Commit c6f68f89 authored by Jonas Wälter's avatar Jonas Wälter Committed by Heinrich Lee Yu

Update help/instance_configuration: hide SSH keys if algorithm disabled

parent d519789a
...@@ -22,7 +22,12 @@ class InstanceConfiguration ...@@ -22,7 +22,12 @@ class InstanceConfiguration
private private
def ssh_algorithms_hashes def ssh_algorithms_hashes
SSH_ALGORITHMS.map { |algo| ssh_algorithm_hashes(algo) }.compact SSH_ALGORITHMS.select { |algo| ssh_algorithm_enabled?(algo) }.map { |algo| ssh_algorithm_hashes(algo) }.compact
end
def ssh_algorithm_enabled?(algorithm)
algorithm_key_restriction = application_settings["#{algorithm.downcase}_key_restriction"]
algorithm_key_restriction.nil? || algorithm_key_restriction != ApplicationSetting::FORBIDDEN_KEY_VALUE
end end
def host def host
......
...@@ -31,6 +31,23 @@ RSpec.describe InstanceConfiguration do ...@@ -31,6 +31,23 @@ RSpec.describe InstanceConfiguration do
expect(result.size).to eq(InstanceConfiguration::SSH_ALGORITHMS.size) expect(result.size).to eq(InstanceConfiguration::SSH_ALGORITHMS.size)
end end
it 'includes all algorithms' do
stub_pub_file(pub_file)
result = subject.settings[:ssh_algorithms_hashes]
expect(result.map { |a| a[:name] }).to match_array(%w(DSA ECDSA ED25519 RSA))
end
it 'does not include disabled algorithm' do
Gitlab::CurrentSettings.current_application_settings.update!(dsa_key_restriction: ApplicationSetting::FORBIDDEN_KEY_VALUE)
stub_pub_file(pub_file)
result = subject.settings[:ssh_algorithms_hashes]
expect(result.map { |a| a[:name] }).to match_array(%w(ECDSA ED25519 RSA))
end
def pub_file(exist: true) def pub_file(exist: true)
path = exist ? 'spec/fixtures/ssh_host_example_key.pub' : 'spec/fixtures/ssh_host_example_key.pub.random' path = exist ? 'spec/fixtures/ssh_host_example_key.pub' : 'spec/fixtures/ssh_host_example_key.pub.random'
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment