Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
1
Merge Requests
1
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
nexedi
gitlab-ce
Commits
b5f9d29f
Commit
b5f9d29f
authored
Oct 03, 2012
by
Valeriy Sizov
Browse files
Options
Browse Files
Download
Plain Diff
Merge pull request #1617 from dosire/reject-ssh-keys-that-break-gitolite
Reject ssh keys that break gitolite
parents
4cbfe942
7284c58c
Changes
6
Show whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
38 additions
and
8 deletions
+38
-8
app/models/key.rb
app/models/key.rb
+16
-1
features/steps/profile/profile_ssh_keys.rb
features/steps/profile/profile_ssh_keys.rb
+1
-1
spec/factories.rb
spec/factories.rb
+7
-5
spec/factories_spec.rb
spec/factories_spec.rb
+1
-0
spec/models/key_spec.rb
spec/models/key_spec.rb
+12
-0
spec/requests/projects_deploy_keys_spec.rb
spec/requests/projects_deploy_keys_spec.rb
+1
-1
No files found.
app/models/key.rb
View file @
b5f9d29f
...
@@ -14,7 +14,7 @@ class Key < ActiveRecord::Base
...
@@ -14,7 +14,7 @@ class Key < ActiveRecord::Base
before_save
:set_identifier
before_save
:set_identifier
before_validation
:strip_white_space
before_validation
:strip_white_space
delegate
:name
,
:email
,
to: :user
,
prefix:
true
delegate
:name
,
:email
,
to: :user
,
prefix:
true
validate
:unique_key
validate
:unique_key
,
:fingerprintable_key
def
strip_white_space
def
strip_white_space
self
.
key
=
self
.
key
.
strip
unless
self
.
key
.
blank?
self
.
key
=
self
.
key
.
strip
unless
self
.
key
.
blank?
...
@@ -28,6 +28,21 @@ class Key < ActiveRecord::Base
...
@@ -28,6 +28,21 @@ class Key < ActiveRecord::Base
end
end
end
end
def
fingerprintable_key
return
true
unless
key
# Don't test if there is no key.
# `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
file
=
Tempfile
.
new
(
'key_file'
)
begin
file
.
puts
key
file
.
rewind
fingerprint_output
=
`ssh-keygen -lf
#{
file
.
path
}
2>&1`
# Catch stderr.
ensure
file
.
close
file
.
unlink
# deletes the temp file
end
errors
.
add
(
:key
,
"can't be fingerprinted"
)
if
fingerprint_output
.
match
(
"failed"
)
end
def
set_identifier
def
set_identifier
if
is_deploy_key
if
is_deploy_key
self
.
identifier
=
"deploy_
#{
Digest
::
MD5
.
hexdigest
(
key
)
}
"
self
.
identifier
=
"deploy_
#{
Digest
::
MD5
.
hexdigest
(
key
)
}
"
...
...
features/steps/profile/profile_ssh_keys.rb
View file @
b5f9d29f
...
@@ -13,7 +13,7 @@ class ProfileSshKeys < Spinach::FeatureSteps
...
@@ -13,7 +13,7 @@ class ProfileSshKeys < Spinach::FeatureSteps
And
'I submit new ssh key "Laptop"'
do
And
'I submit new ssh key "Laptop"'
do
fill_in
"key_title"
,
:with
=>
"Laptop"
fill_in
"key_title"
,
:with
=>
"Laptop"
fill_in
"key_key"
,
:with
=>
"ssh-rsa
publickey234=
"
fill_in
"key_key"
,
:with
=>
"ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzrEJUIR6Y03TCE9rIJ+GqTBvgb8t1jI9h5UBzCLuK4VawOmkLornPqLDrGbm6tcwM/wBrrLvVOqi2HwmkKEIecVO0a64A4rIYScVsXIniHRS6w5twyn1MD3sIbN+socBDcaldECQa2u1dI3tnNVcs8wi77fiRe7RSxePsJceGoheRQgC8AZ510UdIlO+9rjIHUdVN7LLyz512auAfYsgx1OfablkQ/XJcdEwDNgi9imI6nAXhmoKUm1IPLT2yKajTIC64AjLOnE0YyCh6+7RFMpiMyu1qiOCpdjYwTgBRiciNRZCH8xIedyCoAmiUgkUT40XYHwLuwiPJICpkAzp7Q== user@laptop
"
click_button
"Save"
click_button
"Save"
end
end
...
