2018-11-08 19:23:39 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
2018-03-17 18:26:18 +05:30
|
|
|
class KeyRestrictionValidator < ActiveModel::EachValidator
|
|
|
|
|
FORBIDDEN = -1
|
2022-06-21 17:19:12 +05:30
|
|
|
ALLOWED = 0
|
2018-03-17 18:26:18 +05:30
|
|
|
|
|
|
|
|
def self.supported_sizes(type)
|
|
|
|
|
Gitlab::SSHPublicKey.supported_sizes(type)
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def self.supported_key_restrictions(type)
|
2022-06-21 17:19:12 +05:30
|
|
|
if Gitlab::FIPS.enabled?
|
|
|
|
|
[*supported_sizes(type), FORBIDDEN]
|
|
|
|
|
else
|
|
|
|
|
[ALLOWED, *supported_sizes(type), FORBIDDEN]
|
|
|
|
|
end
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def validate_each(record, attribute, value)
|
|
|
|
|
unless valid_restriction?(value)
|
2022-06-21 17:19:12 +05:30
|
|
|
record.errors.add(attribute, "must be #{supported_sizes_message}")
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
private
|
|
|
|
|
|
|
|
|
|
def supported_sizes_message
|
2022-06-21 17:19:12 +05:30
|
|
|
sizes = []
|
|
|
|
|
|
|
|
|
|
sizes << "forbidden" if valid_restriction?(FORBIDDEN)
|
|
|
|
|
sizes << "allowed" if valid_restriction?(ALLOWED)
|
|
|
|
|
sizes += self.class.supported_sizes(options[:type])
|
2020-03-13 15:44:24 +05:30
|
|
|
|
|
|
|
|
Gitlab::Utils.to_exclusive_sentence(sizes)
|
2018-03-17 18:26:18 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def valid_restriction?(value)
|
|
|
|
|
choices = self.class.supported_key_restrictions(options[:type])
|
|
|
|
|
choices.include?(value)
|
|
|
|
|
end
|
|
|
|
|
end
|
