diff options
author | Rémy Coutable <remy@rymai.me> | 2017-02-22 18:55:16 +0100 |
---|---|---|
committer | Rémy Coutable <remy@rymai.me> | 2017-02-23 10:36:10 +0100 |
commit | b58e2b519ab691c07e8f8f0e480609e4fda87014 (patch) | |
tree | ab37b0d126ef1107b99d635e67ec9d2b7b721533 | |
parent | 0567e3efd17365b2f89039122344e3fa0d85f322 (diff) | |
download | gitlab-ce-b58e2b519ab691c07e8f8f0e480609e4fda87014.tar.gz |
Provide a list of allowed values for each SSH key technology
Signed-off-by: Rémy Coutable <remy@rymai.me>
-rw-r--r-- | app/models/application_setting.rb | 4 | ||||
-rw-r--r-- | app/views/admin/application_settings/_form.html.haml | 10 | ||||
-rw-r--r-- | lib/api/settings.rb | 4 | ||||
-rw-r--r-- | spec/features/admin/admin_settings_spec.rb | 2 | ||||
-rw-r--r-- | spec/models/application_setting_spec.rb | 7 |
5 files changed, 16 insertions, 11 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index 0283606694e..b10283464d3 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -120,11 +120,11 @@ class ApplicationSetting < ActiveRecord::Base validates :minimum_rsa_bits, presence: true, - numericality: { only_integer: true, greater_than: 0 } + inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('rsa') } validates :minimum_ecdsa_bits, presence: true, - numericality: { only_integer: true, greater_than: 0 } + inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('ecdsa') } validates_each :restricted_visibility_levels do |record, attr, value| value&.each do |level| diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 6dc0d27d5ff..f98022297a8 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -53,17 +53,19 @@ .checkbox= key_type_checkbox %span.help-block#allowed-key-types-help Only SSH keys with allowed algorithms can be uploaded. + .form-group = f.label :minimum_rsa_bits, 'Minimum RSA key length', class: 'control-label col-sm-2' .col-sm-10 - = f.number_field :minimum_rsa_bits, class: 'form-control' - %span.help-block#session_expire_delay_help_block + = f.select :minimum_rsa_bits, Gitlab::SSHPublicKey.allowed_sizes('rsa'), {}, class: 'form-control' + .help-block The minimum length for user RSA SSH keys (in bits) + .form-group = f.label :minimum_ecdsa_bits, 'Minimum ECDSA key length', class: 'control-label col-sm-2' .col-sm-10 - = f.number_field :minimum_ecdsa_bits, class: 'form-control' - %span.help-block#session_expire_delay_help_block + = f.select :minimum_ecdsa_bits, Gitlab::SSHPublicKey.allowed_sizes('ecdsa'), {}, class: 'form-control' + .help-block The minimum elliptic curve size for user ECDSA SSH keys (in bits) %fieldset diff --git a/lib/api/settings.rb b/lib/api/settings.rb index 03fa06c722b..f4a4cc30a5a 100644 --- a/lib/api/settings.rb +++ b/lib/api/settings.rb @@ -109,8 +109,8 @@ module API requires :housekeeping_gc_period, type: Integer, desc: "Number of Git pushes after which 'git gc' is run." end optional :terminal_max_session_time, type: Integer, desc: 'Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.' - optional :minimum_rsa_bits, type: Integer, desc: 'The minimum allowed bit length of an uploaded RSA key.' - optional :minimum_ecdsa_bits, type: Integer, desc: 'The minimum allowed curve size (in bits) of an uploaded ECDSA key.' + optional :minimum_rsa_bits, type: Integer, values: Gitlab::SSHPublicKey.allowed_sizes('rsa'), desc: 'The minimum allowed bit length of an uploaded RSA key.' + optional :minimum_ecdsa_bits, type: Integer, values: Gitlab::SSHPublicKey.allowed_sizes('ecdsa'), desc: 'The minimum allowed curve size (in bits) of an uploaded ECDSA key.' optional :allowed_key_types, type: Array[String], values: Gitlab::SSHPublicKey.technology_names, desc: 'The SSH key types accepted by the application (`rsa`, `dsa`, or `ecdsa`).' at_least_one_of :default_branch_protection, :default_project_visibility, :default_snippet_visibility, diff --git a/spec/features/admin/admin_settings_spec.rb b/spec/features/admin/admin_settings_spec.rb index 97592aa70b0..4a4a79663d8 100644 --- a/spec/features/admin/admin_settings_spec.rb +++ b/spec/features/admin/admin_settings_spec.rb @@ -46,7 +46,7 @@ feature 'Admin updates settings', feature: true do scenario 'Change Keys settings' do uncheck 'RSA' uncheck 'DSA' - fill_in 'Minimum ECDSA key length', with: '384' + select '384', from: 'Minimum ECDSA key length' click_on 'Save' expect(page).to have_content 'Application settings saved successfully' diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index 55712368cdd..d07fc4c375d 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -38,9 +38,12 @@ describe ApplicationSetting, models: true do end it { is_expected.to validate_presence_of(:minimum_rsa_bits) } - it { is_expected.to validate_numericality_of(:minimum_rsa_bits).only_integer.is_greater_than(0) } + it { is_expected.to allow_value(*Gitlab::SSHPublicKey.allowed_sizes('rsa')).for(:minimum_rsa_bits) } + it { is_expected.not_to allow_value(128).for(:minimum_rsa_bits) } + it { is_expected.to validate_presence_of(:minimum_ecdsa_bits) } - it { is_expected.to validate_numericality_of(:minimum_ecdsa_bits).only_integer.is_greater_than(0) } + it { is_expected.to allow_value(*Gitlab::SSHPublicKey.allowed_sizes('ecdsa')).for(:minimum_ecdsa_bits) } + it { is_expected.not_to allow_value(128).for(:minimum_ecdsa_bits) } describe 'allowed_key_types validations' do it { is_expected.to allow_value([:rsa], [:rsa, :dsa, :ecdsa]).for(:allowed_key_types) } |