Commit 117b7bca authored by Leigh Stoller's avatar Leigh Stoller

Tweaks and bug fixes to new ssh editing page. Banish the old pages.

parent b88204e6
......@@ -9,12 +9,14 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
{
'use strict';
var embedded = 0;
var target_uid = "";
var sshkeysTemplate = _.template(sshkeysString);
function initialize()
{
window.APT_OPTIONS.initialize(sup);
embedded = window.EMBEDDED;
target_uid = window.TARGET_UID;
var pubkeys = JSON.parse(_.unescape($('#sshkey-list')[0].textContent));
var html = sshkeysTemplate({
......@@ -53,6 +55,12 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
HandleDeleteKey(index);
});
// Form reset button.
$('#ssh_clear_button').click(function (event) {
console.log("foo");
event.preventDefault();
$('#sshkey_data').val("");
});
// Add key button.
$('#ssh_addkey_button').click(function (event) {
event.preventDefault();
......@@ -79,16 +87,18 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
return;
}
if (embedded) {
window.parent.location.replace("../ssh-keys.php");
window.parent.location.replace("../ssh-keys.php?user=" +
target_uid);
}
else {
window.location.replace("ssh-keys.php");
window.location.replace("ssh-keys.php?user=" + target_uid);
}
}
sup.ShowModal("#waitwait-modal");
var xmlthing = sup.CallServerMethod(null, "ssh-keys", "addkey",
{"keydata" : keydata});
{"keydata" : keydata,
"target_uid" : target_uid});
xmlthing.done(callback);
}
......@@ -107,7 +117,8 @@ function (_, sup, sshkeysString, oopsString, waitwaitString)
sup.ShowModal("#waitwait-modal");
var xmlthing = sup.CallServerMethod(null, "ssh-keys", "deletekey",
{"index" : index});
{"index" : index,
"target_uid" : target_uid});
xmlthing.done(callback);
}
......
......@@ -27,8 +27,9 @@ chdir("apt");
#
# When there's a PubKeys class, this will be a Class function to edit them...
#
function AddKeyAux($uid, $keydata, &$error)
function AddKeyAux($target_uid, $keydata, &$error)
{
global $this_user;
global $suexec_output, $suexec_output_array;
#
......@@ -50,8 +51,10 @@ function AddKeyAux($uid, $keydata, &$error)
chmod($filename, 0666);
# Invoke the back-end script as the user if an admin for permissions.
$retval = SUEXEC($uid, "nobody", "webaddpubkey -f -u $uid $filename",
SUEXEC_ACTION_IGNORE);
$suexec_uid = (ISADMIN() ? $this_user->uid() : "nobody");
$retval = SUEXEC($suexec_uid, "nobody",
"webaddpubkey -f -u $target_uid $filename",
SUEXEC_ACTION_IGNORE);
unlink($filename);
if ($retval) {
......@@ -76,15 +79,26 @@ function Do_AddKey()
global $ajax_args;
$error = "";
$this_idx = $this_user->uid_idx();
$this_uid = $this_user->uid();
$embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
$target_user = $this_user;
$embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
if (!isset($ajax_args["keydata"])) {
SPITAJAX_ERROR(1, "Missing key data");
return;
}
if (!AddKeyAux($this_uid, $ajax_args["keydata"], $error)) {
if (isset($ajax_args["target_uid"])) {
$target_uid = $ajax_args["target_uid"];
$target_user = User::Lookup($target_uid);
if (!$target_user) {
SPITAJAX_ERROR(1, "No such user: $target_uid");
return;
}
if (! ($target_user->SameUser($this_user) || ISADMIN())) {
SPITAJAX_ERROR(1, "No permission to add key for $target_uid");
return;
}
}
if (!AddKeyAux($target_user->uid(), $ajax_args["keydata"], $error)) {
SPITAJAX_ERROR(1, $error);
return;
}
......@@ -97,9 +111,8 @@ function Do_DeleteKey()
global $this_user;
global $ajax_args;
$this_idx = $this_user->uid_idx();
$this_uid = $this_user->uid();
$embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
$target_user = $this_user;
$embedded = isset($ajax_args["embedded"]) && $ajax_args["embedded"];
if (!isset($ajax_args["index"])) {
SPITAJAX_ERROR(1, "Missing key index");
......@@ -110,13 +123,35 @@ function Do_DeleteKey()
SPITAJAX_ERROR(1, "Invalid key index");
return;
}
if (isset($ajax_args["target_uid"])) {
$target_uid = $ajax_args["target_uid"];
$target_user = User::Lookup($target_uid);
if (!$target_user) {
SPITAJAX_ERROR(1, "No such user: $target_uid");
return;
}
if (! ($target_user->SameUser($this_user) || ISADMIN())) {
SPITAJAX_ERROR(1, "No permission to delete key for $target_uid");
return;
}
}
$target_idx = $target_user->uid_idx();
$target_uid = $target_user->uid();
DBQueryFatal("delete from user_pubkeys ".
