From d0b92b220ef58efc4b6a8bd1a8d075b550ad177c Mon Sep 17 00:00:00 2001 From: Allan Eising Date: Sun, 11 May 2025 11:19:47 +0200 Subject: [PATCH] Allow specification of workdir --- .../src/sshecret_admin/core/settings.py | 4 ++-- .../services/master_password.py | 20 ++++++++++--------- .../src/sshecret_admin/testing.py | 2 +- 3 files changed, 14 insertions(+), 12 deletions(-) diff --git a/packages/sshecret-admin/src/sshecret_admin/core/settings.py b/packages/sshecret-admin/src/sshecret_admin/core/settings.py index ab3af40..02a7a6e 100644 --- a/packages/sshecret-admin/src/sshecret_admin/core/settings.py +++ b/packages/sshecret-admin/src/sshecret_admin/core/settings.py @@ -1,5 +1,6 @@ """SSH Server settings.""" +from pathlib import Path from pydantic import AnyHttpUrl, Field from pydantic_settings import BaseSettings, SettingsConfigDict from sqlalchemy import URL @@ -22,10 +23,9 @@ class AdminServerSettings(BaseSettings): listen_address: str = Field(default="") secret_key: str port: int = DEFAULT_LISTEN_PORT - database: str = Field(default=DEFAULT_DATABASE) - #admin_db: str = Field(default=DEFAULT_DATABASE) debug: bool = False + password_manager_directory: Path | None = None @property def admin_db(self) -> URL: diff --git a/packages/sshecret-admin/src/sshecret_admin/services/master_password.py b/packages/sshecret-admin/src/sshecret_admin/services/master_password.py index 165812a..35ceb7e 100644 --- a/packages/sshecret-admin/src/sshecret_admin/services/master_password.py +++ b/packages/sshecret-admin/src/sshecret_admin/services/master_password.py @@ -24,11 +24,14 @@ def setup_master_password( This method should run just after setting up the database. """ - created = _initial_key_setup(settings, filename, regenerate) + keyfile = Path(filename) + if settings.password_manager_directory: + keyfile = settings.password_manager_directory / filename + created = _initial_key_setup(settings, keyfile, regenerate) if not created: return None - return _generate_master_password(settings, filename) + return _generate_master_password(settings, keyfile) def decrypt_master_password( @@ -36,10 +39,12 @@ def decrypt_master_password( ) -> str: """Retrieve master password.""" keyfile = Path(filename) + if settings.password_manager_directory: + keyfile = settings.password_manager_directory / filename if not keyfile.exists(): raise RuntimeError("Error: Private key has not been generated yet.") - private_key = load_private_key(KEY_FILENAME, password=settings.secret_key) + private_key = load_private_key(str(keyfile.absolute()), password=settings.secret_key) return decode_string(encrypted, private_key) @@ -50,12 +55,10 @@ def _generate_password() -> str: def _initial_key_setup( settings: AdminServerSettings, - filename: str = KEY_FILENAME, + keyfile: Path, regenerate: bool = False, ) -> bool: """Set up initial keys.""" - keyfile = Path(filename) - if keyfile.exists() and not regenerate: return False @@ -67,16 +70,15 @@ def _initial_key_setup( def _generate_master_password( - settings: AdminServerSettings, filename: str = KEY_FILENAME + settings: AdminServerSettings, keyfile: Path ) -> str: """Generate master password for password database. Returns the encrypted string, base64 encoded. """ - keyfile = Path(filename) if not keyfile.exists(): raise RuntimeError("Error: Private key has not been generated yet.") - private_key = load_private_key(filename, password=settings.secret_key) + private_key = load_private_key(str(keyfile.absolute()), password=settings.secret_key) public_key = private_key.public_key() master_password = _generate_password() return encrypt_string(master_password, public_key) diff --git a/packages/sshecret-admin/src/sshecret_admin/testing.py b/packages/sshecret-admin/src/sshecret_admin/testing.py index d81ae4d..b189700 100644 --- a/packages/sshecret-admin/src/sshecret_admin/testing.py +++ b/packages/sshecret-admin/src/sshecret_admin/testing.py @@ -5,7 +5,7 @@ import os import bcrypt from sqlmodel import Session -from .auth_models import User +from sshecret_admin.auth.models import User def get_test_user_details() -> tuple[str, str]: