Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Jérome Perrin
gitlab-ce
Commits
f3ce02b5
Commit
f3ce02b5
authored
Sep 21, 2012
by
Sytse Sijbrandij
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Reject ssh keys that break gitolite.
Failing test. Working check.
parent
8f9a450e
Changes
3
Show whitespace changes
Inline
Side-by-side
Showing
3 changed files
with
35 additions
and
6 deletions
+35
-6
app/models/key.rb
app/models/key.rb
+16
-1
spec/factories.rb
spec/factories.rb
+7
-5
spec/models/key_spec.rb
spec/models/key_spec.rb
+12
-0
No files found.
app/models/key.rb
View file @
f3ce02b5
...
@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
...
@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
before_save
:set_identifier
before_save
:set_identifier
before_validation
:strip_white_space
before_validation
:strip_white_space
delegate
:name
,
:email
,
to: :user
,
prefix:
true
delegate
:name
,
:email
,
to: :user
,
prefix:
true
validate
:unique_key
validate
:unique_key
,
:fingerprintable_key
def
strip_white_space
def
strip_white_space
self
.
key
=
self
.
key
.
strip
unless
self
.
key
.
blank?
self
.
key
=
self
.
key
.
strip
unless
self
.
key
.
blank?
...
@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
...
@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
end
end
end
end
def
fingerprintable_key
return
true
unless
key
# Don't test if there is no key.
# `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
file
=
Tempfile
.
new
(
'key_file'
)
begin
file
.
puts
key
file
.
rewind
fingerprint_output
=
`ssh-keygen -lf
#{
file
.
path
}
2>&1`
# Catch stderr.
ensure
file
.
close
file
.
unlink
# deletes the temp file
end
errors
.
add
(
:key
,
"can't be fingerprinted"
)
if
fingerprint_output
.
match
(
"failed"
)
end
def
set_identifier
def
set_identifier
if
is_deploy_key
if
is_deploy_key
self
.
identifier
=
"deploy_"
+
Digest
::
MD5
.
hexdigest
(
key
)
self
.
identifier
=
"deploy_"
+
Digest
::
MD5
.
hexdigest
(
key
)
...
...
spec/factories.rb
View file @
f3ce02b5
...
@@ -83,11 +83,7 @@ FactoryGirl.define do
...
@@ -83,11 +83,7 @@ FactoryGirl.define do
factory
:key
do
factory
:key
do
title
title
key
do
key
do
"""
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4
596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4
soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=
"""
end
end
factory
:deploy_key
do
factory
:deploy_key
do
...
@@ -97,6 +93,12 @@ FactoryGirl.define do
...
@@ -97,6 +93,12 @@ FactoryGirl.define do
factory
:personal_key
do
factory
:personal_key
do
user
user
end
end
factory
:key_with_a_space_in_the_middle
do
key
do
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa ++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
end
end
end
end
factory
:milestone
do
factory
:milestone
do
...
...
spec/models/key_spec.rb
View file @
f3ce02b5
...
@@ -46,4 +46,16 @@ describe Key do
...
@@ -46,4 +46,16 @@ describe Key do
end
end
end
end
end
end
context
"validate it is a fingerprintable key"
do
let
(
:user
)
{
Factory
.
create
(
:user
)
}
it
"accepts the fingerprintable key"
do
build
(
:key
,
user:
user
).
should
be_valid
end
it
"rejects the unfingerprintable key"
do
build
(
:key_with_a_space_in_the_middle
).
should_not
be_valid
end
end
end
end
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment