Provide a list of allowed values for each SSH key technology

Signed-off-by: Rémy Coutable <remy@rymai.me>

5 files changed, 16 insertions, 11 deletions

diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb
index 0283606694e..b10283464d3 100644
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -120,11 +120,11 @@ class ApplicationSetting < ActiveRecord::Base
 
   validates :minimum_rsa_bits,
             presence: true,
-            numericality: { only_integer: true, greater_than: 0 }
+            inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('rsa') }
 
   validates :minimum_ecdsa_bits,
             presence: true,
-            numericality: { only_integer: true, greater_than: 0 }
+            inclusion: { in: Gitlab::SSHPublicKey.allowed_sizes('ecdsa') }
 
   validates_each :restricted_visibility_levels do |record, attr, value|
     value&.each do |level|
diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml
index 6dc0d27d5ff..f98022297a8 100644
--- a/app/views/admin/application_settings/_form.html.haml
+++ b/app/views/admin/application_settings/_form.html.haml
@@ -53,17 +53,19 @@
           .checkbox= key_type_checkbox
         %span.help-block#allowed-key-types-help
           Only SSH keys with allowed algorithms can be uploaded.
+
     .form-group
       = f.label :minimum_rsa_bits, 'Minimum RSA key length', class: 'control-label col-sm-2'
       .col-sm-10
-        = f.number_field :minimum_rsa_bits, class: 'form-control'
-        %span.help-block#session_expire_delay_help_block
+        = f.select :minimum_rsa_bits, Gitlab::SSHPublicKey.allowed_sizes('rsa'), {}, class: 'form-control'
+        .help-block
           The minimum length for user RSA SSH keys (in bits)
+
     .form-group
       = f.label :minimum_ecdsa_bits, 'Minimum ECDSA key length', class: 'control-label col-sm-2'
       .col-sm-10
-        = f.number_field :minimum_ecdsa_bits, class: 'form-control'
-        %span.help-block#session_expire_delay_help_block
+        = f.select :minimum_ecdsa_bits, Gitlab::SSHPublicKey.allowed_sizes('ecdsa'), {}, class: 'form-control'
+        .help-block
           The minimum elliptic curve size for user ECDSA SSH keys (in bits)
 
   %fieldset
diff --git a/lib/api/settings.rb b/lib/api/settings.rb
index 03fa06c722b..f4a4cc30a5a 100644
--- a/lib/api/settings.rb
+++ b/lib/api/settings.rb
@@ -109,8 +109,8 @@ module API
         requires :housekeeping_gc_period, type: Integer, desc: "Number of Git pushes after which 'git gc' is run."
       end
       optional :terminal_max_session_time, type: Integer, desc: 'Maximum time for web terminal websocket connection (in seconds). Set to 0 for unlimited time.'
-      optional :minimum_rsa_bits, type: Integer, desc: 'The minimum allowed bit length of an uploaded RSA key.'
-      optional :minimum_ecdsa_bits, type: Integer, desc: 'The minimum allowed curve size (in bits) of an uploaded ECDSA key.'
+      optional :minimum_rsa_bits, type: Integer, values: Gitlab::SSHPublicKey.allowed_sizes('rsa'), desc: 'The minimum allowed bit length of an uploaded RSA key.'
+      optional :minimum_ecdsa_bits, type: Integer, values: Gitlab::SSHPublicKey.allowed_sizes('ecdsa'), desc: 'The minimum allowed curve size (in bits) of an uploaded ECDSA key.'
       optional :allowed_key_types, type: Array[String], values: Gitlab::SSHPublicKey.technology_names, desc: 'The SSH key types accepted by the application (`rsa`, `dsa`, or `ecdsa`).'
 
       at_least_one_of :default_branch_protection, :default_project_visibility, :default_snippet_visibility,
diff --git a/spec/features/admin/admin_settings_spec.rb b/spec/features/admin/admin_settings_spec.rb
index 97592aa70b0..4a4a79663d8 100644
--- a/spec/features/admin/admin_settings_spec.rb
+++ b/spec/features/admin/admin_settings_spec.rb
@@ -46,7 +46,7 @@ feature 'Admin updates settings', feature: true do
   scenario 'Change Keys settings' do
     uncheck 'RSA'
     uncheck 'DSA'
-    fill_in 'Minimum ECDSA key length', with: '384'
+    select '384', from: 'Minimum ECDSA key length'
     click_on 'Save'
 
     expect(page).to have_content 'Application settings saved successfully'
diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb
index 55712368cdd..d07fc4c375d 100644
--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -38,9 +38,12 @@ describe ApplicationSetting, models: true do
     end
 
     it { is_expected.to validate_presence_of(:minimum_rsa_bits) }
-    it { is_expected.to validate_numericality_of(:minimum_rsa_bits).only_integer.is_greater_than(0) }
+    it { is_expected.to allow_value(*Gitlab::SSHPublicKey.allowed_sizes('rsa')).for(:minimum_rsa_bits) }
+    it { is_expected.not_to allow_value(128).for(:minimum_rsa_bits) }
+
     it { is_expected.to validate_presence_of(:minimum_ecdsa_bits) }
-    it { is_expected.to validate_numericality_of(:minimum_ecdsa_bits).only_integer.is_greater_than(0) }
+    it { is_expected.to allow_value(*Gitlab::SSHPublicKey.allowed_sizes('ecdsa')).for(:minimum_ecdsa_bits) }
+    it { is_expected.not_to allow_value(128).for(:minimum_ecdsa_bits) }
 
     describe 'allowed_key_types validations' do
       it { is_expected.to allow_value([:rsa], [:rsa, :dsa, :ecdsa]).for(:allowed_key_types) }