core: Fix archive user updating their keys when using autoconfig

Previously a user's key hash would be updated in the database but not in the GPG keyring if the user already existed. This change will add the key unconditionally if it is missing in the GPG keyring and ensure it and the DB are in sync again.
lkhq · Feb 29, 2024 · 182b6a8 · 182b6a8
1 parent f622aed
commit 182b6a8
Showing 1 changed file with 20 additions and 9 deletions.
diff --git a/src/lkadmin/archive.py b/src/lkadmin/archive.py
@@ -623,7 +623,7 @@ def update_uploaders(dir_path, auto=False, no_confirm=False):
     if not no_confirm:
         data_src = git_url if git_url else dir_path
         proceed_answer = Confirm.ask(
-            'Update users with data from {}? This will DELETE and users not present in this directory!'.format(data_src)
+            'Update users with data from {}? This will DELETE all users not present in this directory!'.format(data_src)
         )
         if not proceed_answer:
             return
@@ -671,7 +671,7 @@ def update_uploaders(dir_path, auto=False, no_confirm=False):
                 session.add(user)
             user.name = uconf.get('name', '')
             user.alias = uconf.get('alias', None)
-            user.pgp_fingerprints = fingerprints
+            user.pgp_fingerprints = []
             user.is_human = uconf.get('is_human', True)
             user.allow_source_uploads = uconf.get('allow_source_uploads', True)
             user.allow_binary_uploads = uconf.get('allow_binary_uploads', False)
@@ -696,14 +696,25 @@ def update_uploaders(dir_path, auto=False, no_confirm=False):
             # update GPG keys
             for fpr in fingerprints:
                 used_fprs.add(fpr)
-                # check if we already have the key for existing users
-                if fpr in uploader_fprs:
+                # Check if the key was already added to the current user in the current import cycle
+                # and if we have it in the global GPG keyring (and skip adding it again in that case)
+                if fpr in user.pgp_fingerprints and fpr in uploader_fprs:
                     continue
-                # check if the key was already added to the current user in the current import cycle
-                if fpr in user.pgp_fingerprints:
-                    continue
-                log.info('Importing key %s for %s', fpr, email)
-                import_key_file_for_uploader(user, os.path.join(uconf_root, fpr + '.asc'))
+                key_fname = os.path.join(uconf_root, fpr + '.asc')
+                if os.path.isfile(key_fname):
+                    # we have a file for this ID, import it!
+                    log.info('Importing key %s for %s', fpr, email)
+                    import_key_file_for_uploader(user, key_fname)
+
+                    # this operation may have added multiple new keys to the trusted set, add them
+                    # to the known-keys set
+                    uploader_fprs = set(retrieve_uploader_fingerprints())
+
+            # update the database key list based on what the GPG keyring has available
+            for fpr in fingerprints:
+                if fpr in uploader_fprs and fpr not in user.pgp_fingerprints:
+                    log.info('Allowing key %s for %s', fpr, email)
+                    user.pgp_fingerprints.append(fpr)
 
         if valid_users_found:
             # only remove stuff if we found at least one valid user in the new dataset, as safety precaution