From 2785c104cf12ab41e7bf30abaf33857bcfe8a897 Mon Sep 17 00:00:00 2001 From: Brandon Williams Date: Tue, 19 Nov 2024 07:20:50 -0600 Subject: [PATCH] fix: api-sidecar-handler returns newlines in ssh key data --- .../internal/server/validate.go | 4 ++-- .../internal/server/validate_test.go | 2 +- .../migrations/20241119031013_trim_sshkeys.js | 18 ++++++++++++++++++ 3 files changed, 21 insertions(+), 3 deletions(-) create mode 100644 services/api/database/migrations/20241119031013_trim_sshkeys.js diff --git a/services/api-sidecar-handler/internal/server/validate.go b/services/api-sidecar-handler/internal/server/validate.go index c828887e8e..fa1b802bfb 100644 --- a/services/api-sidecar-handler/internal/server/validate.go +++ b/services/api-sidecar-handler/internal/server/validate.go @@ -85,7 +85,7 @@ func validatePrivateKey(w http.ResponseWriter, r *http.Request) { return } sshPubKey := ssh.MarshalAuthorizedKey(signer.PublicKey()) - resp.PublicKey = string(sshPubKey) + resp.PublicKey = strings.TrimSpace(string(sshPubKey)) pub, _, _, _, err := ssh.ParseAuthorizedKey(sshPubKey) if err != nil { resp.Error = err.Error() @@ -96,7 +96,7 @@ func validatePrivateKey(w http.ResponseWriter, r *http.Request) { resp.SHA256Fingerprint = ssh.FingerprintSHA256(pub) resp.MD5Fingerprint = ssh.FingerprintLegacyMD5(pub) resp.Type = pub.Type() - resp.Value = strings.Split(string(sshPubKey), " ")[1] + resp.Value = strings.TrimSpace(strings.Split(string(sshPubKey), " ")[1]) log.Printf("validated private key with public fingerprint %s", resp.SHA256Fingerprint) w.WriteHeader(http.StatusOK) fmt.Fprint(w, resp.String()) diff --git a/services/api-sidecar-handler/internal/server/validate_test.go b/services/api-sidecar-handler/internal/server/validate_test.go index 38e931cf43..55b0139558 100644 --- a/services/api-sidecar-handler/internal/server/validate_test.go +++ b/services/api-sidecar-handler/internal/server/validate_test.go @@ -108,7 +108,7 @@ func Test_validatePrivateKey(t *testing.T) { name: "with private ed25519", method: http.MethodPost, input: fmt.Sprintf("key=%s", ed25519Key), - want: `{"publickey":"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD8E5wfvLg8vvfO9mmHVsZQK8dNgdKM5FrTxL4ORDq66Z50O8zUzBwF1VTO5Zx+qwB7najMdWsnW00BC6PMysSNJQD5HI4CokyKqmGdeSXcROYwvYOjlDQ+jD5qOSmkllRZZnkEYXE5FVBXaZWToyfGUGIoECvKGUQZxkBDHsbK13JdfA==\n","sha256fingerprint":"SHA256:RBRWA2mJFPK/8DtsxVoVzoSShFiuRAzlUBws7cXkwG0","md5fingerprint":"72:86:48:50:59:1b:97:81:21:27:e7:55:98:fa:35:95","type":"ecdsa-sha2-nistp521","value":"AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD8E5wfvLg8vvfO9mmHVsZQK8dNgdKM5FrTxL4ORDq66Z50O8zUzBwF1VTO5Zx+qwB7najMdWsnW00BC6PMysSNJQD5HI4CokyKqmGdeSXcROYwvYOjlDQ+jD5qOSmkllRZZnkEYXE5FVBXaZWToyfGUGIoECvKGUQZxkBDHsbK13JdfA==\n"}`, + want: `{"publickey":"ecdsa-sha2-nistp521 AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD8E5wfvLg8vvfO9mmHVsZQK8dNgdKM5FrTxL4ORDq66Z50O8zUzBwF1VTO5Zx+qwB7najMdWsnW00BC6PMysSNJQD5HI4CokyKqmGdeSXcROYwvYOjlDQ+jD5qOSmkllRZZnkEYXE5FVBXaZWToyfGUGIoECvKGUQZxkBDHsbK13JdfA==","sha256fingerprint":"SHA256:RBRWA2mJFPK/8DtsxVoVzoSShFiuRAzlUBws7cXkwG0","md5fingerprint":"72:86:48:50:59:1b:97:81:21:27:e7:55:98:fa:35:95","type":"ecdsa-sha2-nistp521","value":"AAAAE2VjZHNhLXNoYTItbmlzdHA1MjEAAAAIbmlzdHA1MjEAAACFBAD8E5wfvLg8vvfO9mmHVsZQK8dNgdKM5FrTxL4ORDq66Z50O8zUzBwF1VTO5Zx+qwB7najMdWsnW00BC6PMysSNJQD5HI4CokyKqmGdeSXcROYwvYOjlDQ+jD5qOSmkllRZZnkEYXE5FVBXaZWToyfGUGIoECvKGUQZxkBDHsbK13JdfA=="}`, statusCode: http.StatusOK, }, { diff --git a/services/api/database/migrations/20241119031013_trim_sshkeys.js b/services/api/database/migrations/20241119031013_trim_sshkeys.js new file mode 100644 index 0000000000..5ded1c0520 --- /dev/null +++ b/services/api/database/migrations/20241119031013_trim_sshkeys.js @@ -0,0 +1,18 @@ +/** + * @param { import("knex").Knex } knex + * @returns { Promise } + */ +exports.up = function(knex) { + return knex('ssh_key').update({ + key_value: knex.raw("REPLACE(key_value, '\n', '')") + }) +}; + +/** + * @param { import("knex").Knex } knex + * @returns { Promise } + */ +exports.down = function(knex) { + // Nothing to do + return knex.schema +};