From 7984806b385a42700e6cb6b466dba005970ee61d Mon Sep 17 00:00:00 2001
From: "xiaokong1937@gmail.com" <763691951@qq.com>
Date: Thu, 15 Sep 2016 16:54:00 +0800
Subject: [PATCH] change user ssh reset type from private key to public key

---
 apps/users/api.py                           | 10 ++--
 apps/users/forms.py                         | 26 +++++++----
 apps/users/templates/users/user_detail.html | 51 +++++++++------------
 apps/users/utils.py                         | 22 +++++++++
 apps/users/views.py                         |  6 ---
 5 files changed, 69 insertions(+), 46 deletions(-)

diff --git a/apps/users/api.py b/apps/users/api.py
index bb995d0f8..a2e196456 100644
--- a/apps/users/api.py
+++ b/apps/users/api.py
@@ -6,7 +6,6 @@ import logging
 from rest_framework import generics
 
 from .serializers import UserSerializer, UserGroupSerializer, UserAttributeSerializer, UserGroupEditSerializer
-from .serializers import UserPKUpdateSerializer
 from .models import User, UserGroup
 
 
@@ -60,15 +59,20 @@ class UserResetPasswordApi(generics.UpdateAPIView):
         # Note: we are not updating the user object here.
         # We just do the reset-password staff.
         user = self.get_object()
+        import uuid
+        user.password_raw = str(uuid.uuid4())
+        user.save()
         from .utils import send_reset_password_mail
         send_reset_password_mail(user)
 
 
 class UserResetPKApi(generics.UpdateAPIView):
     queryset = User.objects.all()
-    serializer_class = UserPKUpdateSerializer
+    serializer_class = UserGroupEditSerializer
 
     def perform_update(self, serializer):
         user = self.get_object()
-        user.private_key = serializer.validated_data['_private_key']
+        user._public_key = ''
         user.save()
+        from .utils import send_reset_ssh_key_mail
+        send_reset_ssh_key_mail(user)
diff --git a/apps/users/forms.py b/apps/users/forms.py
index a24565f89..5f0e3bed6 100644
--- a/apps/users/forms.py
+++ b/apps/users/forms.py
@@ -79,12 +79,22 @@ class UserInfoForm(forms.Form):
 
 
 class UserKeyForm(forms.Form):
-    private_key = forms.CharField(max_length=5000, widget=forms.Textarea, label=_('private key'))
+    public_key = forms.CharField(
+        label=_('ssh public key'), max_length=5000,
+        widget=forms.Textarea(attrs={'placeholder': _('ssh-rsa AAAA...')}),
+        help_text=_('Paste your id_ras.pub here.'))
 
