summaryrefslogtreecommitdiff
path: root/app/models/key.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/models/key.rb')
-rw-r--r--app/models/key.rb24
1 files changed, 22 insertions, 2 deletions
diff --git a/app/models/key.rb b/app/models/key.rb
index e093f9faad3..5268ce2e040 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -1,7 +1,5 @@
# frozen_string_literal: true
-require 'digest/md5'
-
class Key < ApplicationRecord
include AfterCommitQueue
include Sortable
@@ -30,6 +28,7 @@ class Key < ApplicationRecord
validate :key_meets_restrictions
validate :expiration, on: :create
+ validate :banned_key, if: :should_check_for_banned_key?
delegate :name, :email, to: :user, prefix: true
@@ -144,6 +143,27 @@ class Key < ApplicationRecord
end
end
+ def should_check_for_banned_key?
+ return false unless user
+
+ key_changed? && Feature.enabled?(:ssh_banned_key, user)
+ end
+
+ def banned_key
+ return unless public_key.banned?
+
+ help_page_url = Rails.application.routes.url_helpers.help_page_url(
+ 'security/ssh_keys_restrictions',
+ anchor: 'block-banned-or-compromised-keys'
+ )
+
+ errors.add(
+ :key,
+ _('cannot be used because it belongs to a compromised private key. Stop using this key and generate a new one.'),
+ help_page_url: help_page_url
+ )
+ end
+
def forbidden_key_type_message
allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)