[Fusionforge-commits] r15712 - in trunk/src: . common common/account common/account/actions common/include db plugins/scmcvs/cronjobs www/account

Franck VILLAUME nerville at fusionforge.org
Sun Jun 10 20:00:51 CEST 2012


Author: nerville
Date: 2012-06-10 20:00:51 +0200 (Sun, 10 Jun 2012)
New Revision: 15712

Added:
   trunk/src/common/account/
   trunk/src/common/account/actions/
   trunk/src/common/account/actions/addsshkey.php
   trunk/src/common/account/actions/deletesshkey.php
   trunk/src/db/20120610-create-sshkeys.sql
   trunk/src/db/20120610-migrate-sshkeys.php
Modified:
   trunk/src/CHANGES
   trunk/src/common/include/User.class.php
   trunk/src/common/include/account.php
   trunk/src/plugins/scmcvs/cronjobs/ssh_create.php
   trunk/src/www/account/editsshkeys.php
   trunk/src/www/account/index.php
Log:
rewrite ssh keys management offering more informations

Modified: trunk/src/CHANGES
===================================================================
--- trunk/src/CHANGES	2012-06-10 16:47:40 UTC (rev 15711)
+++ trunk/src/CHANGES	2012-06-10 18:00:51 UTC (rev 15712)
@@ -8,6 +8,8 @@
 * scmhg: merge patch from Denise Patzker: add http support, online browse, stats (TrivialDev)
 * Docman: Files moves to filesystem using the Storage generic class (TrivialDev)
 * webanalytics: new plugin to add support for piwik or google analytics tool (TrivialDev)
+* User: account ssh key management: rewrite backend, add more informations such as
+        fingerprint, deploy flag, easy delete (TrivialDev)
 
 FusionForge-5.2:
 * Docman: inject zip as a tree (Capgemini)

Added: trunk/src/common/account/actions/addsshkey.php
===================================================================
--- trunk/src/common/account/actions/addsshkey.php	                        (rev 0)
+++ trunk/src/common/account/actions/addsshkey.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -0,0 +1,40 @@
+<?php
+/**
+ * add ssh key action
+ *
+ * Copyright 2012, Franck Villaume - TrivialDev
+ * http://fusionforge.org
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+global $u;
+
+require_once $gfcommon.'include/account.php';
+
+$authorized_key = getStringFromRequest('authorized_key');
+if (strlen($authorized_key)) {
+	checkKeys($authorized_key);
+	if (!$u->addAuthorizedKey($authorized_key)) {
+		session_redirect('/account/?&error_msg='.urlencode($u->getErrorMessage()));
+	}
+	$feedback = _('SSH Key added successfully.');
+	session_redirect('/account/?&feedback='.urlencode($feedback));
+}
+
+session_redirect('/account/');
+
+?>
\ No newline at end of file

Added: trunk/src/common/account/actions/deletesshkey.php
===================================================================
--- trunk/src/common/account/actions/deletesshkey.php	                        (rev 0)
+++ trunk/src/common/account/actions/deletesshkey.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -0,0 +1,36 @@
+<?php
+/**
+ * delete ssh key action
+ *
+ * Copyright 2012, Franck Villaume - TrivialDev
+ * http://fusionforge.org
+ *
+ * This file is part of FusionForge. FusionForge is free software;
+ * you can redistribute it and/or modify it under the terms of the
+ * GNU General Public License as published by the Free Software
+ * Foundation; either version 2 of the Licence, or (at your option)
+ * any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with FusionForge; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+global $u;
+
+$keyid = getStringFromRequest('keyid');
+if (is_numeric($keyid)) {
+	if (!$u->deleteAuthorizedKey($keyid)) {
+		session_redirect('/account/?&error_msg='.urlencode($u->getErrorMessage()));
+	}
+	$feedback = _('SSH Key deleted successfully.');
+	session_redirect('/account/?&feedback='.urlencode($feedback));
+}
+
+session_redirect('/account/');
+
+?>

Modified: trunk/src/common/include/User.class.php
===================================================================
--- trunk/src/common/include/User.class.php	2012-06-10 16:47:40 UTC (rev 15711)
+++ trunk/src/common/include/User.class.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -204,10 +204,23 @@
 			} else {
 				//set up an associative array for use by other functions
 				$this->data_array = db_fetch_array_by_row($res, 0);
+				if (($this->getUnixStatus() == 'A') && (forge_get_config('use_shell'))) {
+					$this->data_array['authorized_keys'] = array();
+					$res = db_query_params('select * from sshkeys where userid = $1 and deleted = 0', array($this->getID()));
+					while ($arr = db_fetch_array($res)) {
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['upload'] = $arr['upload'];
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['name'] = $arr['name'];
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['fingerprint'] = $arr['fingerprint'];
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['algorithm'] = $arr['algorithm'];
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['deploy'] = $arr['deploy'];
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['key'] = $arr['sshkey'];
+						$this->data_array['authorized_keys'][$arr['id_sshkeys']]['keyid'] = $arr['id_sshkeys'];
+					}
+				}
 			}
 		}
-		$this->is_super_user=false;
-		$this->is_logged_in=false;
+		$this->is_super_user = false;
+		$this->is_logged_in = false;
 		return true;
 	}
 
@@ -1182,61 +1195,55 @@
 	 * @return	string	This user's SSH authorized (public) keys.
 	 */
 	function getAuthorizedKeys() {
-		return preg_replace("/###/", "\n", $this->data_array['authorized_keys']);
+		return $this->data_array['authorized_keys'];
 	}
 
-	function getArrayAuthorizedKeys() {
-		$arrayKeys = explode("###", $this->data_array['authorized_keys']);
-		$returnArrayKeys = array();
-		$i = 0;
-		foreach ($arrayKeys as $key) {
-			$valuesKey = explode(' ',$key);
-			$tempfile = tempnam("/tmp", "authkey");
-			$ft = fopen($tempfile, 'w');
-			fwrite($ft, $key);
-			fclose($ft);
-			$returnExec = array();
-			exec("/usr/bin/ssh-keygen -lf ".$tempfile, $returnExec);
-			unlink($tempfile);
-			$returnExecExploded = explode(' ', $returnExec[0]);
-			$returnArrayKeys[$i]['fingerprint'] = $returnExecExploded[1];
-			$returnArrayKeys[$i]['uploaded'] = 'tbi';
-			$returnArrayKeys[$i]['name'] = $valuesKey[2];
-			$returnArrayKeys[$i]['algorithm'] = $valuesKey[0];
-			$authorized_keys_file = forge_get_config('homedir_prefix').'/'.$this->getUnixName().'/.ssh/authorized_keys';
-			$fd = fopen($authorized_keys_file,"r");
-			$fs = filesize($authorized_keys_file);
-			$datafile = fread($fd, $fs);
-			if (strpos($datafile, $valuesKey[1]) && strpos($datafile, $valuesKey[2])) {
-				$returnArrayKeys[$i]['ready'] = '1';
-			} else {
-				$returnArrayKeys[$i]['ready'] = '0';
-			}
-			$i++;
-		}
-		return $returnArrayKeys;
-	}
-
 	/**
-	 *	setAuthorizedKeys - set the SSH authorized keys for the user.
+	 *	addAuthorizedKey - add the SSH authorized key for the user.
 	 *
-	 * @param	string	The users public keys.
+	 * @param	string	The user public key.
 	 * @return	boolean	success.
 	 */
-	function setAuthorizedKeys($keys) {
-		$keys = trim($keys);
-		$keys = preg_replace("/\r\n/", "\n", $keys); // Convert to Unix EOL
-		$keys = preg_replace("/\n+/", "\n", $keys); // Remove empty lines
-		$keys = preg_replace("/\n/", "###", $keys); // Convert EOL to marker
+	function addAuthorizedKey($key) {
+		$key = trim($key);
+		$key = preg_replace("/\r\n/", "\n", $key); // Convert to Unix EOL
+		$key = preg_replace("/\n+/", "\n", $key); // Remove empty lines
+		$tempfile = tempnam("/tmp", "authkey");
+		$ft = fopen($tempfile, 'w');
+		fwrite($ft, $key);
+		fclose($ft);
+		$returnExec = array();
+		exec("/usr/bin/ssh-keygen -lf ".$tempfile, $returnExec);
+		unlink($tempfile);
+		$returnExecExploded = explode(' ', $returnExec[0]);
+		$fingerprint = $returnExecExploded[1];
+		$now = time();
+		$explodedKey = explode(' ', $key);
+		$res = db_query_params('insert into sshkeys (userid, fingerprint, upload, sshkey, name, algorithm)
+							values ($1, $2, $3, $4, $5, $6)',
+					array($this->getID(), $fingerprint, $now, $key, $explodedKey[2], $explodedKey[0]));
+		if (!$res) {
+			$this->setError(_('ERROR - Could Not Add User SSH Key:').db_error());
+			return false;
+		} else {
+			$keyid = db_insertid($res, 'sshkeys', 'id_sshkeys');
+			$this->data_array['authorized_keys'][$keyid]['fingerprint'] = $fingerprint;
+			$this->data_array['authorized_keys'][$keyid]['upload'] = $now;
+			$this->data_array['authorized_keys'][$keyid]['sshkey'] = $key;
+			$this->data_array['authorized_keys'][$keyid]['deploy'] = 0;
+			$this->data_array['authorized_keys'][$keyid]['keyid'] = $keyid;
+			return true;
+		}
+	}
 
