Reject ssh keys that break gitolite.

Failing test. Working check.
2012-09-21 18:22:43 +02:00 · 2012-09-21 18:22:43 +02:00 · f3ce02b5c9
commit f3ce02b5c9
parent 8f9a450eed
3 changed files with 35 additions and 6 deletions
--- a/app/models/key.rb
+++ b/app/models/key.rb
@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
  before_save :set_identifier
  before_validation :strip_white_space
  delegate :name, :email, to: :user, prefix: true
-  validate :unique_key
+  validate :unique_key, :fingerprintable_key

  def strip_white_space
    self.key = self.key.strip unless self.key.blank?
@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
    end
  end

+  def fingerprintable_key
+    return true unless key # Don't test if there is no key.
+    # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
+    file = Tempfile.new('key_file')
+    begin
+      file.puts key
+      file.rewind
+      fingerprint_output = `ssh-keygen -lf #{file.path} 2>&1` # Catch stderr.
+    ensure
+      file.close
+      file.unlink # deletes the temp file
+    end
+    errors.add(:key, "can't be fingerprinted") if fingerprint_output.match("failed")
+  end
+
  def set_identifier
    if is_deploy_key
      self.identifier = "deploy_" + Digest::MD5.hexdigest(key)
--- a/spec/factories.rb
+++ b/spec/factories.rb
@ -83,11 +83,7 @@ FactoryGirl.define do
  factory :key do
    title
    key do
-      """
-      ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4
-      596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4
-      soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0=
-      """
+      "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
    end

    factory :deploy_key do
@ -97,6 +93,12 @@ FactoryGirl.define do
    factory :personal_key do
      user
    end
+
+    factory :key_with_a_space_in_the_middle do
+      key do
+        "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa ++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
+      end
+    end
  end

  factory :milestone do
--- a/spec/models/key_spec.rb
+++ b/spec/models/key_spec.rb
@ -46,4 +46,16 @@ describe Key do
      end
    end
  end
+
+  context "validate it is a fingerprintable key" do
+    let(:user) { Factory.create(:user) }
+
+    it "accepts the fingerprintable key" do
+      build(:key, user: user).should be_valid
+    end
+
+    it "rejects the unfingerprintable key" do
+      build(:key_with_a_space_in_the_middle).should_not be_valid
+    end
+  end
 end