Mirror
/
zulip
mirror of https://github.com/zulip/zulip.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

register_server: Check write access to secrets file when rotate_key. 

Using --rotate-key without write access to the secrets file is currently
quite painful, since you end up rotating your registration's secret with
no local record of it; so effectively you lose your registration and
need help from support. We should just prevent this failure mode.
This commit is contained in:
Mateusz Mandera 2024-03-22 01:00:45 +01:00 committed by Tim Abbott
parent 7d0c12aa3a
commit 89a22fb076
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
zerver/management/commands/register_server.py
View File

@ -1,3 +1,4 @@
import os
import subprocess import subprocess
from argparse import ArgumentParser from argparse import ArgumentParser
from typing import Any, Dict from typing import Any, Dict
@ -80,6 +81,8 @@ class Command(ZulipBaseCommand):
"contact_email": settings.ZULIP_ADMINISTRATOR, "contact_email": settings.ZULIP_ADMINISTRATOR,
} }
if options["rotate_key"]: if options["rotate_key"]:
if not os.access(SECRETS_FILENAME, os.W_OK):
raise CommandError(f"{SECRETS_FILENAME} is not writable by the current user.")
request["new_org_key"] = get_random_string(64) request["new_org_key"] = get_random_string(64)
print( print(