-		$res = db_query_params('UPDATE users SET authorized_keys=$1 WHERE user_id=$2',
-					array($keys,
-					       $this->getID()));
+	function deleteAuthorizedKey($keyid) {
+		$res = db_query_params('update sshkeys set deleted = 1 where id_sshkeys =$1 and userid = $2',
+					array($keyid, $this->getID()));
 		if (!$res) {
-			$this->setError(_('ERROR - Could Not Update User SSH Keys'));
+			$this->setError(_('ERROR - Could Not Delete User SSH Key:').db_error());
 			return false;
 		} else {
-			$this->data_array['authorized_keys'] = $keys;
+			unset($this->data_array['authorized_keys'][$keyid]);
 			return true;
 		}
 	}

Modified: trunk/src/common/include/account.php
===================================================================
--- trunk/src/common/include/account.php	2012-06-10 16:47:40 UTC (rev 15711)
+++ trunk/src/common/include/account.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -4,6 +4,7 @@
  *
  * Copyright 1999-2001, VA Linux Systems, Inc.
  * Copyright 2010, Franck Villaume - Capgemini
+ * Copyright 2012, Franck Villaume - TrivialDev
  *
  * This file is part of FusionForge. FusionForge is free software;
  * you can redistribute it and/or modify it under the terms of the
@@ -148,7 +149,7 @@
 /**
  * account_gensalt() - A random salt generator
  *
- * @returns The random salt string
+ * @returns	The random salt string
  *
  */
 function account_gensalt(){
@@ -182,8 +183,8 @@
 /**
  * account_genunixpw() - Generate unix password
  *
- * @param		string	The plaintext password string
- * @return		The encrypted password
+ * @param	string	The plaintext password string
+ * @return	string	The encrypted password
  *
  */
 function account_genunixpw($plainpw) {
@@ -200,7 +201,7 @@
 /**
  * account_shellselects() - Print out shell selects
  *
- * @param		string	The current shell
+ * @param	string	The current shell
  *
  */
 function account_shellselects($current) {
@@ -221,10 +222,10 @@
 }
 
 /**
- *	account_user_homedir() - Returns full path of user home directory
+ * account_user_homedir() - Returns full path of user home directory
  *
- *  @param		string	The username
- *	@return home directory path
+ * @param	string	The username
+ * @return	string	home directory path
  */
 function account_user_homedir($user) {
 	//return '/home/users/'.substr($user,0,1).'/'.substr($user,0,2).'/'.$user;
@@ -232,16 +233,40 @@
 }
 
 /**
- *	account_group_homedir() - Returns full path of group home directory
+ * account_group_homedir() - Returns full path of group home directory
  *
- *  @param		string	The group name
- *	@return home directory path
+ * @param	string	The group name
+ * @return	string	home directory path
  */
 function account_group_homedir($group) {
 	//return '/home/groups/'.substr($group,0,1).'/'.substr($group,0,2).'/'.$group;
 	return forge_get_config('groupdir_prefix').'/'.$group;
 }
 
