Skip to content
Snippets Groups Projects
Commit f3ce02b5 authored by Sid Sijbrandij's avatar Sid Sijbrandij
Browse files

Reject ssh keys that break gitolite. 

Failing test.

Working check.
parent 8f9a450e
No related branches found
No related tags found
1 merge request!1617Reject ssh keys that break gitolite
Hide whitespace changes
Inline Side-by-side
app/models/key.rb
+ 16
1
View file @ f3ce02b5
@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
before_save :set_identifier
before_validation :strip_white_space
delegate :name, :email, to: :user, prefix: true
validate :unique_key
validate :unique_key, :fingerprintable_key
 
def strip_white_space
self.key = self.key.strip unless self.key.blank?
@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
end
end
 
def fingerprintable_key
return true unless key # Don't test if there is no key.
# `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
file = Tempfile.new('key_file')
begin
file.puts key
file.rewind
fingerprint_output = `ssh-keygen -lf #{file.path} 2>&1` # Catch stderr.
ensure
file.close
file.unlink # deletes the temp file
end
errors.add(:key, "can't be fingerprinted") if fingerprint_output.match("failed")
end
def set_identifier
if is_deploy_key
self.identifier = "deploy_" + Digest::MD5.hexdigest(key)
spec/factories.rb
+ 7
5
View file @ f3ce02b5
@@ -83,11 +83,7 @@ FactoryGirl.define do
factory :key do
title
key do
"""
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4
596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4
soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=
"""
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
end
 
factory :deploy_key do
@@ -97,6 +93,12 @@ FactoryGirl.define do
factory :personal_key do
user
end
factory :key_with_a_space_in_the_middle do
key do
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa ++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
end
end
end
 
factory :milestone do
spec/models/key_spec.rb
+ 12
0
View file @ f3ce02b5
@@ -46,4 +46,16 @@ describe Key do
end
end
end
context "validate it is a fingerprintable key" do
let(:user) { Factory.create(:user) }
it "accepts the fingerprintable key" do
build(:key, user: user).should be_valid
end
it "rejects the unfingerprintable key" do
build(:key_with_a_space_in_the_middle).should_not be_valid
end
end
end
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment