cgi/edituser.cgi

   1 #!/usr/bin/perl
   2 # (c) Petr Baudis <pasky@suse.cz>
   3 # (c) Jan Krueger <jk@jk.gs>
   4 # GPLv2
   5
   6 use strict;
   7 use warnings;
   8
   9 use lib ".";
  10 use Girocco::CGI;
  11 use Girocco::Config;
  12 use Girocco::User;
  13 use Girocco::Util;
  14
  15 my $gcgi = Girocco::CGI->new('User SSH Key Update');
  16 my $cgi = $gcgi->cgi;
  17
  18 unless ($Girocco::Config::manage_users) {
  19         print "<p>I don't manage users.</p>";
  20         exit;
  21 }
  22
  23 if ($cgi->param('mail')) {
  24         print "<p>Go away, bot.</p>";
  25         exit;
  26 }
  27
  28 sub _auth_form {
  29         my $name = shift;
  30         my $submit = shift;
  31         my $fields = shift;
  32         $fields = '' if (!$fields);
  33         my $auth = shift;
  34         my $authtag = ($auth ? qq(<input type="hidden" name="auth" value="$auth" />) :
  35                 qq(<p>Authorization code: <input name="auth" size="40" /></p>));
  36         print <<EOT;
  37
  38 <form method="post">
  39 <input type="hidden" name="name" value="$name" />
  40 $authtag
  41 $fields<p><input type="submit" value="$submit" /></p>
  42 </form>
  43 EOT
  44 }
  45
  46 if ($cgi->param('name')) {
  47         # submitted, let's see
  48         # FIXME: racy, do a lock
  49         my $name = $gcgi->wparam('name');
  50         (Girocco::User::valid_name($name)
  51                 and Girocco::User::does_exist($name))
  52                 or $gcgi->err("Username is not registered.");
  53
  54         $gcgi->err_check and exit;
  55
  56         my $user;
  57         ($user = Girocco::User->load($name)) && valid_email($user->{email})
  58                 or $gcgi->err("Username may not be updated.");
  59
  60         $gcgi->err_check and exit;
  61
  62         if (!$cgi->param('auth')) {
  63                 my $auth = $user->gen_auth;
  64
  65                 # Send auth mail
  66                 open(MAIL, '|-', '/usr/bin/mail', '-s', "[$Girocco::Config::name] Account update authorization", $user->{email}) or
  67                         die "Sorry, could not send authorization code: $!";
  68                 print MAIL <<EOT;
  69 Hello,
  70
  71 you have requested an authorization code to be sent to you for updating your
  72 account's SSH keys. If you don't want to actually update your SSH keys, just
  73 ignore this e-mail. Otherwise, use this code within 24 hours:
  74
  75 $auth
  76
  77 Should you run into any problems, please let us know.
  78
  79 Have fun!
  80 EOT
  81                 close MAIL;
  82
  83                 print "<p>You should shortly receive an e-mail containing an authorization code.
  84                         Please enter this code below to update your SSH keys.
  85                         The code will expire in 24 hours or after you have used it.</p>";
  86                 _auth_form($name, "'Login'");
  87                 exit;
  88         } else {
  89                 $user->{auth} or do {
  90                         print "There currently isn't any authorization code filed under your account. Please <a href=\"edituser.cgi\">generate one</a>.";
  91                         exit;
  92                 };
  93
  94                 my $fields = '';
  95                 my $keys = $cgi->param('keys') || '';
  96
  97                 my $auth = $gcgi->wparam('auth');
  98                 if ($auth ne $user->{auth}) {
  99                         print '<p>Invalid authorization code, please re-enter or <a href="edituser.cgi">generate a new one</a>.</p>';
 100                         _auth_form($name, "'Login'");
 101                         exit;
 102                 }
 103
 104                 # Auth valid, keys given -> save
 105                 if ($keys && $user->keys_fill($gcgi)) {
 106                         $user->del_auth;
 107                         $user->keys_save;
 108                         print "<p>Your SSH keys have been updated.</p>";
 109                         exit;
 110                 }
 111
 112                 # Otherwise pre-fill keys
 113                 $keys = $user->{keys};
 114                 $fields = "<p>Public SSH key(s): <textarea wrap=\"off\" name=\"keys\" cols=\"80\" rows=\"5\">$keys</textarea></p>\n";
 115
 116                 print "<p>Authorization code validated (for now).</p>
 117 <p>You can paste multiple keys in the box below, each on a separate line.
 118 Paste each key <em>including</em> the <tt>ssh-</tt>whatever prefix and email-like postfix.</p>\n";
 119                 _auth_form($name, "Update keys", $fields, $auth);
 120                 exit;
 121         }
 122
 123 }
 124
 125 print <<EOT;
 126 <p>Here you can update the public SSH keys associated with your user account.
 127 These keys are required for you to push to projects.</p>
 128 <p>SSH is used for pushing (the <tt>ssh</tt> protocol), your SSH key authenticates you -
 129 there is no password (though we recommend that your SSH key is password-protected;
 130 use <code>ssh-agent</code> to help your fingers).
 131 You can find your public key in <tt>~/.ssh/id_rsa.pub</tt> or <tt>~/.ssh/id_dsa.pub</tt>.
 132 If you do not have any yet, generate it using the <code>ssh-keygen</code> command.</p>
 133
 134 <p>Please enter your username below;
 135 we will send you an email with an authorization code
 136 and further instructions.</p>
 137
 138 <form method="post">
 139 <table class="form">
 140 <tr><td class="formlabel">Login:</td><td><input type="text" name="name" /></td></tr>
 141 <tr style="display:none"><td class="formlabel">Anti-captcha (leave empty!):</td><td><input type="text" name="mail" /></td></tr>
 142 <tr><td class="formlabel"></td><td><input type="submit" value="Send authorization code" /></td></tr>
 143 </table>
 144 </form>
 145 EOT