...
spec/factories.rb
View file @
b5f9d29f
...
@@ -89,11 +89,7 @@ FactoryGirl.define do
...
@@ -89,11 +89,7 @@ FactoryGirl.define do
factory
:key
do
factory
:key
do
title
title
key
do
key
do
"""
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4
596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4
soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=
"""
end
end
factory
:deploy_key
do
factory
:deploy_key
do
...
@@ -103,6 +99,12 @@ FactoryGirl.define do
...
@@ -103,6 +99,12 @@ FactoryGirl.define do
factory
:personal_key
do
factory
:personal_key
do
user
user
end
end
factory
:key_with_a_space_in_the_middle
do
key
do
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa ++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
end
end
end
end
factory
:milestone
do
factory
:milestone
do
...
...
spec/factories_spec.rb
View file @
b5f9d29f
require
'spec_helper'
require
'spec_helper'
FactoryGirl
.
factories
.
map
(
&
:name
).
each
do
|
factory_name
|
FactoryGirl
.
factories
.
map
(
&
:name
).
each
do
|
factory_name
|
next
if
:key_with_a_space_in_the_middle
==
factory_name
describe
"
#{
factory_name
}
factory"
do
describe
"
#{
factory_name
}
factory"
do
it
'should be valid'
do
it
'should be valid'
do
build
(
factory_name
).
should
be_valid
build
(
factory_name
).
should
be_valid
...
...
spec/models/key_spec.rb
View file @
b5f9d29f
...
@@ -51,4 +51,16 @@ describe Key do
...
@@ -51,4 +51,16 @@ describe Key do
end
end
end
end
end
end
context
"validate it is a fingerprintable key"
do
let
(
:user
)
{
Factory
.
create
(
:user
)
}
it
"accepts the fingerprintable key"
do
build
(
:key
,
user:
user
).
should
be_valid
end
it
"rejects the unfingerprintable key"
do
build
(
:key_with_a_space_in_the_middle
).
should_not
be_valid
end
end
end
end
spec/requests/projects_deploy_keys_spec.rb
View file @
b5f9d29f
...
@@ -42,7 +42,7 @@ describe "Projects", "DeployKeys" do
...
@@ -42,7 +42,7 @@ describe "Projects", "DeployKeys" do
describe
"fill in"
do
describe
"fill in"
do
before
do
before
do
fill_in
"key_title"
,
with:
"laptop"
fill_in
"key_title"
,
with:
"laptop"
fill_in
"key_key"
,
with:
"ssh-rsa
publickey234=
"
fill_in
"key_key"
,
with:
"ssh-rsa
AAAAB3NzaC1yc2EAAAABIwAAAQEAzrEJUIR6Y03TCE9rIJ+GqTBvgb8t1jI9h5UBzCLuK4VawOmkLornPqLDrGbm6tcwM/wBrrLvVOqi2HwmkKEIecVO0a64A4rIYScVsXIniHRS6w5twyn1MD3sIbN+socBDcaldECQa2u1dI3tnNVcs8wi77fiRe7RSxePsJceGoheRQgC8AZ510UdIlO+9rjIHUdVN7LLyz512auAfYsgx1OfablkQ/XJcdEwDNgi9imI6nAXhmoKUm1IPLT2yKajTIC64AjLOnE0YyCh6+7RFMpiMyu1qiOCpdjYwTgBRiciNRZCH8xIedyCoAmiUgkUT40XYHwLuwiPJICpkAzp7Q== user@laptop
"
end
end
it
{
expect
{
click_button
"Save"
}.
to
change
{
Key
.
count
}.
by
(
1
)
}
it
{
expect
{
click_button
"Save"
}.
to
change
{
Key
.
count
}.
by
(
1
)
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment