Public key not displayed on theme component install from private repository

When I try to add a theme component from a private repository, the generated public key is not shown.

I can grab it from the network tab and create a deploy key in Github and then it works, so it’s only a display issue.

BTW why is it sending the private key to the client as well :thinking: :scream:

1 Like

That certainly sounds like a bug, we will get it sorted.

Recently @nbianca made a pretty critical change, we were unable to “stage” repos prior to having them ready. This meant someone was stuck with that UX open while another person was busy setting up the repo.

We now allow you to “stage” the component or theme and deal with keys at your own leisure.

Feels like some of the network chatter here is leftover from the old implementation.


@nbianca can you have a look at this?

1 Like

The problem here was that the regular expression that checked that repo URL was too strict and did not allow for .git to be missing from the end. I fixed it in this PR:


Yes, that seems to solve things, thank you!

It still acts a bit odd since it does (repeatedly) generate a keypair and send it over the line even if the repository URL does not adhere to the regex, but I guess entropy starvation is not a realistic attack anymore in 2022 and it’s an admin-only request, so there is no real security issue there.

This topic was automatically closed after 36 hours. New replies are no longer allowed.