Merge into private-builds : ssh_ui_mods : Code : Offspring

Status:	Merged
Approved by:	James Tunnicliffe on 2011-11-09
Approved revision:	92
Merged at revision:	75
Proposed branch:	lp://qastaging/~salgado/offspring/ssh_ui_mods
Merge into:	lp://qastaging/~linaro-automation/offspring/private-builds
Diff against target:	705 lines (+479/-34) 10 files modified lib/offspring/web/media/js/jquery.placeholder.js (+106/-0) lib/offspring/web/queuemanager/admin.py (+5/-3) lib/offspring/web/queuemanager/forms.py (+35/-7) lib/offspring/web/queuemanager/models.py (+38/-3) lib/offspring/web/queuemanager/tests/test_views.py (+107/-1) lib/offspring/web/queuemanager/views.py (+43/-0) lib/offspring/web/templates/queuemanager/project_create.html (+58/-18) lib/offspring/web/templates/queuemanager/project_edit.html (+16/-2) lib/offspring/web/templates/queuemanager/project_edit_credentials.html (+70/-0) lib/offspring/web/urls.py (+1/-0)
To merge this branch:	bzr merge lp://qastaging/~salgado/offspring/ssh_ui_mods
Related bugs:	Link a bug report

Reviewer	Review Type	Date Requested	Status
James Tunnicliffe (community)		2011-11-08	Approve on 2011-11-09
Review via email: mp+81641@code.qastaging.launchpad.net

Revision history for this message

James Tunnicliffe (dooferlad) wrote on 2011-11-09:

#

=== modified file 'lib/offspring/web/queuemanager/forms.py'
--- lib/offspring/web/queuemanager/forms.py 2011-10-19 20:23:49 +0000
+++ lib/offspring/web/queuemanager/forms.py 2011-11-08 21:32:23 +0000
@@ -1,11 +1,9 @@
-# Copyright 2010 Canonical Ltd. This software is licensed under the
-# GNU Affero General Public License version 3 (see the file LICENSE).
+# Copyright 2010 Canonical Ltd. This software is licensed under the # GNU Affero General Public License version 3 (see the file LICENSE).

Seem to have lost a newline here.

=== modified file 'lib/offspring/web/queuemanager/models.py'
--- lib/offspring/web/queuemanager/models.py 2011-10-21 16:44:19 +0000
+++ lib/offspring/web/queuemanager/models.py 2011-11-08 21:32:23 +0000
@@ -11,8 +11,10 @@
timedelta
)
import math
+import re

from django.contrib.auth.models import AnonymousUser, User
+from django.core.exceptions import ValidationError
from django.db import (
    connection,
    models
@@ -199,6 +201,25 @@
        return is_visible_to(user)

+def validate_lp_ssh_key(value):
+ """Check to see if the value looks like an SSH private key"""
+ if not value:
+ return
+
+ key_search_regexp = (r"-----BEGIN \w+ PRIVATE KEY-----"+
+ r".*"+
+ r"-----END \w+ PRIVATE KEY-----")
+ is_key = re.search(key_search_regexp, value, re.DOTALL | re.MULTILINE)
+
+ if not is_key:
+ msg = ("The key you entered doesn't appear to be valid. I am "+
+ "expecting a key in the form:\n "+
+ "-----BEGIN <type> PRIVATE KEY-----\n"+
+ "<ASCII key>\n"+
+ "-----END <type> PRIVATE KEY-----\n")
+ raise ValidationError(msg)
+
+
class Project(AccessGroupMixin, MaybePrivateMixin):
    #XXX: This should probably be managed in the database.
    STATUS_CHOICES = (
@@ -233,10 +254,13 @@
    # The Launchpad User and SSH key are stored per project. If we stored them
    # per LauncpadProject, anyone who could create a Project referencing that
    # LaunchpadProject could get access to the private data in it.
- lp_user = models.TextField('Launchpad User', null=True, editable=False,
+ lp_user = models.TextField('Launchpad User', null=True,
                               blank=True)
- lp_ssh_key = models.TextField("Launchpad User's SSH Key", blank=True,
- null=True, editable=False)
+ lp_ssh_key = models.TextField(
+ "Launchpad User's SSH Key", blank=True, null=True, editable=True,
+ validators=[validate_lp_ssh_key],
+ help_text=("Enter a private SSH ASCII key block, complete with begin "
+ "and end markers."))

notes = models.TextField(blank=True, null=True)

@@ -249,6 +273,17 @@
def __unicode__(self):
return self.display_name()

+ def clean(self):
+ if self.lp_user and not self.lp_ssh_key:
+ raise ValidationError(
+ "You must specify the SSH key for the given Launchpad user")
+ elif self.lp_ssh_key and not self.lp_user:
+ raise ValidationError(
+ "You must specify the Launchpad user for the given SSH key")
+ ...

