6847060266
`allowed_key_types` is removed and the `minimum_<type>_bits` fields are renamed to `<tech>_key_restriction`. A special sentinel value (`-1`) signifies that the key type is disabled. This also feeds through to the UI - checkboxes per key type are out, inline selection of "forbidden" and "allowed" (i.e., no restrictions) are in. As with the previous model, unknown key types are disallowed, even if the underlying ssh daemon happens to support them. The defaults have also been changed from the lowest known bit size to "no restriction". So if someone does happen to have a 768-bit RSA key, it will continue to work on upgrade, at least until the administrator restricts them.
74 lines
1.8 KiB
Ruby
74 lines
1.8 KiB
Ruby
require 'rails_helper'
|
|
|
|
feature 'Profile > SSH Keys' do
|
|
let(:user) { create(:user) }
|
|
|
|
before do
|
|
sign_in(user)
|
|
end
|
|
|
|
describe 'User adds a key' do
|
|
before do
|
|
visit profile_keys_path
|
|
end
|
|
|
|
scenario 'auto-populates the title', js: true do
|
|
fill_in('Key', with: attributes_for(:key).fetch(:key))
|
|
|
|
expect(page).to have_field("Title", with: "dummy@gitlab.com")
|
|
end
|
|
|
|
scenario 'saves the new key' do
|
|
attrs = attributes_for(:key)
|
|
|
|
fill_in('Key', with: attrs[:key])
|
|
fill_in('Title', with: attrs[:title])
|
|
click_button('Add key')
|
|
|
|
expect(page).to have_content("Title: #{attrs[:title]}")
|
|
expect(page).to have_content(attrs[:key])
|
|
end
|
|
|
|
context 'when only DSA and ECDSA keys are allowed' do
|
|
before do
|
|
forbidden = ApplicationSetting::FORBIDDEN_KEY_VALUE
|
|
stub_application_setting(rsa_key_restriction: forbidden, ed25519_key_restriction: forbidden)
|
|
end
|
|
|
|
scenario 'shows a validation error' do
|
|
attrs = attributes_for(:key)
|
|
|
|
fill_in('Key', with: attrs[:key])
|
|
fill_in('Title', with: attrs[:title])
|
|
click_button('Add key')
|
|
|
|
expect(page).to have_content('Key type is forbidden. Must be DSA or ECDSA')
|
|
end
|
|
end
|
|
end
|
|
|
|
scenario 'User sees their keys' do
|
|
key = create(:key, user: user)
|
|
visit profile_keys_path
|
|
|
|
expect(page).to have_content(key.title)
|
|
end
|
|
|
|
scenario 'User removes a key via the key index' do
|
|
create(:key, user: user)
|
|
visit profile_keys_path
|
|
|
|
click_link('Remove')
|
|
|
|
expect(page).to have_content('Your SSH keys (0)')
|
|
end
|
|
|
|
scenario 'User removes a key via its details page' do
|
|
key = create(:key, user: user)
|
|
visit profile_key_path(key)
|
|
|
|
click_link('Remove')
|
|
|
|
expect(page).to have_content('Your SSH keys (0)')
|
|
end
|
|
end
|