VladPolskiy/postgres-web
1
0
Fork 0
mirror of https://github.com/postgres/pgweb.git synced 2025-08-13 13:12:42 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add ability for cauth sites to download ssh public keys

Browse Source 
This removes the last need to directly access the upstream database
(from the git server), so remove that view as well.
This commit is contained in:
Magnus Hagander
2017-12-10 17:23:03 +01:00
parent 6df2043e4d
commit e37ee54d25
4 changed files with 30 additions and 52 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
pgweb/account/views.py
View File

@ -509,6 +509,19 @@ def communityauth_logout(request, siteid):
# Redirect user back to the specified suburl
return HttpResponseRedirect("%s?s=logout" % site.redirecturl)
def _encrypt_site_response(site, s):
# Encrypt it with the shared key (and IV!)
r = Random.new()
iv = r.read(16) # Always 16 bytes for AES
encryptor = AES.new(base64.b64decode(site.cryptkey), AES.MODE_CBC, iv)
cipher = encryptor.encrypt(s + ' ' * (16-(len(s) % 16))) #Pad to even 16 bytes
# Base64-encode the response, just to be consistent
return "%s&%s" % (
base64.b64encode(iv, '-_'),
base64.b64encode(cipher, '-_'),
)
def communityauth_search(request, siteid):
# Perform a search for users. The response will be encrypted with the site
# key to prevent abuse, therefor we need the site.
@ -531,14 +544,20 @@ def communityauth_search(request, siteid):
j = json.dumps([{'u': u.username, 'e': u.email, 'f': u.first_name, 'l': u.last_name} for u in users])
# Encrypt it with the shared key (and IV!)
r = Random.new()
iv = r.read(16) # Always 16 bytes for AES
encryptor = AES.new(base64.b64decode(site.cryptkey), AES.MODE_CBC, iv)
cipher = encryptor.encrypt(j + ' ' * (16-(len(j) % 16))) #Pad to even 16 bytes
return HttpResponse(_encrypt_site_response(site, j))
def communityauth_getkeys(request, siteid, since=None):
# Get any updated ssh keys for community accounts.
# The response will be encrypted with the site key to prevent abuse,
# therefor we need the site.
site = get_object_or_404(CommunityAuthSite, pk=siteid)
if since:
keys = UserProfile.objects.select_related('user').filter(lastmodified__gte=datetime.fromtimestamp(int(since.replace('/', '')))).exclude(sshkey='')
else:
keys = UserProfile.objects.select_related('user').all().exclude(sshkey='')
j = json.dumps([{'u': k.user.username, 's': k.sshkey} for k in keys])
return HttpResponse(_encrypt_site_response(site, j))
# Base64-encode the response, just to be consistent
return HttpResponse("%s&%s" % (
base64.b64encode(iv, '-_'),
base64.b64encode(cipher, '-_'),
))