Support multiple public keys

This will parse the public key field as a newline delimited list of public keys.

Return (valid) result on first match.

dataprovider/dataprovider.go

@@ -234,11 +234,14 @@ func validateUser(user *User) error {
 		user.Password = pwd
 	}
 	if len(user.PublicKey) > 0 {
-		_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(user.PublicKey))
+		for i, k := range strings.Split(user.PublicKey, "\n") {
-		if err != nil {
+			_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
-			return err
+			if err != nil {
+				return &ValidationError{err: fmt.Sprintf("Could not parse key nr. %d: %s", i, err)}
+			}
 		}
 	}
+
 	return nil
 }
 

dataprovider/sqlcommon.go

@@ -73,20 +73,21 @@ func sqlCommonValidateUserAndPubKey(username string, pubKey string) (User, error
 		logger.Warn(logSender, "error authenticating user: %v, error: %v", username, err)
 		return user, err
 	}
-	if len(user.PublicKey) > 0 {
+	if len(user.PublicKey) == 0 {
-		storedPubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(user.PublicKey))
+		return user, errors.New("Invalid credentials")
-		if err != nil {
-			logger.Warn(logSender, "error parsing stored public key for user %v: %v", username, err)
-			return user, err
-		}
-		if string(storedPubKey.Marshal()) != pubKey {
-			err = errors.New("Invalid credentials")
-			return user, err
-		}
-	} else {
-		err = errors.New("Invalid credentials")
 	}
-	return user, err
+
+	for i, k := range strings.Split(user.PublicKey, "\n") {
+		storedPubKey, _, _, _, err := ssh.ParseAuthorizedKey([]byte(k))
+		if err != nil {
+			logger.Warn(logSender, "error parsing stored public key %d for user %v: %v", i, username, err)
+			return user, err
+		}
+		if string(storedPubKey.Marshal()) == pubKey {
+			return user, nil
+		}
+	}
+	return user, errors.New("Invalid credentials")
 }
 
 func sqlCommonGetUserByID(ID int64) (User, error) {