Commit 1070453a authored by Vitali Tatarintev's avatar Vitali Tatarintev

Merge branch '235756-ssh-public-keys-no-longer-public-accessible' into 'master'

Make SSH keys publicly accessible

Closes #235756

See merge request gitlab-org/gitlab!42288
parents aefe79d2 097ef44b
# frozen_string_literal: true # frozen_string_literal: true
class Profiles::KeysController < Profiles::ApplicationController class Profiles::KeysController < Profiles::ApplicationController
skip_before_action :authenticate_user!, only: [:get_keys]
def index def index
@keys = current_user.keys.order_id_desc @keys = current_user.keys.order_id_desc
@key = Key.new @key = Key.new
...@@ -31,6 +33,25 @@ class Profiles::KeysController < Profiles::ApplicationController ...@@ -31,6 +33,25 @@ class Profiles::KeysController < Profiles::ApplicationController
end end
end end
# Get all keys of a user(params[:username]) in a text format
# Helpful for sysadmins to put in respective servers
def get_keys
if params[:username].present?
begin
user = UserFinder.new(params[:username]).find_by_username
if user.present?
render plain: user.all_ssh_keys.join("\n")
else
render_404
end
rescue => e
render html: e.message
end
else
render_404
end
end
private private
def key_params def key_params
......
...@@ -37,12 +37,6 @@ class UsersController < ApplicationController ...@@ -37,12 +37,6 @@ class UsersController < ApplicationController
end end
end end
# Get all keys of a user(params[:username]) in a text format
# Helpful for sysadmins to put in respective servers
def ssh_keys
render plain: user.all_ssh_keys.join("\n")
end
def activity def activity
respond_to do |format| respond_to do |format|
format.html { render 'show' } format.html { render 'show' }
......
---
title: Make SSH keys publicly accessible
merge_request: 42288
author:
type: fixed
...@@ -55,7 +55,7 @@ end ...@@ -55,7 +55,7 @@ end
constraints(::Constraints::UserUrlConstrainer.new) do constraints(::Constraints::UserUrlConstrainer.new) do
# Get all keys of user # Get all keys of user
get ':username.keys', controller: :users, action: :ssh_keys, constraints: { username: Gitlab::PathRegex.root_namespace_route_regex } get ':username.keys' => 'profiles/keys#get_keys', constraints: { username: Gitlab::PathRegex.root_namespace_route_regex }
scope(path: ':username', scope(path: ':username',
as: :user, as: :user,
......
...@@ -20,4 +20,108 @@ RSpec.describe Profiles::KeysController do ...@@ -20,4 +20,108 @@ RSpec.describe Profiles::KeysController do
expect(Key.last.expires_at).to be_like_time(expires_at) expect(Key.last.expires_at).to be_like_time(expires_at)
end end
end end
describe "#get_keys" do
describe "non existent user" do
it "does not generally work" do
get :get_keys, params: { username: 'not-existent' }
expect(response).not_to be_successful
end
end
describe "user with no keys" do
it "does generally work" do
get :get_keys, params: { username: user.username }
expect(response).to be_successful
end
it "renders all keys separated with a new line" do
get :get_keys, params: { username: user.username }
expect(response.body).to eq("")
end
it "responds with text/plain content type" do
get :get_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
end
end
describe "user with keys" do
let!(:key) { create(:key, user: user) }
let!(:another_key) { create(:another_key, user: user) }
let!(:deploy_key) { create(:deploy_key, user: user) }
describe "while signed in" do
before do
sign_in(user)
end
it "does generally work" do
get :get_keys, params: { username: user.username }
expect(response).to be_successful
end
it "renders all non deploy keys separated with a new line" do
get :get_keys, params: { username: user.username }
expect(response.body).not_to eq('')
expect(response.body).to eq(user.all_ssh_keys.join("\n"))
expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).not_to include(deploy_key.key)
end
it "does not render the comment of the key" do
get :get_keys, params: { username: user.username }
expect(response.body).not_to match(/dummy@gitlab.com/)
end
it "responds with text/plain content type" do
get :get_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
end
end
describe 'when logged out' do
