Retry SSH key verification with additional CRLF if it failed (#28392)
Windows-based shells will add a CRLF when piping the token into ssh-keygen command resulting in verification error. This resolves #21527. --------- Co-authored-by: Heiko Besemann <heiko.besemann@qbeyond.de> Co-authored-by: wxiaoguang <wxiaoguang@gmail.com>
This commit is contained in:
parent
cbf923e87b
commit
52046b934d
1 changed files with 9 additions and 4 deletions
|
@ -30,12 +30,17 @@ func VerifySSHKey(ctx context.Context, ownerID int64, fingerprint, token, signat
|
||||||
return "", ErrKeyNotExist{}
|
return "", ErrKeyNotExist{}
|
||||||
}
|
}
|
||||||
|
|
||||||
if err := sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea"); err != nil {
|
err = sshsig.Verify(bytes.NewBuffer([]byte(token)), []byte(signature), []byte(key.Content), "gitea")
|
||||||
|
if err != nil {
|
||||||
|
// edge case for Windows based shells that will add CR LF if piped to ssh-keygen command
|
||||||
|
// see https://github.com/PowerShell/PowerShell/issues/5974
|
||||||
|
if sshsig.Verify(bytes.NewBuffer([]byte(token+"\r\n")), []byte(signature), []byte(key.Content), "gitea") != nil {
|
||||||
log.Error("Unable to validate token signature. Error: %v", err)
|
log.Error("Unable to validate token signature. Error: %v", err)
|
||||||
return "", ErrSSHInvalidTokenSignature{
|
return "", ErrSSHInvalidTokenSignature{
|
||||||
Fingerprint: key.Fingerprint,
|
Fingerprint: key.Fingerprint,
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
key.Verified = true
|
key.Verified = true
|
||||||
if _, err := db.GetEngine(ctx).ID(key.ID).Cols("verified").Update(key); err != nil {
|
if _, err := db.GetEngine(ctx).ID(key.ID).Cols("verified").Update(key); err != nil {
|
||||||
|
|
Loading…
Reference in a new issue