1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Profile > SSH Keys', feature_category: :user_profile do
let(:user) { create(:user) }
before do
sign_in(user)
end
describe 'User adds a key' do
before do
visit profile_keys_path
end
it 'auto-populates the title', :js do
fill_in('Key', with: attributes_for(:key).fetch(:key))
expect(page).to have_field("Title", with: "dummy@gitlab.com")
end
it 'saves the new key' do
attrs = attributes_for(:key)
fill_in('Key', with: attrs[:key])
fill_in('Title', with: attrs[:title])
click_button('Add key')
expect(page).to have_content("Title: #{attrs[:title]}")
expect(page).to have_content(attrs[:key])
expect(find('[data-testid="breadcrumb-current-link"]')).to have_link(attrs[:title])
end
it 'shows a confirmable warning if the key begins with an algorithm name that is unsupported' do
attrs = attributes_for(:key)
fill_in('Key', with: 'unsupported-ssh-rsa key')
fill_in('Title', with: attrs[:title])
click_button('Add key')
expect(page).to have_selector('.js-add-ssh-key-validation-warning')
find('.js-add-ssh-key-validation-confirm-submit').click
expect(page).to have_content('Key is invalid')
end
context 'when only DSA and ECDSA keys are allowed' do
before do
forbidden = ApplicationSetting::FORBIDDEN_KEY_VALUE
stub_application_setting(
rsa_key_restriction: forbidden,
ed25519_key_restriction: forbidden,
ecdsa_sk_key_restriction: forbidden,
ed25519_sk_key_restriction: forbidden
)
end
it 'shows a validation error' do
attrs = attributes_for(:key)
fill_in('Key', with: attrs[:key])
fill_in('Title', with: attrs[:title])
click_button('Add key')
expect(page).to have_content('Key type is forbidden. Must be DSA or ECDSA')
end
end
end
it 'user sees their keys' do
key = create(:key, user: user)
visit profile_keys_path
expect(page).to have_content(key.title)
end
def destroy_key(path, action, confirmation_button)
visit path
page.click_button(action)
page.within('.modal') do
page.click_button(confirmation_button)
end
expect(page).to have_content('Your SSH keys (0)')
end
describe 'User removes a key', :js do
let!(:key) { create(:key, user: user) }
context 'via the key index' do
it 'removes key' do
destroy_key(profile_keys_path, 'Remove', 'Delete')
end
end
context 'via its details page' do
it 'removes key' do
destroy_key(profile_keys_path(key), 'Remove', 'Delete')
end
end
end
describe 'User revokes a key', :js do
context 'when a commit is signed using SSH key' do
let!(:project) { create(:project, :repository) }
let!(:key) { create(:key, user: user) }
let!(:commit) { project.commit('ssh-signed-commit') }
let!(:signature) do
create(:ssh_signature,
project: project,
key: key,
key_fingerprint_sha256: key.fingerprint_sha256,
commit_sha: commit.sha)
end
before do
project.add_developer(user)
end
it 'revoking the SSH key marks commits as unverified' do
visit project_commit_path(project, commit)
wait_for_all_requests
find('a.signature-badge', text: 'Verified').click
within('.popover') do
expect(page).to have_content("Verified commit")
expect(page).to have_content("SSH key fingerprint: #{key.fingerprint_sha256}")
end
destroy_key(profile_keys_path, 'Revoke', 'Revoke')
visit project_commit_path(project, commit)
wait_for_all_requests
find('a.signature-badge', text: 'Unverified').click
within('.popover') do
expect(page).to have_content("Unverified signature")
expect(page).to have_content('This commit was signed with a key that was revoked.')
expect(page).to have_content("SSH key fingerprint: #{signature.key_fingerprint_sha256}")
end
end
end
end
end
|