Commit 4780bd9b authored by Lukas Burgey's avatar Lukas Burgey

Fix deletion and removal of ssh keys

Closes #7
parent b16c2eef
# Generated by Django 2.1.3 on 2018-11-22 22:15
from django.db import migrations, models
class Migration(migrations.Migration):
dependencies = [
('backend', '0025_auto_20181121_1149'),
]
operations = [
migrations.AddField(
model_name='deploymentstate',
name='pending',
field=models.BooleanField(default=False, editable=False),
),
]
......@@ -707,6 +707,7 @@ class CredentialState(models.Model):
def set(self, state):
if state == NOT_DEPLOYED and self._credential_deleted:
self._delete_state()
return
if state == self.state:
return
......@@ -720,6 +721,7 @@ class CredentialState(models.Model):
if self.state == NOT_DEPLOYED:
self._delete_state()
LOGGER.debug('related credential: %s', self.credential)
self.state_target = NOT_DEPLOYED
self._credential_deleted = True
self.save()
......@@ -729,8 +731,11 @@ class CredentialState(models.Model):
def _delete_state(self):
LOGGER.debug(self.msg('Deleted'))
credential = self.credential
self.delete()
credential.try_delete_key()
def msg(self, message):
return '{} - {}'.format(self, message)
......
......@@ -210,7 +210,7 @@ class User(AbstractUser):
# oidcuser: deploy the according credentials
if self.user_type == 'oidcuser':
#for dep in self.deployments.all():
# for dep in self.deployments.all():
# dep.activate()
pass
......@@ -306,15 +306,13 @@ class User(AbstractUser):
# is the idp key still present?
if idp_key_name not in userinfo:
key.delete_key()
self.user_changed_key_removed(key)
self.user_remove_key(key)
return True
# is the idp key changed?
if key.key != unity_key_value:
key.delete_key()
self.user_changed_key_removed(key)
self.user_remove_key(key)
new_key = SSHPublicKey(
name=unity_key_name,
......@@ -376,7 +374,10 @@ class User(AbstractUser):
for dep in self.deployments.all():
dep.user_credential_added(key)
def user_changed_key_removed(self, key):
def user_remove_key(self, key):
if key.delete_key():
return
LOGGER.debug('user_changed_key_removed: %s %s', self, key)
for dep in self.deployments.all():
......@@ -424,15 +425,26 @@ class SSHPublicKey(models.Model):
def value(self):
return self.key
# does not really delete the key
# returns true if the deletion is final
def delete_key(self):
LOGGER.debug('delete_key: %s', self.name)
if self.try_delete_key():
return True
LOGGER.debug(self.msg('Deletion started'))
self.user = None
self.key = ''
self.deleted = True
self.save()
return False
# if this key has no credential states anymore we _really_ delete it
def try_delete_key(self):
if not self.credential_states.filter(state='deployed').exists():
LOGGER.info(self.msg('Final deletion'))
self.delete()
return True
LOGGER.debug('delete_key: need to inform clients about deletion')
return False
def __str__(self):
if self.deleted:
......
......@@ -57,11 +57,7 @@ class SSHPublicKeyView(views.APIView):
id=request.data['id'],
)
# we do not delete ssh keys directly, as we need to keep track
# of them until all clients have also deleted them
key.delete_key()
request.user.user_changed_key_removed(key)
request.user.user_remove_key(key)
return Response({
'deleted': True,
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment