Add ability for SKA administrators to add pubkeys on behalf of other users

Author: Msprg

model/user.php

@@ -200,8 +200,13 @@ public function add_public_key(PublicKey $key) {
 		$email->add_reply_to($config['email']['admin_address'], $config['email']['admin_name']);
 		$email->add_recipient($this->email, $this->name);
 		$email->add_cc($config['email']['report_address'], $config['email']['report_name']);
-		$email->subject = "A new SSH public key has been added to your account ({$this->uid})";
-		$email->body = "A new SSH public key has been added to your account on SSH Key Authority.\n\nIf you added this key then all is well. If you do not recall adding this key, please contact {$config['email']['admin_address']} immediately.\n\n".$key->summarize_key_information();
+		if($active_user && $active_user->entity_id != $this->entity_id) {
+			$email->subject = "A new SSH public key has been added to your account ({$this->uid}) by {$active_user->uid}";
+			$email->body = "{$active_user->name} ({$active_user->uid}) has added a new SSH public key to your account on SSH Key Authority.\n\nIf you did not request this change, please contact {$config['email']['admin_address']} immediately.\n\n".$key->summarize_key_information();
+		} else {
+			$email->subject = "A new SSH public key has been added to your account ({$this->uid})";
+			$email->body = "A new SSH public key has been added to your account on SSH Key Authority.\n\nIf you added this key then all is well. If you do not recall adding this key, please contact {$config['email']['admin_address']} immediately.\n\n".$key->summarize_key_information();
+		}
 		$email->send();
 		$this->log(array('action' => 'Pubkey add', 'value' => $key->fingerprint_md5), LOG_WARNING);
 	}

templates/user_pubkeys.php

@@ -25,6 +25,24 @@
 		<span class="glyphicon glyphicon-console"></span> JSON
 	</a>
 </p>
+<?php if($this->get('allow_admin_add')) { ?>
+<div class="panel panel-default">
+	<div class="panel-heading">
+		<h2 class="panel-title">Add public key for <?php out($this->get('user')->name)?></h2>
+	</div>
+	<div class="panel-body">
+		<form method="post" action="<?php outurl($this->data->relative_request_url) ?>">
+			<?php out($this->get('active_user')->get_csrf_field(), ESC_NONE) ?>
+			<div class="form-group">
+				<label for="add_public_key">Public key</label>
+				<textarea class="form-control" rows="4" id="add_public_key" name="add_public_key" required></textarea>
+			</div>
+			<p class="help-block">The key will be added to <?php out($this->get('user')->uid)?>.</p>
+			<button type="submit" class="btn btn-primary">Add public key</button>
+		</form>
+	</div>
+</div>
+<?php } ?>
 <?php foreach($this->get('pubkeys') as $pubkey) { ?>
 <div class="panel panel-default">
 	<dl class="panel-body">

views/user_pubkeys.php

@@ -21,6 +21,35 @@
 	require('views/error404.php');
 	die;
 }
+
+$is_target_active_user = $active_user && $active_user->entity_id == $user->entity_id;
+$can_admin_add_for_user = $active_user && $active_user->admin && !$is_target_active_user;
+$can_submit_key = $is_target_active_user || $can_admin_add_for_user;
+
+if(isset($_POST['add_public_key'])) {
+	if(!$can_submit_key) {
+		require('views/error403.php');
+		die;
+	}
+	try {
+		$public_key = new PublicKey;
+		$public_key->import($_POST['add_public_key'], $user->uid);
+		$user->add_public_key($public_key);
+		redirect();
+	} catch(InvalidArgumentException $e) {
+		global $config;
+		$content = new PageSection('key_upload_fail');
+		$error_message = $e->getMessage();
+		if(preg_match('/^Insufficient bits in public key: (\d+) < (\d+)$/', $error_message, $matches)) {
+			$actual_bits = $matches[1];
+			$required_bits = $matches[2];
+			$content->set('message', "The public key you submitted is of insufficient strength; it has {$actual_bits} bits but must be at least {$required_bits} bits.");
+		} else {
+			$content->set('message', "The public key you submitted doesn't look valid.");
+		}
+	}
+}
+
 $pubkeys = $user->list_public_keys();
 if(isset($router->vars['format']) && $router->vars['format'] == 'txt') {
 	$page = new PageSection('entity_pubkeys_txt');
@@ -33,16 +62,19 @@
 	header('Content-type: application/json; charset=utf-8');
 	echo $page->generate();
 } else {
-	$content = new PageSection('user_pubkeys');
-	$content->set('user', $user);
-	$content->set('pubkeys', $pubkeys);
-	$content->set('admin', $active_user->admin);
+	$head = '<link rel="alternate" type="application/json" href="pubkeys.json" title="JSON for this page">' . "\n";
+	$head .= '<link rel="alternate" type="text/plain" href="pubkeys.txt" title="TXT format for this page">' . "\n";
 
-	$head = '<link rel="alternate" type="application/json" href="pubkeys.json" title="JSON for this page">'."\n";
-	$head .= '<link rel="alternate" type="text/plain" href="pubkeys.txt" title="TXT format for this page">'."\n";
+	if(!isset($content)) {
+		$content = new PageSection('user_pubkeys');
+		$content->set('user', $user);
+		$content->set('pubkeys', $pubkeys);
+		$content->set('admin', $active_user ? $active_user->admin : false);
+		$content->set('allow_admin_add', $can_admin_add_for_user);
+	}
 
 	$page = new PageSection('base');
-	$page->set('title', 'Public keys for '.$user->name);
+	$page->set('title', 'Public keys for ' . $user->name);
 	$page->set('head', $head);
 	$page->set('content', $content);
 	$page->set('alerts', $active_user->pop_alerts());