Commit f3ce02b5 authored by Sytse Sijbrandij's avatar Sytse Sijbrandij

Reject ssh keys that break gitolite.

Failing test.

Working check.
parent 8f9a450e
...@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base ...@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
before_save :set_identifier before_save :set_identifier
before_validation :strip_white_space before_validation :strip_white_space
delegate :name, :email, to: :user, prefix: true delegate :name, :email, to: :user, prefix: true
validate :unique_key validate :unique_key, :fingerprintable_key
def strip_white_space def strip_white_space
self.key = self.key.strip unless self.key.blank? self.key = self.key.strip unless self.key.blank?
...@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base ...@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
end end
end end
def fingerprintable_key
return true unless key # Don't test if there is no key.
# `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
file = Tempfile.new('key_file')
begin
file.puts key
file.rewind
fingerprint_output = `ssh-keygen -lf #{file.path} 2>&1` # Catch stderr.
ensure
file.close
file.unlink # deletes the temp file
end
errors.add(:key, "can't be fingerprinted") if fingerprint_output.match("failed")
end
def set_identifier def set_identifier
if is_deploy_key if is_deploy_key
self.identifier = "deploy_" + Digest::MD5.hexdigest(key) self.identifier = "deploy_" + Digest::MD5.hexdigest(key)
......
...@@ -83,11 +83,7 @@ FactoryGirl.define do ...@@ -83,11 +83,7 @@ FactoryGirl.define do
factory :key do factory :key do
title title
key do key do
""" "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4
596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4
soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=
"""
end end
factory :deploy_key do factory :deploy_key do
...@@ -97,6 +93,12 @@ FactoryGirl.define do ...@@ -97,6 +93,12 @@ FactoryGirl.define do
factory :personal_key do factory :personal_key do
user user
end end
factory :key_with_a_space_in_the_middle do
key do
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa ++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
end
end
end end
factory :milestone do factory :milestone do
......
...@@ -46,4 +46,16 @@ describe Key do ...@@ -46,4 +46,16 @@ describe Key do
end end
end end
end end
context "validate it is a fingerprintable key" do
let(:user) { Factory.create(:user) }
it "accepts the fingerprintable key" do
build(:key, user: user).should be_valid
end
it "rejects the unfingerprintable key" do
build(:key_with_a_space_in_the_middle).should_not be_valid
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment