214 lines
6.3 KiB
Python
214 lines
6.3 KiB
Python
|
from flask import (
|
||
|
Blueprint, flash, g, redirect, render_template, request, url_for
|
||
|
)
|
||
|
from werkzeug.exceptions import abort
|
||
|
|
||
|
from servecerts.auth import login_required
|
||
|
from servecerts.db import get_db
|
||
|
|
||
|
import hashlib
|
||
|
import base64
|
||
|
|
||
|
#bp = Blueprint('pubkeys', __name__, url_prefix='/pubkeys')
|
||
|
bp = Blueprint('pubkeys', __name__, url_prefix='/pubkeys')
|
||
|
|
||
|
@bp.route('/')
|
||
|
@login_required
|
||
|
def index():
|
||
|
db = get_db()
|
||
|
pubkeys = db.execute(
|
||
|
'SELECT'
|
||
|
' p.id, key_name, fullname, ssh_pubkey, p.created, user_id, revoked, deleted'
|
||
|
' FROM pubkeys p'
|
||
|
' JOIN user u ON p.user_id = u.id'
|
||
|
' ORDER BY deleted ASC, revoked ASC, p.created DESC'
|
||
|
).fetchall()
|
||
|
print pubkeys[0]
|
||
|
users = db.execute(
|
||
|
'SELECT * FROM user WHERE id = ?', (g.user['id'],)
|
||
|
).fetchone()
|
||
|
return render_template('pubkeys/index.html', pubkeys=pubkeys, users=users)
|
||
|
|
||
|
def get_pubkey(id, check_user=True):
|
||
|
pubkey = get_db().execute(
|
||
|
'SELECT p.id, ssh_pubkey, key_name, user_id, fingerprint, deleted'
|
||
|
' FROM pubkeys p JOIN user u ON p.user_id = u.id'
|
||
|
' WHERE p.id = ?', (id,)
|
||
|
).fetchone()
|
||
|
|
||
|
if pubkey is None:
|
||
|
abort(404, "Pubkey id {0} does not exist.".format(id))
|
||
|
|
||
|
if check_user and pubkey['user_id'] != g.user['id']:
|
||
|
abort(403)
|
||
|
|
||
|
return pubkey
|
||
|
|
||
|
@bp.route('/create', methods=('GET', 'POST'))
|
||
|
@login_required
|
||
|
def create():
|
||
|
if request.method == 'POST':
|
||
|
key_name = request.form['key_name']
|
||
|
ssh_pubkey = request.form['ssh_pubkey']
|
||
|
splitkey = ssh_pubkey.split(' ')
|
||
|
enc = splitkey.pop(0)
|
||
|
key = splitkey.pop(0)
|
||
|
comment = ' '.join(splitkey)
|
||
|
fingerprint = base64.b64encode(hashlib.sha256(base64.b64decode(key)).digest()).rstrip("=")
|
||
|
print fingerprint
|
||
|
|
||
|
db = get_db()
|
||
|
ckfp = db.execute(
|
||
|
'SELECT id, fingerprint, deleted FROM pubkeys WHERE fingerprint = ?', (fingerprint, )
|
||
|
).fetchone()
|
||
|
|
||
|
if ckfp != None:
|
||
|
if ckfp['fingerprint'] == fingerprint:
|
||
|
if ckfp['deleted'] == 0:
|
||
|
error = "Key exists already"
|
||
|
else:
|
||
|
error = "Key was deleted before -> reactivate it again!"
|
||
|
flash(error)
|
||
|
return redirect(url_for('pubkeys.update', id=ckfp['id']))
|
||
|
|
||
|
if not key_name:
|
||
|
key_name = comment
|
||
|
error = None
|
||
|
|
||
|
if not ssh_pubkey:
|
||
|
error = 'SSH-Pubkey is required.'
|
||
|
|
||
|
if error is not None:
|
||
|
flash(error)
|
||
|
else:
|
||
|
#db = get_db()
|
||
|
db.execute(
|
||
|
'INSERT INTO pubkeys (ssh_pubkey, key_name, user_id, fingerprint)'
|
||
|
' VALUES (?, ?, ?, ?)',
|
||
|
(ssh_pubkey, key_name, g.user['id'], fingerprint)
|
||
|
)
|
||
|
db.commit()
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|
||
|
return render_template('pubkeys/create.html')
|
||
|
|
||
|
@bp.route('/<int:id>/update', methods=('GET', 'POST'))
|
||
|
@login_required
|
||
|
def update(id):
|
||
|
pubkey = get_pubkey(id)
|
||
|
|
||
|
if request.method == 'POST':
|
||
|
key_name = request.form['key_name']
|
||
|
deleted = request.form.get('deleted')
|
||
|
error = None
|
||
|
|
||
|
if not key_name:
|
||
|
error = 'Key-ID is required.'
