2019-03-30 03:23:56 -04:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2011-10-08 17:36:38 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2017-08-02 12:43:51 -04:00
|
|
|
describe Key, :mailer do
|
2011-10-08 17:36:38 -04:00
|
|
|
describe "Associations" do
|
2015-02-12 13:17:35 -05:00
|
|
|
it { is_expected.to belong_to(:user) }
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
describe "Validation" do
|
2015-02-12 13:17:35 -05:00
|
|
|
it { is_expected.to validate_presence_of(:title) }
|
2016-12-02 07:54:57 -05:00
|
|
|
it { is_expected.to validate_length_of(:title).is_at_most(255) }
|
|
|
|
|
2015-02-12 13:17:35 -05:00
|
|
|
it { is_expected.to validate_presence_of(:key) }
|
2016-12-02 07:54:57 -05:00
|
|
|
it { is_expected.to validate_length_of(:key).is_at_most(5000) }
|
2017-08-21 06:30:03 -04:00
|
|
|
it { is_expected.to allow_value(attributes_for(:rsa_key_2048)[:key]).for(:key) }
|
2018-02-16 11:32:08 -05:00
|
|
|
it { is_expected.to allow_value(attributes_for(:rsa_key_4096)[:key]).for(:key) }
|
|
|
|
it { is_expected.to allow_value(attributes_for(:rsa_key_5120)[:key]).for(:key) }
|
|
|
|
it { is_expected.to allow_value(attributes_for(:rsa_key_8192)[:key]).for(:key) }
|
2017-08-21 06:30:03 -04:00
|
|
|
it { is_expected.to allow_value(attributes_for(:dsa_key_2048)[:key]).for(:key) }
|
|
|
|
it { is_expected.to allow_value(attributes_for(:ecdsa_key_256)[:key]).for(:key) }
|
|
|
|
it { is_expected.to allow_value(attributes_for(:ed25519_key_256)[:key]).for(:key) }
|
2016-12-02 07:54:57 -05:00
|
|
|
it { is_expected.not_to allow_value('foo-bar').for(:key) }
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2011-10-26 09:46:25 -04:00
|
|
|
describe "Methods" do
|
2016-08-02 01:56:23 -04:00
|
|
|
let(:user) { create(:user) }
|
2019-12-18 19:08:01 -05:00
|
|
|
|
2015-02-12 13:17:35 -05:00
|
|
|
it { is_expected.to respond_to :projects }
|
2015-06-19 13:17:34 -04:00
|
|
|
it { is_expected.to respond_to :publishable_key }
|
|
|
|
|
|
|
|
describe "#publishable_keys" do
|
2016-08-02 01:56:23 -04:00
|
|
|
it 'replaces SSH key comment with simple identifier of username + hostname' do
|
2016-11-18 07:17:10 -05:00
|
|
|
expect(build(:key, user: user).publishable_key).to include("#{user.name} (#{Gitlab.config.gitlab.host})")
|
2015-06-19 13:17:34 -04:00
|
|
|
end
|
|
|
|
end
|
2016-12-21 09:59:54 -05:00
|
|
|
|
|
|
|
describe "#update_last_used_at" do
|
2017-09-20 08:21:15 -04:00
|
|
|
it 'updates the last used timestamp' do
|
|
|
|
key = build(:key)
|
|
|
|
service = double(:service)
|
2016-12-21 09:59:54 -05:00
|
|
|
|
2017-09-20 08:21:15 -04:00
|
|
|
expect(Keys::LastUsedService).to receive(:new)
|
|
|
|
.with(key)
|
|
|
|
.and_return(service)
|
2017-01-20 05:42:46 -05:00
|
|
|
|
2017-09-20 08:21:15 -04:00
|
|
|
expect(service).to receive(:execute)
|
2017-01-20 05:42:46 -05:00
|
|
|
|
2017-09-20 08:21:15 -04:00
|
|
|
key.update_last_used_at
|
2016-12-21 09:59:54 -05:00
|
|
|
end
|
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|
|
|
|
|
2019-12-17 04:07:48 -05:00
|
|
|
describe 'scopes' do
|
|
|
|
describe '.for_user' do
|
|
|
|
let(:user_1) { create(:user) }
|
|
|
|
let(:key_of_user_1) { create(:personal_key, user: user_1) }
|
|
|
|
|
|
|
|
before do
|
|
|
|
create_list(:personal_key, 2, user: create(:user))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns keys of the specified user only' do
|
|
|
|
expect(described_class.for_user(user_1)).to contain_exactly(key_of_user_1)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '.order_last_used_at_desc' do
|
|
|
|
it 'sorts by last_used_at descending, with null values at last' do
|
|
|
|
key_1 = create(:personal_key, last_used_at: 7.days.ago)
|
|
|
|
key_2 = create(:personal_key, last_used_at: nil)
|
|
|
|
key_3 = create(:personal_key, last_used_at: 2.days.ago)
|
|
|
|
|
|
|
|
