gitlab-org--gitlab-foss/app/models/key.rb

# frozen_string_literal: true

require 'digest/md5'

class Key < ApplicationRecord
  include AfterCommitQueue
  include Sortable
  include Sha256Attribute
  include Expirable

  sha256_attribute :fingerprint_sha256

  belongs_to :user

  before_validation :generate_fingerprint

  validates :title,
    presence: true,
    length: { maximum: 255 }

  validates :key,
    presence: true,
    length: { maximum: 5000 },
    format: { with: /\A(ssh|ecdsa)-.*\Z/ }

  validates :fingerprint,
    uniqueness: true,
    presence: { message: 'cannot be generated' }

  validate :key_meets_restrictions

  delegate :name, :email, to: :user, prefix: true

  after_commit :add_to_authorized_keys, on: :create
  after_create :post_create_hook
  after_create :refresh_user_cache
  after_commit :remove_from_authorized_keys, on: :destroy
  after_destroy :post_destroy_hook
  after_destroy :refresh_user_cache

  alias_attribute :fingerprint_md5, :fingerprint

  scope :preload_users, -> { preload(:user) }
  scope :for_user, -> (user) { where(user: user) }
  scope :order_last_used_at_desc, -> { reorder(::Gitlab::Database.nulls_last_order('last_used_at', 'DESC')) }

  def self.regular_keys
    where(type: ['Key', nil])
  end

  def key=(value)
    write_attribute(:key, value.present? ? Gitlab::SSHPublicKey.sanitize(value) : nil)

    @public_key = nil
  end

  def publishable_key
    # Strip out the keys comment so we don't leak email addresses
    # Replace with simple ident of user_name (hostname)
    self.key.split[0..1].push("#{self.user_name} (#{Gitlab.config.gitlab.host})").join(' ')
  end

  # projects that has this key
  def projects
    user.authorized_projects
  end

  def shell_id
    "key-#{id}"
  end

  # EE overrides this
  def can_delete?
    true
  end

  # rubocop: disable CodeReuse/ServiceClass
  def update_last_used_at
    Keys::LastUsedService.new(self).execute
  end
  # rubocop: enable CodeReuse/ServiceClass

  def add_to_authorized_keys
    return unless Gitlab::CurrentSettings.authorized_keys_enabled?

    AuthorizedKeysWorker.perform_async(:add_key, shell_id, key)
  end

  # rubocop: disable CodeReuse/ServiceClass
  def post_create_hook
    SystemHooksService.new.execute_hooks_for(self, :create)
  end
  # rubocop: enable CodeReuse/ServiceClass

  def remove_from_authorized_keys
    return unless Gitlab::CurrentSettings.authorized_keys_enabled?

    AuthorizedKeysWorker.perform_async(:remove_key, shell_id)
  end

  # rubocop: disable CodeReuse/ServiceClass
  def refresh_user_cache
    return unless user

    Users::KeysCountService.new(user).refresh_cache
  end
  # rubocop: enable CodeReuse/ServiceClass

  # rubocop: disable CodeReuse/ServiceClass
  def post_destroy_hook
    SystemHooksService.new.execute_hooks_for(self, :destroy)
  end
  # rubocop: enable CodeReuse/ServiceClass

  def public_key
    @public_key ||= Gitlab::SSHPublicKey.new(key)
  end

  private

  def generate_fingerprint
    self.fingerprint = nil
    self.fingerprint_sha256 = nil

    return unless public_key.valid?

    self.fingerprint_md5 = public_key.fingerprint
    self.fingerprint_sha256 = public_key.fingerprint("SHA256").gsub("SHA256:", "")
  end

  def key_meets_restrictions
    restriction = Gitlab::CurrentSettings.key_restriction_for(public_key.type)

    if restriction == ApplicationSetting::FORBIDDEN_KEY_VALUE
      errors.add(:key, forbidden_key_type_message)
    elsif public_key.bits < restriction
      errors.add(:key, "must be at least #{restriction} bits")
    end
  end

  def forbidden_key_type_message
    allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)

    "type is forbidden. Must be #{Gitlab::Utils.to_exclusive_sentence(allowed_types)}"
  end
end

Key.prepend_if_ee('EE::Key')
Enable frozen string in app/models/*.rb Partially addresses #47424. 2018-07-25 05:30:33 -04:00			`# frozen_string_literal: true`

