2 # (c) Petr Baudis <pasky@suse.cz>
3 # (c) Jan Krueger <jk@jk.gs>
15 my $gcgi = Girocco
::CGI
->new('User Email & SSH Key Update');
18 unless ($Girocco::Config
::manage_users
) {
19 print "<p>I don't manage users.</p>";
23 if ($cgi->param('mail')) {
24 print "<p>Go away, bot.</p>";
32 $fields = '' if (!$fields);
34 my $authtag = ($auth ?
qq(<input type
="hidden" name
="auth" value
="$auth" />) :
35 qq(<p
>Authorization code
: <input name
="auth" size
="50" /></p>));
38 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/edituser.cgi">
39 <input type="hidden" name="name" value="$name" />
41 $fields<p><input type="submit" name="y0" value="$submit" /></p>
47 my $y0 = $cgi->param('y0') || '';
48 if ($cgi->param('name') && $y0 && $cgi->request_method eq 'POST') {
49 # submitted, let's see
50 # FIXME: racy, do a lock
51 my $name = $gcgi->wparam('name');
52 Girocco
::User
::does_exist
($name, 1)
53 or $gcgi->err("Username is not registered.");
55 $gcgi->err_check and exit;
58 ($user = Girocco
::User
->load($name)) && valid_email
($user->{email
})
59 or $gcgi->err("Username may not be updated.");
61 $gcgi->err_check and exit;
63 if (!$cgi->param('auth')) {
64 if ($y0 ne 'Send authorization code') {
65 print "<p>Invalid data. Go away, sorcerer.</p>\n";
69 valid_email
($user->{email
}) or die "Sorry, this user cannot be changed.";
71 my $auth = $user->gen_auth;
74 defined(my $MAIL = mailer_pipe
'-s', "[$Girocco::Config::name] Account update authorization", $user->{email
}) or
75 die "Sorry, could not send authorization code: $!";
79 You have requested an authorization code to be sent to you for updating
80 your account's email and/or SSH keys. If you don't want to actually update
81 your email or SSH keys, just ignore this e-mail. Otherwise, use this code
86 Should you run into any problems, please let us know.
92 print "<p>You should shortly receive an e-mail containing an authorization code.
93 Please enter this code below to update your SSH keys.
94 The code will expire in 24 hours or after you have used it.</p>";
95 _auth_form
($name, "'Login'");
98 $user->{auth
} && $user->{authtype
} ne 'DEL' or do {
99 print "<p>There currently isn't any authorization code filed under your account. ".
100 "Please <a href=\"@{[url_path($Girocco::Config::webadmurl)]}/edituser.cgi\">generate one</a>.</p>";
105 my $email = $cgi->param('email');
106 my $keys = $cgi->param('keys');
108 my $auth = $gcgi->wparam('auth');
109 if ($auth ne $user->{auth
}) {
110 print "<p>Invalid authorization code, please re-enter or ".
111 "<a href=\"@{[url_path($Girocco::Config::webadmurl)]}/edituser.cgi\">generate a new one</a>.</p>";
112 _auth_form
($name, "'Login'");
116 if (defined($email) && defined($keys)) {
117 if ($y0 ne 'Update') {
118 print "<p>Invalid data. Go away, sorcerer.</p>\n";
122 # Auth valid, keys given -> save
123 if (($email eq $user->{email
} || $user->update_email($gcgi, $email)) && $user->keys_fill($gcgi)) {
126 print "<p>Your Email & SSH keys have been updated.</p>";
127 my $keylist = $user->keys_html_list;
131 <div id="keys"><p>The following keys have been registered for user $name as
132 shown below along with their <tt>ssh-keygen -l -E md5</tt> fingerprint:</p>
141 # Otherwise pre-fill fields
142 $email = $user->{email
};
143 $keys = $user->{keys}."\n";
146 if ($y0 ne "'Login'") {
147 print "<p>Invalid data. Go away, sorcerer.</p>\n";
152 $httpspara = <<EOT if $Girocco::Config::httpspushurl;
153 <p>Please be sure to include at least one RSA key (starts with the <tt>ssh-rsa</tt> prefix) in
154 order to enable HTTPS pushing. <sup class="sup"><span><a href="@{[url_path($Girocco::Config::htmlurl)]}/httpspush.html">(learn more)</a></span></sup><br />
155 An X.509 (e.g. OpenSSL) format public key can be converted to SSH .pub format with the
156 <a href="http://repo.or.cz/w/ezcert.git/blob/master:/ConvertPubKey">ConvertPubKey</a> utility thus obviating the
157 need for OpenSSH if all pushing is to be done using HTTPS (see the example in the TIPS section of the <tt>ConvertPubKey -h</tt> output).</p>
159 my $emailval = CGI
::escapeHTML
($email);
160 my $keysval = CGI
::escapeHTML
($keys);
162 $blurb = 'SSH (the <tt>ssh</tt> protocol)'
163 if $Girocco::Config
::pushurl
&& !$Girocco::Config
::httpspushurl
;
164 $blurb = 'HTTPS (the <tt>https</tt> protocol)'
165 if !$Girocco::Config
::pushurl
&& $Girocco::Config
::httpspushurl
;
166 $blurb = 'SSH (the <tt>ssh</tt> protocol) or HTTPS (the <tt>https</tt> protocol)'
167 if $Girocco::Config
::pushurl
&& $Girocco::Config
::httpspushurl
;
169 $dsablurb = ' or <tt>~/.ssh/id_dsa.pub</tt>' unless $Girocco::Config
::disable_dsa
;
171 <p>Authorization code validated (for now).</p>
172 <p>$blurb is used for pushing, your SSH key authenticates you -
173 there is no password (though we recommend that your SSH key is password-protected;
174 use <code>ssh-agent</code> to help your fingers).
175 You can find your public key in <tt>~/.ssh/id_rsa.pub</tt>$dsablurb.
176 If you do not have any yet, generate it using the <code>ssh-keygen</code> command.</p>
177 <p>You can paste multiple keys in the box below, each on a separate line.
178 Paste each key <em>including</em> the <tt>ssh-</tt>whatever prefix and email-like postfix.</p>
179 $httpspara<form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/edituser.cgi">
180 <input type="hidden" name="name" value="$name" />
181 <input type="hidden" name="auth" value="$auth" />
183 <tr><td class="formlabel">Login:</td><td class="formdata">$name</td></tr>
184 <tr><td class="formlabel">Email:</td><td><input type="text" name="email" value="$emailval"/></td></tr>
185 <tr><td class="formlabel">Public SSH key(s):</td><td><textarea wrap="off" name="keys" rows="5" cols="80">$keysval</textarea></td></tr>
186 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Update" /></td></tr>
189 my $keylist = $savefail ?
'' : $user->keys_html_list;
193 <div id="keys"><p>The following keys are currently registered for user $name as
194 shown below along with their <tt>ssh-keygen -l -E md5</tt> fingerprint:</p>
204 $blurb1 = 'SSH (the <tt>ssh</tt> protocol)'
205 if $Girocco::Config
::pushurl
&& !$Girocco::Config
::httpspushurl
;
206 $blurb1 = 'HTTPS (the <tt>https</tt> protocol)'
207 if !$Girocco::Config
::pushurl
&& $Girocco::Config
::httpspushurl
;
208 $blurb1 = 'SSH (the <tt>ssh</tt> protocol) or HTTPS (the <tt>https</tt> protocol)'
209 if $Girocco::Config
::pushurl
&& $Girocco::Config
::httpspushurl
;
211 $blurb2 = ' and download https push user authentication certificate(s)'
212 if $Girocco::Config
::httpspushurl
;
214 $dsablurb = ' or <tt>~/.ssh/id_dsa.pub</tt>' unless $Girocco::Config
::disable_dsa
;
216 <p>Here you may update the email and public SSH key(s) associated with your user account$blurb2.
217 You may <a href="@{[url_path($Girocco::Config::webadmurl)]}/deluser.cgi">request an authorization
218 code in order to remove your user account from this site</a>.</p>
219 <p>If you do not already have a user account you may
220 <a href="@{[url_path($Girocco::Config::webadmurl)]}/reguser.cgi">register user</a> instead.</p>
221 <p>The public SSH key(s) are required for you to push to projects.
222 $blurb1 is used for pushing, your SSH key authenticates you -
223 there is no password (though we recommend that your SSH key is password-protected;
224 use <code>ssh-agent</code> to help your fingers).
225 You can find your public key in <tt>~/.ssh/id_rsa.pub</tt>$dsablurb.
226 If you do not have any yet, generate it using the <code>ssh-keygen</code> command.</p>
228 <p>Please enter your username below;
229 we will send you an email with an authorization code
230 and further instructions.</p>
232 <form method="post" action="@{[url_path($Girocco::Config::webadmurl)]}/edituser.cgi">
234 <tr><td class="formlabel">Login:</td><td><input type="text" name="name" /></td></tr>
235 <tr style="display:none"><td class="formlabel">Anti-captcha (leave empty!):</td><td><input type="text" name="mail" /></td></tr>
236 <tr><td class="formlabel"></td><td><input type="submit" name="y0" value="Send authorization code" /></td></tr>