-    def clean_private_key(self):
-        from users.utils import validate_ssh_pk
-        ssh_pk = self.cleaned_data['private_key']
-        checked, reason = validate_ssh_pk(ssh_pk)
-        if not checked:
-            raise forms.ValidationError(_('Not a valid ssh private key.'))
-        return ssh_pk
+    def clean_public_key(self):
+        from sshpubkeys import SSHKey
+        from sshpubkeys.exceptions import InvalidKeyException
+        public_key = self.cleaned_data['public_key']
+        ssh = SSHKey(public_key)
+        try:
+            ssh.parse()
+        except InvalidKeyException as e:
+            print e
+            raise forms.ValidationError(_('Not a valid ssh public key'))
+        except NotImplementedError as e:
+            print e
+            raise forms.ValidationError(_('Not a valid ssh public key'))
+        return public_key
diff --git a/apps/users/templates/users/user_detail.html b/apps/users/templates/users/user_detail.html
index 6073d5d13..89ef5a0e2 100644
--- a/apps/users/templates/users/user_detail.html
+++ b/apps/users/templates/users/user_detail.html
@@ -152,7 +152,7 @@
                                             <td>{% trans 'Reset ssh key' %}:</td>
                                             <td>
                                                 <span class="pull-right">
-                                                    <button type="button" class="btn btn-primary btn-xs" id="btn_reset_pk" style="width: 54px;" data-toggle="modal" data-target="#user_reset_pk_modal">{% trans 'Reset' %}</button>
+                                                    <button type="button" class="btn btn-primary btn-xs" id="btn_reset_pk" style="width: 54px;">{% trans 'Reset' %}</button>
                                                 </span>
                                             </td>
                                         </tr>
@@ -203,7 +203,6 @@
             </div>
         </div>
     </div>
-    {% include 'users/_user_reset_pk_modal.html' %}
 {% endblock %}
 {% block custom_foot_js %}
 <script>
@@ -304,34 +303,28 @@ $(document).ready(function () {
       doReset();
     }
   );
-}).on('click', '#btn_user_reset_pk', function(){
-  var $this = $(this);
-  var pk = $('#txt_pk').val();
-  var the_url = '{% url "users:user-reset-pk-api" pk=user_object.id %}';
-  var body = {'_private_key': pk};
-  var success = function() {
-    $('#txt_pk').val('');
-    $this.closest('.modal').modal('hide');
-    var msg = "{% trans 'Successfully updated the SSH private key.' %}";
-    swal("{% trans 'User SSH Private Key Reset' %}", msg, "success");
-  };
-  var fail = function() {
-    var msg = "{% trans 'Failed to update the user\'s SSH private key.' %}";
-    swal({
-      title: "{% trans 'User SSH Private Key Reset' %}",
-      text: msg,
-      type: "error",
-      showCancelButton: false,
-      confirmButtonColor: "#DD6B55",
-      confirmButtonText: "{% trans 'Confirm' %}",
-      closeOnConfirm: true
-      }, function () {
-        $('#txt_pk').focus();
-      }
-    );
+}).on('click', '#btn_reset_pk', function(){
+  function doReset() {
+    var the_url = '{% url "users:user-reset-pk-api" pk=user_object.id %}';
+    var body = {};
+    var success = function() {
+      var msg = "{% trans 'The reset-ssh-public-key E-mail has been sent successfully. Please inform the user to update his new ssh public key.' %}";
+      swal("{% trans 'SSH-Public-Key Reset' %}", msg, "success");
+    }
+    APIUpdateAttr({ url: the_url, body: JSON.stringify(body), success: success});
   }
-  APIUpdateAttr({ url: the_url, body: JSON.stringify(body), success: success, error: fail});
-
+  swal({
+    title: "{% trans 'Are you sure?' %}",
+    text: "{% trans 'This will reset the user\'s public key.' %}",
+    type: "warning",
+    showCancelButton: true,
+    confirmButtonColor: "#DD6B55",
+    confirmButtonText: "{% trans 'Confirm' %}",
+    closeOnConfirm: false
+    }, function () {
+      doReset();
+    }
+  );
 });
 </script>
 {% endblock %}
diff --git a/apps/users/utils.py b/apps/users/utils.py
index 13076a106..a94de773a 100644
--- a/apps/users/utils.py
+++ b/apps/users/utils.py
@@ -128,6 +128,28 @@ def send_reset_password_mail(user):
     send_mail_async.delay(subject, message, recipient_list, html_message=message)
 
 
+def send_reset_ssh_key_mail(user):
+    subject = _('SSH Key Reset')
+    recipient_list = [user.email]
+    message = _("""
+    Hello %(name)s:
+    </br>
+    Your ssh public key has been reset by site administrator.
+    Please login and reset your ssh public key.
+    </br>
+    <a href="%(login_url)s">Login direct</a>
+
+    </br>
+    """) % {
+        'name': user.name,
+        'login_url': reverse('users:login', external=True),
+    }
+    if settings.DEBUG:
+        logger.debug(message)
+
+    send_mail_async.delay(subject, message, recipient_list, html_message=message)
+
+
 def validate_ssh_pk(text):
     """
     Expects a SSH private key as string.
diff --git a/apps/users/views.py b/apps/users/views.py
index c752bc2eb..73b5c072f 100644
--- a/apps/users/views.py
+++ b/apps/users/views.py
@@ -2,8 +2,6 @@
 
 from __future__ import unicode_literals
 
-import logging
-
 from django.conf import settings
 from django.contrib.auth import login as auth_login, logout as auth_logout
 from django.contrib.auth.mixins import LoginRequiredMixin
@@ -52,10 +50,6 @@ class UserLoginView(FormView):
         auth_login(self.request, form.get_user())
         return redirect(self.get_success_url())
 
-    def form_invalid(self, form):
-        logger.debug(form.errors)
-        return super(UserLoginView, self).form_invalid(form)
-
     def get_success_url(self):
         if self.request.user.is_first_login:
             return reverse('users:user-first-login')