate hook-token for every projects' in output.data) self.assertTrue(