expect(described_class.order_last_used_at_desc)
|
|
|
|
.to eq([key_3, key_1, key_2])
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2016-06-16 06:53:32 -04:00
|
|
|
context "validation of uniqueness (based on fingerprint uniqueness)" do
|
2013-05-06 08:09:26 -04:00
|
|
|
let(:user) { create(:user) }
|
2012-03-01 10:00:14 -05:00
|
|
|
|
2013-05-06 08:09:26 -04:00
|
|
|
it "accepts the key once" do
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(build(:key, user: user)).to be_valid
|
2012-03-01 10:00:14 -05:00
|
|
|
end
|
|
|
|
|
2013-07-17 09:16:34 -04:00
|
|
|
it "does not accept the exact same key twice" do
|
2017-05-31 09:43:19 -04:00
|
|
|
first_key = create(:key, user: user)
|
|
|
|
|
|
|
|
expect(build(:key, user: user, key: first_key.key)).not_to be_valid
|
2012-03-01 10:00:14 -05:00
|
|
|
end
|
2013-07-17 09:16:34 -04:00
|
|
|
|
|
|
|
it "does not accept a duplicate key with a different comment" do
|
2017-05-31 09:43:19 -04:00
|
|
|
first_key = create(:key, user: user)
|
|
|
|
duplicate = build(:key, user: user, key: first_key.key)
|
2013-07-17 09:16:34 -04:00
|
|
|
duplicate.key << ' extra comment'
|
2017-05-31 09:43:19 -04:00
|
|
|
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(duplicate).not_to be_valid
|
2013-07-17 09:16:34 -04:00
|
|
|
end
|
2012-03-01 10:00:14 -05:00
|
|
|
end
|
2012-09-21 12:22:43 -04:00
|
|
|
|
|
|
|
context "validate it is a fingerprintable key" do
|
|
|
|
it "accepts the fingerprintable key" do
|
2015-02-12 13:17:35 -05:00
|
|
|
expect(build(:key)).to be_valid
|
2012-09-21 12:22:43 -04:00
|
|
|
end
|
|
|
|
|
2018-02-12 12:39:47 -05:00
|
|
|
it 'rejects the unfingerprintable key (not a key)' do
|
|
|
|
expect(build(:key, key: 'ssh-rsa an-invalid-key==')).not_to be_valid
|
2018-02-01 17:00:16 -05:00
|
|
|
end
|
2018-02-15 09:50:19 -05:00
|
|
|
|
|
|
|
where(:factory, :chars, :expected_sections) do
|
|
|
|
[
|
|
|
|
[:key, ["\n", "\r\n"], 3],
|
|
|
|
[:key, [' ', ' '], 3],
|
|
|
|
[:key_without_comment, [' ', ' '], 2]
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
|
|
|
with_them do
|
|
|
|
let!(:key) { create(factory) }
|
|
|
|
let!(:original_fingerprint) { key.fingerprint }
|
2019-12-11 13:08:10 -05:00
|
|
|
let!(:original_fingerprint_sha256) { key.fingerprint_sha256 }
|
2018-02-15 09:50:19 -05:00
|
|
|
|
|
|
|
it 'accepts a key with blank space characters after stripping them' do
|
|
|
|
modified_key = key.key.insert(100, chars.first).insert(40, chars.last)
|
|
|
|
_, content = modified_key.split
|
|
|
|
|
|
|
|
key.update!(key: modified_key)
|
|
|
|
|
|
|
|
expect(key).to be_valid
|
|
|
|
expect(key.key.split.size).to eq(expected_sections)
|
|
|
|
|
|
|
|
expect(content).not_to match(/\s/)
|
|
|
|
expect(original_fingerprint).to eq(key.fingerprint)
|
2019-12-11 13:08:10 -05:00
|
|
|
expect(original_fingerprint).to eq(key.fingerprint_md5)
|
|
|
|
expect(original_fingerprint_sha256).to eq(key.fingerprint_sha256)
|
2018-02-15 09:50:19 -05:00
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-08-25 09:08:48 -04:00
|
|
|
context 'validate it meets key restrictions' do
|
2017-08-21 06:30:03 -04:00
|
|
|
where(:factory, :minimum, :result) do
|
2017-08-25 09:08:48 -04:00
|
|
|
forbidden = ApplicationSetting::FORBIDDEN_KEY_VALUE
|
|
|
|
|
2017-08-21 06:30:03 -04:00
|
|
|
[
|
2017-08-25 09:08:48 -04:00
|
|
|
[:rsa_key_2048, 0, true],
|
|
|
|
[:dsa_key_2048, 0, true],
|
|
|
|
[:ecdsa_key_256, 0, true],
|
|
|
|
[:ed25519_key_256, 0, true],
|
|
|
|
|
2017-08-21 06:30:03 -04:00
|
|
|
[:rsa_key_2048, 1024, true],
|
|
|
|
[:rsa_key_2048, 2048, true],
|
|
|
|
[:rsa_key_2048, 4096, false],
|
2017-08-25 09:08:48 -04:00
|
|
|
|
2017-08-21 06:30:03 -04:00
|
|
|
[:dsa_key_2048, 1024, true],
|
|
|
|
[:dsa_key_2048, 2048, true],
|
|
|
|
[:dsa_key_2048, 4096, false],
|
2017-08-25 09:08:48 -04:00
|
|
|
|
2017-08-21 06:30:03 -04:00
|
|
|
[:ecdsa_key_256, 256, true],
