| 1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556 |
- // Copyright 2021 The Gitea Authors. All rights reserved.
- // SPDX-License-Identifier: MIT
-
- package asymkey
-
- import (
- "context"
- "fmt"
- "strings"
-
- "code.gitea.io/gitea/models/db"
- user_model "code.gitea.io/gitea/models/user"
- "code.gitea.io/gitea/modules/setting"
- "code.gitea.io/gitea/modules/util"
- )
-
- // CheckPrincipalKeyString strips spaces and returns an error if the given principal contains newlines
- func CheckPrincipalKeyString(ctx context.Context, user *user_model.User, content string) (_ string, err error) {
- if setting.SSH.Disabled {
- return "", db.ErrSSHDisabled{}
- }
-
- content = strings.TrimSpace(content)
- if strings.ContainsAny(content, "\r\n") {
- return "", util.NewInvalidArgumentErrorf("only a single line with a single principal please")
- }
-
- // check all the allowed principals, email, username or anything
- // if any matches, return ok
- for _, v := range setting.SSH.AuthorizedPrincipalsAllow {
- switch v {
- case "anything":
- return content, nil
- case "email":
- emails, err := user_model.GetEmailAddresses(ctx, user.ID)
- if err != nil {
- return "", err
- }
- for _, email := range emails {
- if !email.IsActivated {
- continue
- }
- if content == email.Email {
- return content, nil
- }
- }
-
- case "username":
- if content == user.Name {
- return content, nil
- }
- }
- }
-
- return "", fmt.Errorf("didn't match allowed principals: %s", setting.SSH.AuthorizedPrincipalsAllow)
- }
|
