mirrors
/
gitea
mirror of https://github.com/go-gitea/gitea.git
Watch 1
Star 0
Fork 0
Code Issues 0 Releases 210 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
17397 Commits
17 Branches
Tree: e2277d07ca
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e2277d07ca'
${ noResults }
gitea/routers/web/user/setting/keys.go

keys.go 12KB
Raw Blame History

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337 
  1. // Copyright 2014 The Gogs Authors. All rights reserved.

  2. // Copyright 2018 The Gitea Authors. All rights reserved.

  3. // SPDX-License-Identifier: MIT

  4. 

  5. package setting

  6. 

  7. import (

  8. 	"fmt"

  9. 	"net/http"

  10. 

  11. 	asymkey_model "code.gitea.io/gitea/models/asymkey"

  12. 	"code.gitea.io/gitea/models/db"

  13. 	"code.gitea.io/gitea/modules/base"

  14. 	"code.gitea.io/gitea/modules/setting"

  15. 	"code.gitea.io/gitea/modules/web"

  16. 	asymkey_service "code.gitea.io/gitea/services/asymkey"

  17. 	"code.gitea.io/gitea/services/context"

  18. 	"code.gitea.io/gitea/services/forms"

  19. )

  20. 

  21. const (

  22. 	tplSettingsKeys base.TplName = "user/settings/keys"

  23. )

  24. 

  25. // Keys render user's SSH/GPG public keys page

  26. func Keys(ctx *context.Context) {

  27. 	ctx.Data["Title"] = ctx.Tr("settings.ssh_gpg_keys")

  28. 	ctx.Data["PageIsSettingsKeys"] = true

  29. 	ctx.Data["DisableSSH"] = setting.SSH.Disabled

  30. 	ctx.Data["BuiltinSSH"] = setting.SSH.StartBuiltinServer

  31. 	ctx.Data["AllowPrincipals"] = setting.SSH.AuthorizedPrincipalsEnabled

  32. 

  33. 	loadKeysData(ctx)

  34. 

  35. 	ctx.HTML(http.StatusOK, tplSettingsKeys)

  36. }

  37. 

  38. // KeysPost response for change user's SSH/GPG keys

  39. func KeysPost(ctx *context.Context) {

  40. 	form := web.GetForm(ctx).(*forms.AddKeyForm)

  41. 	ctx.Data["Title"] = ctx.Tr("settings")

  42. 	ctx.Data["PageIsSettingsKeys"] = true

  43. 	ctx.Data["DisableSSH"] = setting.SSH.Disabled

  44. 	ctx.Data["BuiltinSSH"] = setting.SSH.StartBuiltinServer

  45. 	ctx.Data["AllowPrincipals"] = setting.SSH.AuthorizedPrincipalsEnabled

  46. 

  47. 	if ctx.HasError() {

  48. 		loadKeysData(ctx)

  49. 

  50. 		ctx.HTML(http.StatusOK, tplSettingsKeys)

  51. 		return

  52. 	}

  53. 	switch form.Type {

  54. 	case "principal":

  55. 		content, err := asymkey_model.CheckPrincipalKeyString(ctx, ctx.Doer, form.Content)

  56. 		if err != nil {

  57. 			if db.IsErrSSHDisabled(err) {

  58. 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))

  59. 			} else {

  60. 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_principal", err.Error()))

  61. 			}

  62. 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  63. 			return

  64. 		}

  65. 		if _, err = asymkey_service.AddPrincipalKey(ctx, ctx.Doer.ID, content, 0); err != nil {

  66. 			ctx.Data["HasPrincipalError"] = true

  67. 			switch {

  68. 			case asymkey_model.IsErrKeyAlreadyExist(err), asymkey_model.IsErrKeyNameAlreadyUsed(err):

  69. 				loadKeysData(ctx)

  70. 

  71. 				ctx.Data["Err_Content"] = true

  72. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_principal_been_used"), tplSettingsKeys, &form)

  73. 			default:

  74. 				ctx.ServerError("AddPrincipalKey", err)

  75. 			}

  76. 			return

  77. 		}

  78. 		ctx.Flash.Success(ctx.Tr("settings.add_principal_success", form.Content))

  79. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  80. 	case "gpg":

  81. 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) {

  82. 			ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))

  83. 			return

  84. 		}

  85. 