+/**
+ * checkKeys() - Simple function that tries to check the validity of public ssh keys with a regexp.
+ * Exits with an error message if an invalid key is found.
+ *
+ * @param	keys	A string with a set of keys to check. Each key is delimited by a carriage return.
+ */
+function checkKeys($keys) {
+	$key = strtok($keys, "\n");
+	while ($key !== false) {
+		$key = trim($key);
+		if ((strlen($key) > 0) && ($key[0] != '#')) {
+			/* The encoded key is made of 0-9, A-Z ,a-z, +, / (base 64) characters,
+			 ends with zero or up to three '=' and the length must be >= 512 bits (157 base64 characters).
+			 The whole key ends with an optional comment. */
+			if ( preg_match("@^(((no-port-forwarding|no-X11-forwarding|no-agent-forwarding|no-pty|command=\"[^\"]+\"|from=\"?[A-Za-z0-9\.-]+\"?),?)*\s+)?ssh-(rsa|dss)\s+[A-Za-z0-9+/]{157,}={0,2}(\s+.*)?$@", $key) === 0 ) { // Warning: we must use === for the test
+				$msg = sprintf(_('The following key has a wrong format: |%s|.  Please, correct it by going back to the previous page.'),
+						htmlspecialchars($key));
+				exit_error($msg, 'my');
+			}
+		}
+		$key = strtok("\n");
+	}
+}
+
 // Local Variables:
 // mode: php
 // c-file-style: "bsd"

Added: trunk/src/db/20120610-create-sshkeys.sql
===================================================================
--- trunk/src/db/20120610-create-sshkeys.sql	                        (rev 0)
+++ trunk/src/db/20120610-create-sshkeys.sql	2012-06-10 18:00:51 UTC (rev 15712)
@@ -0,0 +1,12 @@
+create table sshkeys (
+	id_sshkeys	serial PRIMARY KEY,
+	userid		integer REFERENCES users(user_id),
+	algorithm	text,
+	name		text,
+	fingerprint	text,
+	upload		integer default 0,
+	sshkey		text,
+	deploy		integer default 0,
+	deleted		integer default 0
+);
+

Added: trunk/src/db/20120610-migrate-sshkeys.php
===================================================================
--- trunk/src/db/20120610-migrate-sshkeys.php	                        (rev 0)
+++ trunk/src/db/20120610-migrate-sshkeys.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -0,0 +1,69 @@
+#! /usr/bin/php
+<?php
+/**
+ * ssh keys backend migration
+ *
+ * Copyright 2012, Franck Villaume - TrivialDev
+ * http://fusionforge.org/
+ *
+ * This file is part of FusionForge.
+ *
+ * FusionForge is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * FusionForge is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
+ */
+
+require_once dirname(__FILE__).'/../common/include/env.inc.php';
+require_once $gfcommon.'include/pre.php';
+require_once $gfcommon.'include/User.class.php';
+
+ini_set('memory_limit', -1);
+ini_set('max_execution_time', 0);
+
+$res = db_query_params('SELECT authorized_keys, user_id FROM users WHERE authorized_keys != $1', array(''));
+if (!$res) {
+	echo 'UPGRADE ERROR: '.db_error();
+	exit(1);
+}
+
+db_begin();
+while($row = db_fetch_array($res)) {
+	$sshKeys = explode('###', $row['authorized_keys']);
+	foreach($sshKeys as $key) {
+		$tempfile = tempnam("/tmp", "migauthkey");
+		$ft = fopen($tempfile, 'w');
+		fwrite($ft, $key);
+		fclose($ft);
+		$returnExec = array();
+		exec("/usr/bin/ssh-keygen -lf ".$tempfile, $returnExec);
+		unlink($tempfile);
+		$returnExecExploded = explode(' ', $returnExec[0]);
+		$fingerprint = $returnExecExploded[1];
+		$now = time();
+		$explodedKey = explode(' ', $key);
+		$res = db_query_params('insert into sshkeys (userid, fingerprint, upload, sshkey, name, algorithm)
+							values ($1, $2, $3, $4, $5, $6)',
+					array($row['user_id'], $fingerprint, $now, $key, $explodedKey[2], $explodedKey[0]));
+		if (!$res) {
+			echo 'UPGRADE ERROR: '.db_error();
+			db_rollback();
+			exit(1);
+		}
+	}
+	$res = db_query_params('update users set authorized_keys = $1 where user_id = $2',
+				array('', $row['user_id']));
+}
+db_commit();
+echo "SUCCESS\n";
+exit(0);
+?>
\ No newline at end of file

Modified: trunk/src/plugins/scmcvs/cronjobs/ssh_create.php
===================================================================
--- trunk/src/plugins/scmcvs/cronjobs/ssh_create.php	2012-06-10 16:47:40 UTC (rev 15711)
+++ trunk/src/plugins/scmcvs/cronjobs/ssh_create.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -30,28 +30,34 @@
 require $gfcommon.'include/cron_utils.php';
 
 $err='';
+$res1 = db_query_params('select userid, user_name from sshkeys, users
+					where sshkeys.userid = users.user_id
+					and users.status = $1
+					and users.unix_status = $2',
+			array('A', 'A'));
 
-$res=db_query_params('SELECT user_name,user_id,authorized_keys
-	FROM users
-	WHERE authorized_keys != $1
-	AND status=$2 AND unix_status = $3',
-		      array('',
-			    'A',
-			    'A'));
-
-for ($i = 0; $i < db_numrows($res); $i++) {
-
-
-	$ssh_key = db_result($res, $i, 'authorized_keys');
-	$username = db_result($res, $i, 'user_name');
+for ($i = 0; $i < db_numrows($res1); $i++) {
+	$userid = db_result($res1, $i, 'userid');
+	$username = db_result($res1, $i, 'user_name');
+	$res2 = db_query_params('select sshkey from sshkeys, users
+						where sshkeys.userid = users.user_id
+						and users.status = $1
+						and users.unix_status = $2
+						and sshkeys.deleted = $3
+						and sshkeys.deploy = $4
+						and sshkeys.userid = $5',
+				array('A', 'A', 0, 0, $userid));
+	$ssh_key = '';
+	while ($arr = db_fetch_array($res2)) {
+		$ssh_key .= $arr['sshkey']."\n";
+	}
+	
 	$dir = forge_get_config('homedir_prefix').'/'.$username;
 	if (util_is_root_dir($dir)) {
 		$err .= "Error! homedir_prefix/username Points To Root Directory!";
 		continue;
 	}
-	$uid = db_result($res, $i, 'user_id');
-
-	$ssh_key = str_replace('###', "\n", $ssh_key);
+	$uid = $userid;
 	$uid += 1000;
 
 	$ssh_dir = $dir.'/.ssh';
@@ -69,7 +75,6 @@
 	fclose($h8);
 	posix_seteuid(0);
 	posix_setegid(0);
-		
 	chown($dir, $username);
 	chgrp($dir, 'users');
 	chown($ssh_dir, $username);
@@ -77,6 +82,11 @@
 	chmod($ssh_dir.'/authorized_keys', 0644);
 	chown($ssh_dir.'/authorized_keys', $username);
 	chgrp($ssh_dir.'/authorized_keys', 'users');
+
+	db_query_params('update sshkeys set deploy = $1 where userid = $2 and deploy = $3',
+			array(1, $userid, 0));
+	db_query_params('delete from sshkeys where userid = $1 and deleted = $2',
+			array($userid, 1));
 }
 
 cron_entry(15,$err);

Modified: trunk/src/www/account/editsshkeys.php
===================================================================
--- trunk/src/www/account/editsshkeys.php	2012-06-10 16:47:40 UTC (rev 15711)
+++ trunk/src/www/account/editsshkeys.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -3,7 +3,8 @@
  * Change user's SSH authorized keys
  *
  * Copyright 1999-2001 (c) VA Linux Systems
- * Copyright 2010 (c) Franck Villaume
+ * Copyright 2010, Franck Villaume - Capgemini
+ * Copyright 2012, Franck Villaume - TrivialDev
  *
  * This file is part of FusionForge. FusionForge is free software;
  * you can redistribute it and/or modify it under the terms of the
@@ -25,37 +26,14 @@
 require_once $gfcommon.'include/pre.php';
 require_once $gfcommon.'include/account.php';
 
+global $HTML;
+
 if (!forge_get_config('use_shell')) {
 	exit_permission_denied();
 }
 
-/**
- * Simple function that tries to check the validity of public ssh keys with a regexp.
- * Exits with an error message if an invalid key is found.
- *
- * @param keys A string with a set of keys to check. Each key is delimited by a carriage return.
- */
-function checkKeys($keys) {
-	$key = strtok($keys,"\n");
+session_require_login();
 
