kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity
gitlab-org--gitlab-foss/app/models/key.rb

154 lines
4.1 KiB
Ruby
Raw Normal View History

Enable frozen string in app/models/*.rb Partially addresses #47424.
2018-07-25 05:30:33 -04:00
# frozen_string_literal: true
Allow non-unique deploy keys
2012-02-07 16:56:53 -05:00
require 'digest/md5'
Inherit from ApplicationRecord instead of ActiveRecord::Base
2019-03-28 09:17:42 -04:00
class Key < ApplicationRecord
Consistently schedule Sidekiq jobs
2017-11-29 10:30:17 -05:00
include AfterCommitQueue
Explicitly define ordering in models using default_scope
2015-02-05 17:20:55 -05:00
include Sortable
Add latest changes from gitlab-org/gitlab@master
2019-12-11 13:08:10 -05:00
include Sha256Attribute
Add latest changes from gitlab-org/gitlab@master
2020-03-13 05:09:23 -04:00
include Expirable
Add latest changes from gitlab-org/gitlab@master
2021-06-09 20:10:09 -04:00
include FromUnion
Add latest changes from gitlab-org/gitlab@master
2019-12-11 13:08:10 -05:00
sha256_attribute :fingerprint_sha256
store and display public key fingerprint
2013-06-24 13:07:21 -04:00
init commit
2011-10-08 17:36:38 -04:00
belongs_to :user
Use setter for key instead AR callback ref: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6763
2016-11-15 14:16:45 -05:00
before_validation :generate_fingerprint
simple refactoring
2012-10-08 20:10:04 -04:00
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-12-02 07:54:57 -05:00
validates :title,
presence: true,
length: { maximum: 255 }
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-12-02 07:54:57 -05:00
validates :key,
presence: true,
length: { maximum: 5000 },
format: { with: /\A(ssh|ecdsa)-.*\Z/ }
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me>
2016-12-02 07:54:57 -05:00
validates :fingerprint,
uniqueness: true,
presence: { message: 'cannot be generated' }
init commit
2011-10-08 17:36:38 -04:00
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
2017-08-25 09:08:48 -04:00
validate :key_meets_restrictions
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/
2012-08-10 18:07:50 -04:00
delegate :name, :email, to: :user, prefix: true
Allow non-unique deploy keys
2012-02-07 16:56:53 -05:00
Add latest changes from gitlab-org/gitlab@master
2020-03-12 08:09:17 -04:00
after_commit :add_to_authorized_keys, on: :create
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests
2014-08-18 10:46:46 -04:00
after_create :post_create_hook
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed.
2017-11-15 09:47:10 -05:00
after_create :refresh_user_cache
Add latest changes from gitlab-org/gitlab@master
2020-03-12 08:09:17 -04:00
after_commit :remove_from_authorized_keys, on: :destroy
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests
2014-08-18 10:46:46 -04:00
after_destroy :post_destroy_hook
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed.
2017-11-15 09:47:10 -05:00
after_destroy :refresh_user_cache
Remove KeysObserver Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-04-02 14:13:05 -04:00
Add latest changes from gitlab-org/gitlab@master
2019-12-11 13:08:10 -05:00
alias_attribute :fingerprint_md5, :fingerprint
Add latest changes from gitlab-org/gitlab@master
2019-12-17 04:07:48 -05:00
scope :preload_users, -> { preload(:user) }
scope :for_user, -> (user) { where(user: user) }
scope :order_last_used_at_desc, -> { reorder(::Gitlab::Database.nulls_last_order('last_used_at', 'DESC')) }
Add latest changes from gitlab-org/gitlab@master
2021-06-07 08:10:00 -04:00
# Date is set specifically in this scope to improve query time.
Add latest changes from gitlab-org/gitlab@master
2021-11-03 11:13:48 -04:00
scope :expired_today_and_not_notified, -> { where(["date(expires_at AT TIME ZONE 'UTC') = CURRENT_DATE AND expiry_notification_delivered_at IS NULL"]) }
Add latest changes from gitlab-org/gitlab@master
2021-04-07 20:09:11 -04:00
scope :expiring_soon_and_not_notified, -> { where(["date(expires_at AT TIME ZONE 'UTC') > CURRENT_DATE AND date(expires_at AT TIME ZONE 'UTC') < ? AND before_expiry_notification_delivered_at IS NULL", DAYS_TO_EXPIRE.days.from_now.to_date]) }
Add latest changes from gitlab-org/gitlab@master
2019-12-17 04:07:48 -05:00
Use a method for the has_many :keys in Project This moves the `where` in the `has_many :keys` association in Project to the Key model. This allows EE to override this method, instead of modifying the source code directly.