  86. 		token := asymkey_model.VerificationToken(ctx.Doer, 1)

  87. 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

  88. 

  89. 		keys, err := asymkey_model.AddGPGKey(ctx, ctx.Doer.ID, form.Content, token, form.Signature)

  90. 		if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {

  91. 			keys, err = asymkey_model.AddGPGKey(ctx, ctx.Doer.ID, form.Content, lastToken, form.Signature)

  92. 		}

  93. 		if err != nil {

  94. 			ctx.Data["HasGPGError"] = true

  95. 			switch {

  96. 			case asymkey_model.IsErrGPGKeyParsing(err):

  97. 				ctx.Flash.Error(ctx.Tr("form.invalid_gpg_key", err.Error()))

  98. 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  99. 			case asymkey_model.IsErrGPGKeyIDAlreadyUsed(err):

  100. 				loadKeysData(ctx)

  101. 

  102. 				ctx.Data["Err_Content"] = true

  103. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_key_id_used"), tplSettingsKeys, &form)

  104. 			case asymkey_model.IsErrGPGInvalidTokenSignature(err):

  105. 				loadKeysData(ctx)

  106. 				ctx.Data["Err_Content"] = true

  107. 				ctx.Data["Err_Signature"] = true

  108. 				keyID := err.(asymkey_model.ErrGPGInvalidTokenSignature).ID

  109. 				ctx.Data["KeyID"] = keyID

  110. 				ctx.Data["PaddedKeyID"] = asymkey_model.PaddedKeyID(keyID)

  111. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)

  112. 			case asymkey_model.IsErrGPGNoEmailFound(err):

  113. 				loadKeysData(ctx)

  114. 

  115. 				ctx.Data["Err_Content"] = true

  116. 				ctx.Data["Err_Signature"] = true

  117. 				keyID := err.(asymkey_model.ErrGPGNoEmailFound).ID

  118. 				ctx.Data["KeyID"] = keyID

  119. 				ctx.Data["PaddedKeyID"] = asymkey_model.PaddedKeyID(keyID)

  120. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_no_key_email_found"), tplSettingsKeys, &form)

  121. 			default:

  122. 				ctx.ServerError("AddPublicKey", err)

  123. 			}

  124. 			return

  125. 		}

  126. 		keyIDs := ""

  127. 		for _, key := range keys {

  128. 			keyIDs += key.KeyID

  129. 			keyIDs += ", "

  130. 		}

  131. 		if len(keyIDs) > 0 {

  132. 			keyIDs = keyIDs[:len(keyIDs)-2]

  133. 		}

  134. 		ctx.Flash.Success(ctx.Tr("settings.add_gpg_key_success", keyIDs))

  135. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  136. 	case "verify_gpg":

  137. 		token := asymkey_model.VerificationToken(ctx.Doer, 1)

  138. 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

  139. 

  140. 		keyID, err := asymkey_model.VerifyGPGKey(ctx, ctx.Doer.ID, form.KeyID, token, form.Signature)

  141. 		if err != nil && asymkey_model.IsErrGPGInvalidTokenSignature(err) {

  142. 			keyID, err = asymkey_model.VerifyGPGKey(ctx, ctx.Doer.ID, form.KeyID, lastToken, form.Signature)

  143. 		}

  144. 		if err != nil {

  145. 			ctx.Data["HasGPGVerifyError"] = true

  146. 			switch {

  147. 			case asymkey_model.IsErrGPGInvalidTokenSignature(err):

  148. 				loadKeysData(ctx)

  149. 				ctx.Data["VerifyingID"] = form.KeyID

  150. 				ctx.Data["Err_Signature"] = true

  151. 				keyID := err.(asymkey_model.ErrGPGInvalidTokenSignature).ID

  152. 				ctx.Data["KeyID"] = keyID

  153. 				ctx.Data["PaddedKeyID"] = asymkey_model.PaddedKeyID(keyID)

  154. 				ctx.RenderWithErr(ctx.Tr("settings.gpg_invalid_token_signature"), tplSettingsKeys, &form)

  155. 			default:

  156. 				ctx.ServerError("VerifyGPG", err)

  157. 			}

  158. 		}

  159. 		ctx.Flash.Success(ctx.Tr("settings.verify_gpg_key_success", keyID))

  160. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  161. 	case "ssh":

  162. 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {

  163. 			ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))

  164. 			return

  165. 		}

  166. 

