Skip to content
Snippets Groups Projects
Commit f1ccecc9 authored by Alexis Reigel's avatar Alexis Reigel
Browse files

improve gpg key validation 

when omitting the end part of the key ('-----END PGP PUBLIC KEY
BLOCK-----') the error message was not about the key anymore, but about
the missing fingerprint and primary_keyid, which was confusing for the
user.
the new validation checks that the end also matches the expected format.
parent 9488b778
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
app/models/gpg_key.rb
+ 3
2
View file @ f1ccecc9
class GpgKey < ActiveRecord::Base class GpgKey < ActiveRecord::Base
KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'.freeze KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'.freeze
KEY_SUFFIX = '-----END PGP PUBLIC KEY BLOCK-----'.freeze
   
include ShaAttribute include ShaAttribute
   
@@ -15,8 +16,8 @@ class GpgKey < ActiveRecord::Base
@@ -15,8 +16,8 @@ class GpgKey < ActiveRecord::Base
presence: true, presence: true,
uniqueness: true, uniqueness: true,
format: { format: {
with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX}).)+\Z/m, with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}'" message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
} }
   
validates :fingerprint, validates :fingerprint,
spec/models/gpg_key_spec.rb
+ 9
1
View file @ f1ccecc9
@@ -7,10 +7,18 @@ describe GpgKey do
@@ -7,10 +7,18 @@ describe GpgKey do
   
describe "validation" do describe "validation" do
it { is_expected.to validate_presence_of(:user) } it { is_expected.to validate_presence_of(:user) }
it { is_expected.to validate_presence_of(:key) } it { is_expected.to validate_presence_of(:key) }
it { is_expected.to validate_uniqueness_of(:key) } it { is_expected.to validate_uniqueness_of(:key) }
it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) } it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK----------END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("key\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value('BEGIN PGP').for(:key) } it { is_expected.not_to allow_value('BEGIN PGP').for(:key) }
end end
   
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment