3 files changed, 47 insertions, 39 deletions

diff --git a/gitosis/init.py b/gitosis/init.py
index 373f57f..105ac4c 100644
--- a/gitosis/init.py
+++ b/gitosis/init.py
@@ -136,7 +136,8 @@ class Main(app.App):
         log.info('Reading SSH public key...')
         pubkey = read_ssh_pubkey(options.adminkey)
         if options.adminname is None:
-            user = sshkey.extract_user(pubkey)
+            _ = sshkey.get_ssh_pubkey(pubkey)
+            user = _.username
         else:
             user = options.adminname
         if user is None:
diff --git a/gitosis/sshkey.py b/gitosis/sshkey.py
index ee0aa15..b948a5e 100644
--- a/gitosis/sshkey.py
+++ b/gitosis/sshkey.py
@@ -61,7 +61,10 @@ class SSHPublicKey:
         """
         Returns the username from the comment, the first word of the comment.
         """
-        return self._username
+        if isSafeUsername(self._username):
+            return self._username
+        else:
+            raise InsecureSSHKeyUsername(repr(self._username))
     
     def options_string(self):
         """Return the options array as a suitable string."""
@@ -199,14 +202,6 @@ def isSafeUsername(user):
     match = _ACCEPTABLE_USER_RE.match(user)
     return (match is not None)
 
-def extract_user(pubkey):
-    """Find the username for a given SSH public key line."""
-    _, user = pubkey.rsplit(None, 1)
-    if isSafeUsername(user):
-        return user
-    else:
-        raise InsecureSSHKeyUsername(repr(user))
-
 #X#key1 = 'no-X11-forwarding,command="x b c , d=e f \\"wham\\" \' 
 #before you go-go" 
 #ssh-rsa abc robbat2@foo foo\tbar#ignore'
diff --git a/gitosis/test/test_sshkey.py b/gitosis/test/test_sshkey.py
index f44e250..09863fa 100644
--- a/gitosis/test/test_sshkey.py
+++ b/gitosis/test/test_sshkey.py
@@ -2,86 +2,98 @@ from nose.tools import eq_ as eq, assert_raises, raises
 
 from gitosis import sshkey
 
-def test_sshkey_extract_user_simple():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_simple():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser@fakehost')
+    got = _.username
     eq(got, 'fakeuser@fakehost')
 
-def test_sshkey_extract_user_domain():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_domain():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser@fakehost.example.com')
+    got = _.username
     eq(got, 'fakeuser@fakehost.example.com')
 
-def test_sshkey_extract_user_domain_dashes():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_domain_dashes():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
-            +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser@ridiculously-long.example.com')
+            +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= '
+            +'fakeuser@ridiculously-long.example.com')
+    got = _.username
     eq(got, 'fakeuser@ridiculously-long.example.com')
 
-def test_sshkey_extract_user_underscore():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_underscore():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fake_user@example.com')
+    got = _.username
     eq(got, 'fake_user@example.com')
 
-def test_sshkey_extract_user_dot():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_dot():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fake.u.ser@example.com')
+    got = _.username
     eq(got, 'fake.u.ser@example.com')
 
-def test_sshkey_extract_user_dash():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_dash():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fake.u-ser@example.com')
+    got = _.username
     eq(got, 'fake.u-ser@example.com')
 
-def test_sshkey_extract_user_no_at():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_no_at():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= fakeuser')
+    got = _.username
     eq(got, 'fakeuser')
 
-def test_sshkey_extract_user_caps():
-    got = sshkey.extract_user(
-            'ssh-somealgo '
+def test_sshkey_username_caps():
+    _ = sshkey.get_ssh_pubkey(
+            'ssh-rsa '
             +'0123456789ABCDEFAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
             +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= Fake.User@Domain.Example.Com')
+    got = _.username
     eq(got, 'Fake.User@Domain.Example.Com')
 
 @raises(sshkey.InsecureSSHKeyUsername)
-def test_sshkey_extract_user_bad():
+def test_sshkey_username_bad():
+    # The '#' and characters after it are part of an actual comment in the file
+    # and are ignored.
     try:
-        sshkey.extract_user(
-        'ssh-somealgo AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
+        _ = sshkey.get_ssh_pubkey(
+        'ssh-rsa AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
         +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
         +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
         +'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA= ER3%#@e%')
+        got = _.username
     except sshkey.InsecureSSHKeyUsername, e:
-        eq(str(e), "Username contains not allowed characters: 'ER3%#@e%'")
+        eq(str(e), "Username contains not allowed characters: 'ER3%'")
         raise e