-	while ($key !== false) {
-		$key = trim($key);
-		if ((strlen($key) > 0) && ($key[0] != '#')) {
-			/* The encoded key is made of 0-9, A-Z ,a-z, +, / (base 64) characters,
-			 ends with zero or up to three '=' and the length must be >= 512 bits (157 base64 characters).
-			 The whole key ends with an optional comment. */
-			if ( preg_match("@^(((no-port-forwarding|no-X11-forwarding|no-agent-forwarding|no-pty|command=\"[^\"]+\"|from=\"?[A-Za-z0-9\.-]+\"?),?)*\s+)?ssh-(rsa|dss)\s+[A-Za-z0-9+/]{157,}={0,2}(\s+.*)?$@", $key) === 0 ) { // Warning: we must use === for the test
-				$msg = sprintf (_('The following key has a wrong format: |%s|.  Please, correct it by going back to the previous page.'),
-						htmlspecialchars($key));
-				exit_error($msg,'my');
-			}
-		}
-		$key = strtok("\n");
-	}
-}
-
-session_require_login () ;
-
 $u =& user_get_object(user_getid());
 if (!$u || !is_object($u)) {
 	exit_error(_('Could Not Get User'),'home');
@@ -63,34 +41,47 @@
 	exit_error($u->getErrorMessage(),'my');
 }
 
-if (getStringFromRequest('submit')) {
-	$authorized_keys = getStringFromRequest('authorized_keys');
-	checkKeys ($authorized_keys);
-
-	if (!$u->setAuthorizedKeys($authorized_keys)) {
-		exit_error(sprintf(_('Could not update SSH authorized keys: %s'),db_error()),'my');
+use_javascript('/js/sortable.js');
+// not valid registration, or first time to page
+site_user_header(array('title'=>'Manage Authorized Keys'));
+echo '<form action="/account/?action=addsshkey" method="post">';
+$sshKeysArray = $u->getAuthorizedKeys();
+if (count($sshKeysArray)) {
+	echo $HTML->boxTop(_('Available keys'));
+	$tabletop = array(_('Name'), _('Algorithm'), _('Fingerprint'), _('Uploaded'), _('Ready ?'), _('Actions'));
+	$classth = array('', '', '', '', '', '', 'unsortable');
+	echo $HTML->listTableTop($tabletop, false, 'sortable_sshkeys_listlinks', 'sortable', $classth);
+	foreach($sshKeysArray as $sshKey) {
+		echo '<tr>';
+		echo '<td>'.$sshKey['name'].'</td>';
+		echo '<td>'.$sshKey['algorithm'].'</td>';
+		echo '<td>'.$sshKey['fingerprint'].'</td>';
+		echo '<td>'.date(_('Y-m-d H:i'), $sshKey['upload']).'</td>';
+		if ($sshKey['deploy']) {
+			$image = html_image('docman/validate.png', 22, 22, array('alt'=>_('ssh key is deployed.'), 'class'=>'tabtitle', 'title'=>_('ssh key is deployed.')));
+		} else {
+			$image = html_image('waiting.png', 22, 22, array('alt'=>_('ssh key is not deployed yet.'), 'class'=>'tabtitle', 'title'=>_('ssh key is not deployed yet.')));
+		}
+		echo '<td>'.$image.'</td>';
+		echo '<td><a class="tabtitle-ne" href="/account/?&action=deletesshkey&keyid='.$sshKey['keyid'].'" title="'. _('Delete this ssh key.') .'" >'.html_image('docman/trash-empty.png',22,22,array('alt'=>_('Delete this ssh key.'))). '</a></td>';
+		echo '</tr>';
 	}
-	session_redirect("/account/");
+	echo $HTML->listTableBottom();
+	echo $HTML->boxBottom();
+}
 
-} else {
-	// not valid registration, or first time to page
-	site_user_header(array('title'=>'Change Authorized Keys'));
+echo '<h2>'. _('Add a new ssh key').'</h2>';
+echo '<p>'. _('To avoid having to type your password every time for your CVS/SSH developer account, you may upload your public key(s) here and they will be placed on the server in your ~/.ssh/authorized_keys file. This is done by a cron job, so it may not happen immediately.  Please allow for a one hour delay.') . '</p>';
+echo '<p>'. _('To generate a public key, run the program \'ssh-keygen\' (you can use both protocol 1 or 2). The public key will be placed at \'~/.ssh/identity.pub\' (protocol version 1) and \'~/.ssh/id_dsa.pub\' or \'~/.ssh/id_rsa.pub\' (protocol version 2). Read the ssh documentation for further information on sharing keys.') . '</p>';
+echo '<p>'. _('Authorized keys:<br /><em>Important: Make sure there are no line breaks. After submitting, verify that the number of keys in your file is what you expected.</em>');
 
