Reject ssh keys that break gitolite.

Failing test. Working check.
author: Sytse Sijbrandij <sytse@dosire.com> 2012-09-21 18:22:43 +0200
committer: Sytse Sijbrandij <sytse@dosire.com> 2012-09-24 16:48:10 +0200
commit: f3ce02b5c944e5956eb7208506ec513623d092d8 (patch)
tree: dd2af9f7083fbcb2ccb75988d31607fa7953c195 /app/models/key.rb
parent: 8f9a450eedc5b5fc13e24788ab67f2de928dd83a (diff)
download: gitlab-ce-f3ce02b5c944e5956eb7208506ec513623d092d8.tar.gz
1 files changed, 16 insertions, 1 deletions
diff --git a/app/models/key.rb b/app/models/key.rb
index a39a4a16c22..3982a94602d 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -18,7 +18,7 @@ class Key < ActiveRecord::Base
   before_save :set_identifier
   before_validation :strip_white_space
   delegate :name, :email, to: :user, prefix: true
-  validate :unique_key
+  validate :unique_key, :fingerprintable_key
 
   def strip_white_space
     self.key = self.key.strip unless self.key.blank?
@@ -32,6 +32,21 @@ class Key < ActiveRecord::Base
     end
   end
 
+  def fingerprintable_key
+    return true unless key # Don't test if there is no key.
+    # `ssh-keygen -lf /dev/stdin <<< "#{key}"` errors with: redirection unexpected
+    file = Tempfile.new('key_file')
+    begin
+      file.puts key
+      file.rewind
+      fingerprint_output = `ssh-keygen -lf #{file.path} 2>&1` # Catch stderr.
+    ensure
+      file.close
+      file.unlink # deletes the temp file
+    end
+    errors.add(:key, "can't be fingerprinted") if fingerprint_output.match("failed")
+  end
+
   def set_identifier
     if is_deploy_key
       self.identifier = "deploy_" + Digest::MD5.hexdigest(key)
author	Sytse Sijbrandij <sytse@dosire.com>	2012-09-21 18:22:43 +0200
committer	Sytse Sijbrandij <sytse@dosire.com>	2012-09-24 16:48:10 +0200
commit	f3ce02b5c944e5956eb7208506ec513623d092d8 (patch)
tree	dd2af9f7083fbcb2ccb75988d31607fa7953c195 /app/models/key.rb
parent	8f9a450eedc5b5fc13e24788ab67f2de928dd83a (diff)
download	gitlab-ce-f3ce02b5c944e5956eb7208506ec513623d092d8.tar.gz