"where uid_idx='$this_idx' and idx='$index' and internal=0");
"where uid_idx='$target_idx' and idx='$index' and internal=0");
if (SUEXEC($this_uid, "nobody",
"webaddpubkey -w $this_uid", SUEXEC_ACTION_CONTINUE)) {
SPITAJAX_ERROR(-1, "Internal error regenerating keys file");
return;
#
# update authkeys files and nodes, but only if user has a real account.
# The -w option can only be used on real users, and deleting a key does
# not require anything by the outside script if not a real user; it
# will complain and die.
#
if (HASREALACCOUNT($target_uid) &&
SUEXEC("nobody", "nobody",
"webaddpubkey -w $target_uid", SUEXEC_ACTION_CONTINUE)) {
SPITAJAX_ERROR(-1, "Internal error regenerating auth keys file");
return;
}
SPITAJAX_RESPONSE(0);
return;
......
......@@ -33,11 +33,26 @@ $page_title = "My SSH Keys";
RedirectSecure();
$this_user = CheckLoginOrRedirect();
$this_idx = $this_user->idx();
$optargs = OptionalPageArguments("target_user", PAGEARG_USER);
SPITHEADER(1);
# Default to current user.
if (!isset($target_user)) {
$target_user = $this_user;
}
$target_uid = $target_user->uid();
$target_idx = $target_user->idx();
if (! ($target_user->SameUser($this_user) ||
$target_user->AccessCheck($this_user, $TB_USERINFO_READINFO))) {
USERERROR("You do not have permission to view ${target_uid}' keys!", 1);
}
$query_result =
DBQueryFatal("select idx,comment,pubkey from user_pubkeys ".
"where uid_idx='$this_idx' and internal=0");
"where uid_idx='$target_idx' and internal=0");
$pubkeys = array();
while ($row = mysql_fetch_array($query_result)) {
......@@ -53,7 +68,8 @@ echo "</script>\n";
echo "<div id='page-body'></div>\n";
echo "<script type='text/javascript'>\n";
echo " window.AJAXURL = 'server-ajax.php';\n";
echo " window.AJAXURL = 'server-ajax.php';\n";
echo " window.TARGET_UID = '$target_uid';\n";
echo "</script>\n";
echo "<script src='js/lib/jquery-2.0.3.min.js'></script>\n";
echo "<script src='js/lib/bootstrap.js'></script>\n";
......
......@@ -26,8 +26,8 @@
<a data-toggle="collapse"
href='#<%- key_href %>'>
<span class="glyphicon glyphicon-chevron-right pull-left"
style='padding-right: 10px;'></span></a>
<h4 class='panel-title'><%- key_title %></h4>
style='padding-right: 10px;'></span>
<h4 class='panel-title'><%- key_title %></h5></a>
</div>
</div>
<div id='<%- key_href %>' class="panel-collapse collapse">
......@@ -80,6 +80,9 @@
data-classButton='btn btn-primary btn-sm'
data-input='false'
data-buttonText='Load from file'>
<button type="button" id='ssh_clear_button'
style='margin-left: 10px;'
class="btn btn-default btn-sm">Clear Form</button>
</div>
</div>
<div class="form-group">
......
