From c752dd8e810becd0a1bf6dc803151ad2b59814fe Mon Sep 17 00:00:00 2001
From: Jo Vandeginste <jo.vandeginste@gmail.com>
Date: Wed, 31 Jul 2019 13:42:58 +0200
Subject: [PATCH] Support multiple public keys

This will parse the public key field as a newline delimited list of public keys.

Return (valid) result on first match.
---
 dataprovider/dataprovider.go |  9 ++++++---
 dataprovider/sqlcommon.go    | 27 ++++++++++++++-------------
 2 files changed, 20 insertions(+), 16 deletions(-)

diff --git a/dataprovider/dataprovider.go b/dataprovider/dataprovider.go
index f6011771..d0bfbcb6 100644
--- a/dataprovider/dataprovider.go
+++ b/dataprovider/dataprovider.go
@@ -234,11 +234,14 @@ func validateUser(user *User) error {
 		user.Password = pwd
 	}
 	if len(user.PublicKey) > 0 {
-		_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(user.PublicKey))
-		if err != nil {
-			return err
+		for i, k := range strings.Split(user.PublicKey, "\n") {
+			_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
+			if err != nil {
+				return &ValidationError{err: fmt.Sprintf("Could not parse key nr. %d: %s", i, err)}
+			}
 		}
 	}
+
 	return nil
 }
 
diff --git a/dataprovider/sqlcommon.go b/dataprovider/sqlcommon.go
index 93fd08da..98372afe 100644
--- a/dataprovider/sqlcommon.go
+++ b/dataprovider/sqlcommon.go
@@ -73,20 +73,21 @@ func sqlCommonValidateUserAndPubKey(username string, pubKey string) (User, error
 		logger.Warn(logSender, "error authenticating user: %v, error: %v", username, err)
 		return user, err
 	}
-	if len(user.PublicKey) > 0 {
-		storedPubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(user.PublicKey))
-		if err != nil {
-			logger.Warn(logSender, "error parsing stored public key for user %v: %v", username, err)
-			return user, err
-		}
-		if string(storedPubKey.Marshal()) != pubKey {
-			err = errors.New("Invalid credentials")
-			return user, err
-		}
-	} else {
-		err = errors.New("Invalid credentials")
+	if len(user.PublicKey) == 0 {
+		return user, errors.New("Invalid credentials")
 	}
-	return user, err
+
+	for i, k := range strings.Split(user.PublicKey, "\n") {
+		storedPubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
+		if err != nil {
+			logger.Warn(logSender, "error parsing stored public key %d for user %v: %v", i, username, err)
+			return user, err
+		}
+		if string(storedPubKey.Marshal()) == pubKey {
+			return user, nil
+		}
+	}
+	return user, errors.New("Invalid credentials")
 }
 
 func sqlCommonGetUserByID(ID int64) (User, error) {