diff options
| -rw-r--r-- | app/controllers/projects/pages_controller.rb | 5 | ||||
| -rw-r--r-- | app/models/project.rb | 8 | ||||
| -rw-r--r-- | app/validators/certificate_key_validator.rb | 1 | ||||
| -rw-r--r-- | app/validators/certificate_validator.rb | 14 | ||||
| -rw-r--r-- | app/views/projects/edit.html.haml | 41 | ||||
| -rw-r--r-- | app/views/projects/pages/_use.html.haml | 10 | ||||
| -rw-r--r-- | db/migrate/20160209125808_add_pages_custom_domain_to_projects.rb | 6 |
7 files changed, 15 insertions, 70 deletions
diff --git a/app/controllers/projects/pages_controller.rb b/app/controllers/projects/pages_controller.rb index ef0ed505142..359544472e9 100644 --- a/app/controllers/projects/pages_controller.rb +++ b/app/controllers/projects/pages_controller.rb @@ -54,8 +54,9 @@ class Projects::PagesController < Projects::ApplicationController return false unless certificate return false unless certificate_key - certificate.verify(certificate_key) - rescue OpenSSL::X509::CertificateError + # We compare the public key stored in certificate with public key from certificate key + certificate.public_key.to_pem == certificate_key.public_key.to_pem + rescue OpenSSL::X509::CertificateError, OpenSSL::PKey::PKeyError false end diff --git a/app/models/project.rb b/app/models/project.rb index 34618817fb6..f447c2bf293 100644 --- a/app/models/project.rb +++ b/app/models/project.rb @@ -76,8 +76,6 @@ class Project < ActiveRecord::Base attr_accessor :new_default_branch attr_accessor :old_path_with_namespace - attr_encrypted :pages_custom_certificate_key, mode: :per_attribute_iv_and_salt, key: Gitlab::Application.secrets.db_key_base - alias_attribute :title, :name # Relations @@ -209,14 +207,16 @@ class Project < ActiveRecord::Base validates :pages_custom_domain, hostname: true, allow_blank: true, allow_nil: true validates_uniqueness_of :pages_custom_domain, allow_nil: true, allow_blank: true - validates :pages_custom_certificate, certificate: { intermediate: true } - validates :pages_custom_certificate_key, certificate_key: true + validates :pages_custom_certificate, certificate: true, allow_nil: true, allow_blank: true + validates :pages_custom_certificate_key, certificate_key: true, allow_nil: true, allow_blank: true add_authentication_token_field :runners_token before_save :ensure_runners_token mount_uploader :avatar, AvatarUploader + attr_encrypted :pages_custom_certificate_key, mode: :per_attribute_iv_and_salt, key: Gitlab::Application.secrets.db_key_base + # Scopes default_scope { where(pending_delete: false) } diff --git a/app/validators/certificate_key_validator.rb b/app/validators/certificate_key_validator.rb index 3b5bd30db1a..7039bd5a621 100644 --- a/app/validators/certificate_key_validator.rb +++ b/app/validators/certificate_key_validator.rb @@ -16,6 +16,7 @@ class CertificateKeyValidator < ActiveModel::EachValidator private def valid_private_key_pem?(value) + return unless value pkey = OpenSSL::PKey::RSA.new(value) pkey.private? rescue OpenSSL::PKey::PKeyError diff --git a/app/validators/certificate_validator.rb b/app/validators/certificate_validator.rb index 2cba5a435b7..2a04c76d4b9 100644 --- a/app/validators/certificate_validator.rb +++ b/app/validators/certificate_validator.rb @@ -3,26 +3,20 @@ # Custom validator for private keys. # # class Project < ActiveRecord::Base -# validates :certificate_key, certificate_key: true +# validates :certificate_key, certificate: true # end # class CertificateValidator < ActiveModel::EachValidator def validate_each(record, attribute, value) - certificate = parse_certificate(value) - unless certificate + unless valid_certificate_pem?(value) record.errors.add(attribute, "must be a valid PEM certificate") end - - if options[:intermediates] - unless certificate - record.errors.add(attribute, "certificate verification failed: missing intermediate certificates") - end - end end private - def parse_certificate(value) + def valid_certificate_pem?