From c6b23f6aa0dcacb6e0f3b75ada4bcc12f7c25924 Mon Sep 17 00:00:00 2001
From: PCoder <purple.coder@yahoo.co.uk>
Date: Fri, 4 Aug 2017 20:54:28 +0530
Subject: [PATCH 1/2] Added get_object method to verify if the user is the
 owner of the ssh key

---
 hosting/views.py | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/hosting/views.py b/hosting/views.py
index 19ec5b2a..33477b50 100644
--- a/hosting/views.py
+++ b/hosting/views.py
@@ -342,6 +342,13 @@ class SSHKeyDeleteView(LoginRequiredMixin, DeleteView):
     success_url = reverse_lazy('hosting:ssh_keys')
     model = UserHostingKey
 
+    def get_object(self, queryset=None):
+        """ Hook to ensure object is owned by request.user. """
+        obj = super(SSHKeyDeleteView, self).get_object()
+        if not obj.owner == self.request.user:
+            raise Http404
+        return obj
+
     def delete(self, request, *args, **kwargs):
         owner = self.request.user
         manager = OpenNebulaManager()

From d85afd56e083c1da1a30001338fccb3343af5fd2 Mon Sep 17 00:00:00 2001
From: "M.Ravi" <mondi.ravi@gmail.com>
Date: Fri, 4 Aug 2017 17:49:35 +0200
Subject: [PATCH 2/2] Fixed an issue

   - Changed owner -> user
   - Reformatted code
---
 hosting/views.py | 14 ++++++++------
 1 file changed, 8 insertions(+), 6 deletions(-)

diff --git a/hosting/views.py b/hosting/views.py
index 33477b50..f5fbd0a7 100644
--- a/hosting/views.py
+++ b/hosting/views.py
@@ -210,9 +210,9 @@ class SignupValidateView(TemplateView):
     def get_context_data(self, **kwargs):
         context = super(SignupValidateView, self).get_context_data(**kwargs)
         login_url = '<a href="' + \
-            reverse('hosting:login') + '">' + str(_('login')) + '</a>'
+                    reverse('hosting:login') + '">' + str(_('login')) + '</a>'
         home_url = '<a href="' + \
-            reverse('datacenterlight:index') + '">Data Center Light</a>'
+                   reverse('datacenterlight:index') + '">Data Center Light</a>'
         message = '{signup_success_message} {lurl}</a> \
                  <br />{go_back} {hurl}.'.format(
             signup_success_message=_(
@@ -234,7 +234,7 @@ class SignupValidatedView(SignupValidateView):
         context = super(SignupValidateView, self).get_context_data(**kwargs)
         validated = CustomUser.validate_url(self.kwargs['validate_slug'])
         login_url = '<a href="' + \
-            reverse('hosting:login') + '">' + str(_('login')) + '</a>'
+                    reverse('hosting:login') + '">' + str(_('login')) + '</a>'
         section_title = _('Account activation')
         if validated:
             message = '{account_activation_string} <br /> {login_string} {lurl}.'.format(
@@ -244,7 +244,7 @@ class SignupValidatedView(SignupValidateView):
                 lurl=login_url)
         else:
             home_url = '<a href="' + \
-                reverse('datacenterlight:index') + '">Data Center Light</a>'
+                       reverse('datacenterlight:index') + '">Data Center Light</a>'
             message = '{sorry_message} <br />{go_back_to} {hurl}'.format(
                 sorry_message=_("Sorry. Your request is invalid."),
                 go_back_to=_('Go back to'),
@@ -343,9 +343,11 @@ class SSHKeyDeleteView(LoginRequiredMixin, DeleteView):
     model = UserHostingKey
 
     def get_object(self, queryset=None):
-        """ Hook to ensure object is owned by request.user. """
+        """ Hook to ensure UserHostingKey object is owned by request.user.
+            We reply with a Http404 if the user is not the owner of the key.
+        """
         obj = super(SSHKeyDeleteView, self).get_object()
-        if not obj.owner == self.request.user:
+        if not obj.user == self.request.user:
             raise Http404
         return obj