  167. 		content, err := asymkey_model.CheckPublicKeyString(form.Content)

  168. 		if err != nil {

  169. 			if db.IsErrSSHDisabled(err) {

  170. 				ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))

  171. 			} else if asymkey_model.IsErrKeyUnableVerify(err) {

  172. 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))

  173. 			} else if err == asymkey_model.ErrKeyIsPrivate {

  174. 				ctx.Flash.Error(ctx.Tr("form.must_use_public_key"))

  175. 			} else {

  176. 				ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))

  177. 			}

  178. 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  179. 			return

  180. 		}

  181. 

  182. 		if _, err = asymkey_model.AddPublicKey(ctx, ctx.Doer.ID, form.Title, content, 0); err != nil {

  183. 			ctx.Data["HasSSHError"] = true

  184. 			switch {

  185. 			case asymkey_model.IsErrKeyAlreadyExist(err):

  186. 				loadKeysData(ctx)

  187. 

  188. 				ctx.Data["Err_Content"] = true

  189. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_been_used"), tplSettingsKeys, &form)

  190. 			case asymkey_model.IsErrKeyNameAlreadyUsed(err):

  191. 				loadKeysData(ctx)

  192. 

  193. 				ctx.Data["Err_Title"] = true

  194. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_key_name_used"), tplSettingsKeys, &form)

  195. 			case asymkey_model.IsErrKeyUnableVerify(err):

  196. 				ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))

  197. 				ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  198. 			default:

  199. 				ctx.ServerError("AddPublicKey", err)

  200. 			}

  201. 			return

  202. 		}

  203. 		ctx.Flash.Success(ctx.Tr("settings.add_key_success", form.Title))

  204. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  205. 	case "verify_ssh":

  206. 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {

  207. 			ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))

  208. 			return

  209. 		}

  210. 

  211. 		token := asymkey_model.VerificationToken(ctx.Doer, 1)

  212. 		lastToken := asymkey_model.VerificationToken(ctx.Doer, 0)

  213. 

  214. 		fingerprint, err := asymkey_model.VerifySSHKey(ctx, ctx.Doer.ID, form.Fingerprint, token, form.Signature)

  215. 		if err != nil && asymkey_model.IsErrSSHInvalidTokenSignature(err) {

  216. 			fingerprint, err = asymkey_model.VerifySSHKey(ctx, ctx.Doer.ID, form.Fingerprint, lastToken, form.Signature)

  217. 		}

  218. 		if err != nil {

  219. 			ctx.Data["HasSSHVerifyError"] = true

  220. 			switch {

  221. 			case asymkey_model.IsErrSSHInvalidTokenSignature(err):

  222. 				loadKeysData(ctx)

  223. 				ctx.Data["Err_Signature"] = true

  224. 				ctx.Data["Fingerprint"] = err.(asymkey_model.ErrSSHInvalidTokenSignature).Fingerprint

  225. 				ctx.RenderWithErr(ctx.Tr("settings.ssh_invalid_token_signature"), tplSettingsKeys, &form)

  226. 			default:

  227. 				ctx.ServerError("VerifySSH", err)

  228. 			}

  229. 		}

  230. 		ctx.Flash.Success(ctx.Tr("settings.verify_ssh_key_success", fingerprint))

  231. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  232. 

  233. 	default:

  234. 		ctx.Flash.Warning("Function not implemented")

  235. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  236. 	}

  237. }

  238. 

  239. // DeleteKey response for delete user's SSH/GPG key

  240. func DeleteKey(ctx *context.Context) {

  241. 	switch ctx.FormString("type") {

  242. 	case "gpg":

  243. 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageGPGKeys) {

  244. 			ctx.NotFound("Not Found", fmt.Errorf("gpg keys setting is not allowed to be visited"))

  245. 			return

  246. 		}

  247. 		if err := asymkey_model.DeleteGPGKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil {

  248. 			ctx.Flash.Error("DeleteGPGKey: " + err.Error())

  249. 		} else {

  250. 			ctx.Flash.Success(ctx.Tr("settings.gpg_key_deletion_success"))

  251. 		}

  252. 	case "ssh":

  253. 		if setting.Admin.UserDisabledFeatures.Contains(setting.UserFeatureManageSSHKeys) {

  254. 			ctx.NotFound("Not Found", fmt.Errorf("ssh keys setting is not allowed to be visited"))

  255. 			return

  256. 		}

  257. 

