eising/sshecret
1
0
Fork 0
Code Issues 28 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Allow specification of workdir

Browse Source
This commit is contained in:
Allan Eising
2025-05-11 11:19:47 +02:00
parent 3dfd03688b
commit d0b92b220e
3 changed files with 14 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
packages/sshecret-admin/src/sshecret_admin/core/settings.py
View File

@ -1,5 +1,6 @@
"""SSH Server settings.""" """SSH Server settings."""
from pathlib import Path
from pydantic import AnyHttpUrl, Field from pydantic import AnyHttpUrl, Field
from pydantic_settings import BaseSettings, SettingsConfigDict from pydantic_settings import BaseSettings, SettingsConfigDict
from sqlalchemy import URL from sqlalchemy import URL
@ -22,10 +23,9 @@ class AdminServerSettings(BaseSettings):
listen_address: str = Field(default="") listen_address: str = Field(default="")
secret_key: str secret_key: str
port: int = DEFAULT_LISTEN_PORT port: int = DEFAULT_LISTEN_PORT
database: str = Field(default=DEFAULT_DATABASE) database: str = Field(default=DEFAULT_DATABASE)
#admin_db: str = Field(default=DEFAULT_DATABASE)
debug: bool = False debug: bool = False
password_manager_directory: Path | None = None
@property @property
def admin_db(self) -> URL: def admin_db(self) -> URL:

20
packages/sshecret-admin/src/sshecret_admin/services/master_password.py
View File

@ -24,11 +24,14 @@ def setup_master_password(
This method should run just after setting up the database. This method should run just after setting up the database.
""" """
created = _initial_key_setup(settings, filename, regenerate) keyfile = Path(filename)
if settings.password_manager_directory:
keyfile = settings.password_manager_directory / filename
created = _initial_key_setup(settings, keyfile, regenerate)
if not created: if not created:
return None return None
return _generate_master_password(settings, filename) return _generate_master_password(settings, keyfile)
def decrypt_master_password( def decrypt_master_password(
@ -36,10 +39,12 @@ def decrypt_master_password(
) -> str: ) -> str:
"""Retrieve master password.""" """Retrieve master password."""
keyfile = Path(filename) keyfile = Path(filename)
if settings.password_manager_directory:
keyfile = settings.password_manager_directory / filename
if not keyfile.exists(): if not keyfile.exists():
raise RuntimeError("Error: Private key has not been generated yet.") raise RuntimeError("Error: Private key has not been generated yet.")
private_key = load_private_key(KEY_FILENAME, password=settings.secret_key) private_key = load_private_key(str(keyfile.absolute()), password=settings.secret_key)
return decode_string(encrypted, private_key) return decode_string(encrypted, private_key)
@ -50,12 +55,10 @@ def _generate_password() -> str:
def _initial_key_setup( def _initial_key_setup(
settings: AdminServerSettings, settings: AdminServerSettings,
filename: str = KEY_FILENAME, keyfile: Path,
regenerate: bool = False, regenerate: bool = False,
) -> bool: ) -> bool:
"""Set up initial keys.""" """Set up initial keys."""
keyfile = Path(filename)
if keyfile.exists() and not regenerate: if keyfile.exists() and not regenerate:
return False return False
@ -67,16 +70,15 @@ def _initial_key_setup(
def _generate_master_password( def _generate_master_password(
settings: AdminServerSettings, filename: str = KEY_FILENAME settings: AdminServerSettings, keyfile: Path
) -> str: ) -> str:
"""Generate master password for password database. """Generate master password for password database.
Returns the encrypted string, base64 encoded. Returns the encrypted string, base64 encoded.
""" """
keyfile = Path(filename)
if not keyfile.exists(): if not keyfile.exists():
raise RuntimeError("Error: Private key has not been generated yet.") raise RuntimeError("Error: Private key has not been generated yet.")
private_key = load_private_key(filename, password=settings.secret_key) private_key = load_private_key(str(keyfile.absolute()), password=settings.secret_key)
public_key = private_key.public_key() public_key = private_key.public_key()
master_password = _generate_password() master_password = _generate_password()
return encrypt_string(master_password, public_key) return encrypt_string(master_password, public_key)

2
packages/sshecret-admin/src/sshecret_admin/testing.py
View File

@ -5,7 +5,7 @@ import os
import bcrypt import bcrypt
from sqlmodel import Session from sqlmodel import Session
from .auth_models import User from sshecret_admin.auth.models import User
def get_test_user_details() -> tuple[str, str]: def get_test_user_details() -> tuple[str, str]: