From facbdef3c1b33238670b9c4a0137be8f49405d91 Mon Sep 17 00:00:00 2001
From: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Date: Fri, 17 Apr 2026 21:34:12 +0200
Subject: [PATCH] [v15.0/forgejo] Exclude SSH certificate principals from
 output when viewing user's SSH keys (#12166)

**Backport:** https://codeberg.org/forgejo/forgejo/pulls/12079

Fixes #11590

When viewing a user's SSH keys, SSH principals are now excluded from the output.  This would previously either result in a panic in [OmitEmail](https://codeberg.org/forgejo/forgejo/src/commit/cfd4d53e32/models/asymkey/ssh_key.go#L67), if the principal name didn't contain any spaces, or truncate the principal name, if it did contain spaces.

The TestExportUserSSHKeys test was also updated and fails if the fix(commit cfcbc33af0) is reverted.

## Checklist

The [contributor guide](https://forgejo.org/docs/next/contributor/) contains information that will be helpful to first time contributors. All work and communication must conform to Forgejo's [AI Agreement](https://codeberg.org/forgejo/governance/src/branch/main/AIAgreement.md). There also are a few [conditions for merging Pull Requests in Forgejo repositories](https://codeberg.org/forgejo/governance/src/branch/main/PullRequestsAgreement.md). You are also welcome to join the [Forgejo development chatroom](https://matrix.to/#/#forgejo-development:matrix.org).

### Tests for Go changes

- I added test coverage for Go changes...
  - [ ] in their respective `*_test.go` for unit tests.
  - [x] in the `tests/integration` directory if it involves interactions with a live Forgejo server.
- I ran...
  - [x] `make pr-go` before pushing
  - [x] `make test`
  - [x] `make test-sqlite#TestExportUserSSHKeys`

I have also manually tested the change.

The full integration tests(`make test-sqlite`) report some errors, but I get the same errors without this PR(tested on commit [6a5dda7116](https://codeberg.org/forgejo/forgejo/commit/6a5dda711628a4ed826846f208839561b9a6b1c3)).

I have not tested with the other database backends.

### Documentation

- [ ] I created a pull request [to the documentation](https://codeberg.org/forgejo/docs) to explain to Forgejo users how to use this change.
- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.
- [ ] This change is not visible to a Forgejo user or admin (refactor, dependency upgrade, etc.). I think there is no need to add a release note for this change.

*The decision if the pull request will be shown in the release notes is up to the mergers / release team.*

The content of the `release-notes/<pull request number>.md` file will serve as the basis for the release notes. If the file does not exist, the title of the pull request will be used instead.

<!--start release-notes-assistant-->

## Release notes
<!--URL:https://codeberg.org/forgejo/forgejo-->
- Bug fixes
  - [PR](https://codeberg.org/forgejo/forgejo/pulls/12166): <!--number 12166 --><!--line 0 --><!--description RXhjbHVkZSBTU0ggY2VydGlmaWNhdGUgcHJpbmNpcGFscyBmcm9tIG91dHB1dCB3aGVuIHZpZXdpbmcgdXNlcidzIFNTSCBrZXlz-->Exclude SSH certificate principals from output when viewing user's SSH keys<!--description-->
<!--end release-notes-assistant-->

Co-authored-by: Alec Walsh <code@alecwalsh.name>
Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/12166
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
Co-authored-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
Co-committed-by: forgejo-backport-action <forgejo-backport-action@noreply.codeberg.org>
---
 models/fixtures/public_key.yml             | 33 ++++++++++++++++++++++
 routers/web/user/home.go                   |  3 ++
 tests/integration/api_private_serv_test.go |  4 +--
 tests/integration/user_test.go             | 14 +++++++++
 4 files changed, 52 insertions(+), 2 deletions(-)