|
|
|
|
[:ecdsa_key_256, 384, false],
|
2017-08-25 09:08:48 -04:00
|
|
|
|
2017-08-21 06:30:03 -04:00
|
|
|
[:ed25519_key_256, 256, true],
|
2017-08-25 09:08:48 -04:00
|
|
|
[:ed25519_key_256, 384, false],
|
|
|
|
|
|
|
|
[:rsa_key_2048, forbidden, false],
|
|
|
|
[:dsa_key_2048, forbidden, false],
|
|
|
|
[:ecdsa_key_256, forbidden, false],
|
|
|
|
[:ed25519_key_256, forbidden, false]
|
2017-08-21 06:30:03 -04:00
|
|
|
]
|
|
|
|
end
|
|
|
|
|
|
|
|
with_them do
|
|
|
|
subject(:key) { build(factory) }
|
|
|
|
|
|
|
|
before do
|
2017-08-25 09:08:48 -04:00
|
|
|
stub_application_setting("#{key.public_key.type}_key_restriction" => minimum)
|
2017-08-21 06:30:03 -04:00
|
|
|
end
|
|
|
|
|
|
|
|
it { expect(key.valid?).to eq(result) }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2014-04-02 14:13:05 -04:00
|
|
|
context 'callbacks' do
|
2020-03-12 08:09:17 -04:00
|
|
|
let(:key) { build(:personal_key) }
|
|
|
|
|
|
|
|
context 'authorized keys file is enabled' do
|
|
|
|
before do
|
|
|
|
stub_application_setting(authorized_keys_enabled: true)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'adds new key to authorized_file' do
|
|
|
|
allow(AuthorizedKeysWorker).to receive(:perform_async)
|
|
|
|
|
|
|
|
key.save!
|
|
|
|
|
|
|
|
# Check after the fact so we have access to Key#id
|
|
|
|
expect(AuthorizedKeysWorker).to have_received(:perform_async).with(:add_key, key.shell_id, key.key)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'removes key from authorized_file' do
|
|
|
|
key.save!
|
|
|
|
|
|
|
|
expect(AuthorizedKeysWorker).to receive(:perform_async).with(:remove_key, key.shell_id)
|
|
|
|
|
|
|
|
key.destroy
|
|
|
|
end
|
2014-04-02 14:13:05 -04:00
|
|
|
end
|
|
|
|
|
2020-03-12 08:09:17 -04:00
|
|
|
context 'authorized_keys file is disabled' do
|
|
|
|
before do
|
|
|
|
stub_application_setting(authorized_keys_enabled: false)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not add the key on creation' do
|
|
|
|
expect(AuthorizedKeysWorker).not_to receive(:perform_async)
|
|
|
|
|
|
|
|
key.save!
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not remove the key on destruction' do
|
|
|
|
key.save!
|
|
|
|
|
|
|
|
expect(AuthorizedKeysWorker).not_to receive(:perform_async)
|
|
|
|
|
|
|
|
key.destroy
|
|
|
|
end
|
2014-04-02 14:13:05 -04:00
|
|
|
end
|
|
|
|
end
|
2016-11-15 14:16:45 -05:00
|
|
|
|
|
|
|
describe '#key=' do
|
|
|
|
let(:valid_key) do
|
|
|
|
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0= dummy@gitlab.com"
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'strips white spaces' do
|
|
|
|
expect(described_class.new(key: " #{valid_key} ").key).to eq(valid_key)
|
|
|
|
end
|
2017-10-03 13:31:16 -04:00
|
|
|
|
|
|
|
it 'invalidates the public_key attribute' do
|
|
|
|
key = build(:key)
|
|
|
|
|
|
|
|
original = key.public_key
|
|
|
|
key.key = valid_key
|
|
|
|
|
|
|
|
expect(original.key_text).not_to be_nil
|
|
|
|
expect(key.public_key.key_text).to eq(valid_key)
|
|
|
|
end
|
2016-11-15 14:16:45 -05:00
|
|
|
end
|
2017-11-15 09:47:10 -05:00
|
|
|
|
|
|
|
describe '#refresh_user_cache', :use_clean_rails_memory_store_caching do
|
|
|
|
context 'when the key belongs to a user' do
|
|
|
|
it 'refreshes the keys count cache for the user' do
|
|
|
|
expect_any_instance_of(Users::KeysCountService)
|
|
|
|
.to receive(:refresh_cache)
|
|
|
|
.and_call_original
|
|
|
|
|
|
|
|
key = create(:personal_key)
|
|
|
|
|
|
|
|
expect(Users::KeysCountService.new(key.user).count).to eq(1)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when the key does not belong to a user' do
|
|
|
|
it 'does nothing' do
|
|
|
|
expect_any_instance_of(Users::KeysCountService)
|
|
|
|
.not_to receive(:refresh_cache)
|
|
|
|
|
|
|
|
create(:key)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2011-10-08 17:36:38 -04:00
|
|
|
end
|