|
||
|
|
||
|
deleted = 0 if not deleted else 1
|
||
|
# if not ssh_pubkey:
|
||
|
# error = "SSH-Pubkey is requred."
|
||
|
|
||
|
if error is not None:
|
||
|
flash(error)
|
||
|
else:
|
||
|
db = get_db()
|
||
|
db.execute(
|
||
|
'UPDATE pubkeys SET key_name = ?, deleted = ?'
|
||
|
' WHERE id = ?',
|
||
|
(key_name, deleted, id)
|
||
|
)
|
||
|
db.commit()
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|
||
|
return render_template('pubkeys/update.html', pubkey=pubkey)
|
||
|
|
||
|
@bp.route('/<int:id>/delete', methods=('GET',))
|
||
|
@login_required
|
||
|
def delete(id):
|
||
|
get_pubkey(id)
|
||
|
db = get_db()
|
||
|
#db.execute('DELETE FROM pubkeys WHERE id = ?', (id,))
|
||
|
db.execute('UPDATE pubkeys SET deleted = 1 WHERE id = ?', (id,))
|
||
|
db.execute('UPDATE certificates SET deleted = 1 WHERE pubkey_id = ?', (id,))
|
||
|
db.commit()
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|
||
|
@bp.route('/<int:id>/deletefinal', methods=('GET',))
|
||
|
@login_required
|
||
|
def deletefinal(id):
|
||
|
get_pubkey(id)
|
||
|
db = get_db()
|
||
|
db.execute('DELETE FROM pubkeys WHERE id = ?', (id,))
|
||
|
#db.execute('UPDATE certificates SET deleted = 1 WHERE pubkey_id = ?', (id,))
|
||
|
db.commit()
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|
||
|
@bp.route('/<int:id>/revoke', methods=('POST', 'GET'))
|
||
|
@login_required
|
||
|
def revoke(id):
|
||
|
get_pubkey(id)
|
||
|
db = get_db()
|
||
|
db.execute(
|
||
|
'UPDATE pubkeys SET revoked = 1'
|
||
|
' WHERE id = ?', (id,)
|
||
|
)
|
||
|
db.commit()
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|
||
|
#--------------#
|
||
|
# Certificates #
|
||
|
#--------------#
|
||
|
|
||
|
@bp.route('/<int:id>/certificates')
|
||
|
@login_required
|
||
|
def certs_index(id):
|
||
|
|
||
|
print "id : " + str(id)
|
||
|
print "user id: " + str(g.user['id'])
|
||
|
db = get_db()
|
||
|
|
||
|
user = db.execute(
|
||
|
'SELECT * FROM user WHERE id = ?', (g.user['id'],)
|
||
|
).fetchone()
|
||
|
|
||
|
pubkey = db.execute(
|
||
|
'SELECT'
|
||
|
' p.id pid, key_name, fullname, ssh_pubkey, p.created, user_id,'
|
||
|
' revoked, deleted, fingerprint'
|
||
|
' FROM pubkeys p'
|
||
|
' JOIN user u ON p.user_id = u.id'
|
||
|
' WHERE p.user_id = ? AND p.id = ?'
|
||
|
' ORDER BY deleted ASC, revoked ASC, p.created DESC', (g.user['id'], id,)
|
||
|
).fetchone()
|
||
|
|
||
|
certificates = db.execute(
|
||
|
'SELECT * FROM certificates c JOIN pubkeys p ON p.id = c.id'
|
||
|
' JOIN user u ON p.user_id = u.id'
|
||
|
' WHERE p.id = ?', (id,)
|
||
|
).fetchall()
|
||
|
|
||
|
#print "PUBKEY: " + pubkey['fingerprint']
|
||
|
#print "CERTIFICATES: " + str(certificates)
|
||
|
#print "USERS" + (users)
|
||
|
return render_template('certificates/index.html', pubkey=pubkey,
|
||
|
user=user, certificates=certificates)
|
||
|
|
||
|
|
||
|
@bp.route('/<int:id>/certificates/create', methods=('GET', 'POST'))
|
||
|
@login_required
|
||
|
def certs_create(id):
|
||
|
pubkey = get_pubkey(id)
|
||
|
print "Pubkey-ID: " + str(id)
|
||
|
print "create new certificate"
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|
||
|
@bp.route('/<int:id>/certificates/revoke')
|
||
|
@login_required
|
||
|
def certs_revoke(id):
|
||
|
print "Pubkey-ID: " + id[0]
|
||
|
print "create new certificate"
|
||
|
print "revoke certificate"
|
||
|
return redirect(url_for('pubkeys.index'))
|
||
|
|