  258. 		keyID := ctx.FormInt64("id")

  259. 		external, err := asymkey_model.PublicKeyIsExternallyManaged(ctx, keyID)

  260. 		if err != nil {

  261. 			ctx.ServerError("sshKeysExternalManaged", err)

  262. 			return

  263. 		}

  264. 		if external {

  265. 			ctx.Flash.Error(ctx.Tr("settings.ssh_externally_managed"))

  266. 			ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  267. 			return

  268. 		}

  269. 		if err := asymkey_service.DeletePublicKey(ctx, ctx.Doer, keyID); err != nil {

  270. 			ctx.Flash.Error("DeletePublicKey: " + err.Error())

  271. 		} else {

  272. 			ctx.Flash.Success(ctx.Tr("settings.ssh_key_deletion_success"))

  273. 		}

  274. 	case "principal":

  275. 		if err := asymkey_service.DeletePublicKey(ctx, ctx.Doer, ctx.FormInt64("id")); err != nil {

  276. 			ctx.Flash.Error("DeletePublicKey: " + err.Error())

  277. 		} else {

  278. 			ctx.Flash.Success(ctx.Tr("settings.ssh_principal_deletion_success"))

  279. 		}

  280. 	default:

  281. 		ctx.Flash.Warning("Function not implemented")

  282. 		ctx.Redirect(setting.AppSubURL + "/user/settings/keys")

  283. 	}

  284. 	ctx.JSONRedirect(setting.AppSubURL + "/user/settings/keys")

  285. }

  286. 

  287. func loadKeysData(ctx *context.Context) {

  288. 	keys, err := db.Find[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{

  289. 		OwnerID:    ctx.Doer.ID,

  290. 		NotKeytype: asymkey_model.KeyTypePrincipal,

  291. 	})

  292. 	if err != nil {

  293. 		ctx.ServerError("ListPublicKeys", err)

  294. 		return

  295. 	}

  296. 	ctx.Data["Keys"] = keys

  297. 

  298. 	externalKeys, err := asymkey_model.PublicKeysAreExternallyManaged(ctx, keys)

  299. 	if err != nil {

  300. 		ctx.ServerError("ListPublicKeys", err)

  301. 		return

  302. 	}

  303. 	ctx.Data["ExternalKeys"] = externalKeys

  304. 

  305. 	gpgkeys, err := db.Find[asymkey_model.GPGKey](ctx, asymkey_model.FindGPGKeyOptions{

  306. 		ListOptions: db.ListOptionsAll,

  307. 		OwnerID:     ctx.Doer.ID,

  308. 	})

  309. 	if err != nil {

  310. 		ctx.ServerError("ListGPGKeys", err)

  311. 		return

  312. 	}

  313. 	if err := asymkey_model.GPGKeyList(gpgkeys).LoadSubKeys(ctx); err != nil {

  314. 		ctx.ServerError("LoadSubKeys", err)

  315. 		return

  316. 	}

  317. 	ctx.Data["GPGKeys"] = gpgkeys

  318. 	tokenToSign := asymkey_model.VerificationToken(ctx.Doer, 1)

  319. 

  320. 	// generate a new aes cipher using the csrfToken

  321. 	ctx.Data["TokenToSign"] = tokenToSign

  322. 

  323. 	principals, err := db.Find[asymkey_model.PublicKey](ctx, asymkey_model.FindPublicKeyOptions{

  324. 		ListOptions: db.ListOptionsAll,

  325. 		OwnerID:     ctx.Doer.ID,

  326. 		KeyTypes:    []asymkey_model.KeyType{asymkey_model.KeyTypePrincipal},

  327. 	})

  328. 	if err != nil {

  329. 		ctx.ServerError("ListPrincipalKeys", err)

  330. 		return

  331. 	}

  332. 	ctx.Data["Principals"] = principals

  333. 

  334. 	ctx.Data["VerifyingID"] = ctx.FormString("verify_gpg")

  335. 	ctx.Data["VerifyingFingerprint"] = ctx.FormString("verify_ssh")

  336. 	ctx.Data["UserDisabledFeatures"] = &setting.Admin.UserDisabledFeatures

  337. }