debian-mirror-gitlab/spec/models/key_spec.rb

329 lines
10 KiB
Ruby
Raw Normal View History

2019-07-07 11:18:12 +05:30
# frozen_string_literal: true
2014-09-02 18:07:02 +05:30
require 'spec_helper'
2020-07-28 23:09:34 +05:30
RSpec.describe Key, :mailer do
2014-09-02 18:07:02 +05:30
describe "Associations" do
2015-04-26 12:48:37 +05:30
it { is_expected.to belong_to(:user) }
2014-09-02 18:07:02 +05:30
end
describe "Validation" do
2015-04-26 12:48:37 +05:30
it { is_expected.to validate_presence_of(:title) }
2017-08-17 22:00:37 +05:30
it { is_expected.to validate_length_of(:title).is_at_most(255) }
2015-04-26 12:48:37 +05:30
it { is_expected.to validate_presence_of(:key) }
2017-08-17 22:00:37 +05:30
it { is_expected.to validate_length_of(:key).is_at_most(5000) }
2018-03-17 18:26:18 +05:30
it { is_expected.to allow_value(attributes_for(:rsa_key_2048)[:key]).for(:key) }
2018-03-27 19:54:05 +05:30
it { is_expected.to allow_value(attributes_for(:rsa_key_4096)[:key]).for(:key) }
it { is_expected.to allow_value(attributes_for(:rsa_key_5120)[:key]).for(:key) }
it { is_expected.to allow_value(attributes_for(:rsa_key_8192)[:key]).for(:key) }
2018-03-17 18:26:18 +05:30
it { is_expected.to allow_value(attributes_for(:dsa_key_2048)[:key]).for(:key) }
it { is_expected.to allow_value(attributes_for(:ecdsa_key_256)[:key]).for(:key) }
it { is_expected.to allow_value(attributes_for(:ed25519_key_256)[:key]).for(:key) }
2022-04-04 11:22:00 +05:30
it { is_expected.to allow_value(attributes_for(:ecdsa_sk_key_256)[:key]).for(:key) }
it { is_expected.to allow_value(attributes_for(:ed25519_sk_key_256)[:key]).for(:key) }
2017-08-17 22:00:37 +05:30
it { is_expected.not_to allow_value('foo-bar').for(:key) }
2022-03-02 08:16:31 +05:30
context 'key format' do
let(:key) { build(:key) }
it 'does not allow the key that begins with an algorithm name that is unsupported' do
key.key = 'unsupported-ssh-rsa key'
key.valid?
expect(key.errors.of_kind?(:key, :invalid)).to eq(true)
end
Gitlab::SSHPublicKey.supported_algorithms.each do |supported_algorithm|
it "allows the key that begins with supported algorithm name '#{supported_algorithm}'" do
key.key = "#{supported_algorithm} key"
key.valid?
expect(key.errors.of_kind?(:key, :invalid)).to eq(false)
end
end
end
2014-09-02 18:07:02 +05:30
end
describe "Methods" do
2016-09-13 17:45:13 +05:30
let(:user) { create(:user) }
2020-03-13 15:44:24 +05:30
2015-04-26 12:48:37 +05:30
it { is_expected.to respond_to :projects }
2015-09-11 14:41:01 +05:30
it { is_expected.to respond_to :publishable_key }
describe "#publishable_keys" do
2016-09-13 17:45:13 +05:30
it 'replaces SSH key comment with simple identifier of username + hostname' do
2017-08-17 22:00:37 +05:30
expect(build(:key, user: user).publishable_key).to include("#{user.name} (#{Gitlab.config.gitlab.host})")
end
end
describe "#update_last_used_at" do
2018-03-17 18:26:18 +05:30
it 'updates the last used timestamp' do
key = build(:key)
service = double(:service)
expect(Keys::LastUsedService).to receive(:new)
.with(key)
.and_return(service)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(service).to receive(:execute)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
key.update_last_used_at
2015-09-11 14:41:01 +05:30
end
end
2014-09-02 18:07:02 +05:30
end
2020-01-01 13:55:28 +05:30
describe 'scopes' do
describe '.for_user' do
let(:user_1) { create(:user) }
let(:key_of_user_1) { create(:personal_key, user: user_1) }
before do
create_list(:personal_key, 2, user: create(:user))
end
it 'returns keys of the specified user only' do
expect(described_class.for_user(user_1)).to contain_exactly(key_of_user_1)
end
end
describe '.order_last_used_at_desc' do
it 'sorts by last_used_at descending, with null values at last' do
key_1 = create(:personal_key, last_used_at: 7.days.ago)