=== modified file 'lib/offspring/web/queuemanager/forms.py'
--- lib/offspring/web/queuemanager/forms.py     2011-10-19 20:23:49 +0000
+++ lib/offspring/web/queuemanager/forms.py     2011-11-08 21:32:23 +0000
@@ -1,11 +1,9 @@
-# Copyright 2010 Canonical Ltd.  This software is licensed under the
-# GNU Affero General Public License version 3 (see the file LICENSE).
+# Copyright 2010 Canonical Ltd.  This software is licensed under the # GNU Affero General Public License version 3 (see the file LICENSE).

Seem to have lost a newline here.

=== modified file 'lib/offspring/web/queuemanager/models.py'
--- lib/offspring/web/queuemanager/models.py    2011-10-21 16:44:19 +0000
+++ lib/offspring/web/queuemanager/models.py    2011-11-08 21:32:23 +0000
@@ -11,8 +11,10 @@
    timedelta
 )
 import math
+import re

from django.contrib.auth.models import AnonymousUser, User
+from django.core.exceptions import ValidationError
 from django.db import (
    connection,
    models
@@ -199,6 +201,25 @@
        return is_visible_to(user)

+def validate_lp_ssh_key(value):
+    """Check to see if the value looks like an SSH private key"""
+    if not value:
+        return
+
+    key_search_regexp = (r"-----BEGIN \w+ PRIVATE KEY-----"+
+                         r".*"+
+                         r"-----END \w+ PRIVATE KEY-----")
+    is_key = re.search(key_search_regexp, value, re.DOTALL | re.MULTILINE)
+
+    if not is_key:
+        msg = ("The key you entered doesn't appear to be valid. I am "+
+               "expecting a key in the form:\n "+
+               "-----BEGIN <type> PRIVATE KEY-----\n"+
+               "<ASCII key>\n"+
+               "-----END <type> PRIVATE KEY-----\n")
+        raise ValidationError(msg)
+
+
 class Project(AccessGroupMixin, MaybePrivateMixin):
    #XXX: This should probably be managed in the database.
    STATUS_CHOICES = (
@@ -233,10 +254,13 @@
    # The Launchpad User and SSH key are stored per project. If we stored them
    # per LauncpadProject, anyone who could create a Project referencing that
    # LaunchpadProject could get access to the private data in it.
-    lp_user = models.TextField('Launchpad User', null=True, editable=False,
+    lp_user = models.TextField('Launchpad User', null=True,
                               blank=True)
-    lp_ssh_key = models.TextField("Launchpad User's SSH Key", blank=True,
-                                  null=True, editable=False)
+    lp_ssh_key = models.TextField(
+        "Launchpad User's SSH Key", blank=True, null=True, editable=True,
+        validators=[validate_lp_ssh_key],
+        help_text=("Enter a private SSH ASCII key block, complete with begin "
+                   "and end markers."))

notes = models.TextField(blank=True, null=True)

@@ -249,6 +273,17 @@
    def __unicode__(self):
        return self.display_name()

+    def clean(self):
+        if self.lp_user and not self.lp_ssh_key:
+            raise ValidationError(
+                "You must specify the SSH key for the given Launchpad user")
+        elif self.lp_ssh_key and not self.lp_user:
+            raise ValidationError(
+                "You must specify the Launchpad user for the given SSH key")
+        else:
+            # All good, move on.
+            pass

I am surprised that this works, but it does seem to. What I have noticed is that when storing a key without a user in the edit SSH credentials page, I get an error saying that I need to add a user, but the in-text box message says there is a key stored. If I just store a user at that point, it complains that it hasn't stored a key. Clearly we should always say that we haven't got a key until we have both or it is just going to get confusing.

I don't know if the above check is to blame, it is certainly more simple than the one I had, or if the problem is elsewhere. Will have a dig after lunch.

Revision history for this message

Guilherme Salgado (salgado) wrote on 2011-11-09:

#

Download full text (4.6 KiB)

On Wed, 2011-11-09 at 13:03 +0000, James Tunnicliffe wrote:
> === modified file 'lib/offspring/web/queuemanager/forms.py'
> --- lib/offspring/web/queuemanager/forms.py 2011-10-19 20:23:49 +0000
> +++ lib/offspring/web/queuemanager/forms.py 2011-11-08 21:32:23 +0000
> @@ -1,11 +1,9 @@
> -# Copyright 2010 Canonical Ltd. This software is licensed under the
> -# GNU Affero General Public License version 3 (see the file LICENSE).
> +# Copyright 2010 Canonical Ltd. This software is licensed under the # GNU Affero General Public License version 3 (see the file LICENSE).
>
> Seem to have lost a newline here.

