gitlab-org--gitlab-foss/spec/lib/gitlab/ssh_public_key_spec.rb

require 'spec_helper'

describe Gitlab::SSHPublicKey, lib: true do
  let(:key) { attributes_for(:rsa_key_2048)[:key] }
  let(:public_key) { described_class.new(key) }

  describe '.technology(name)' do
    it 'returns nil for an unrecognised name' do
      expect(described_class.technology(:foo)).to be_nil
    end

    where(:name) do
      [:rsa, :dsa, :ecdsa, :ed25519]
    end

    with_them do
      it { expect(described_class.technology(name).name).to eq(name) }
      it { expect(described_class.technology(name.to_s).name).to eq(name) }
    end
  end

  describe '.supported_sizes(name)' do
    where(:name, :sizes) do
      [
        [:rsa, [1024, 2048, 3072, 4096]],
        [:dsa, [1024, 2048, 3072]],
        [:ecdsa, [256, 384, 521]],
        [:ed25519, [256]]
      ]
    end

    subject { described_class.supported_sizes(name) }

    with_them do
      it { expect(described_class.supported_sizes(name)).to eq(sizes) }
      it { expect(described_class.supported_sizes(name.to_s)).to eq(sizes) }
    end
  end

  describe '#valid?' do
    subject { public_key }

    context 'with a valid SSH key' do
      it { is_expected.to be_valid }
    end

    context 'with an invalid SSH key' do
      let(:key) { 'this is not a key' }

      it { is_expected.not_to be_valid }
    end
  end

  describe '#type' do
    subject { public_key.type }

    where(:factory, :type) do
      [
        [:rsa_key_2048, :rsa],
        [:dsa_key_2048, :dsa],
        [:ecdsa_key_256, :ecdsa],
        [:ed25519_key_256, :ed25519]
      ]
    end

    with_them do
      let(:key) { attributes_for(factory)[:key] }

      it { is_expected.to eq(type) }
    end

    context 'with an invalid SSH key' do
      let(:key) { 'this is not a key' }

      it { is_expected.to be_nil }
    end
  end

  describe '#bits' do
    subject { public_key.bits }

    where(:factory, :bits) do
      [
        [:rsa_key_2048, 2048],
        [:dsa_key_2048, 2048],
        [:ecdsa_key_256, 256],
        [:ed25519_key_256, 256]
      ]
    end

    with_them do
      let(:key) { attributes_for(factory)[:key] }

      it { is_expected.to eq(bits) }
    end

    context 'with an invalid SSH key' do
      let(:key) { 'this is not a key' }

      it { is_expected.to be_nil }
    end
  end

  describe '#fingerprint' do
    subject { public_key.fingerprint }

    where(:factory, :fingerprint) do
      [
        [:rsa_key_2048, '2e:ca:dc:e0:37:29:ed:fc:f0:1d:bf:66:d4:cd:51:b1'],
        [:dsa_key_2048, 'bc:c1:a4:be:7e:8c:84:56:b3:58:93:53:c6:80:78:8c'],
        [:ecdsa_key_256, '67:a3:a9:7d:b8:e1:15:d4:80:40:21:34:bb:ed:97:38'],
        [:ed25519_key_256, 'e6:eb:45:8a:3c:59:35:5f:e9:5b:80:12:be:7e:22:73']
      ]
    end

    with_them do
      let(:key) { attributes_for(factory)[:key] }

      it { is_expected.to eq(fingerprint) }
    end

    context 'with an invalid SSH key' do
      let(:key) { 'this is not a key' }

      it { is_expected.to be_nil }
    end
  end

  describe '#key_text' do
    let(:key) { 'this is not a key' }

    it 'carries the unmodified key data' do
      expect(public_key.key_text).to eq(key)
    end
  end
end
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`require 'spec_helper'`

			`describe Gitlab::SSHPublicKey, lib: true do`
			`let(:key) { attributes_for(:rsa_key_2048)[:key] }`
			`let(:public_key) { described_class.new(key) }`

Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`describe '.technology(name)' do`
			`it 'returns nil for an unrecognised name' do`
			`expect(described_class.technology(:foo)).to be_nil`
			`end`

			`where(:name) do`
			`[:rsa, :dsa, :ecdsa, :ed25519]`
			`end`

			`with_them do`
			`it { expect(described_class.technology(name).name).to eq(name) }`
			`it { expect(described_class.technology(name.to_s).name).to eq(name) }`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`end`
			`end`

Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`describe '.supported_sizes(name)' do`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`where(:name, :sizes) do`
			`[`
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`[:rsa, [1024, 2048, 3072, 4096]],`
			`[:dsa, [1024, 2048, 3072]],`
			`[:ecdsa, [256, 384, 521]],`
			`[:ed25519, [256]]`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`]`
			`end`

Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`subject { described_class.supported_sizes(name) }`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00
			`with_them do`
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`it { expect(described_class.supported_sizes(name)).to eq(sizes) }`
			`it { expect(described_class.supported_sizes(name.to_s)).to eq(sizes) }`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`end`
			`end`

			`describe '#valid?' do`
			`subject { public_key }`

			`context 'with a valid SSH key' do`
			`it { is_expected.to be_valid }`
			`end`

			`context 'with an invalid SSH key' do`
			`let(:key) { 'this is not a key' }`

			`it { is_expected.not_to be_valid }`
			`end`
			`end`

			`describe '#type' do`
			`subject { public_key.type }`

			`where(:factory, :type) do`
			`[`
			`[:rsa_key_2048, :rsa],`
			`[:dsa_key_2048, :dsa],`
			`[:ecdsa_key_256, :ecdsa],`
			`[:ed25519_key_256, :ed25519]`
			`]`
			`end`

			`with_them do`
			`let(:key) { attributes_for(factory)[:key] }`

			`it { is_expected.to eq(type) }`
			`end`

			`context 'with an invalid SSH key' do`
			`let(:key) { 'this is not a key' }`

			`it { is_expected.to be_nil }`
			`end`
			`end`

			`describe '#bits' do`
			`subject { public_key.bits }`

			`where(:factory, :bits) do`
			`[`
			`[:rsa_key_2048, 2048],`
			`[:dsa_key_2048, 2048],`
			`[:ecdsa_key_256, 256],`
			`[:ed25519_key_256, 256]`
			`]`
			`end`

			`with_them do`
			`let(:key) { attributes_for(factory)[:key] }`

			`it { is_expected.to eq(bits) }`
			`end`

			`context 'with an invalid SSH key' do`
			`let(:key) { 'this is not a key' }`

			`it { is_expected.to be_nil }`
			`end`
			`end`

			`describe '#fingerprint' do`
			`subject { public_key.fingerprint }`

			`where(:factory, :fingerprint) do`
			`[`
			`[:rsa_key_2048, '2e:ca:dc:e0:37:29:ed:fc:f0:1d:bf:66:d4:cd:51:b1'],`
			`[:dsa_key_2048, 'bc:c1:a4:be:7e:8c:84:56:b3:58:93:53:c6:80:78:8c'],`
			`[:ecdsa_key_256, '67:a3:a9:7d:b8:e1:15:d4:80:40:21:34:bb:ed:97:38'],`
			`[:ed25519_key_256, 'e6:eb:45:8a:3c:59:35:5f:e9:5b:80:12:be:7e:22:73']`
			`]`
			`end`

			`with_them do`
			`let(:key) { attributes_for(factory)[:key] }`

			`it { is_expected.to eq(fingerprint) }`
			`end`

			`context 'with an invalid SSH key' do`
			`let(:key) { 'this is not a key' }`

			`it { is_expected.to be_nil }`
			`end`
			`end`

			`describe '#key_text' do`
			`let(:key) { 'this is not a key' }`

			`it 'carries the unmodified key data' do`
			`expect(public_key.key_text).to eq(key)`
			`end`
			`end`
			`end`