key_2 = create(:personal_key, last_used_at: nil)
key_3 = create(:personal_key, last_used_at: 2.days.ago)
expect(described_class.order_last_used_at_desc)
.to eq([key_3, key_1, key_2])
end
end
2021-04-29 21:17:54 +05:30
context 'expiration scopes' do
let_it_be(:user) { create(:user) }
let_it_be(:expired_today_not_notified) { create(:key, expires_at: Time.current, user: user) }
let_it_be(:expired_today_already_notified) { create(:key, expires_at: Time.current, user: user, expiry_notification_delivered_at: Time.current) }
let_it_be(:expired_yesterday) { create(:key, expires_at: 1.day.ago, user: user) }
let_it_be(:expiring_soon_unotified) { create(:key, expires_at: 3.days.from_now, user: user) }
let_it_be(:expiring_soon_notified) { create(:key, expires_at: 4.days.from_now, user: user, before_expiry_notification_delivered_at: Time.current) }
let_it_be(:future_expiry) { create(:key, expires_at: 1.month.from_now, user: user) }
2021-12-11 22:18:48 +05:30
describe '.expired_today_and_not_notified' do
2021-09-04 01:27:46 +05:30
it 'returns keys that expire today and in the past' do
2021-12-11 22:18:48 +05:30
expect(described_class.expired_today_and_not_notified).to contain_exactly(expired_today_not_notified)
2021-04-29 21:17:54 +05:30
end
end
describe '.expiring_soon_and_not_notified' do
it 'returns keys that will expire soon' do
expect(described_class.expiring_soon_and_not_notified).to contain_exactly(expiring_soon_unotified)
end
end
end
2020-01-01 13:55:28 +05:30
end
2016-06-22 15:30:34 +05:30
context "validation of uniqueness (based on fingerprint uniqueness)" do
2014-09-02 18:07:02 +05:30
let(:user) { create(:user) }
it "accepts the key once" do
2015-04-26 12:48:37 +05:30
expect(build(:key, user: user)).to be_valid
2014-09-02 18:07:02 +05:30
end
it "does not accept the exact same key twice" do
2017-09-10 17:25:29 +05:30
first_key = create(:key, user: user)
expect(build(:key, user: user, key: first_key.key)).not_to be_valid
2014-09-02 18:07:02 +05:30
end
it "does not accept a duplicate key with a different comment" do
2017-09-10 17:25:29 +05:30
first_key = create(:key, user: user)
duplicate = build(:key, user: user, key: first_key.key)
2014-09-02 18:07:02 +05:30
duplicate.key << ' extra comment'
2017-09-10 17:25:29 +05:30
2015-04-26 12:48:37 +05:30
expect(duplicate).not_to be_valid
2014-09-02 18:07:02 +05:30
end
end
context "validate it is a fingerprintable key" do
it "accepts the fingerprintable key" do
2015-04-26 12:48:37 +05:30
expect(build(:key)).to be_valid
2014-09-02 18:07:02 +05:30
end
2015-04-26 12:48:37 +05:30
it 'rejects the unfingerprintable key (not a key)' do
expect(build(:key, key: 'ssh-rsa an-invalid-key==')).not_to be_valid
2014-09-02 18:07:02 +05:30
end
2018-03-27 19:54:05 +05:30
2021-01-29 00:20:46 +05:30
where(:factory, :characters, :expected_sections) do
2018-03-27 19:54:05 +05:30
[
[:key, ["\n", "\r\n"], 3],
[:key, [' ', ' '], 3],
[:key_without_comment, [' ', ' '], 2]
]
end
with_them do
2021-09-04 01:27:46 +05:30
let!(:key) { create(factory) } # rubocop:disable Rails/SaveBang
2018-03-27 19:54:05 +05:30
let!(:original_fingerprint) { key.fingerprint }
2020-01-01 13:55:28 +05:30
let!(:original_fingerprint_sha256) { key.fingerprint_sha256 }
2018-03-27 19:54:05 +05:30
it 'accepts a key with blank space characters after stripping them' do
2021-01-29 00:20:46 +05:30
modified_key = key.key.insert(100, characters.first).insert(40, characters.last)
2018-03-27 19:54:05 +05:30
_, content = modified_key.split
key.update!(key: modified_key)
expect(key).to be_valid
expect(key.key.split.size).to eq(expected_sections)
expect(content).not_to match(/\s/)
expect(original_fingerprint).to eq(key.fingerprint)
2020-01-01 13:55:28 +05:30
expect(original_fingerprint).to eq(key.fingerprint_md5)
expect(original_fingerprint_sha256).to eq(key.fingerprint_sha256)
2018-03-27 19:54:05 +05:30
end
end
2014-09-02 18:07:02 +05:30
end
2018-03-17 18:26:18 +05:30
context 'validate it meets key restrictions' do
where(:factory, :minimum, :result) do
forbidden = ApplicationSetting::FORBIDDEN_KEY_VALUE
[
2022-04-04 11:22:00 +05:30
[:rsa_key_2048, 0, true],
[:dsa_key_2048, 0, true],
[:ecdsa_key_256, 0, true],
[:ed25519_key_256, 0, true],
[:ecdsa_sk_key_256, 0, true],
[:ed25519_sk_key_256, 0, true],
2018-03-17 18:26:18 +05:30
[:rsa_key_2048, 1024, true],
[:rsa_key_2048, 2048, true],
[:rsa_key_2048, 4096, false],
[:dsa_key_2048, 1024, true],
[:dsa_key_2048, 2048, true],
[:dsa_key_2048, 4096, false],
[:ecdsa_key_256, 256, true],
[:ecdsa_key_256, 384, false],
[:ed25519_key_256, 256, true],
[:ed25519_key_256, 384, false],
2022-04-04 11:22:00 +05:30
[:ecdsa_sk_key_256, 256, true],
[:ecdsa_sk_key_256, 384, false],
[:ed25519_sk_key_256, 256, true],
[:ed25519_sk_key_256, 384, false],
[:rsa_key_2048, forbidden, false],
[:dsa_key_2048, forbidden, false],
[:ecdsa_key_256, forbidden, false],
[:ed25519_key_256, forbidden, false],
[:ecdsa_sk_key_256, forbidden, false],
[:ed25519_sk_key_256, forbidden, false]
2018-03-17 18:26:18 +05:30
]
end
with_them do
subject(:key) { build(factory) }
before do
stub_application_setting("#{key.public_key.type}_key_restriction" => minimum)
end
it { expect(key.valid?).to eq(result) }
end
end
2014-09-02 18:07:02 +05:30
context 'callbacks' do
2020-04-08 14:13:33 +05:30
let(:key) { build(:personal_key) }
context 'authorized keys file is enabled' do
before do
stub_application_setting(authorized_keys_enabled: true)
end
it 'adds new key to authorized_file' do
allow(AuthorizedKeysWorker).to receive(:perform_async)
key.save!
# Check after the fact so we have access to Key#id
expect(AuthorizedKeysWorker).to have_received(:perform_async).with(:add_key, key.shell_id, key.key)
end
it 'removes key from authorized_file' do
key.save!
expect(AuthorizedKeysWorker).to receive(:perform_async).with(:remove_key, key.shell_id)
2021-09-04 01:27:46 +05:30
key.destroy!
2020-04-08 14:13:33 +05:30
end
2014-09-02 18:07:02 +05:30
end
2020-04-08 14:13:33 +05:30
context 'authorized_keys file is disabled' do
before do
stub_application_setting(authorized_keys_enabled: false)
end
it 'does not add the key on creation' do
expect(AuthorizedKeysWorker).not_to receive(:perform_async)
key.save!
end
it 'does not remove the key on destruction' do
key.save!
expect(AuthorizedKeysWorker).not_to receive(:perform_async)
2021-09-04 01:27:46 +05:30
key.destroy!
2020-04-08 14:13:33 +05:30
end
2017-08-17 22:00:37 +05:30
end
end
describe '#key=' do
let(:valid_key) do
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0= dummy@gitlab.com"
end
it 'strips white spaces' do
expect(described_class.new(key: " #{valid_key} ").key).to eq(valid_key)
end
2018-03-17 18:26:18 +05:30
it 'invalidates the public_key attribute' do
key = build(:key)
original = key.public_key
key.key = valid_key
expect(original.key_text).not_to be_nil
expect(key.public_key.key_text).to eq(valid_key)
end
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
describe '#refresh_user_cache', :use_clean_rails_memory_store_caching do
context 'when the key belongs to a user' do
it 'refreshes the keys count cache for the user' do
expect_any_instance_of(Users::KeysCountService)
.to receive(:refresh_cache)
.and_call_original
key = create(:personal_key)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
expect(Users::KeysCountService.new(key.user).count).to eq(1)
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
end
context 'when the key does not belong to a user' do
it 'does nothing' do
expect_any_instance_of(Users::KeysCountService)
.not_to receive(:refresh_cache)
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
create(:key)
end
2014-09-02 18:07:02 +05:30
end
end
end