Use canonical organization e-mail in OIDC data.
[cas.git] / src / ssh_keys / views.py
1 from datetime import datetime, timedelta
2 import re
3 from django.contrib.auth.mixins import LoginRequiredMixin
4 from django.contrib import messages
5 from django.db import IntegrityError
6 from django.db.models import Q
7 from django import http
8 from django.shortcuts import get_object_or_404
9 from django.utils.timezone import now
10 from django.utils.translation import ugettext as _
11 from django.views.decorators.csrf import csrf_exempt
12 from django.views.generic import ListView, CreateView, DeleteView
13 from services.models import Service
14 from .models import SSHKey
15 from .utils import parse_log_line
16
17
18 class SSHKeysView(LoginRequiredMixin, ListView):
19     def get_queryset(self):
20         return SSHKey.objects.filter(user=self.request.user)
21
22
23 class AddSSHKeyView(LoginRequiredMixin, CreateView):
24     fields = ['key']
25     model = SSHKey
26     success_url = '/ssh/'
27     template_name = 'ssh_keys/sshkey_add.html'
28
29     def form_valid(self, form):
30         form.instance.user = self.request.user
31         try:
32             return super().form_valid(form)
33         except ValueError as e:
34             messages.add_message(self.request, messages.ERROR, e)
35         except IntegrityError:
36             messages.add_message(self.request, messages.ERROR, _("Key already in the database."))
37         return http.HttpResponseRedirect(self.success_url)
38
39
40     
41 class DeleteSSHKeyView(LoginRequiredMixin, DeleteView):
42     success_url = '/ssh/'
43
44     def get_queryset(self):
45         return SSHKey.objects.filter(user=self.request.user)
46
47
48 @csrf_exempt
49 def ssh_keys_seen(request):
50     key = request.GET.get('key')
51     service = get_object_or_404(Service, key=key)
52     n = now()
53
54     logline_re = r'^(?P<time>\w{3}\s+\d+\s+\d\d:\d\d:\d\d).*: Accepted publickey for .* from .* port .* ssh2: (?P<algo>\w+) (?P<hash>[a-f0-9:]+)$'
55
56     last_seen = {}
57     for line in request.body.decode('latin1').split('\n'):
58         if not line.strip():
59             continue
60         data = parse_log_line(line)
61         if data is None:
62             continue
63         dt = data['datetime']
64         algo = data['algo']
65         if 'md5' in data:
66             hash_type = 'md5'
67             hash_value = data['md5']
68         else:
69             hash_type = 'sha256'
70             hash_value = data['sha256']
71         key = algo, hash_type, hash_value
72         last_seen[key] = max(last_seen.get(key, dt), dt)
73
74     for key, dt in last_seen.items():
75         algo, hash_type, hash_value = key
76         SSHKey.objects.filter(
77             Q(last_seen_at=None) | Q(last_seen_at__lt=dt),
78             algorithm=algo,
79             **{f'{hash_type}_hash': hash_value}
80         ).update(
81             last_seen_at=dt
82         )
83
84     return http.HttpResponse('ok')
85