(value) + return unless value OpenSSL::X509::Certificate.new(value) rescue OpenSSL::X509::CertificateError nil diff --git a/app/views/projects/edit.html.haml b/app/views/projects/edit.html.haml index f4c1db1b93d..dab40d37ead 100644 --- a/app/views/projects/edit.html.haml +++ b/app/views/projects/edit.html.haml @@ -134,47 +134,6 @@ = link_to 'Remove avatar', namespace_project_avatar_path(@project.namespace, @project), data: { confirm: "Project avatar will be removed. Are you sure?"}, method: :delete, class: "btn btn-remove btn-sm remove-avatar" = f.submit 'Save changes', class: "btn btn-save" - - if Settings.pages.enabled - .pages-settings - .panel.panel-default - .panel-heading Pages - .errors-holder - .panel-body - - if @project.pages_url - %strong - Congratulations! Your pages are served at: - %p= link_to @project.pages_url, @project.pages_url - - else - %p - Learn how to upload your static site and have it served by - GitLab by following the #{link_to "documentation on GitLab Pages", "http://doc.gitlab.com/ee/pages/README.html", target: :blank}. - %p - In the example below we define a special job named - %code pages - which is using Jekyll to build a static site. The generated - HTML will be stored in the - %code public/ - directory which will then be archived and uploaded to GitLab. - The name of the directory should not be different than - %code public/ - in order for the pages to work. - %ul - %li - %pre - :plain - pages: - image: jekyll/jekyll - script: jekyll build -d public/ - artifacts: - paths: - - public/ - - - if @project.pages_url && can?(current_user, :remove_pages, @project) - .form-actions - = link_to 'Remove pages', remove_pages_namespace_project_path(@project.namespace, @project), - data: { confirm: "Are you sure that you want to remove pages for this project?" }, - method: :post, class: "btn btn-warning" - .row.prepend-top-default %hr .row.prepend-top-default diff --git a/app/views/projects/pages/_use.html.haml b/app/views/projects/pages/_use.html.haml index 5542bbe670b..ee38f45d44d 100644 --- a/app/views/projects/pages/_use.html.haml +++ b/app/views/projects/pages/_use.html.haml @@ -6,13 +6,3 @@ %p Learn how to upload your static site and have it served by GitLab by following the #{link_to "documentation on GitLab Pages", "http://doc.gitlab.com/ee/pages/README.html", target: :blank}. - %p - In the example below we define a special job named - %code pages - which is using Jekyll to build a static site. The generated - HTML will be stored in the - %code public/ - directory which will then be archived and uploaded to GitLab. - The name of the directory should not be different than - %code public/ - in order for the pages to work. diff --git a/db/migrate/20160209125808_add_pages_custom_domain_to_projects.rb b/db/migrate/20160209125808_add_pages_custom_domain_to_projects.rb index 6472199fc4a..13b42d18a7a 100644 --- a/db/migrate/20160209125808_add_pages_custom_domain_to_projects.rb +++ b/db/migrate/20160209125808_add_pages_custom_domain_to_projects.rb @@ -1,9 +1,9 @@ class AddPagesCustomDomainToProjects < ActiveRecord::Migration def change add_column :projects, :pages_custom_certificate, :text - add_column :projects, :pages_custom_certificate_key, :text - add_column :projects, :pages_custom_certificate_key_iv, :string - add_column :projects, :pages_custom_certificate_key_salt, :string + add_column :projects, :encrypted_pages_custom_certificate_key, :text + add_column :projects, :encrypted_pages_custom_certificate_key_iv, :string + add_column :projects, :encrypted_pages_custom_certificate_key_salt, :string add_column :projects, :pages_custom_domain, :string, unique: true add_column :projects, :pages_redirect_http, :boolean, default: false, null: false end |