From c6d18da2eb9757023144d1a8a7de409c9f980a04 Mon Sep 17 00:00:00 2001 From: kobayashi Date: Sat, 18 Jan 2020 21:52:42 -0500 Subject: [PATCH] 3923 validate key format --- docs/core-functionality/secrets.md | 14 +++++++++++++ docs/release-notes/version-2.7.md | 1 + netbox/secrets/forms.py | 2 ++ netbox/secrets/tests/constants.py | 2 ++ netbox/secrets/tests/test_form.py | 33 ++++++++++++++++++++++++++++++ 5 files changed, 52 insertions(+) create mode 100644 netbox/secrets/tests/test_form.py diff --git a/docs/core-functionality/secrets.md b/docs/core-functionality/secrets.md index 36b232648..515dd8d07 100644 --- a/docs/core-functionality/secrets.md +++ b/docs/core-functionality/secrets.md @@ -24,6 +24,20 @@ Each user within NetBox can associate his or her account with an RSA public key. User keys may be created by users individually, however they are of no use until they have been activated by a user who already possesses an active user key. +## Supported Key Format + +Public key formats supported + +- PKCS#1 RSAPublicKey* (PEM header: BEGIN RSA PUBLIC KEY) +- X.509 SubjectPublicKeyInfo** (PEM header: BEGIN PUBLIC KEY) +- **OpenSSH line format is not supported.** + +Private key formats supported (unencrypted) + +- PKCS#1 RSAPrivateKey** (PEM header: BEGIN RSA PRIVATE KEY) +- PKCS#8 PrivateKeyInfo* (PEM header: BEGIN PRIVATE KEY) + + ## Creating the First User Key When NetBox is first installed, it contains no encryption keys. Before it can store secrets, a user (typically the superuser) must create a user key. This can be done by navigating to Profile > User Key. diff --git a/docs/release-notes/version-2.7.md b/docs/release-notes/version-2.7.md index ed9fdd28d..34140e935 100644 --- a/docs/release-notes/version-2.7.md +++ b/docs/release-notes/version-2.7.md @@ -9,6 +9,7 @@ * [#3721](https://github.com/netbox-community/netbox/issues/3721) - Allow Unicode characters in tag slugs * [#3951](https://github.com/netbox-community/netbox/issues/3951) - Fix exception in webhook worker due to missing constant +* [#3923](https://github.com/netbox-community/netbox/issues/3923) - Fix user key validation * [#3953](https://github.com/netbox-community/netbox/issues/3953) - Fix validation error when creating child devices --- diff --git a/netbox/secrets/forms.py b/netbox/secrets/forms.py index 064e7dbf8..c937e6c92 100644 --- a/netbox/secrets/forms.py +++ b/netbox/secrets/forms.py @@ -16,6 +16,8 @@ def validate_rsa_key(key, is_secret=True): """ Validate the format and type of an RSA key. """ + if key.startswith('ssh-rsa '): + raise forms.ValidationError("OpenSSH line format is not supported. Please ensure that your public is in PEM (base64) format.") try: key = RSA.importKey(key) except ValueError: diff --git a/netbox/secrets/tests/constants.py b/netbox/secrets/tests/constants.py index bce8d391a..9d204e7cf 100644 --- a/netbox/secrets/tests/constants.py +++ b/netbox/secrets/tests/constants.py @@ -36,3 +36,5 @@ GY2b4PKuSTcsYjbg8adOGzFL9RXLI1X4PHNCzD/Y1vdM3jJXv+luk3TU+JIbzJeN 5ZEEz+sIdlMPCAACaZAY/t9Kd/LxHr0o4K/6gqkZIukxFCK6sN53gibAXfaKc4xl qQIDAQAB -----END PUBLIC KEY-----""" + +SSH_PUBLIC_KEY = """ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCy2yMGnuvmM5CnFG8CsohfUYobXU7+pz/RJtvUUnARAY11Ybc3cn0tvzn4aPxclX8+514n6R7jJCZuVGJXXapqZDq2l+PLmgLhyBJxE9qq7rbp4EAJiUP0inDyf8qFzSKT7Rm8cjHvY3v2GI32JUXuWACA23t5YPUqVglkjfdVX8VHJh6fMQrQ4O3CKKh2x0S82UHH7SaYH0HqOknPgyRQ+ZQorUU25IpzJPesk29nN3DYqfY+VQsKJOLglWvoapaZiu+wK/7ovXqYXNuhfAwlkjbCRKjwix1kZjtDS44US1//BCaT7AeuwMpFLI44v/VajoxTfE0h74Mxl48mNt7Qme4lbXxH8yMa6HNfDp4vjnxPE1CWuSrFo4G+HI1rc22qSmw9e67qIGRbcI7/cIFpeBvnfCCgWrqWZ6ZzdAZJCnu7/aWn00+VG+54GFmJ+3R2xhWcu+Uzn+o1aWROtUuzq0qR6zdXME3A0Oud2uQrQAiAGFdWpfvcOEbD+tlPNDk= test""" diff --git a/netbox/secrets/tests/test_form.py b/netbox/secrets/tests/test_form.py new file mode 100644 index 000000000..42111abbf --- /dev/null +++ b/netbox/secrets/tests/test_form.py @@ -0,0 +1,33 @@ +from django.test import TestCase +from secrets.forms import UserKeyForm +from secrets.models import UserKey +from utilities.testing import create_test_user +from .constants import PUBLIC_KEY, SSH_PUBLIC_KEY + + +class UserKeyFormTestCase(TestCase): + + def setUp(self): + user = create_test_user( + permissions=[ + 'secrets.view_secretrole', + 'secrets.add_secretrole', + ] + ) + self.userkey = UserKey(user=user) + + def test_upload_rsakey(self): + form = UserKeyForm( + data={'public_key': PUBLIC_KEY}, + instance=self.userkey, + ) + self.assertTrue(form.is_valid()) + self.assertTrue(form.save()) + + def test_upload_sshkey(self): + form = UserKeyForm( + data={'public_key': SSH_PUBLIC_KEY}, + instance=self.userkey, + ) + print(form.is_valid()) + self.assertFalse(form.is_valid())