Good catch; fixed.

>
> === modified file 'lib/offspring/web/queuemanager/models.py'
> --- lib/offspring/web/queuemanager/models.py 2011-10-21 16:44:19 +0000
> +++ lib/offspring/web/queuemanager/models.py 2011-11-08 21:32:23 +0000
> @@ -11,8 +11,10 @@
> timedelta
> )
> import math
> +import re
>
> from django.contrib.auth.models import AnonymousUser, User
> +from django.core.exceptions import ValidationError
> from django.db import (
> connection,
> models
> @@ -199,6 +201,25 @@
> return is_visible_to(user)
>
>
> +def validate_lp_ssh_key(value):
> + """Check to see if the value looks like an SSH private key"""
> + if not value:
> + return
> +
> + key_search_regexp = (r"-----BEGIN \w+ PRIVATE KEY-----"+
> + r".*"+
> + r"-----END \w+ PRIVATE KEY-----")
> + is_key = re.search(key_search_regexp, value, re.DOTALL | re.MULTILINE)
> +
> + if not is_key:
> + msg = ("The key you entered doesn't appear to be valid. I am "+
> + "expecting a key in the form:\n "+
> + "-----BEGIN <type> PRIVATE KEY-----\n"+
> + "<ASCII key>\n"+
> + "-----END <type> PRIVATE KEY-----\n")
> + raise ValidationError(msg)
> +
> +
> class Project(AccessGroupMixin, MaybePrivateMixin):
> #XXX: This should probably be managed in the database.
> STATUS_CHOICES = (
> @@ -233,10 +254,13 @@
> # The Launchpad User and SSH key are stored per project. If we stored them
> # per LauncpadProject, anyone who could create a Project referencing that
> # LaunchpadProject could get access to the private data in it.
> - lp_user = models.TextField('Launchpad User', null=True, editable=False,
> + lp_user = models.TextField('Launchpad User', null=True,
> blank=True)
> - lp_ssh_key = models.TextField("Launchpad User's SSH Key", blank=True,
> - null=True, editable=False)
> + lp_ssh_key = models.TextField(
> + "Launchpad User's SSH Key", blank=True, null=True, editable=True,
> + validators=[validate_lp_ssh_key],
> + help_text=("Enter a private SSH ASCII key block, complete with begin "
> + "and end markers."))
>
> notes = models.TextField(blank=True, null=True)
>
> @@ -249,6 +273,17 @@
> def __unicode__(self):
> return self.display_name()
>
> + def clean(self):
> + if self.lp_user and not self.lp_ssh_key:
> + raise ValidationError(
> + "...

On Wed, 2011-11-09 at 13:03 +0000, James Tunnicliffe wrote:
> === modified file 'lib/offspring/web/queuemanager/forms.py'
> --- lib/offspring/web/queuemanager/forms.py     2011-10-19 20:23:49 +0000
> +++ lib/offspring/web/queuemanager/forms.py     2011-11-08 21:32:23 +0000
> @@ -1,11 +1,9 @@
> -# Copyright 2010 Canonical Ltd.  This software is licensed under the
> -# GNU Affero General Public License version 3 (see the file LICENSE).
> +# Copyright 2010 Canonical Ltd.  This software is licensed under the # GNU Affero General Public License version 3 (see the file LICENSE).
> 
> Seem to have lost a newline here.

Good catch; fixed.