diff --git a/models/fixtures/public_key.yml b/models/fixtures/public_key.yml
index ae620ee2d1..a1c7f4feb6 100644
--- a/models/fixtures/public_key.yml
+++ b/models/fixtures/public_key.yml
@@ -9,3 +9,36 @@
   created_unix: 1559593109
   updated_unix: 1565224552
   login_source_id: 0
+-
+  id: 2
+  owner_id: 5
+  name: user5
+  fingerprint: ""
+  content: "user5"
+  mode: 2
+  type: 3
+  created_unix: 1775805112
+  updated_unix: 1775805112
+  login_source_id: 0
+-
+  id: 3
+  owner_id: 9
+  name: user9@localhost
+  fingerprint: "SHA256:K3RfDvtQ/aYVzh6RfXGFxlffLLTRgksf9UQwTlwSM8M"
+  content: "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN7KuFUnlztx/UM6PUTyiBAq5SeIqr+qSVFC6JzLQAh user9@localhost"
+  mode: 2
+  type: 1
+  created_unix: 1775805112
+  updated_unix: 1775805112
+  login_source_id: 0
+-
+  id: 4
+  owner_id: 9
+  name: user9
+  fingerprint: ""
+  content: "user9"
+  mode: 2
+  type: 3
+  created_unix: 1775805112
+  updated_unix: 1775805112
+  login_source_id: 0
diff --git a/routers/web/user/home.go b/routers/web/user/home.go
index 60d6fc2bd0..4fe3f7c9a0 100644
--- a/routers/web/user/home.go
+++ b/routers/web/user/home.go
@@ -705,6 +705,9 @@ func ShowSSHKeys(ctx *context.Context) {
 
 	var buf bytes.Buffer
 	for i := range keys {
+		if keys[i].Type == asymkey_model.KeyTypePrincipal {
+			continue // Don't display SSH principals, only public keys
+		}
 		buf.WriteString(keys[i].OmitEmail())
 		buf.WriteString("\n")
 	}
diff --git a/tests/integration/api_private_serv_test.go b/tests/integration/api_private_serv_test.go
index 742d2d80d7..dd45f54c36 100644
--- a/tests/integration/api_private_serv_test.go
+++ b/tests/integration/api_private_serv_test.go
@@ -114,12 +114,12 @@ func TestAPIPrivateServ(t *testing.T) {
 		assert.Empty(t, results)
 
 		// Cannot pull from a private repo we're not associated with
-		results, extra = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
+		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_private_2", perm.AccessModeRead, "git-upload-pack", "")
 		require.Error(t, extra.Error)
 		assert.Empty(t, results)
 
 		// Cannot pull from a public repo we're not associated with
-		results, extra = private.ServCommand(ctx, deployKey.ID, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
+		results, extra = private.ServCommand(ctx, deployKey.KeyID, "user15", "big_test_public_1", perm.AccessModeRead, "git-upload-pack", "")
 		require.Error(t, extra.Error)
 		assert.Empty(t, results)
 
diff --git a/tests/integration/user_test.go b/tests/integration/user_test.go
index 0f7c099c70..f968f8df81 100644
--- a/tests/integration/user_test.go
+++ b/tests/integration/user_test.go
@@ -1286,4 +1286,18 @@ func TestExportUserSSHKeys(t *testing.T) {
 
 		assert.Equal(t, "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDWVj0fQ5N8wNc0LVNA41wDLYJ89ZIbejrPfg/avyj3u/ZohAKsQclxG4Ju0VirduBFF9EOiuxoiFBRr3xRpqzpsZtnMPkWVWb+akZwBFAx8p+jKdy4QXR/SZqbVobrGwip2UjSrri1CtBxpJikojRIZfCnDaMOyd9Jp6KkujvniFzUWdLmCPxUE9zhTaPu0JsEP7MW0m6yx7ZUhHyfss+NtqmFTaDO+QlMR7L2QkDliN2Jl3Xa3PhuWnKJfWhdAq1Cw4oraKUOmIgXLkuiuxVQ6mD3AiFupkmfqdHq6h+uHHmyQqv3gU+/sD8GbGAhf6ftqhTsXjnv1Aj4R8NoDf9BS6KRkzkeun5UisSzgtfQzjOMEiJtmrep2ZQrMGahrXa+q4VKr0aKJfm+KlLfwm/JztfsBcqQWNcTURiCFqz+fgZw0Ey/de0eyMzldYTdXXNRYCKjs9bvBK+6SSXRM7AhftfQ0ZuoW5+gtinPrnmoOaSCEJbAiEiTO/BzOHgowiM=\n", resp.Body.String())
 	})
+
+	t.Run("No exported keys and SSH principal", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		resp := MakeRequest(t, NewRequest(t, "GET", "/user5.keys"), http.StatusOK)
+
+		assert.Equal(t, "# Note: This user hasn't uploaded any SSH keys.\n", resp.Body.String())
+	})
+
+	t.Run("Exported key and SSH principal", func(t *testing.T) {
+		defer tests.PrintCurrentTest(t)()
+		resp := MakeRequest(t, NewRequest(t, "GET", "/user9.keys"), http.StatusOK)
+
+		assert.Equal(t, "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIDN7KuFUnlztx/UM6PUTyiBAq5SeIqr+qSVFC6JzLQAh\n", resp.Body.String())
+	})
 }