backups: Migrate to SSH key auth when mounting

Tests:

- On main branch, add a remote repository with SSH password. Unmount
  the remote location.

- Switch to branch with this change. Mount the remote location. Logs
  show that it is migrated from password to key authentication. Plinth
  database no longer contains password for this remote.

Signed-off-by: James Valleroy <jvalleroy@mailbox.org>

plinth/modules/backups/repository.py

@@ -357,6 +357,7 @@ class SshBorgRepository(BaseBorgRepository):
         """Add SSH keyfile credential and delete stored password."""
         self.credentials['ssh_keyfile'] = keyfile_path
         self.credentials.pop('ssh_password', None)
+        self.save()
 
     def initialize(self):
         """Initialize the repository after mounting the target directory."""

plinth/modules/backups/views.py

@@ -587,6 +587,23 @@ def mount_repository(request, uuid):
         return redirect('backups:verify-ssh-hostkey', uuid=uuid)
 
     repository = SshBorgRepository.load(uuid)
+    if repository.ssh_password:
+        logger.info('Migrating from SSH password to key authentication...')
+        generate_ssh_client_auth_key()
+        result, message = copy_ssh_client_public_key(repository.hostname,
+                                                     repository.username,
+                                                     repository.ssh_password)
+        if result:
+            logger.info("Copied SSH client public key to remote host's "
+                        "authorized keys.")
+            _pubkey_path, key_path = get_ssh_client_auth_key_paths()
+            repository.replace_ssh_password_with_keyfile(str(key_path))
+        else:
+            logger.warning('Failed to copy SSH client public key: %s', message)
+            messages.error(
+                request,
+                _('Failed to copy SSH client public key: %s') % message)
+
     try:
         repository.mount()
     except Exception as err: