diff options
author | Nick Thomas <nick@gitlab.com> | 2017-08-28 21:58:36 +0100 |
---|---|---|
committer | Nick Thomas <nick@gitlab.com> | 2017-08-30 20:50:44 +0100 |
commit | eb05bdc6f589f6f0713df12582eb9f18fc4022b3 (patch) | |
tree | 2a975a959d0ad419362f7b04d0329581af2bc366 | |
parent | b84ca08e351fc9238bef4e6b4bf74158d25d4f1d (diff) | |
download | gitlab-ce-eb05bdc6f589f6f0713df12582eb9f18fc4022b3.tar.gz |
Move the key restriction validation to its own class
-rw-r--r-- | app/models/application_setting.rb | 10 | ||||
-rw-r--r-- | app/validators/key_restriction_validator.rb | 29 | ||||
-rw-r--r-- | lib/api/settings.rb | 2 | ||||
-rw-r--r-- | spec/models/application_setting_spec.rb | 2 |
4 files changed, 33 insertions, 10 deletions
diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index fcf31694ab5..2c61717d0e0 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -15,13 +15,9 @@ class ApplicationSetting < ActiveRecord::Base # Setting a key restriction to `-1` means that all keys of this type are # forbidden. - FORBIDDEN_KEY_VALUE = -1 + FORBIDDEN_KEY_VALUE = KeyRestrictionValidator::FORBIDDEN SUPPORTED_KEY_TYPES = %i[rsa dsa ecdsa ed25519].freeze - def self.supported_key_restrictions(type) - [0, *Gitlab::SSHPublicKey.supported_sizes(type), FORBIDDEN_KEY_VALUE] - end - serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize @@ -156,9 +152,7 @@ class ApplicationSetting < ActiveRecord::Base numericality: { greater_than_or_equal_to: 0 } SUPPORTED_KEY_TYPES.each do |type| - validates :"#{type}_key_restriction", - presence: true, - inclusion: { in: ApplicationSetting.supported_key_restrictions(type) } + validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type } end validates_each :restricted_visibility_levels do |record, attr, value| diff --git a/app/validators/key_restriction_validator.rb b/app/validators/key_restriction_validator.rb new file mode 100644 index 00000000000..204be827941 --- /dev/null +++ b/app/validators/key_restriction_validator.rb @@ -0,0 +1,29 @@ +class KeyRestrictionValidator < ActiveModel::EachValidator + FORBIDDEN = -1 + + def self.supported_sizes(type) + Gitlab::SSHPublicKey.supported_sizes(type) + end + + def self.supported_key_restrictions(type) + [0, *supported_sizes(type), FORBIDDEN] + end + + def validate_each(record, attribute, value) + unless valid_restriction?(value) + record.errors.add(attribute, "must be forbidden, allowed, or one of these sizes: #{supported_sizes_message}") + end + end + + private + + def supported_sizes_message + sizes = self.class.supported_sizes(options[:type]) + sizes.to_sentence(last_word_connector: ', or ', two_words_connector: ' or ') + end + + def valid_restriction?(value) + choices = self.class.supported_key_restrictions(options[:type]) + choices.include?(value) + end +end diff --git a/lib/api/settings.rb b/lib/api/settings.rb index 01123e45ee0..851b226e9e5 100644 --- a/lib/api/settings.rb +++ b/lib/api/settings.rb @@ -125,7 +125,7 @@ module API ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type| optional :"#{type}_key_restriction", type: Integer, - values: ApplicationSetting.supported_key_restrictions(type), + values: KeyRestrictionValidator.supported_key_restrictions(type), desc: "Restrictions on the complexity of uploaded #{type.upcase} keys. A value of #{ApplicationSetting::FORBIDDEN_KEY_VALUE} disables all #{type.upcase} keys." end diff --git a/spec/models/application_setting_spec.rb b/spec/models/application_setting_spec.rb index 0435aa9dfe1..a3b6baca0a2 100644 --- a/spec/models/application_setting_spec.rb +++ b/spec/models/application_setting_spec.rb @@ -85,7 +85,7 @@ describe ApplicationSetting do let(:field) { :"#{type}_key_restriction" } it { is_expected.to validate_presence_of(field) } - it { is_expected.to allow_value(*described_class.supported_key_restrictions(type)).for(field) } + it { is_expected.to allow_value(*KeyRestrictionValidator.supported_key_restrictions(type)).for(field) } it { is_expected.not_to allow_value(128).for(field) } end end |