<?php
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
# This file is part of the Emulab network testbed software.
#
# This file is free software: you can redistribute it and/or modify it
# under the terms of the GNU Affero General Public License as published by
# the Free Software Foundation, either version 3 of the License, or (at
# your option) any later version.
#
# This file is distributed in the hope that it will be useful, but WITHOUT
# ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
# FITNESS FOR A PARTICULAR PURPOSE. See the GNU Affero General Public
# License for more details.
#
# You should have received a copy of the GNU Affero General Public License
# along with this file. If not, see <http://www.gnu.org/licenses/>.
#
# }}}
#
include("defs.php3");
#
# No PAGEHEADER since we spit out a redirect later.
#
#
# Only known and logged in users can do this.
#
$this_user = CheckLoginOrDie(CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$uid = $this_user->uid();
$isadmin = ISADMIN();
#
# Verify page arguments.
#
$reqargs = RequiredPageArguments("target_user", PAGEARG_USER,
"key", PAGEARG_INTEGER);
$optargs = OptionalPageArguments("canceled", PAGEARG_BOOLEAN,
"confirmed", PAGEARG_BOOLEAN);
# Need these below.
$target_dbid = $target_user->dbid();
$target_uid = $target_user->uid();
#
# Verify that this uid is a member of one of the projects that the
# user is in. Must have proper permission in that group too.
#
if (!$isadmin &&
!$target_user->AccessCheck($this_user, $TB_USERINFO_MODIFYINFO)) {
USERERROR("You do not have permission!", 1);
}
#
# Get the actual key.
#
$query_result =& $target_user->TableLookUp("user_pubkeys", "*", "idx='$key'");
if (! mysql_num_rows($query_result)) {
USERERROR("Public Key for user '$target_uid' does not exist!", 1);
}
$row = mysql_fetch_array($query_result);
$pubkey = $row['pubkey'];
$chunky = chunk_split($pubkey, 70, "<br>\n");
$internal = $row['internal'];
$nodelete = $row['nodelete'];
#
# Internal keys cannot be deleted without admin.
#
if (($internal || $nodelete) && !$isadmin) {
USERERROR("You are not allowed to delete your system keys!", 1);
}
#
# We run this twice. The first time we are checking for a confirmation
# by putting up a form. The next time through the confirmation will be
# set. Or, the user can hit the cancel button, in which case we should
# probably redirect the browser back up a level.
#
if (isset($canceled) && $canceled) {
PAGEHEADER("SSH Public Key Maintenance");
echo "<center><h2><br>
SSH Public Key deletion canceled!
</h2></center>\n";
$url = CreateURL("showpubkeys", $target_user);
echo "<br>
Back to <a href='$url'>ssh public keys</a> for user '$uid'.\n";
PAGEFOOTER();
return;
}
if (!isset($confirmed)) {
PAGEHEADER("SSH Public Key Maintenance");
echo "<center><h3><br>
Are you <b>REALLY</b>
sure you want to delete this SSH Public Key for user '$target_uid'?
</h3>\n";
$url = CreateURL("deletepubkey", $target_user, "key", $key);
echo "<form action='$url' method=post>";
echo "<b><input type=submit name=confirmed value=Confirm></b>\n";
echo "<b><input type=submit name=canceled value=Cancel></b>\n";
echo "</form>\n";
echo "</center>\n";
echo "<table align=center border=1 cellpadding=2 cellspacing=2>
<tr>
<td>$chunky</td>
</tr>
</table>\n";
if ($internal || $nodelete) {
echo "<center><font color=red size=+1>";
echo "This is an internal key!</font><center>";
}
PAGEFOOTER();
return;
}
#
# Audit
#
$uid_name = $this_user->name();
$uid_email = $this_user->email();
$targuid_name = $target_user->name();
$targuid_email = $target_user->email();
TBMAIL("$targuid_name <$targuid_email>",
"SSH Public Key for '$target_uid' Deleted",
"\n".
