Validating ssh public keys using sshpubkeys

2017-09-07 00:31:09 +02:00 · 2017-09-07 00:31:09 +02:00 · cf6bd8a7c1
commit cf6bd8a7c1
parent dc6fa5428e
3 changed files with 21 additions and 15 deletions
--- a/hosting/forms.py
+++ b/hosting/forms.py
@ -6,6 +6,8 @@ import struct
 from django import forms
 from django.contrib.auth import authenticate
 from django.utils.translation import ugettext_lazy as _
 from sshpubkeys import SSHKey
 from sshpubkeys.exceptions import InvalidKeyException
 from membership.models import CustomUser
 from .models import UserHostingKey
@ -89,28 +91,25 @@ class UserHostingKeyForm(forms.ModelForm):
    def clean_public_key(self):
        """
-        A simple validation of ssh public key
+        A function that validates a public ssh key using sshpubkeys module
        See https://www.ietf.org/rfc/rfc4716.txt
        :return:
        """
        if 'generate' in self.request.POST:
            return self.data.get('public_key')
        KEY_ERROR_MESSAGE = _("Please input a proper SSH key")
-        openssh_pubkey = self.data.get('public_key')
+        openssh_pubkey_str = self.data.get('public_key')
-        data = None
+        ssh_key = SSHKey(openssh_pubkey_str)
        try:
-            key_type, key_string, comment = openssh_pubkey.split()
+            ssh_key.parse()
-            data = base64.decodebytes(key_string.encode('utf-8'))
+        except InvalidKeyException as err:
-        except Exception as e:
+            logger.error(
-            logger.error("Exception while decoding ssh key {}".format(e))
+                "InvalidKeyException while parsing ssh key {0}".format(err))
            raise forms.ValidationError(KEY_ERROR_MESSAGE)
-        int_len = 4
+        except NotImplementedError as err:
-        str_len = struct.unpack('>I', data[:int_len])[0]
+            logger.error(
-        if str_len != 7:
+                "NotImplementedError while parsing ssh key {0}".format(err))
            raise forms.ValidationError(KEY_ERROR_MESSAGE)
-        if data[int_len:int_len + str_len] != key_type.encode('utf-8'):
+        return openssh_pubkey_str
            raise forms.ValidationError(KEY_ERROR_MESSAGE)
        return openssh_pubkey
    def clean_name(self):
        return self.data.get('name')
--- a/hosting/locale/de/LC_MESSAGES/django.po
+++ b/hosting/locale/de/LC_MESSAGES/django.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: PACKAGE VERSION\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2017-09-02 03:08+0530\n"
+"POT-Creation-Date: 2017-09-06 22:27+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -24,6 +24,9 @@ msgstr "Dein Benutzername und/oder Dein Passwort ist falsch."
 msgid "Your account is not activated yet."
 msgstr "Dein Account wurde noch nicht aktiviert."
 msgid "User does not exist"
 msgstr ""
 msgid "Paste here your public key"
 msgstr "Füge deinen Public Key ein"
@ -33,6 +36,9 @@ msgstr "Gebe deinem SSH-Key einen Name"
 msgid "Key name"
 msgstr "Key-Name"
 msgid "Please input a proper SSH key"
 msgstr ""
 msgid "My Virtual Machines"
 msgstr "Meine virtuellen Maschinen"
--- a/requirements.txt
+++ b/requirements.txt
@ -97,3 +97,4 @@ billiard==3.5.0.3
 amqp==2.2.1
 vine==1.1.4
 git+https://github.com/ungleich/cdist.git#egg=cdist
 sshpubkeys