0
0
Fork 0
mirror of https://github.com/go-gitea/gitea synced 2024-11-25 08:13:23 +01:00

Improve error report when user passes a private key (#22726)

The error reported when a user passes a private ssh key as their ssh
public key is not very nice.

This PR improves this slightly.

Ref #22693

Signed-off-by: Andrew Thornton <art27@cantab.net>
Co-authored-by: delvh <dev.lh@web.de>
This commit is contained in:
zeripath 2023-02-02 18:25:54 +00:00 committed by GitHub
parent ccb3851281
commit 2914c5299b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
5 changed files with 13 additions and 0 deletions

View file

@ -24,6 +24,9 @@ func (err ErrKeyUnableVerify) Error() string {
return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result) return fmt.Sprintf("Unable to verify key content [result: %s]", err.Result)
} }
// ErrKeyIsPrivate is returned when the provided key is a private key not a public key
var ErrKeyIsPrivate = util.NewSilentWrapErrorf(util.ErrInvalidArgument, "the provided key is a private key")
// ErrKeyNotExist represents a "KeyNotExist" kind of error. // ErrKeyNotExist represents a "KeyNotExist" kind of error.
type ErrKeyNotExist struct { type ErrKeyNotExist struct {
ID int64 ID int64

View file

@ -96,6 +96,9 @@ func parseKeyString(content string) (string, error) {
if block == nil { if block == nil {
return "", fmt.Errorf("failed to parse PEM block containing the public key") return "", fmt.Errorf("failed to parse PEM block containing the public key")
} }
if strings.Contains(block.Type, "PRIVATE") {
return "", ErrKeyIsPrivate
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes) pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil { if err != nil {

View file

@ -518,6 +518,7 @@ organization_leave_success = You have successfully left the organization %s.
invalid_ssh_key = Cannot verify your SSH key: %s invalid_ssh_key = Cannot verify your SSH key: %s
invalid_gpg_key = Cannot verify your GPG key: %s invalid_gpg_key = Cannot verify your GPG key: %s
invalid_ssh_principal = Invalid principal: %s invalid_ssh_principal = Invalid principal: %s
must_use_public_key = The key you provided is a private key. Please do not upload your private key anywhere. Use your public key instead.
unable_verify_ssh_key = "Cannot verify the SSH key; double-check it for mistakes." unable_verify_ssh_key = "Cannot verify the SSH key; double-check it for mistakes."
auth_failed = Authentication failed: %v auth_failed = Authentication failed: %v

View file

@ -1158,6 +1158,10 @@ func DeployKeysPost(ctx *context.Context) {
ctx.Flash.Info(ctx.Tr("settings.ssh_disabled")) ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
} else if asymkey_model.IsErrKeyUnableVerify(err) { } else if asymkey_model.IsErrKeyUnableVerify(err) {
ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key")) ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
} else if err == asymkey_model.ErrKeyIsPrivate {
ctx.Data["HasError"] = true
ctx.Data["Err_Content"] = true
ctx.Flash.Error(ctx.Tr("form.must_use_public_key"))
} else { } else {
ctx.Data["HasError"] = true ctx.Data["HasError"] = true
ctx.Data["Err_Content"] = true ctx.Data["Err_Content"] = true

View file

@ -159,6 +159,8 @@ func KeysPost(ctx *context.Context) {
ctx.Flash.Info(ctx.Tr("settings.ssh_disabled")) ctx.Flash.Info(ctx.Tr("settings.ssh_disabled"))
} else if asymkey_model.IsErrKeyUnableVerify(err) { } else if asymkey_model.IsErrKeyUnableVerify(err) {
ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key")) ctx.Flash.Info(ctx.Tr("form.unable_verify_ssh_key"))
} else if err == asymkey_model.ErrKeyIsPrivate {
ctx.Flash.Error(ctx.Tr("form.must_use_public_key"))
} else { } else {
ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error())) ctx.Flash.Error(ctx.Tr("form.invalid_ssh_key", err.Error()))
} }