"SSH Public Key for '$target_uid' deleted by '$uid'.\n".
"\n".
"$chunky\n".
"\n".
"Thanks,\n".
"Testbed Operations\n",
"From: $uid_name <$uid_email>\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
DBQueryFatal("delete from user_pubkeys ".
"where uid_idx='$target_dbid' and idx='$key'");
#
# update authkeys files and nodes, but only if user has a real account.
# The -w option can only be used on real users, and deleting a key does
# not require anything by the outside script if not a real user; it
# will complain and die!
#
if (HASREALACCOUNT($target_uid)) {
ADDPUBKEY("-w $target_uid");
}
header("Location: " . CreateURL("showpubkeys", $target_user));
?>
<?php
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -375,7 +375,7 @@ function SPITFORM($formfields, $errors)
security policies</a> for information
regarding passwords and email addresses.\n";
if (!$wikionly) {
$pubkey_url = CreateURL("showpubkeys", $target_user);
$pubkey_url = CreateURL("ssh-keys", $target_user);
echo "<li> You can also
<a href='$pubkey_url'>edit your ssh public keys</a>.
......
<?php
#
# Copyright (c) 2000-2012 University of Utah and the Flux Group.
# Copyright (c) 2000-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -84,7 +84,7 @@ WRITESUBMENUBUTTON("Edit Profile",
if (!$wikionly && ($isadmin || $target_user->SameUser($this_user))) {
WRITESUBMENUBUTTON("Edit SSH Keys",
CreateURL("showpubkeys", $target_user));
CreateURL("ssh-keys", $target_user));
WRITESUBMENUBUTTON("Generate SSL Cert",
CreateURL("gensslcert", $target_user));
......
This diff is collapsed.
......@@ -127,7 +127,7 @@ if (!$archived) {
if (!$archived && !$target_user->wikionly() &&
($isadmin || $target_user->SameUser($this_user))) {
WRITESUBMENUBUTTON("Edit SSH Keys",
CreateURL("showpubkeys", $target_user));
CreateURL("ssh-keys", $target_user));
WRITESUBMENUBUTTON("Generate SSL Cert",
CreateURL("gensslcert", $target_user));
......
......@@ -29,15 +29,22 @@ include("defs.php3");
$this_user = CheckLoginOrDie();
$uid = $this_user->uid();
$uid_idx = $this_user->uid_idx();
$isadmin = ISADMIN();
#
# Standard Testbed Header
#
PAGEHEADER("SSH Keys");
$optargs = OptionalPageArguments("target_user", PAGEARG_USER);
# Default to current user.
$target_opt = "";
if (isset($target_user)) {
$target_opt = "&user=" . $target_user->uid();
}
echo "<br>\n";
echo "<iframe src='apt/ssh-keys.php?embedded=1'
echo "<iframe src='apt/ssh-keys.php?embedded=1${target_opt}'
id='embedded' class='embedded'></iframe>";
$bodyclosestring =
......
<?php
#
# Copyright (c) 2006-2014 University of Utah and the Flux Group.
# Copyright (c) 2006-2015 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -135,6 +135,7 @@ $url_mapping["showslice"] = "showslice.php";
$url_mapping["genihistory"] = "genihistory.php";
$url_mapping["showmanifest"] = "showmanifest.php";
$url_mapping["showslicelogs"] = "showslicelogs.php";
$url_mapping["ssh-keys"] = "ssh-keys.php";
#
# The caller will pass in a page id, and a list of things. If the thing
......@@ -553,7 +554,12 @@ function VerifyPageArguments($argspec, $required)
$yep = 1;
if (ValidateArgument($name, PAGEARG_USER, $idx)) {
$object = User::Lookup($idx);
if (preg_match("/^\d+$/", $idx)) {
$object = User::Lookup($idx);
}
else {
$object = User::LookupByUid($idx);
}
}
}
elseif (isset($_REQUEST[URL_UID])) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment