ssh key upload only works without value in "name" field #7
Loading…
Reference in New Issue
No description provided.
Delete Branch "%!s(<nil>)"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
don't know if this project is meant to be used at all - i made a test capsul following the guide and one tiny hiccup i had - you can only upload an ssh key if you don't put any value in the name field and allow the service to use fill in a default value from the ssh pub key comment
This issue would be inside the
3wordchant/capsul-flask:yolocolo
docker image -- that docker image I believe comes from https://git.autonomic.zone/3wordchant/capsul-flaskFWIW the deployed version on capsul.org does not have this issue, or at least I can't seem to reproduce it.
I will say, in the past we have had some issues with SSH keys not being accepted due to the ham-fisted anti-XSS sanitization process. (it uses a regex whitelist )
So it might help if you could post the ssh public key that you tried to upload and the logs / http response produced if any.
thanks for the reply forest. to clarify this issue came up at https://yolo.servers.coop, which i was testing because i was thinking about self-hosting a capsul-flask instance using abra. i can move the issue over to that linked git if you'd like.
here's some of the logs (lmk if i should get some more detailed logs of something)
request:
:method: POST
:scheme: https
:authority: yolo.servers.coop
:path: /console/keys
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8
Content-Type: application/x-www-form-urlencoded
Origin: https://yolo.servers.coop
Cookie: session=eyJhY2NvdW50IjoibmJ1cmthQG1hYy5jb20iLCJjc3JmLXRva2VuIjoiQWhKdzNjTlc5Z0tNX3MtbUs0Q0ZIIn0.Ynr1aw.NtaWE_Tey1eZBNGgnDdhwzGztWc
Content-Length: 697
Accept-Language: en-us
Host: yolo.servers.coop
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15
Referer: https://yolo.servers.coop/console/keys
Accept-Encoding: gzip, deflate, br
Connection: keep-alive
request data:
MIME Type: application/x-www-form-urlencoded
method: POST
action: upload_ssh_key
csrf-token: AhJw3cNW9gKM_s-mK4CFH
content: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC+An4psG9Zoz+FYAnJBOMD1f48qPYtYdc8ZzVUOBABe01BewqCXJQx4zjXdyC+CRtbVp54mMkdwG9FrhEIIMNzcwx4T34EzMGydMC0cOhqw7Bxz0S9As7OTm+peiM7Dx8SP8i5WqnvldLoj34WT6b8fTCwXEc2L62ahfGrfjCrudjtnJvXtiNAAQ5vmUsg0aM8DLSsw24hV+oyT4gnuawlUB2g+ry3a/PKWYtuISFrvtN9ubR/RUIEW/THJ9MQ8RDkbVyubWEb3hqTVOrXeQD4Xe91sjlJLGw1ZBMLcNZh2XPYDOVg87bpT8Qm1o39afcYS5cR5iK8ttdLs0MKeM5bulE29bC+uTAuJh21Jk5kZeZ6QGxU9fLup7s+TVyEYYoPFDZQRxbPQ6Caznt1bj0LLpUEynx4eatZF7Mb1AULhz25fen7QEdbs/jf2B3PSfY9GLNF3GYKvJ+h58TsZDf0DHZF+yXAQpKe7koVRkmWYtwxnRnR0Ola14RdCzBi1HU= nicholas@Nicholass-MBP.home
name: abaa
response:
:status: 200
Set-Cookie: session=eyJhY2NvdW50IjoibmJ1cmthQG1hYy5jb20iLCJjc3JmLXRva2VuIjoiQWhKdzNjTlc5Z0tNX3MtbUs0Q0ZIIn0.Ynv6Jw.-KDvhf1n00veXETvmdRQPqmp_KU; HttpOnly; Path=/
Content-Type: text/html; charset=utf-8
Content-Security-Policy: default-src 'self'
X-Content-Type-Options: nosniff
Date: Wed, 11 May 2022 18:02:15 GMT
X-Frame-Options: SAMEORIGIN
Content-Length: 4376
Vary: Cookie
Server: gunicorn/20.0.4
I think it probably just needs these commits?
9d6fe075b0..961bb4976b
I can't explain why its throwing name is required for that request though. I can't reproduce on capsul.org with that specific key / key name. It's fixed upstream so as soon as yolocolo gets updated it should be all good.