switch to [email protected] key names

this allows to exploit a feature of gitolite, in which gitolite
will construct the username of the gitolite user only of the part
leading up to the @. this makes the gitolite usernames much easier
to predict.

also removes the "redmine_" prefix.

this change might with existing databases, as the format of
the gitolite_public_key identifier changes. I had to remove all keys
from the database and re-add them once until gitolite worked again
correctly.

Author: forouher

Diff for: app/models/gitolite_public_key.rb

@@ -54,12 +54,12 @@ def set_identifier
         time_tag = "#{my_time.to_i.to_s}_#{my_time.usec.to_s}"
         case key_type
           when KEY_TYPE_USER
-            # add "redmine_" as a prefix to the username, and then the current date
-            # this helps ensure uniqueness of each key identifier
+            # add current date to the username, this helps ensure uniqueness of each
+            # key identifier
             #
-            # also, it ensures that it is very, very unlikely to conflict with any
-            # existing key name if gitolite config is also being edited manually
-            "redmine_#{self.user.login.underscore}_#{time_tag}".gsub(/[^0-9a-zA-Z\-]/,'_')
+            # seperate username and date with an @ character. this will cause gitolite
+            # to ignore everything after the @ when determining the username.
+            "#{self.user.login.underscore}".gsub(/[^0-9a-zA-Z\-]/,'_') << "@" << "#{time_tag}".gsub(/[^0-9a-zA-Z\-]/,'_')
           when KEY_TYPE_DEPLOY
             # add "redmine_deploy_key_" as a prefix, and then the current date
             # to help ensure uniqueness of each key identifier
@@ -70,6 +70,21 @@ def set_identifier
         end
   end
 
+  def get_gitusername
+      begin
+        case key_type
+          when KEY_TYPE_USER
+	    # This is equivalent to the username of the redmine user
+            "#{self.user.login.underscore}".gsub(/[^0-9a-zA-Z\-]/,'_')
+          when KEY_TYPE_DEPLOY
+            # git usernames for deploy keys are equivalent to their identifierts
+            self.identifier
+          else
+            nil
+          end
+        end
+  end
+
   # Key type checking functions
   def user_key?
     key_type == KEY_TYPE_USER
@@ -95,7 +110,7 @@ def reset_identifier
 
   def to_s ; title ; end
 
-  @@myregular = /^redmine_(.*)_\d*_\d*(.pub)?$/
+  @@myregular = /^(.*)@\d*_\d*(.pub)?$/
   def self.ident_to_user_token(identifier)
     result = @@myregular.match(identifier)
     (result != nil) ? result[1] : nil

Diff for: lib/libs/git_hosting.rb

@@ -1028,9 +1028,9 @@ def self.update_repositories(*args)
 
         proj.member_principals.map(&:user).compact.uniq.each do |user|
           if user.allowed_to?(:commit_access, proj)
-            proj_write_user_keys += user.gitolite_public_keys.active.user_key.map(&:identifier)
+            proj_write_user_keys += user.gitolite_public_keys.active.user_key.map(&:get_gitusername)
           elsif user.allowed_to?(:view_changesets, proj)
-            proj_read_user_keys += user.gitolite_public_keys.active.user_key.map(&:identifier)
+            proj_read_user_keys += user.gitolite_public_keys.active.user_key.map(&:get_gitusername)
           end
         end
 
@@ -1125,9 +1125,9 @@ def self.update_repositories(*args)
 
               repo.deployment_credentials.active.select(&:honored?).each do |cred|
                 if cred.allowed_to?(:commit_access)
-                  write_user_keys << cred.gitolite_public_key.identifier
+                  write_user_keys << cred.gitolite_public_key.get_gitusername
                 elsif cred.allowed_to?(:view_changesets)
-                  read_user_keys << cred.gitolite_public_key.identifier
+                  read_user_keys << cred.gitolite_public_key.get_gitusername
                 end
               end