From f46727852444dcebdd8a488f2cdc73915e990214 Mon Sep 17 00:00:00 2001
From: Michael Tremer <michael.tremer@ipfire.org>
Date: Wed, 17 Oct 2018 16:04:04 +0100
Subject: [PATCH] people: Show SSH keys for users

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
---
 Makefile.am                              |  6 +++
 src/backend/accounts.py                  | 19 +++++++++
 src/scss/style.scss                      |  6 +++
 src/templates/people/ssh-keys/base.html  |  1 +
 src/templates/people/ssh-keys/index.html | 49 ++++++++++++++++++++++++
 src/templates/people/user-base.html      | 16 ++++----
 src/web/__init__.py                      |  1 +
 src/web/people.py                        | 10 +++++
 8 files changed, 100 insertions(+), 8 deletions(-)
 create mode 100644 src/templates/people/ssh-keys/base.html
 create mode 100644 src/templates/people/ssh-keys/index.html

diff --git a/Makefile.am b/Makefile.am
index 178798ec..64283de7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -176,6 +176,12 @@ templates_people_modules_DATA = \
 
 templates_people_modulesdir = $(templates_peopledir)/modules
 
+templates_people_ssh_keys_DATA = \
+	src/templates/people/ssh-keys/base.html \
+	src/templates/people/ssh-keys/index.html
+
+templates_people_ssh_keysdir = $(templates_peopledir)/ssh-keys
+
 templates_static_DATA = \
 	src/templates/static/chat.html \
 	src/templates/static/features.html \
diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index d1bd6d14..9f29da82 100644
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -9,6 +9,7 @@ import ldap
 import ldap.modlist
 import logging
 import phonenumbers
+import sshpubkeys
 import urllib.parse
 import urllib.request
 
@@ -570,6 +571,24 @@ class Account(Object):
 	def upload_avatar(self, avatar):
 		self._set("jpegPhoto", avatar)
 
+	# SSH Keys
+
+	@lazy_property
+	def ssh_keys(self):
+		ret = []
+
+		for key in self._get_strings("sshPublicKey"):
+			s = sshpubkeys.SSHKey()
+
+			try:
+				s.parse(key)
+			except (sshpubkeys.InvalidKeyError, NotImplementedError) as e:
+				logging.warning("Could not parse SSH key %s: %s" % (key, e))
+				continue
+
+			ret.append(s)
+
+		return ret
 
 if __name__ == "__main__":
 	a = Accounts()
diff --git a/src/scss/style.scss b/src/scss/style.scss
index b5bc5122..dcfa203b 100644
--- a/src/scss/style.scss
+++ b/src/scss/style.scss
@@ -73,6 +73,12 @@ body {
 	}
 }
 