Allow non-unique deploy keys 2012-02-07 16:56:53 -05:00			`require 'digest/md5'`

Inherit from ApplicationRecord instead of ActiveRecord::Base 2019-03-28 09:17:42 -04:00			`class Key < ApplicationRecord`
Consistently schedule Sidekiq jobs 2017-11-29 10:30:17 -05:00			`include AfterCommitQueue`
Explicitly define ordering in models using default_scope 2015-02-05 17:20:55 -05:00			`include Sortable`
Add latest changes from gitlab-org/gitlab@master 2019-12-11 13:08:10 -05:00			`include Sha256Attribute`
Add latest changes from gitlab-org/gitlab@master 2020-03-13 05:09:23 -04:00			`include Expirable`
Add latest changes from gitlab-org/gitlab@master 2019-12-11 13:08:10 -05:00
			`sha256_attribute :fingerprint_sha256`
store and display public key fingerprint 2013-06-24 13:07:21 -04:00
init commit 2011-10-08 17:36:38 -04:00			`belongs_to :user`

Use setter for key instead AR callback ref: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6763 2016-11-15 14:16:45 -05:00			`before_validation :generate_fingerprint`
simple refactoring 2012-10-08 20:10:04 -04:00
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-12-02 07:54:57 -05:00			`validates :title,`
			`presence: true,`
			`length: { maximum: 255 }`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-12-02 07:54:57 -05:00			`validates :key,`
			`presence: true,`
			`length: { maximum: 5000 },`
			`format: { with: /\A(ssh\|ecdsa)-.*\Z/ }`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00
Use :maximum instead of :within for length validators with a 0..N range Signed-off-by: Rémy Coutable <remy@rymai.me> 2016-12-02 07:54:57 -05:00			`validates :fingerprint,`
			`uniqueness: true,`
			`presence: { message: 'cannot be generated' }`
init commit 2011-10-08 17:36:38 -04:00
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`validate :key_meets_restrictions`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00
Fully embrace Ruby 1.9 hash syntax Didn't bother with files in db/, config/, or features/ 2012-08-10 18:07:50 -04:00			`delegate :name, :email, to: :user, prefix: true`
Allow non-unique deploy keys 2012-02-07 16:56:53 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`after_commit :add_to_authorized_keys, on: :create`
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests 2014-08-18 10:46:46 -04:00			`after_create :post_create_hook`
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed. 2017-11-15 09:47:10 -05:00			`after_create :refresh_user_cache`
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`after_commit :remove_from_authorized_keys, on: :destroy`
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests 2014-08-18 10:46:46 -04:00			`after_destroy :post_destroy_hook`
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed. 2017-11-15 09:47:10 -05:00			`after_destroy :refresh_user_cache`
Remove KeysObserver Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-02 14:13:05 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-11 13:08:10 -05:00			`alias_attribute :fingerprint_md5, :fingerprint`

Add latest changes from gitlab-org/gitlab@master 2019-12-17 04:07:48 -05:00			`scope :preload_users, -> { preload(:user) }`
			`scope :for_user, -> (user) { where(user: user) }`
			`scope :order_last_used_at_desc, -> { reorder(::Gitlab::Database.nulls_last_order('last_used_at', 'DESC')) }`

Use a method for the has_many :keys in Project This moves the `where` in the `has_many :keys` association in Project to the Key model. This allows EE to override this method, instead of modifying the source code directly. 2018-10-30 12:48:06 -04:00			`def self.regular_keys`
			`where(type: ['Key', nil])`
			`end`

Use setter for key instead AR callback ref: https://gitlab.com/gitlab-org/gitlab-ce/merge_requests/6763 2016-11-15 14:16:45 -05:00			`def key=(value)`
Revert "Merge branch 'rd-43185-revert-sanitize-extra-blank-spaces-used-when-uploading-a-ssh-key' into 'master'" This reverts commit e607fd796657afd214b8f25201919d3e33b3f35f. 2018-02-15 09:50:19 -05:00			`write_attribute(:key, value.present? ? Gitlab::SSHPublicKey.sanitize(value) : nil)`

Ensure key fingerprints are generated correctly when modified 2017-10-03 13:31:16 -04:00			`@public_key = nil`
Improved validation. Strip key. 2012-02-07 17:32:20 -05:00			`end`

