diff options
| author | zeripath <art27@cantab.net> | 2020-12-26 04:24:47 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2020-12-25 23:24:47 -0500 |
| commit | ad1164f73ba277f11a20ea838a62d9b8c8a7cb45 (patch) | |
| tree | 7854283c1a6a12621cf36b0c6397a12bfea436d8 /routers | |
| parent | a19447aed128ecadfcd938d6a80cd4951af1f4ce (diff) | |
| download | gitea-ad1164f73ba277f11a20ea838a62d9b8c8a7cb45.tar.gz gitea-ad1164f73ba277f11a20ea838a62d9b8c8a7cb45.zip | |
Disable SSH key deletion of externally managed Keys (#13985)
* Disable SSH key addition and deletion when externally managed
When a user has a login source which has SSH key management
key addition and deletion using the UI should be disabled.
Fix #13983
Signed-off-by: Andrew Thornton <art27@cantab.net>
* Make only externally managed keys disabled
Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: Lunny Xiao <xiaolunwen@gmail.com>
Diffstat (limited to 'routers')
| -rw-r--r-- | routers/api/v1/user/key.go | 11 | ||||
| -rw-r--r-- | routers/user/setting/keys.go | 20 |
2 files changed, 29 insertions, 2 deletions
diff --git a/routers/api/v1/user/key.go b/routers/api/v1/user/key.go index 033b29f420..8069660653 100644 --- a/routers/api/v1/user/key.go +++ b/routers/api/v1/user/key.go @@ -267,7 +267,16 @@ func DeletePublicKey(ctx *context.APIContext) { // "404": // "$ref": "#/responses/notFound" - if err := models.DeletePublicKey(ctx.User, ctx.ParamsInt64(":id")); err != nil { + id := ctx.ParamsInt64(":id") + externallyManaged, err := models.PublicKeyIsExternallyManaged(id) + if err != nil { + ctx.Error(http.StatusInternalServerError, "PublicKeyIsExternallyManaged", err) + } + if externallyManaged { + ctx.Error(http.StatusForbidden, "", "SSH Key is externally managed for this user") + } + + if err := models.DeletePublicKey(ctx.User, id); err != nil { if models.IsErrKeyNotExist(err) { ctx.NotFound() } else if models.IsErrKeyAccessDenied(err) { diff --git a/routers/user/setting/keys.go b/routers/user/setting/keys.go index 6a39666e94..76c7ef9da4 100644 --- a/routers/user/setting/keys.go +++ b/routers/user/setting/keys.go @@ -160,7 +160,18 @@ func DeleteKey(ctx *context.Context) { ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success")) } case "ssh": - if err := models.DeletePublicKey(ctx.User, ctx.QueryInt64("id")); err != nil { + keyID := ctx.QueryInt64("id") + external, err := models.PublicKeyIsExternallyManaged(keyID) + if err != nil { + ctx.ServerError("sshKeysExternalManaged", err) + return + } + if external { + ctx.Flash.Error(ctx.Tr("setting.ssh_externally_managed")) + ctx.Redirect(setting.AppSubURL + "/user/settings/keys") + return + } + if err := models.DeletePublicKey(ctx.User, keyID); err != nil { ctx.Flash.Error("DeletePublicKey: " + err.Error()) } else { ctx.Flash.Success(ctx.Tr("settings.ssh_key_deletion_success")) @@ -188,6 +199,13 @@ func loadKeysData(ctx *context.Context) { } ctx.Data["Keys"] = keys + externalKeys, err := models.PublicKeysAreExternallyManaged(keys) + if err != nil { + ctx.ServerError("ListPublicKeys", err) + return + } + ctx.Data["ExternalKeys"] = externalKeys + gpgkeys, err := models.ListGPGKeys(ctx.User.ID, models.ListOptions{}) if err != nil { ctx.ServerError("ListGPGKeys", err) |