From a36b948691868e9ed824c87f0dd7afbd1cb16cd7 Mon Sep 17 00:00:00 2001
From: Denis Gukov <fiftin@outlook.com>
Date: Wed, 3 Nov 2021 17:51:36 +0500
Subject: [PATCH] fix(be): Access key file not found
 https://github.com/ansible-semaphore/semaphore/issues/783

---
 api/tasks/runner.go                  | 61 ++++++++++++----------------
 cli/cmd/root.go                      |  2 +-
 db/AccessKey.go                      | 29 ++++++++++---
 web2/src/views/project/Templates.vue |  2 +-
 4 files changed, 53 insertions(+), 41 deletions(-)

diff --git a/api/tasks/runner.go b/api/tasks/runner.go
index 92767d13..7980c788 100644
--- a/api/tasks/runner.go
+++ b/api/tasks/runner.go
@@ -110,22 +110,22 @@ func (t *task) fail() {
 }
 
 func (t *task) destroyKeys() {
-	err := t.destroyKey(t.repository.SSHKey)
+	err := t.repository.SSHKey.Destroy()
 	if err != nil {
 		t.log("Can't destroy repository key, error: " + err.Error())
 	}
 
-	err = t.destroyKey(t.inventory.SSHKey)
+	err = t.inventory.SSHKey.Destroy()
 	if err != nil {
 		t.log("Can't destroy inventory user key, error: " + err.Error())
 	}
 
-	err = t.destroyKey(t.inventory.BecomeKey)
+	err = t.inventory.BecomeKey.Destroy()
 	if err != nil {
 		t.log("Can't destroy inventory become user key, error: " + err.Error())
 	}
 
-	err = t.destroyKey(t.template.VaultKey)
+	err = t.template.VaultKey.Destroy()
 	if err != nil {
 		t.log("Can't destroy inventory vault password file, error: " + err.Error())
 	}
@@ -193,7 +193,8 @@ func (t *task) prepareRun() {
 	
 	t.updateStatus()
 
-	if err := t.installKey(t.repository.SSHKey, db.AccessKeyUsagePrivateKey); err != nil {
+	//if err := t.installKey(t.repository.SSHKey, db.AccessKeyUsagePrivateKey); err != nil {
+	if err := t.repository.SSHKey.Install(db.AccessKeyUsagePrivateKey); err != nil {
 		t.log("Failed installing ssh key for repository access: " + err.Error())
 		t.fail()
 		return
@@ -398,14 +399,6 @@ func (t *task) populateDetails() error {
 	return nil
 }
 
-func (t *task) destroyKey(key db.AccessKey) error {
-	path := key.GetPath()
-	if _, err := os.Stat(path); os.IsNotExist(err) {
-		return nil
-	}
-	return os.Remove(path)
-}
-
 func (t *task) installVaultKeyFile() error {
 	if t.template.VaultKeyID == nil {
 		return nil
@@ -414,27 +407,27 @@ func (t *task) installVaultKeyFile() error {
 	return t.template.VaultKey.Install(db.AccessKeyUsageVault)
 }
 
-func (t *task) installKey(key db.AccessKey, accessKeyUsage int) error {
-	if key.Type != db.AccessKeySSH {
-		return nil
-	}
-
-	t.log("access key " + key.Name + " installed")
-
-	path := key.GetPath()
-
-	err := key.DeserializeSecret()
-
-	if err != nil {
-		return err
-	}
-
-	if key.SshKey.Passphrase != "" {
-		return fmt.Errorf("ssh key with passphrase not supported")
-	}
-
-	return ioutil.WriteFile(path, []byte(key.SshKey.PrivateKey+"\n"), 0600)
-}
+//func (t *task) installKey(key db.AccessKey, accessKeyUsage int) error {
+//	if key.Type != db.AccessKeySSH {
+//		return nil
+//	}
+//
+//	t.log("access key " + key.Name + " installed")
+//
+//	path := key.GetPath()
+//
+//	err := key.DeserializeSecret()
+//
+//	if err != nil {
+//		return err
+//	}
+//
+//	if key.SshKey.Passphrase != "" {
+//		return fmt.Errorf("ssh key with passphrase not supported")
+//	}
+//
+//	return ioutil.WriteFile(path, []byte(key.SshKey.PrivateKey+"\n"), 0600)
+//}
 