Only publish ssh key-type and key 2015-06-19 13:17:34 -04:00			`def publishable_key`
Add simple identifier to public SSH keys 2016-08-02 01:56:23 -04:00			`# Strip out the keys comment so we don't leak email addresses`
			`# Replace with simple ident of user_name (hostname)`
			`self.key.split[0..1].push("#{self.user_name} (#{Gitlab.config.gitlab.host})").join(' ')`
Only publish ssh key-type and key 2015-06-19 13:17:34 -04:00			`end`

Models Refactoring: Move methods to roles 2012-06-07 08:44:57 -04:00			`# projects that has this key`
init commit 2011-10-08 17:36:38 -04:00			`def projects`
Create DeployKey & DeployKeysProject models. Bulding many to many relation between deploy keys and projects 2013-05-06 05:26:36 -04:00			`user.authorized_projects`
init commit 2011-10-08 17:36:38 -04:00			`end`
Use similar interface to access gitolite Simplified gitolite handle logic Stubn over monkeypatch Stub only specific methods in Gitlab:Gitolite Moved grach auth to lib added specs for keys observer removes SshKey role 2012-08-28 17:04:06 -04:00
add remove keys from gitlab-shell by id 2013-02-05 04:12:15 -05:00			`def shell_id`
Create DeployKey & DeployKeysProject models. Bulding many to many relation between deploy keys and projects 2013-05-06 05:26:36 -04:00			`"key-#{id}"`
Make gitlab works with gitlab-shell 2013-02-04 08:07:56 -05:00			`end`
store and display public key fingerprint 2013-06-24 13:07:21 -04:00
Resolved EE differences in app/views/profiles/keys How? It creates a base method `can_delete?` on Key which will always be true in CE and is overridden in EE. Added changelog entry 2019-05-29 09:47:40 -04:00			`# EE overrides this`
			`def can_delete?`
			`true`
			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ServiceClass`
Record and show last used date of SSH Keys Addresses: Issue #13810 1. Adds a last_used_at attribute to the Key table/model 2. Update a key's last_used_at whenever it gets used 3. Display how long ago an ssh key was last used 2016-12-21 09:59:54 -05:00			`def update_last_used_at`
Stop using Sidekiq for updating Key#last_used_at This makes things simpler as no scheduling is involved. Further we remove the need for running a SELECT + UPDATE just to get the key and update it, whereas we only need an UPDATE when setting last_used_at directly in a request. The added service class takes care of updating Key#last_used_at without using Sidekiq. Further it makes sure we only try to obtain a Redis lease if we're confident that we actually need to do so, instead of always obtaining it. We also make sure to _only_ update last_used_at instead of also updating updated_at. Fixes https://gitlab.com/gitlab-org/gitlab-ce/issues/36663 2017-09-20 08:21:15 -04:00			`Keys::LastUsedService.new(self).execute`
Record and show last used date of SSH Keys Addresses: Issue #13810 1. Adds a last_used_at attribute to the Key table/model 2. Update a key's last_used_at whenever it gets used 3. Display how long ago an ssh key was last used 2016-12-21 09:59:54 -05:00			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ServiceClass`
Record and show last used date of SSH Keys Addresses: Issue #13810 1. Adds a last_used_at attribute to the Key table/model 2. Update a key's last_used_at whenever it gets used 3. Display how long ago an ssh key was last used 2016-12-21 09:59:54 -05:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`def add_to_authorized_keys`
			`return unless Gitlab::CurrentSettings.authorized_keys_enabled?`

			`AuthorizedKeysWorker.perform_async(:add_key, shell_id, key)`
Remove KeysObserver Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-02 14:13:05 -04:00			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ServiceClass`
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests 2014-08-18 10:46:46 -04:00			`def post_create_hook`
			`SystemHooksService.new.execute_hooks_for(self, :create)`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ServiceClass`
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests 2014-08-18 10:46:46 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-03-12 08:09:17 -04:00			`def remove_from_authorized_keys`
			`return unless Gitlab::CurrentSettings.authorized_keys_enabled?`

			`AuthorizedKeysWorker.perform_async(:remove_key, shell_id)`
Remove KeysObserver Signed-off-by: Dmitriy Zaporozhets <dmitriy.zaporozhets@gmail.com> 2014-04-02 14:13:05 -04:00			`end`

Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ServiceClass`
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed. 2017-11-15 09:47:10 -05:00			`def refresh_user_cache`
			`return unless user`

			`Users::KeysCountService.new(user).refresh_cache`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ServiceClass`
Cache the number of user SSH keys By caching the number of personal SSH keys we reduce the number of queries necessary on pages such as ProjectsController#show (which can end up querying this data multiple times). The cache is refreshed/flushed whenever an SSH key is added, removed, or when a user is removed. 2017-11-15 09:47:10 -05:00
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: disable CodeReuse/ServiceClass`
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests 2014-08-18 10:46:46 -04:00			`def post_destroy_hook`
			`SystemHooksService.new.execute_hooks_for(self, :destroy)`
			`end`
Disable existing offenses for the CodeReuse cops This whitelists all existing offenses for the various CodeReuse cops, of which most are triggered by the CodeReuse/ActiveRecord cop. 2018-08-27 11:31:01 -04:00			`# rubocop: enable CodeReuse/ServiceClass`
Add system hook for ssh key changes Add system hook for ssh key create and destroy Update and fix documentation Update tests 2014-08-18 10:46:46 -04:00
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`def public_key`
			`@public_key \|\|= Gitlab::SSHPublicKey.new(key)`
			`end`

store and display public key fingerprint 2013-06-24 13:07:21 -04:00			`private`

Fix various typos signe-in -> signed-in go_to_gihub_for_permissions -> go_to_github_for_permissions descendand -> descendant behavour -> behaviour recepient_email -> recipient_email generate_fingerpint -> generate_fingerprint dependes -> depends Cant't -> Can't wisit -> visit notifcation -> notification sufficent_scope -> sufficient_scope? levet -> level 2015-01-18 10:29:37 -05:00			`def generate_fingerprint`
Validate fingerprint uniqueness 2013-07-17 09:16:34 -04:00			`self.fingerprint = nil`
Add latest changes from gitlab-org/gitlab@master 2019-12-11 13:08:10 -05:00			`self.fingerprint_sha256 = nil`
Refactor key fingerprint generation. 2015-04-14 06:00:43 -04:00
Revert "Merge branch 'rd-43185-revert-sanitize-extra-blank-spaces-used-when-uploading-a-ssh-key' into 'master'" This reverts commit e607fd796657afd214b8f25201919d3e33b3f35f. 2018-02-15 09:50:19 -05:00			`return unless public_key.valid?`
Refactor key fingerprint generation. 2015-04-14 06:00:43 -04:00
Add latest changes from gitlab-org/gitlab@master 2019-12-11 13:08:10 -05:00			`self.fingerprint_md5 = public_key.fingerprint`
			`self.fingerprint_sha256 = public_key.fingerprint("SHA256").gsub("SHA256:", "")`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`end`

Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`def key_meets_restrictions`
use Gitlab::UserSettings directly as a singleton instead of including/extending it 2018-02-02 13:39:55 -05:00			`restriction = Gitlab::CurrentSettings.key_restriction_for(public_key.type)`
Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00
			`if restriction == ApplicationSetting::FORBIDDEN_KEY_VALUE`
			`errors.add(:key, forbidden_key_type_message)`
			`elsif public_key.bits < restriction`
			`errors.add(:key, "must be at least #{restriction} bits")`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00			`end`
			`end`

Rework the permissions model for SSH key restrictions `allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them. 2017-08-25 09:08:48 -04:00			`def forbidden_key_type_message`
Add latest changes from gitlab-org/gitlab@master 2020-01-07 19:07:43 -05:00			`allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)`
Add settings for minimum key strength and allowed key type This is an amalgamation of: * Cory Hinshaw: Initial implementation !5552 * Rémy Coutable: Updates !9350 * Nick Thomas: Resolve conflicts and add ED25519 support !13712 2017-08-21 06:30:03 -04:00
Add latest changes from gitlab-org/gitlab@master 2020-01-07 19:07:43 -05:00			`"type is forbidden. Must be #{Gitlab::Utils.to_exclusive_sentence(allowed_types)}"`
store and display public key fingerprint 2013-06-24 13:07:21 -04:00			`end`
init commit 2011-10-08 17:36:38 -04:00			`end`
Add latest changes from gitlab-org/gitlab@master 2019-09-13 09:26:31 -04:00
			`Key.prepend_if_ee('EE::Key')`