> 
> === modified file 'lib/offspring/web/queuemanager/models.py'
> --- lib/offspring/web/queuemanager/models.py    2011-10-21 16:44:19 +0000
> +++ lib/offspring/web/queuemanager/models.py    2011-11-08 21:32:23 +0000
> @@ -11,8 +11,10 @@
>     timedelta
>  )
>  import math
> +import re
> 
>  from django.contrib.auth.models import AnonymousUser, User
> +from django.core.exceptions import ValidationError
>  from django.db import (
>     connection,
>     models
> @@ -199,6 +201,25 @@
>         return is_visible_to(user)
> 
> 
> +def validate_lp_ssh_key(value):
> +    """Check to see if the value looks like an SSH private key"""
> +    if not value:
> +        return
> +
> +    key_search_regexp = (r"-----BEGIN \w+ PRIVATE KEY-----"+
> +                         r".*"+
> +                         r"-----END \w+ PRIVATE KEY-----")
> +    is_key = re.search(key_search_regexp, value, re.DOTALL | re.MULTILINE)
> +
> +    if not is_key:
> +        msg = ("The key you entered doesn't appear to be valid. I am "+
> +               "expecting a key in the form:\n "+
> +               "-----BEGIN <type> PRIVATE KEY-----\n"+
> +               "<ASCII key>\n"+
> +               "-----END <type> PRIVATE KEY-----\n")
> +        raise ValidationError(msg)
> +
> +
>  class Project(AccessGroupMixin, MaybePrivateMixin):
>     #XXX: This should probably be managed in the database.
>     STATUS_CHOICES = (
> @@ -233,10 +254,13 @@
>     # The Launchpad User and SSH key are stored per project. If we stored them
>     # per LauncpadProject, anyone who could create a Project referencing that
>     # LaunchpadProject could get access to the private data in it.
> -    lp_user = models.TextField('Launchpad User', null=True, editable=False,
> +    lp_user = models.TextField('Launchpad User', null=True,
>                                blank=True)
> -    lp_ssh_key = models.TextField("Launchpad User's SSH Key", blank=True,
> -                                  null=True, editable=False)
> +    lp_ssh_key = models.TextField(
> +        "Launchpad User's SSH Key", blank=True, null=True, editable=True,
> +        validators=[validate_lp_ssh_key],
> +        help_text=("Enter a private SSH ASCII key block, complete with begin "
> +                   "and end markers."))
> 
>     notes = models.TextField(blank=True, null=True)
> 
> @@ -249,6 +273,17 @@
>     def __unicode__(self):
>         return self.display_name()
> 
> +    def clean(self):
> +        if self.lp_user and not self.lp_ssh_key:
> +            raise ValidationError(
> +                "You must specify the SSH key for the given Launchpad user")
> +        elif self.lp_ssh_key and not self.lp_user:
> +            raise ValidationError(
> +                "You must specify the Launchpad user for the given SSH key")
> +        else:
> +            # All good, move on.
> +            pass
> 
> I am surprised that this works, but it does seem to. What I have
> noticed is that when storing a key without a user in the edit SSH
> credentials page, I get an error saying that I need to add a user, but
> the in-text box message says there is a key stored. If I just store a
> user at that point, it complains that it hasn't stored a key. Clearly
> we should always say that we haven't got a key until we have both or
> it is just going to get confusing.

That's because I now let the ModelForm set the ssh key onto the instance
(as the validation happens when model.save() is called). This, in turn,
causes the template to think there's a key set because
instance.lp_ssh_key is not None (although that's only true on the local
instance because it hasn't been saved in the DB), so it displays the
wrong help text.  I think the right thing to do here is to show the
lp_ssh_key that was submitted with the form when there's a form error --
that way users don't have to re-enter it when they forget to enter the
user, and when they paste it wrong, they can see what was wrong. There's
no risk of leaking existing keys because we'd only show the value the
user has just submitted.  What do you think?

lp://qastaging/~salgado/offspring/ssh_ui_mods updated on 2011-11-09

91. By Guilherme Salgado on 2011-11-09: When the user submits a key on +editcredentials and there's a form error, show the submitted key

Revision history for this message

Guilherme Salgado (salgado) wrote on 2011-11-09:

#

r91 fixes that issue you pointed out

Revision history for this message

James Tunnicliffe (dooferlad) wrote on 2011-11-09:

#

On 9 November 2011 13:57, Guilherme Salgado
<email address hidden> wrote:
> r91 fixes that issue you pointed out

Great. Just ran it and it works very nicely.

We seem to be missing a migrate script. I think you can just copy the
one over from my dev branch.

In forms.py, we should change:
'lp_user' : Textarea(attrs={'cols': 40, 'rows' : 1}),

To a TextInput, (perhaps with cols set to 70, just for ease of
entering longer names) since this will prevent users from writing
multi-line user names by accident.

I think after those changed it will be ready to merge! At last!

--
James Tunnicliffe

lp://qastaging/~salgado/offspring/ssh_ui_mods updated on 2011-11-09

92. By Guilherme Salgado on 2011-11-09: Change the widget used for lp_user to a TextInput

Revision history for this message

James Tunnicliffe (dooferlad) wrote on 2011-11-09:

#

Looks great!

review: Approve

Offspring

Merge lp://qastaging/~salgado/offspring/ssh_ui_mods into lp://qastaging/~linaro-automation/offspring/private-builds

Commit message

Description of the change

Preview Diff

Subscribers