2018-10-30 12:48:06 -04:00
def self.regular_keys
where(type: ['Key', nil])
end
Use setter for key instead AR callback ref: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6763
2016-11-15 14:16:45 -05:00
def key=(value)
Revert "Merge branch 'rd-43185-revert-sanitize-extra-blank-spaces-used-when-uploading-a-ssh-key' into 'master'" This reverts commit e607fd796657afd214b8f25201919d3e33b3f35f.
2018-02-15 09:50:19 -05:00
write_attribute(:key, value.present? ? Gitlab::SSHPublicKey.sanitize(value) : nil)
Ensure key fingerprints are generated correctly when modified
2017-10-03 13:31:16 -04:00
@public_key = nil
Improved validation. Strip key.
2012-02-07 17:32:20 -05:00
end
Only publish ssh key-type and key
2015-06-19 13:17:34 -04:00
def publishable_key
Add simple identifier to public SSH keys
2016-08-02 01:56:23 -04:00
# Strip out the keys comment so we don't leak email addresses
# Replace with simple ident of user_name (hostname)
self.key.split[0..1].push("#{self.user_name} (#{Gitlab.config.gitlab.host})").join(' ')
Only publish ssh key-type and key
2015-06-19 13:17:34 -04:00
end
Models Refactoring: Move methods to roles
2012-06-07 08:44:57 -04:00
# projects that has this key
init commit
2011-10-08 17:36:38 -04:00
def projects
Create DeployKey & DeployKeysProject models. Bulding many to many relation between deploy keys and projects
2013-05-06 05:26:36 -04:00
user.authorized_projects
init commit
2011-10-08 17:36:38 -04:00
end
Use similar interface to access gitolite Simplified gitolite handle logic Stubn over monkeypatch Stub only specific methods in Gitlab:Gitolite Moved grach auth to lib added specs for keys observer removes SshKey role
2012-08-28 17:04:06 -04:00
add remove keys from gitlab-shell by id
2013-02-05 04:12:15 -05:00
def shell_id
Create DeployKey & DeployKeysProject models. Bulding many to many relation between deploy keys and projects
2013-05-06 05:26:36 -04:00
"key-#{id}"
Make gitlab works with gitlab-shell
2013-02-04 08:07:56 -05:00
end
store and display public key fingerprint
2013-06-24 13:07:21 -04:00
Resolved EE differences in app/views/profiles/keys **How?** It creates a base method `can_delete?` on Key which will always be true in CE and is overridden in EE. Added changelog entry
2019-05-29 09:47:40 -04:00
# EE overrides this
def can_delete?
true
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ServiceClass
Record and show last used date of SSH Keys Addresses: Issue #13810 1. Adds a last_used_at attribute to the Key table/model 2. Update a key's last_used_at whenever it gets used 3. Display how long ago an ssh key was last used
2016-12-21 09:59:54 -05:00
def update_last_used_at
Stop using Sidekiq for updating Key#last_used_at This makes things simpler as no scheduling is involved. Further we remove the need for running a SELECT + UPDATE just to get the key and update it, whereas we only need an UPDATE when setting last_used_at directly in a request. The added service class takes care of updating Key#last_used_at without using Sidekiq. Further it makes sure we only try to obtain a Redis lease if we're confident that we actually need to do so, instead of always obtaining it. We also make sure to _only_ update last_used_at instead of also updating updated_at. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/36663
2017-09-20 08:21:15 -04:00
Keys::LastUsedService.new(self).execute
Record and show last used date of SSH Keys Addresses: Issue #13810 1. Adds a last_used_at attribute to the Key table/model 2. Update a key's last_used_at whenever it gets used 3. Display how long ago an ssh key was last used
2016-12-21 09:59:54 -05:00
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ServiceClass
Record and show last used date of SSH Keys Addresses: Issue #13810 1. Adds a last_used_at attribute to the Key table/model 2. Update a key's last_used_at whenever it gets used 3. Display how long ago an ssh key was last used
2016-12-21 09:59:54 -05:00
Add latest changes from gitlab-org/gitlab@master
2020-03-12 08:09:17 -04:00
def add_to_authorized_keys
return unless Gitlab::CurrentSettings.authorized_keys_enabled?