before do
sign_out(user)
end
it "still does generally work" do
get :get_keys, params: { username: user.username }
expect(response).to be_successful
end
it "renders all non deploy keys separated with a new line" do
get :get_keys, params: { username: user.username }
expect(response.body).not_to eq('')
expect(response.body).to eq(user.all_ssh_keys.join("\n"))
expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).not_to include(deploy_key.key)
end
it "does not render the comment of the key" do
get :get_keys, params: { username: user.username }
expect(response.body).not_to match(/dummy@gitlab.com/)
end
it "responds with text/plain content type" do
get :get_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
end
end
end
end
end end
...@@ -114,71 +114,6 @@ RSpec.describe UsersController do ...@@ -114,71 +114,6 @@ RSpec.describe UsersController do
end end
end end
describe "#ssh_keys" do
describe "non existent user" do
it "does not generally work" do
get :ssh_keys, params: { username: 'not-existent' }
expect(response).not_to be_successful
end
end
describe "user with no keys" do
it "does generally work" do
get :ssh_keys, params: { username: user.username }
expect(response).to be_successful
end
it "renders all keys separated with a new line" do
get :ssh_keys, params: { username: user.username }
expect(response.body).to eq("")
end
it "responds with text/plain content type" do
get :ssh_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
end
end
describe "user with keys" do
let!(:key) { create(:key, user: user) }
let!(:another_key) { create(:another_key, user: user) }
let!(:deploy_key) { create(:deploy_key, user: user) }
it "does generally work" do
get :ssh_keys, params: { username: user.username }
expect(response).to be_successful
end
it "renders all non deploy keys separated with a new line" do
get :ssh_keys, params: { username: user.username }
expect(response.body).not_to eq('')
expect(response.body).to eq(user.all_ssh_keys.join("\n"))
expect(response.body).to include(key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).to include(another_key.key.sub(' dummy@gitlab.com', ''))
expect(response.body).not_to include(deploy_key.key)
end
it "does not render the comment of the key" do
get :ssh_keys, params: { username: user.username }
expect(response.body).not_to match(/dummy@gitlab.com/)
end
it "responds with text/plain content type" do
get :ssh_keys, params: { username: user.username }
expect(response.content_type).to eq("text/plain")
end
end
end
describe 'GET #calendar' do describe 'GET #calendar' do
context 'for user' do context 'for user' do
let(:project) { create(:project) } let(:project) { create(:project) }
......
...@@ -32,13 +32,6 @@ RSpec.describe UsersController, "routing" do ...@@ -32,13 +32,6 @@ RSpec.describe UsersController, "routing" do
expect(get("/users/User/snippets")).to route_to('users#snippets', username: 'User') expect(get("/users/User/snippets")).to route_to('users#snippets', username: 'User')
end end
# get all the ssh-keys of a user
it "to #get_keys" do
allow_any_instance_of(::Constraints::UserUrlConstrainer).to receive(:matches?).and_return(true)
expect(get("/User.keys")).to route_to('users#ssh_keys', username: 'User')
end
it "to #calendar" do it "to #calendar" do
expect(get("/users/User/calendar")).to route_to('users#calendar', username: 'User') expect(get("/users/User/calendar")).to route_to('users#calendar', username: 'User')
end end
...@@ -193,6 +186,12 @@ RSpec.describe Profiles::KeysController, "routing" do ...@@ -193,6 +186,12 @@ RSpec.describe Profiles::KeysController, "routing" do
it "to #destroy" do it "to #destroy" do
expect(delete("/profile/keys/1")).to route_to('profiles/keys#destroy', id: '1') expect(delete("/profile/keys/1")).to route_to('profiles/keys#destroy', id: '1')
end end
it "to #get_keys" do
allow_any_instance_of(::Constraints::UserUrlConstrainer).to receive(:matches?).and_return(true)
expect(get("/foo.keys")).to route_to('profiles/keys#get_keys', username: 'foo')
end
end end
# emails GET /emails(.:format) emails#index # emails GET /emails(.:format) emails#index
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment