people: Use SHA256 to identify an SSH key

Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>

diff --git a/src/backend/accounts.py b/src/backend/accounts.py
index 9f67e4a460271081ed74357dacab6e2567dace00..1c956c8b24114578af80dce3e77810f5511cdeb4 100644 (file)
--- a/src/backend/accounts.py
+++ b/src/backend/accounts.py
@@ -619,9 +619,9 @@ class Account(Object):
 
                return ret
 
-       def get_ssh_key_by_hash_md5(self, hash_md5):
+       def get_ssh_key_by_hash_sha256(self, hash_sha256):
                for key in self.ssh_keys:
-                       if not key.hash_md5() == hash_md5:
+                       if not key.hash_sha256() == hash_sha256:
                                continue
 
                        return key

diff --git a/src/templates/people/ssh-keys/index.html b/src/templates/people/ssh-keys/index.html
index 250a21255849314a8e26dd67b8cf18d759039540..30d94533234454142213cec852ceb764fa44c9b6 100644 (file)
--- a/src/templates/people/ssh-keys/index.html
+++ b/src/templates/people/ssh-keys/index.html
@@ -9,7 +9,7 @@
                {% for key in account.ssh_keys %}
                        <li class="list-group-item">
                                <h5 class="mb-3">
-                                       <a class="text-dark" href="/users/{{ account.uid }}/ssh-keys/{{ key.hash_md5() }}">
+                                       <a class="text-dark" href="/users/{{ account.uid }}/ssh-keys/{{ key.hash_sha256() }}">
                                                {{ key.comment or _("%s Key") % key.key_type.decode() }}
                                        </a>
                                </h5>
@@ -37,7 +37,7 @@
                                {% end %}
 
                                {% if account.can_be_managed_by(current_user) %}
-                                       <a class="btn btn-outline-danger btn-sm btn-block mt-2" href="/users/{{ account.uid }}/ssh-keys/{{ key.hash_md5() }}/delete">
+                                       <a class="btn btn-outline-danger btn-sm btn-block mt-2" href="/users/{{ account.uid }}/ssh-keys/{{ key.hash_sha256() }}/delete">
                                                {{ _("Delete") }}
                                        </a>
                                {% end %}

diff --git a/src/web/__init__.py b/src/web/__init__.py
index 041839cec02fe3f64e2fb6a847709ce92f1d81c0..e721dbfaa9fbf387315d14e91b48e4f9855fc7a4 100644 (file)
--- a/src/web/__init__.py
+++ b/src/web/__init__.py
@@ -261,8 +261,8 @@ class Application(tornado.web.Application):
                        (r"/users/(\w+)/edit", people.UserEditHandler),
                        (r"/users/(\w+)/passwd", people.UserPasswdHandler),
                        (r"/users/(\w+)/ssh-keys", people.SSHKeysIndexHandler),
-                       (r"/users/(\w+)/ssh-keys/(MD5\:.*)/delete", people.SSHKeysDeleteHandler),
-                       (r"/users/(\w+)/ssh-keys/(MD5\:.*)", people.SSHKeysDownloadHandler),
+                       (r"/users/(\w+)/ssh-keys/(SHA256\:.*)/delete", people.SSHKeysDeleteHandler),
+                       (r"/users/(\w+)/ssh-keys/(SHA256\:.*)", people.SSHKeysDownloadHandler),
                        (r"/users/(\w+)/ssh-keys/upload", people.SSHKeysUploadHandler),
                        (r"/users/(\w+)/sip", people.SIPHandler),
                ]  + authentication_handlers)

diff --git a/src/web/people.py b/src/web/people.py
index 8b537bfeb81e50271c756b1c858242903391d821..f6e615e44b75fff5d3b3ba30b06bdd8936346ad5 100644 (file)
--- a/src/web/people.py
+++ b/src/web/people.py
@@ -116,15 +116,15 @@ class SSHKeysIndexHandler(base.BaseHandler):
 
 class SSHKeysDownloadHandler(base.BaseHandler):
        @tornado.web.authenticated
-       def get(self, uid, hash_md5):
+       def get(self, uid, hash_sha256):
                account = self.backend.accounts.get_by_uid(uid)
                if not account:
                        raise tornado.web.HTTPError(404, "Could not find account %s" % uid)
 
                # Get SSH key
-               key = account.get_ssh_key_by_hash_md5(hash_md5)
+               key = account.get_ssh_key_by_hash_sha256(hash_sha256)
                if not key:
-                       raise tornado.web.HTTPError(404, "Could not find key: %s" % hash_md5)
+                       raise tornado.web.HTTPError(404, "Could not find key: %s" % hash_sha256)
 
                # Set HTTP Headers
                self.add_header("Content-Type", "text/plain")
@@ -175,28 +175,28 @@ class SSHKeysUploadHandler(base.BaseHandler):
 
 class SSHKeysDeleteHandler(base.BaseHandler):
        @tornado.web.authenticated
-       def get(self, uid, hash_md5):
+       def get(self, uid, hash_sha256):
                account = self.backend.accounts.get_by_uid(uid)
                if not account:
                        raise tornado.web.HTTPError(404, "Could not find account %s" % uid)
 
                # Get SSH key
-               key = account.get_ssh_key_by_hash_md5(hash_md5)
+               key = account.get_ssh_key_by_hash_sha256(hash_sha256)
                if not key:
-                       raise tornado.web.HTTPError(404, "Could not find key: %s" % hash_md5)
+                       raise tornado.web.HTTPError(404, "Could not find key: %s" % hash_sha256)
 
                self.render("people/ssh-keys/delete.html", account=account, key=key)
 
        @tornado.web.authenticated
-       def post(self, uid, hash_md5):
+       def post(self, uid, hash_sha256):
                account = self.backend.accounts.get_by_uid(uid)
                if not account:
                        raise tornado.web.HTTPError(404, "Could not find account %s" % uid)
 
                # Get SSH key
-               key = account.get_ssh_key_by_hash_md5(hash_md5)
+               key = account.get_ssh_key_by_hash_sha256(hash_sha256)
                if not key:
-                       raise tornado.web.HTTPError(404, "Could not find key: %s" % hash_md5)
+                       raise tornado.web.HTTPError(404, "Could not find key: %s" % hash_sha256)
 
                # Verify password
                password = self.get_argument("password")