AuthorizedKeysWorker.perform_async(:add_key, shell_id, key)
Remove KeysObserver Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-04-02 14:13:05 -04:00
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ServiceClass
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests
2014-08-18 10:46:46 -04:00
def post_create_hook
SystemHooksService.new.execute_hooks_for(self, :create)
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ServiceClass
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests
2014-08-18 10:46:46 -04:00
Add latest changes from gitlab-org/gitlab@master
2020-03-12 08:09:17 -04:00
def remove_from_authorized_keys
return unless Gitlab::CurrentSettings.authorized_keys_enabled?
AuthorizedKeysWorker.perform_async(:remove_key, shell_id)
Remove KeysObserver Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com>
2014-04-02 14:13:05 -04:00
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ServiceClass
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed.
2017-11-15 09:47:10 -05:00
def refresh_user_cache
return unless user
Users::KeysCountService.new(user).refresh_cache
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ServiceClass
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed.
2017-11-15 09:47:10 -05:00
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: disable CodeReuse/ServiceClass
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests
2014-08-18 10:46:46 -04:00
def post_destroy_hook
SystemHooksService.new.execute_hooks_for(self, :destroy)
end
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop.
2018-08-27 11:31:01 -04:00
# rubocop: enable CodeReuse/ServiceClass
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests
2014-08-18 10:46:46 -04:00
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
def public_key
@public_key ||= Gitlab::SSHPublicKey.new(key)
end
store and display public key fingerprint
2013-06-24 13:07:21 -04:00
private
Fix various typos signe-in -> signed-in go_to_gihub_for_permissions -> go_to_github_for_permissions descendand -> descendant behavour -> behaviour recepient_email -> recipient_email generate_fingerpint -> generate_fingerprint dependes -> depends Cant't -> Can't wisit -> visit notifcation -> notification sufficent_scope -> sufficient_scope? levet -> level
2015-01-18 10:29:37 -05:00
def generate_fingerprint
Validate fingerprint uniqueness
2013-07-17 09:16:34 -04:00
self.fingerprint = nil
Add latest changes from gitlab-org/gitlab@master
2019-12-11 13:08:10 -05:00
self.fingerprint_sha256 = nil
Refactor key fingerprint generation.
2015-04-14 06:00:43 -04:00
Revert "Merge branch 'rd-43185-revert-sanitize-extra-blank-spaces-used-when-uploading-a-ssh-key' into 'master'" This reverts commit e607fd796657afd214b8f25201919d3e33b3f35f.
2018-02-15 09:50:19 -05:00
return unless public_key.valid?
Refactor key fingerprint generation.
2015-04-14 06:00:43 -04:00
Add latest changes from gitlab-org/gitlab@master
2019-12-11 13:08:10 -05:00
self.fingerprint_md5 = public_key.fingerprint
self.fingerprint_sha256 = public_key.fingerprint("SHA256").gsub("SHA256:", "")
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
end
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
2017-08-25 09:08:48 -04:00
def key_meets_restrictions
use Gitlab::UserSettings directly as a singleton instead of including/extending it
2018-02-02 13:39:55 -05:00
restriction = Gitlab::CurrentSettings.key_restriction_for(public_key.type)
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
2017-08-25 09:08:48 -04:00
if restriction == ApplicationSetting::FORBIDDEN_KEY_VALUE
errors.add(:key, forbidden_key_type_message)
elsif public_key.bits < restriction
errors.add(:key, "must be at least #{restriction} bits")
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
end
end
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
2017-08-25 09:08:48 -04:00
def forbidden_key_type_message
Add latest changes from gitlab-org/gitlab@master
2020-01-07 19:07:43 -05:00
allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712
2017-08-21 06:30:03 -04:00
Add latest changes from gitlab-org/gitlab@master
2020-01-07 19:07:43 -05:00
"type is forbidden. Must be #{Gitlab::Utils.to_exclusive_sentence(allowed_types)}"
store and display public key fingerprint
2013-06-24 13:07:21 -04:00
end
init commit
2011-10-08 17:36:38 -04:00
end
Add latest changes from gitlab-org/gitlab@master
2019-09-13 09:26:31 -04:00
Add latest changes from gitlab-org/gitlab@master
2021-05-11 17:10:21 -04:00
Key.prepend_mod_with('Key')
Copy permalink