kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

improve gpg key validation

Browse source 
when omitting the end part of the key ('-----END PGP PUBLIC KEY
BLOCK-----') the error message was not about the key anymore, but about
the missing fingerprint and primary_keyid, which was confusing for the
user.
the new validation checks that the end also matches the expected format.
This commit is contained in:
Alexis Reigel 2017-07-26 15:47:00 +02:00
parent 9488b7780e
commit f1ccecc997
2 changed files with 12 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/models/gpg_key.rb
View file

@ -1,5 +1,6 @@
class GpgKey < ActiveRecord::Base
KEY_PREFIX = '-----BEGIN PGP PUBLIC KEY BLOCK-----'.freeze
KEY_SUFFIX = '-----END PGP PUBLIC KEY BLOCK-----'.freeze
include ShaAttribute
@ -15,8 +16,8 @@ class GpgKey < ActiveRecord::Base
presence: true,
uniqueness: true,
format: {
with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX}).)+\Z/m,
message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}'"
with: /\A#{KEY_PREFIX}((?!#{KEY_PREFIX})(?!#{KEY_SUFFIX}).)+#{KEY_SUFFIX}\Z/m,
message: "is invalid. A valid public GPG key begins with '#{KEY_PREFIX}' and ends with '#{KEY_SUFFIX}'"
}
validates :fingerprint,

10
spec/models/gpg_key_spec.rb
View file

@ -7,10 +7,18 @@ describe GpgKey do
describe "validation" do
it { is_expected.to validate_presence_of(:user) }
it { is_expected.to validate_presence_of(:key) }
it { is_expected.to validate_uniqueness_of(:key) }
it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK----------END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value("key\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
it { is_expected.not_to allow_value('BEGIN PGP').for(:key) }
end