+.list-group {
+	.list-group-item {
+		@extend .inverse;
+	}
+}
+
 .nav {
 	.nav-link {
 		color: $white;
diff --git a/src/templates/people/ssh-keys/base.html b/src/templates/people/ssh-keys/base.html
new file mode 100644
index 00000000..5842b7da
--- /dev/null
+++ b/src/templates/people/ssh-keys/base.html
@@ -0,0 +1 @@
+{% extends "../user-base.html" %}
diff --git a/src/templates/people/ssh-keys/index.html b/src/templates/people/ssh-keys/index.html
new file mode 100644
index 00000000..de860276
--- /dev/null
+++ b/src/templates/people/ssh-keys/index.html
@@ -0,0 +1,49 @@
+{% extends "base.html" %}
+
+{% block title %}{{ account }} - {{ _("SSH Keys") }}{% end block %}
+
+{% block main %}
+	<h1>{{ _("SSH Keys") }}</h1>
+
+	<ul class="list-group mb-3">
+		{% for key in account.ssh_keys %}
+			<li class="list-group-item">
+				<h5 class="mb-1">
+					<a class="text-dark" href="/users/{{ account.uid }}/ssh-keys/{{ key.hash_md5() }}">
+						{{ key.comment or _("%s Key") % key.key_type.decode() }}
+					</a>
+				</h5>
+
+				<p class="text-monospace mb-0">{{ key.hash_md5() }}</p>
+
+				{% if key.options %}
+					<p class="my-1">{{ _("Options") }}</p>
+
+					<ul class="mb-0">
+						{% for option, values in sorted(key.options.items()) %}
+							<li class="small">
+								<span class="text-monospace">{{ option }}</span>
+
+								{% if not values == [True] %}
+									= <span class="text-monospace">{{ "".join(values) }}</span>
+								{% end %}
+							</li>
+						{% end %}
+					</ul>
+				{% end %}
+
+				{% if account.can_be_managed_by(current_user) %}
+					<a class="btn btn-outline-danger btn-sm btn-block mt-2" href="/users/{{ account.uid }}/ssh-keys/{{ key.hash_md5() }}/delete">
+						{{ _("Delete") }}
+					</a>
+				{% end %}
+			</li>
+		{% end %}
+	</ul>
+
+	{% if account.can_be_managed_by(current_user) %}
+		<a class="btn btn-success btn-block" href="/users/{{ account.uid }}/ssh-keys/upload">
+			{{ _("Upload New SSH Key") }}
+		</a>
+	{% end %}
+{% end block %}
diff --git a/src/templates/people/user-base.html b/src/templates/people/user-base.html
index d9f20e60..c685afcd 100644
--- a/src/templates/people/user-base.html
+++ b/src/templates/people/user-base.html
@@ -22,8 +22,12 @@
 					</h5>
 				{% end %}
 
-				{% if account.can_be_managed_by(current_user) %}
-					<div class="btn-toolbar mb-3">
+				<div class="btn-toolbar mb-3">
+					<a class="btn btn-light btn-sm btn-block" href="/users/{{ account.uid }}/ssh-keys">
+						<span class="fas fa-key mr-2"></span> {{ _("SSH Keys") }}
+					</a>
+
+					{% if account.can_be_managed_by(current_user) %}
 						<a class="btn btn-warning btn-sm btn-block" href="/users/{{ account.uid }}/edit">
 							<span class="fas fa-edit mr-2"></span> {{ _("Edit") }}
 						</a>
@@ -31,12 +35,8 @@
 						<a class="btn btn-light btn-sm btn-block" href="/users/{{ account.uid }}/passwd">
 							{{ _("Change Password") }}
 						</a>
-
-						<a class="btn btn-light btn-sm btn-block" href="/users/{{ account.uid }}/ssh-keys">
-							<span class="fas fa-key mr-2"></span> {{ _("Manage SSH Keys") }}
-						</a>
-					</div>
-				{% end %}
+					{% end %}
+				</div>
 			</div>
 		{% end %}
 
diff --git a/src/web/__init__.py b/src/web/__init__.py
index 70b44985..a25a1a00 100644
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -260,6 +260,7 @@ class Application(tornado.web.Application):
 			(r"/users/(\w+)/calls(?:/(\d{4}-\d{2}-\d{2}))?", people.CallsHandler),
 			(r"/users/(\w+)/edit", people.UserEditHandler),
 			(r"/users/(\w+)/passwd", people.UserPasswdHandler),
+			(r"/users/(\w+)/ssh-keys", people.SSHKeysIndexHandler),
 			(r"/users/(\w+)/sip", people.SIPHandler),
 		]  + authentication_handlers)
 
diff --git a/src/web/people.py b/src/web/people.py
index 4f973884..5cad8e2a 100644
--- a/src/web/people.py
+++ b/src/web/people.py
@@ -103,6 +103,16 @@ class SearchHandler(base.BaseHandler):
 		self.render("people/search.html", q=q, accounts=accounts)
 
 
+class SSHKeysIndexHandler(base.BaseHandler):
+	@tornado.web.authenticated
+	def get(self, uid):
+		account = self.backend.accounts.get_by_uid(uid)
+		if not account:
+			raise tornado.web.HTTPError(404, "Could not find account %s" % uid)
+
+		self.render("people/ssh-keys/index.html", account=account)
+
+
 class SIPHandler(base.BaseHandler):
 	@tornado.web.authenticated
 	def get(self, uid):
-- 
2.39.2