- person_id = person['person_id']
- key_id = self['key_id']
-
- if not 'person_id' in self:
- assert key_id not in person['key_ids']
-
- self.api.db.do("INSERT INTO person_key (person_id, key_id)" \
- " VALUES (%d, %d)" % (person_id, key_id) )
- if commit:
- self.api.db.commit()
-
- self['person_id'] = person_id
- person['key_id'] = key_id
-
- def set_primary_key(self, person, commit = True):
- """
- Set the primary key for a person
+ def validate(self):
+ # Basic validation
+ Row.validate(self)
+
+ assert 'key' in self
+ key = self['key']
+
+ if self['key_type'] == 'ssh':
+ # Accept only SSH version 2 keys without options. From
+ # sshd(8):
+ #
+ # Each protocol version 2 public key consists of: options,
+ # keytype, base64 encoded key, comment. The options field
+ # is optional...The comment field is not used for anything
+ # (but may be convenient for the user to identify the
+ # key). For protocol version 2 the keytype is ``ssh-dss''
+ # or ``ssh-rsa''.
+
+ good_ssh_key = r'^.*(?:ssh-dss|ssh-rsa)[ ]+[A-Za-z0-9+/=]+(?: .*)?$'
+ if not re.match(good_ssh_key, key, re.IGNORECASE):
+ raise PLCInvalidArgument, "Invalid SSH version 2 public key"
+
+ def blacklist(self, commit = True):
+ """
+ Permanently blacklist key (and all other identical keys),
+ preventing it from ever being added again. Because this could
+ affect multiple keys associated with multiple accounts, it
+ should be admin only.