-	echo '<p>' . _('To avoid having to type your password every time for your CVS/SSH developer account, you may upload your public key(s) here and they will be placed on the CVS server in your ~/.ssh/authorized_keys file. This is done by a cron job, so it may not happen immediately.  Please allow for a one hour delay.') . '</p>';
-	echo '<p>' . _('To generate a public key, run the program \'ssh-keygen\' (you can use both protocol 1 or 2). The public key will be placed at \'~/.ssh/identity.pub\' (protocol version 1) and \'~/.ssh/id_dsa.pub\' or \'~/.ssh/id_rsa.pub\' (protocol version 2). Read the ssh documentation for further information on sharing keys.') . '</p>';
-	?>
-
-<form action="<?php echo util_make_url('/account/editsshkeys.php'); ?>" method="post">
-<p><?php echo _('Authorized keys:<br /><em>Important: Make sure there are no line breaks except between keys. After submitting, verify that the number of keys in your file is what you expected.</em>'); ?>
-<br />
-<textarea rows="10" cols="80" name="authorized_keys" style="width:90%;">
-<?php echo $u->getAuthorizedKeys(); ?>
+?>
+<textarea rows="10" cols="80" name="authorized_key" style="width:90%;">
 </textarea></p>
-<p><input type="submit" name="submit" value="<?php echo _('Update'); ?>" /></p>
+<p><input type="submit" name="submit" value="<?php echo _('Add'); ?>" /></p>
 </form>
 
-	<?php
-}
+<?php
 site_user_footer(array());
 
 ?>

Modified: trunk/src/www/account/index.php
===================================================================
--- trunk/src/www/account/index.php	2012-06-10 16:47:40 UTC (rev 15711)
+++ trunk/src/www/account/index.php	2012-06-10 18:00:51 UTC (rev 15712)
@@ -37,6 +37,15 @@
 	exit_error($u->getErrorMessage(),'my');
 }
 
+$action = getStringFromRequest('action');
+switch ($action) {
+	case "deletesshkey": 
+	case "addsshkey": {
+		include ($gfcommon."account/actions/$action.php");
+		break;
+	}
+}
+
 if (getStringFromRequest('submit')) {
 	if (!form_key_is_valid(getStringFromRequest('form_key'))) {
 		exit_form_double_submit('my');
@@ -289,17 +298,18 @@
 <br />'._('Shell box').': <strong>'.$u->getUnixBox().'</strong>
 <br />'._('SSH Shared Authorized Keys').': <strong>';
 	global $HTML;
-	$sshKeysArray = $u->getArrayAuthorizedKeys();
+	$sshKeysArray = $u->getAuthorizedKeys();
 	if (count($sshKeysArray)) {
-		$tabletop = array(_('Name'), _('Algorithm'), _('Fingerprint'), _('Ready ?'));
-		$classth = array('','','','');
+		$tabletop = array(_('Name'), _('Algorithm'), _('Fingerprint'), _('Uploaded'), _('Ready ?'));
+		$classth = array('', '', '', '', '');
 		echo $HTML->listTableTop($tabletop, false, 'sortable_sshkeys_listlinks', 'sortable', $classth);
 		foreach($sshKeysArray as $sshKey) {
 			echo '<tr>';
 			echo '<td>'.$sshKey['name'].'</td>';
 			echo '<td>'.$sshKey['algorithm'].'</td>';
 			echo '<td>'.$sshKey['fingerprint'].'</td>';
-			if ($sshKey['ready']) {
+			echo '<td>'.date(_('Y-m-d H:i'), $sshKey['upload']).'</td>';
+			if ($sshKey['deploy']) {
 				$image = html_image('docman/validate.png', 22, 22, array('alt'=>_('ssh key is deployed.'), 'class'=>'tabtitle', 'title'=>_('ssh key is deployed.')));
 			} else {
 				$image = html_image('waiting.png', 22, 22, array('alt'=>_('ssh key is not deployed yet.'), 'class'=>'tabtitle', 'title'=>_('ssh key is not deployed yet.')));
@@ -312,7 +322,7 @@
 		print '0';
 	}
 	print '</strong>';
-	print '<br />' . util_make_link ("account/editsshkeys.php",_('Edit Keys')) ;
+	print '<br />' . util_make_link("account/editsshkeys.php",_('Edit Keys'));
 	echo $HTML->boxBottom();
 }
 ?>




More information about the Fusionforge-commits mailing list