1 files changed, 19 insertions, 7 deletions

diff --git a/lib/api/internal.rb b/lib/api/internal.rb
index 5b54c11ef62..1114fd21784 100644
--- a/lib/api/internal.rb
+++ b/lib/api/internal.rb
@@ -35,6 +35,14 @@ module API
             Project.find_with_namespace(project_path)
           end
         end
+
+        def ssh_authentication_abilities
+          [
+            :read_project,
+            :download_code,
+            :push_code
+          ]
+        end
       end
 
       post "/allowed" do
@@ -51,9 +59,9 @@ module API
 
         access =
           if wiki?
-            Gitlab::GitAccessWiki.new(actor, project, protocol)
+            Gitlab::GitAccessWiki.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
           else
-            Gitlab::GitAccess.new(actor, project, protocol)
+            Gitlab::GitAccess.new(actor, project, protocol, authentication_abilities: ssh_authentication_abilities)
           end
 
         access_status = access.check(params[:action], params[:changes])
@@ -105,15 +113,19 @@ module API
       post '/two_factor_recovery_codes' do
         status 200
 
-        key = Key.find(params[:key_id])
-        user = key.user
+        key = Key.find_by(id: params[:key_id])
 
-        # Make sure this isn't a deploy key
-        unless key.type.nil?
+        unless key
+          return { 'success' => false, 'message' => 'Could not find the given key' }
+        end
+
+        if key.is_a?(DeployKey)
           return { success: false, message: 'Deploy keys cannot be used to retrieve recovery codes' }
         end
 
-        unless user.present?
+        user = key.user
+
+        unless user
           return { success: false, message: 'Could not find a user for the given key' }
         end