 func (t *task) checkoutRepository() error {
 	if t.task.CommitHash != nil { // checkout to commit if it is provided for task
diff --git a/cli/cmd/root.go b/cli/cmd/root.go
index b02b7d90..56876f08 100644
--- a/cli/cmd/root.go
+++ b/cli/cmd/root.go
@@ -113,7 +113,7 @@ func createStore() db.Store {
 	if err := store.Connect(); err != nil {
 		switch err {
 		case bbolt.ErrTimeout:
-			fmt.Println("\n [ERR_BOLTDB_TIMEOUT] BoltDB supports only one connection at a time. You should stop service when using CLI.")
+			fmt.Println("\n BoltDB supports only one connection at a time. You should stop service when using CLI.")
 		default:
 			fmt.Println("\n Have you run `semaphore setup`?")
 		}
diff --git a/db/AccessKey.go b/db/AccessKey.go
index 1fd549f4..4e3cd8c1 100644
--- a/db/AccessKey.go
+++ b/db/AccessKey.go
@@ -9,6 +9,8 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+	"math/big"
+	"os"
 	"strconv"
 
 	"github.com/ansible-semaphore/semaphore/util"
@@ -38,6 +40,8 @@ type AccessKey struct {
 	LoginPassword  LoginPassword `db:"-" json:"login_password"`
 	SshKey         SshKey        `db:"-" json:"ssh"`
 	OverrideSecret bool          `db:"-" json:"override_secret"`
+
+	InstallationKey int64 `db:"-" json:"-"`
 }
 
 type LoginPassword struct {
@@ -60,14 +64,21 @@ const (
 	AccessKeyUsageVault
 )
 
-func (key AccessKey) Install(usage AccessKeyUsage) error {
+func (key *AccessKey) Install(usage AccessKeyUsage) error {
+	rnd, err := rand.Int(rand.Reader, big.NewInt(1000000000))
+	if err != nil {
+		return err
+	}
+
+	key.InstallationKey = rnd.Int64()
+
 	if key.Type == AccessKeyNone {
 		return nil
 	}
 
 	path := key.GetPath()
 
-	err := key.DeserializeSecret()
+	err = key.DeserializeSecret()
 
 	if err != nil {
 		return err
@@ -125,9 +136,17 @@ func (key AccessKey) Install(usage AccessKeyUsage) error {
 	return nil
 }
 
+func (key *AccessKey) Destroy() error {
+	path := key.GetPath()
+	if _, err := os.Stat(path); os.IsNotExist(err) {
+		return nil
+	}
+	return os.Remove(path)
+}
+
 // GetPath returns the location of the access key once written to disk
 func (key AccessKey) GetPath() string {
-	return util.Config.TmpPath + "/access_key_" + strconv.Itoa(key.ID)
+	return util.Config.TmpPath + "/access_key_" + strconv.FormatInt(key.InstallationKey, 10)
 }
 
 func (key AccessKey) GetSshCommand() string {
@@ -267,7 +286,7 @@ func (key *AccessKey) DeserializeSecret() error {
 	if util.Config.AccessKeyEncryption == "" {
 		err = key.unmarshalAppropriateField(ciphertext)
 		if _, ok := err.(*json.SyntaxError); ok {
-			err = fmt.Errorf("[ERR_INVALID_ENCRYPTION_KEY] Cannot decrypt access key, perhaps encryption key was changed")
+			err = fmt.Errorf("cannot decrypt access key, perhaps encryption key was changed")
 		}
 		return err
 	}
@@ -298,7 +317,7 @@ func (key *AccessKey) DeserializeSecret() error {
 
 	if err != nil {
 		if err.Error() == "cipher: message authentication failed" {
-			err = fmt.Errorf("[ERR_INVALID_ENCRYPTION_KEY] Cannot decrypt access key, perhaps encryption key was changed")
+			err = fmt.Errorf("cannot decrypt access key, perhaps encryption key was changed")
 		}
 		return err
 	}
diff --git a/web2/src/views/project/Templates.vue b/web2/src/views/project/Templates.vue
index 5a57f578..b2505cae 100644
--- a/web2/src/views/project/Templates.vue
+++ b/web2/src/views/project/Templates.vue
@@ -50,7 +50,7 @@
         :save-button-text="TEMPLATE_TYPE_ACTION_TITLES[templateType]"
         title="New Task"
         @save="onTaskCreated"
-        @close="this.itemId = null"
+        @close="itemId = null"
     >
       <template v-slot:title={}>
         <v-icon small class="mr-4">{{ TEMPLATE_TYPE_ICONS[templateType] }}</v-icon>