Launchpad itself

ssh keys are not linked if the key doesn't have a comment

Bug #540195 reported by Stuart Colville
16
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Launchpad itself
Triaged
Low
Unassigned

Bug Description

Launchpad allows users to add SSH keys without the optional comment. The only problem with this is that launchpad uses the comment as the basis of creating a link to the key on the user page under SSH keys e.g: https://edge.launchpad.net/~muffinresearch

Without the comment there's no visible link to the key even when the key is present and functions correctly. Having added a comment into the key and re-submitting it appears correctly.

Tags: lp-registry
Curtis Hovey (sinzui)
affects: launchpad → launchpad-registry
Changed in launchpad-registry:
importance: Undecided → Low
status: New → Triaged
Revision history for this message
Curtis Hovey (sinzui) wrote :

The problem code is this
        try:
            kind, keytext, comment = sshkey.split(' ', 2)
        except ValueError:
            raise SSHKeyAdditionError
        if not (kind and keytext and comment):
            raise SSHKeyAdditionError

The error could be explicit and state what parts are missing that are required.

Revision history for this message
Bernhard (rep-dot-nop) wrote :

furthermore i suggest to default comment to the currently logged-in user.
Think:

class SSHKeyAdditionError(Exception):
  def __init__(self, what):
    self.what = what
  def __str__(self):
    if self.what == "kind":
      return u"Unknown key type"
    elif self.what == "keytext":
      return u"Bad keytext"
    elif self.what == "comment":
      return u"Missing comment"
    else:
      return u"Internal error"
class SSHKey(object):
  def __init__(self, stuff):
    if not stuff or len(stuff) < 2:
      raise ValueError
    stuff.reverse()
    self._data = {"kind" : stuff.pop(),
                  "keytext" : stuff.pop(),
                  "comment" : stuff or "get_calling_username()"
                 }
    # get_calling_username() returns None or u"" for invalid or not
    # found user
  def __getitem__(self, key):
    return self._data[key]
  def validate(self):
    if len(self._data) != 3:
      self.error = ""
      return False
    for key in ["kind", "keytext", "comment"]:
      tmp = self._data.get(key)
      if not tmp:
        self.error = key
        return False
    return True

sshkey="id-dsa 0x0815=="
try:
    userkey = SSHKey(sshkey.split(None, 2))
except ValueError:
    raise SSHKeyAdditionError("")
if not userkey.validate():
    raise SSHKeyAdditionError(userkey.error)

thanks,

Revision history for this message
Bernhard (rep-dot-nop) wrote :

thinking about it, it would be even easier to just default comment to kind or "id" and not try to lookup the user, but i don't know the surrounding code, admittedly.

HTH,

Revision history for this message
Curtis Hovey (sinzui) wrote :

I agree about falling back to a default. A user can use the same comment for many keys. It would be easier to add a rule to make a comment then to ask for one or tell the user to hack the key.

    if comment is None:
        comment = '%s key' % person.name

person.name is launchpad id. The code is in SSHKeySet.new() in lib/lp/registry/model/person.py

Revision history for this message
Bernhard (rep-dot-nop) wrote :

careful!
if not comment or not len(comment.strip()):
  comment = '%s key' % person.name

Think about "a b== "

Revision history for this message
Bernhard (rep-dot-nop) wrote :

better validate version:
  def validate(self):
    if len(self._data) != 3:
      self.error = ""
      return False
    for key in ["kind", "keytext", "comment"]:
      tmp = self._data.get(key)
      if not tmp or not tmp.strip(): # reject empty or just spaces!
        self.error = key
        return False
    return True

Revision history for this message
Bernhard (rep-dot-nop) wrote :

gah! not len(tmp.strip()) ;)

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Related questions

Remote bug watches

Bug watches keep track of this bug in other bug trackers.