spec/finders/keys_finder_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe KeysFinder do
  subject { described_class.new(params).execute }

  let_it_be(:user) { create(:user) }
  let_it_be(:key_1) do
    create(:rsa_key_4096,
      last_used_at: 7.days.ago,
      user: user,
      fingerprint: 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7',
      fingerprint_sha256: 'ByDU7hQ1JB95l6p53rHrffc4eXvEtqGUtQhS+Dhyy7g')
  end

  let_it_be(:key_2) { create(:personal_key_4096, last_used_at: nil, user: user) }
  let_it_be(:key_3) { create(:personal_key_4096, last_used_at: 2.days.ago) }

  let(:params) { {} }

  context 'key_type' do
    let_it_be(:deploy_key) { create(:deploy_key) }

    context 'when `key_type` is `ssh`' do
      before do
        params[:key_type] = 'ssh'
      end

      it 'returns only SSH keys' do
        expect(subject).to contain_exactly(key_1, key_2, key_3)
      end
    end

    context 'when `key_type` is not specified' do
      it 'returns all types of keys' do
        expect(subject).to contain_exactly(key_1, key_2, key_3, deploy_key)
      end
    end
  end

  context 'fingerprint' do
    context 'with invalid fingerprint' do
      context 'with invalid MD5 fingerprint' do
        before do
          params[:fingerprint] = '11:11:11:11'
        end

        it 'raises InvalidFingerprint' do
          expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
        end
      end

      context 'with invalid SHA fingerprint' do
        before do
          params[:fingerprint] = 'nUhzNyftwAAKs7HufskYTte2g'
        end

        it 'raises InvalidFingerprint' do
          expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
        end
      end
    end

    context 'with valid fingerprints' do
      let_it_be(:deploy_key) { create(:rsa_deploy_key_5120, user: user) }

      context 'personal key with valid MD5 params' do
        context 'with an existent fingerprint' do
          before do
            params[:fingerprint] = 'df:73:db:29:3c:a5:32:cf:09:17:7e:8e:9d:de:d7:f7'
          end

          it 'returns the key' do
            expect(subject).to eq(key_1)
            expect(subject.user).to eq(user)
          end

          context 'with FIPS mode', :fips_mode do
            it 'raises InvalidFingerprint' do
              expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
            end
          end
        end

        context 'deploy key with an existent fingerprint' do
          before do
            params[:fingerprint] = 'fe:fa:3a:4d:7d:51:ec:bf:c7:64:0c:96:d0:17:8a:d0'
          end

          it 'returns the key' do
            expect(subject).to eq(deploy_key)
            expect(subject.user).to eq(user)
          end

          context 'with FIPS mode', :fips_mode do
            it 'raises InvalidFingerprint' do
              expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
            end
          end
        end

        context 'with a non-existent fingerprint' do
          before do
            params[:fingerprint] = 'bb:81:59:68:d7:6c:cd:02:02:bf:6a:9b:55:4e:af:d2'
          end

          it 'returns nil' do
            expect(subject).to be_nil
          end

          context 'with FIPS mode', :fips_mode do
            it 'raises InvalidFingerprint' do
              expect { subject }.to raise_error(KeysFinder::InvalidFingerprint)
            end
          end
        end
      end

      context 'personal key with valid SHA256 params' do
        context 'with an existent fingerprint' do
          before do
            params[:fingerprint] = 'SHA256:ByDU7hQ1JB95l6p53rHrffc4eXvEtqGUtQhS+Dhyy7g'
          end

          it 'returns key' do
            expect(subject).to eq(key_1)
            expect(subject.user).to eq(user)
          end
        end

        context 'deploy key with an existent fingerprint' do
          before do
            params[:fingerprint] = 'SHA256:PCCupLbFHScm4AbEufbGDvhBU27IM0MVAor715qKQK8'
          end

          it 'returns key' do
            expect(subject).to eq(deploy_key)
            expect(subject.user).to eq(user)
          end
        end

        context 'with a non-existent fingerprint' do
          before do
            params[:fingerprint] = 'SHA256:xTjuFqftwADy8AH3wFY31tAKs7HufskYTte2aXi/mNp'
          end

          it 'returns nil' do
            expect(subject).to be_nil
          end
        end
      end
    end
  end

  context 'user' do
    context 'without user' do
      it 'contains ssh_keys of all users in the system' do
        expect(subject).to contain_exactly(key_1, key_2, key_3)
      end
    end

    context 'with user' do
      before do
        params[:users] = user
      end

      it 'contains ssh_keys of only the specified users' do
        expect(subject).to contain_exactly(key_1, key_2)
      end
    end
  end

  context 'sort order' do
    it 'sorts in last_used_at_desc order' do
      expect(subject).to eq([key_3, key_1, key_2])
    end
  end
end