2018-06-27 12:20:23 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-28 16:58:36 -04:00
|
|
|
class KeyRestrictionValidator < ActiveModel::EachValidator
|
|
|
|
FORBIDDEN = -1
|
2022-03-28 11:07:51 -04:00
|
|
|
ALLOWED = 0
|
2017-08-28 16:58:36 -04:00
|
|
|
|
|
|
|
def self.supported_sizes(type)
|
|
|
|
Gitlab::SSHPublicKey.supported_sizes(type)
|
|
|
|
end
|
|
|
|
|
|
|
|
def self.supported_key_restrictions(type)
|
2022-03-28 11:07:51 -04:00
|
|
|
if Gitlab::FIPS.enabled?
|
|
|
|
[*supported_sizes(type), FORBIDDEN]
|
|
|
|
else
|
|
|
|
[ALLOWED, *supported_sizes(type), FORBIDDEN]
|
|
|
|
end
|
2017-08-28 16:58:36 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def validate_each(record, attribute, value)
|
|
|
|
unless valid_restriction?(value)
|
2022-03-28 11:07:51 -04:00
|
|
|
record.errors.add(attribute, "must be #{supported_sizes_message}")
|
2017-08-28 16:58:36 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
def supported_sizes_message
|
2022-03-28 11:07:51 -04:00
|
|
|
sizes = []
|
|
|
|
|
|
|
|
sizes << "forbidden" if valid_restriction?(FORBIDDEN)
|
|
|
|
sizes << "allowed" if valid_restriction?(ALLOWED)
|
|
|
|
sizes += self.class.supported_sizes(options[:type])
|
2020-01-07 19:07:43 -05:00
|
|
|
|
|
|
|
Gitlab::Utils.to_exclusive_sentence(sizes)
|
2017-08-28 16:58:36 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
def valid_restriction?(value)
|
|
|
|
choices = self.class.supported_key_restrictions(options[:type])
|
|
|
|
choices.include?(value)
|
|
|
|
end
|
|
|
|
end
|