public function processRequest(AphrontRequest $request) { $user = $request->getUser(); $edit = $request->getStr('edit'); $delete = $request->getStr('delete'); if (!$edit && !$delete) { return $this->renderKeyListView($request); } $id = nonempty($edit, $delete); if ($id && is_numeric($id)) { // NOTE: Prevent editing/deleting of keys you don't own. $key = id(new PhabricatorUserSSHKey())->loadOneWhere('userPHID = %s AND id = %d', $user->getPHID(), (int) $id); if (!$key) { return new Aphront404Response(); } } else { $key = new PhabricatorUserSSHKey(); $key->setUserPHID($user->getPHID()); } if ($delete) { return $this->processDelete($request, $key); } $e_name = true; $e_key = true; $errors = array(); $entire_key = $key->getEntireKey(); if ($request->isFormPost()) { $key->setName($request->getStr('name')); $entire_key = $request->getStr('key'); if (!strlen($entire_key)) { $errors[] = 'You must provide an SSH Public Key.'; $e_key = 'Required'; } else { $parts = str_replace("\n", '', trim($entire_key)); $parts = preg_split('/\\s+/', $parts); if (count($parts) == 2) { $parts[] = ''; // Add an empty comment part. } else { if (count($parts) == 3) { // This is the expected case. } else { if (preg_match('/private\\s*key/i', $entire_key)) { // Try to give the user a better error message if it looks like // they uploaded a private key. $e_key = 'Invalid'; $errors[] = 'Provide your public key, not your private key!'; } else { $e_key = 'Invalid'; $errors[] = 'Provided public key is not properly formatted.'; } } } if (!$errors) { list($type, $body, $comment) = $parts; if (!preg_match('/^ssh-dsa|ssh-rsa$/', $type)) { $e_key = 'Invalid'; $errors[] = 'Public key should be "ssh-dsa" or "ssh-rsa".'; } else { $key->setKeyType($type); $key->setKeyBody($body); $key->setKeyHash(md5($body)); $key->setKeyComment($comment); $e_key = null; } } } if (!strlen($key->getName())) { $errors[] = 'You must name this public key.'; $e_name = 'Required'; } else { $e_name = null; } if (!$errors) { try { $key->save(); return id(new AphrontRedirectResponse())->setURI($this->getPanelURI()); } catch (AphrontQueryDuplicateKeyException $ex) { $e_key = 'Duplicate'; $errors[] = 'This public key is already associated with a user ' . 'account.'; } } } $error_view = null; if ($errors) { $error_view = new AphrontErrorView(); $error_view->setTitle('Form Errors'); $error_view->setErrors($errors); } $is_new = !$key->getID(); if ($is_new) { $header = 'Add New SSH Public Key'; $save = 'Add Key'; } else { $header = 'Edit SSH Public Key'; $save = 'Save Changes'; } $form = id(new AphrontFormView())->setUser($user)->addHiddenInput('edit', $is_new ? 'true' : $key->getID())->appendChild(id(new AphrontFormTextControl())->setLabel('Name')->setName('name')->setValue($key->getName())->setError($e_name))->appendChild(id(new AphrontFormTextAreaControl())->setLabel('Public Key')->setName('key')->setValue($entire_key)->setError($e_key))->appendChild(id(new AphrontFormSubmitControl())->addCancelButton($this->getPanelURI())->setValue($save)); $panel = new AphrontPanelView(); $panel->setHeader($header); $panel->setWidth(AphrontPanelView::WIDTH_FORM); $panel->appendChild($form); return id(new AphrontNullView())->appendChild(array($error_view, $panel)); }
public function processRequest(AphrontRequest $request) { $viewer = $request->getUser(); $user = $this->getUser(); $generate = $request->getStr('generate'); if ($generate) { return $this->processGenerate($request); } $edit = $request->getStr('edit'); $delete = $request->getStr('delete'); if (!$edit && !$delete) { return $this->renderKeyListView($request); } $token = id(new PhabricatorAuthSessionEngine())->requireHighSecuritySession($viewer, $request, $this->getPanelURI()); $id = nonempty($edit, $delete); if ($id && is_numeric($id)) { // NOTE: This prevents editing/deleting of keys not owned by the user. $key = id(new PhabricatorUserSSHKey())->loadOneWhere('userPHID = %s AND id = %d', $user->getPHID(), (int) $id); if (!$key) { return new Aphront404Response(); } } else { $key = new PhabricatorUserSSHKey(); $key->setUserPHID($user->getPHID()); } if ($delete) { return $this->processDelete($request, $key); } $e_name = true; $e_key = true; $errors = array(); $entire_key = $key->getEntireKey(); if ($request->isFormPost()) { $key->setName($request->getStr('name')); $entire_key = $request->getStr('key'); if (!strlen($entire_key)) { $errors[] = pht('You must provide an SSH Public Key.'); $e_key = pht('Required'); } else { try { list($type, $body, $comment) = self::parsePublicKey($entire_key); $key->setKeyType($type); $key->setKeyBody($body); $key->setKeyHash(md5($body)); $key->setKeyComment($comment); $e_key = null; } catch (Exception $ex) { $e_key = pht('Invalid'); $errors[] = $ex->getMessage(); } } if (!strlen($key->getName())) { $errors[] = pht('You must name this public key.'); $e_name = pht('Required'); } else { $e_name = null; } if (!$errors) { try { $key->save(); return id(new AphrontRedirectResponse())->setURI($this->getPanelURI()); } catch (AphrontDuplicateKeyQueryException $ex) { $e_key = pht('Duplicate'); $errors[] = pht('This public key is already associated with a user ' . 'account.'); } } } $is_new = !$key->getID(); if ($is_new) { $header = pht('Add New SSH Public Key'); $save = pht('Add Key'); } else { $header = pht('Edit SSH Public Key'); $save = pht('Save Changes'); } $form = id(new AphrontFormView())->setUser($viewer)->addHiddenInput('edit', $is_new ? 'true' : $key->getID())->appendChild(id(new AphrontFormTextControl())->setLabel(pht('Name'))->setName('name')->setValue($key->getName())->setError($e_name))->appendChild(id(new AphrontFormTextAreaControl())->setLabel(pht('Public Key'))->setName('key')->setValue($entire_key)->setError($e_key))->appendChild(id(new AphrontFormSubmitControl())->addCancelButton($this->getPanelURI())->setValue($save)); $form_box = id(new PHUIObjectBoxView())->setHeaderText($header)->setFormErrors($errors)->setForm($form); return $form_box; }