added validations for sshkey pub_key email
This commit is contained in:
gashapwn
parent
1aee5b5e71
commit
e8a9e53c35
45
app.py
45
app.py
@ -1,5 +1,9 @@
|
|||||||
import glob
|
import glob
|
||||||
import json
|
import json
|
||||||
|
|
||||||
|
import re
|
||||||
|
import sshpubkeys
|
||||||
|
|
||||||
from flask import Flask, redirect, url_for, render_template, request
|
from flask import Flask, redirect, url_for, render_template, request
|
||||||
|
|
||||||
# lyadmin
|
# lyadmin
|
||||||
@ -25,6 +29,8 @@ ACCOUNT_DIR = "req/";
|
|||||||
FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)
|
FULL_PATH = str(WORKING_DIR) + str(ACCOUNT_DIR)
|
||||||
CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"
|
CONF_PATH = str(WORKING_DIR) + "lyadmin.conf.json"
|
||||||
|
|
||||||
|
MAX_PUB_KEY_LEN = 5000
|
||||||
|
|
||||||
# Account requests are given ID numbers
|
# Account requests are given ID numbers
|
||||||
# the first request will have the below
|
# the first request will have the below
|
||||||
# id number
|
# id number
|
||||||
@ -86,17 +92,21 @@ def req():
|
|||||||
};
|
};
|
||||||
return render_template("req.html", req_tab = rt, widg_fun = widg_fun, page_name="req")
|
return render_template("req.html", req_tab = rt, widg_fun = widg_fun, page_name="req")
|
||||||
|
|
||||||
|
def handle_invalid_data(req):
|
||||||
|
# print(str(e))
|
||||||
|
return render_template("signup.html", is_email_user = False)
|
||||||
|
|
||||||
# Process input from the /req page
|
# Process input from the /req page
|
||||||
def signup():
|
def signup():
|
||||||
app.route('/req/signup')
|
app.route('/req/signup')
|
||||||
|
|
||||||
# Get all the params from the POST
|
# Get all the params from the POST
|
||||||
# request
|
# request
|
||||||
username = request.form["username"]
|
username = request.form["username"].strip()
|
||||||
email = request.form["email"]
|
email = request.form["email"].strip()
|
||||||
pub_key = request.form["pub_key"]
|
pub_key = request.form["pub_key"].strip()
|
||||||
shell = request.form["shell"]
|
shell = request.form["shell"].strip()
|
||||||
rule_read = request.form["rule_read"]
|
rule_read = request.form["rule_read"].strip()
|
||||||
|
|
||||||
is_email_user = False;
|
is_email_user = False;
|
||||||
|
|
||||||
@ -113,6 +123,31 @@ def signup():
|
|||||||
else:
|
else:
|
||||||
email = "NO_EMAIL"
|
email = "NO_EMAIL"
|
||||||
|
|
||||||
|
# Validate email
|
||||||
|
if( not re.search("^[a-z0-9]+[\._]?[a-z0-9]+[@]\w+[.]\w{2,10}$", email)):
|
||||||
|
print("failed email validation")
|
||||||
|
return handle_invalid_data(req)
|
||||||
|
|
||||||
|
# Validate the SSH pub key
|
||||||
|
# Most software only handles up to 4096 bit keys
|
||||||
|
if(len(pub_key) > MAX_PUB_KEY_LEN):
|
||||||
|
print("key failed len check")
|
||||||
|
return handle_invalid_data(req)
|
||||||
|
|
||||||
|
# Only printable ascii characters in
|
||||||
|
# a valid key
|
||||||
|
if(not re.search("^[ -~]+$", pub_key)):
|
||||||
|
print("key failed regex")
|
||||||
|
return handle_invalid_data(req)
|
||||||
|
|
||||||
|
# Check the key against a library
|
||||||
|
key = sshpubkeys.SSHKey(pub_key, strict_mode=False, skip_option_parsing=True)
|
||||||
|
try:
|
||||||
|
key.parse()
|
||||||
|
except Exception as e:
|
||||||
|
print("key failed lib validation")
|
||||||
|
return handle_invalid_data(request)
|
||||||
|
|
||||||
# All users requests have a sequential ID
|
# All users requests have a sequential ID
|
||||||
# this checks how many requests we have
|
# this checks how many requests we have
|
||||||
# and gives us a free ID so we can save
|
# and gives us a free ID so we can save
|
||||||
|
|||||||
@ -1 +1,2 @@
|
|||||||
Flask==1.1.2
|
Flask==1.1.2
|
||||||
|
sshpubkeys==3.1.0
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user