2019-07-07 11:18:12 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2020-07-28 23:09:34 +05:30
|
|
|
RSpec.describe Gitlab::AuthorizedKeys do
|
2019-07-07 11:18:12 +05:30
|
|
|
let(:logger) { double('logger').as_null_object }
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
subject(:authorized_keys) { described_class.new(logger) }
|
|
|
|
|
|
|
|
describe '#accessible?' do
|
|
|
|
subject { authorized_keys.accessible? }
|
|
|
|
|
|
|
|
context 'authorized_keys file exists' do
|
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'can open file' do
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'cannot open file' do
|
|
|
|
before do
|
|
|
|
allow(File).to receive(:open).and_raise(Errno::EACCES)
|
|
|
|
end
|
|
|
|
|
|
|
|
it { is_expected.to be_falsey }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
|
|
|
it { is_expected.to be_falsey }
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#create' do
|
2022-04-04 11:22:00 +05:30
|
|
|
subject { authorized_keys.create } # rubocop:disable Rails/SaveBang
|
2019-12-04 20:38:33 +05:30
|
|
|
|
|
|
|
context 'authorized_keys file exists' do
|
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it { is_expected.to be_truthy }
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates authorized_keys file' do
|
|
|
|
expect(subject).to be_truthy
|
|
|
|
expect(File.exist?(tmp_authorized_keys_path)).to be_truthy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'cannot create file' do
|
|
|
|
before do
|
|
|
|
allow(File).to receive(:open).and_raise(Errno::EACCES)
|
|
|
|
end
|
|
|
|
|
|
|
|
it { is_expected.to be_falsey }
|
|
|
|
end
|
|
|
|
end
|
2019-07-07 11:18:12 +05:30
|
|
|
|
|
|
|
describe '#add_key' do
|
2019-12-04 20:38:33 +05:30
|
|
|
let(:id) { 'key-741' }
|
|
|
|
|
|
|
|
subject { authorized_keys.add_key(id, key) }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
context 'authorized_keys file exists' do
|
2019-12-04 20:38:33 +05:30
|
|
|
let(:key) { 'ssh-rsa AAAAB3NzaDAxx2E trailing garbage' }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it "adds a line at the end of the file and strips trailing garbage" do
|
|
|
|
auth_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E"
|
|
|
|
|
|
|
|
expect(logger).to receive(:info).with('Adding key (key-741): ssh-rsa AAAAB3NzaDAxx2E')
|
2019-12-04 20:38:33 +05:30
|
|
|
expect(subject).to be_truthy
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{auth_line}\n")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
2019-12-04 20:38:33 +05:30
|
|
|
let(:key) { 'ssh-rsa AAAAB3NzaDAxx2E' }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
before do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates the file' do
|
2019-12-04 20:38:33 +05:30
|
|
|
expect(subject).to be_truthy
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(File.exist?(tmp_authorized_keys_path)).to be_truthy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#batch_add_keys' do
|
|
|
|
let(:keys) do
|
|
|
|
[
|
|
|
|
double(shell_id: 'key-12', key: 'ssh-dsa ASDFASGADG trailing garbage'),
|
|
|
|
double(shell_id: 'key-123', key: 'ssh-rsa GFDGDFSGSDFG')
|
|
|
|
]
|
|
|
|
end
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
subject { authorized_keys.batch_add_keys(keys) }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
context 'authorized_keys file exists' do
|
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it "adds lines at the end of the file" do
|
|
|
|
auth_line1 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-12\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dsa ASDFASGADG"
|
|
|
|
auth_line2 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-123\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa GFDGDFSGSDFG"
|
|
|
|
|
|
|
|
expect(logger).to receive(:info).with('Adding key (key-12): ssh-dsa ASDFASGADG')
|
|
|
|
expect(logger).to receive(:info).with('Adding key (key-123): ssh-rsa GFDGDFSGSDFG')
|
2019-12-04 20:38:33 +05:30
|
|
|
expect(subject).to be_truthy
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{auth_line1}\n#{auth_line2}\n")
|
|
|
|
end
|
|
|
|
|
|
|
|
context "invalid key" do
|
|
|
|
let(:keys) { [double(shell_id: 'key-123', key: "ssh-rsa A\tSDFA\nSGADG")] }
|
|
|
|
|
|
|
|
it "doesn't add keys" do
|
2019-12-04 20:38:33 +05:30
|
|
|
expect(subject).to be_falsey
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
|
|
|
before do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'creates the file' do
|
2019-12-04 20:38:33 +05:30
|
|
|
expect(subject).to be_truthy
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(File.exist?(tmp_authorized_keys_path)).to be_truthy
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-04-08 14:13:33 +05:30
|
|
|
describe '#remove_key' do
|
2019-12-04 20:38:33 +05:30
|
|
|
let(:key) { 'key-741' }
|
|
|
|
|
2020-04-08 14:13:33 +05:30
|
|
|
subject { authorized_keys.remove_key(key) }
|
2019-12-04 20:38:33 +05:30
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
context 'authorized_keys file exists' do
|
2019-12-04 20:38:33 +05:30
|
|
|
let(:other_line) { "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E" }
|
|
|
|
let(:delete_line) { "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E" }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture
|
2019-12-04 20:38:33 +05:30
|
|
|
|
|
|
|
File.open(tmp_authorized_keys_path, 'a') do |auth_file|
|
|
|
|
auth_file.puts delete_line
|
|
|
|
auth_file.puts other_line
|
|
|
|
end
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
|
|
|
it "removes the right line" do
|
|
|
|
erased_line = delete_line.gsub(/./, '#')
|
|
|
|
|
|
|
|
expect(logger).to receive(:info).with('Removing key (key-741)')
|
2019-12-04 20:38:33 +05:30
|
|
|
expect(subject).to be_truthy
|
2019-07-07 11:18:12 +05:30
|
|
|
expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{erased_line}\n#{other_line}\n")
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
|
|
|
before do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
it { is_expected.to be_falsey }
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#clear' do
|
2019-12-04 20:38:33 +05:30
|
|
|
subject { authorized_keys.clear }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
context 'authorized_keys file exists' do
|
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
it { is_expected.to be_truthy }
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
|
|
|
before do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
it { is_expected.to be_truthy }
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
describe '#list_key_ids' do
|
2019-12-04 20:38:33 +05:30
|
|
|
subject { authorized_keys.list_key_ids }
|
|
|
|
|
2019-07-07 11:18:12 +05:30
|
|
|
context 'authorized_keys file exists' do
|
|
|
|
before do
|
|
|
|
create_authorized_keys_fixture(
|
|
|
|
existing_content:
|
|
|
|
"key-1\tssh-dsa AAA\nkey-2\tssh-rsa BBB\nkey-3\tssh-rsa CCC\nkey-9000\tssh-rsa DDD\n"
|
|
|
|
)
|
|
|
|
end
|
|
|
|
|
|
|
|
after do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
it { is_expected.to eq([1, 2, 3, 9000]) }
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'authorized_keys file does not exist' do
|
|
|
|
before do
|
|
|
|
delete_authorized_keys_file
|
|
|
|
end
|
|
|
|
|
2019-12-04 20:38:33 +05:30
|
|
|
it { is_expected.to be_empty }
|
2019-07-07 11:18:12 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def create_authorized_keys_fixture(existing_content: 'existing content')
|
|
|
|
FileUtils.mkdir_p(File.dirname(tmp_authorized_keys_path))
|
|
|
|
File.open(tmp_authorized_keys_path, 'w') { |file| file.puts(existing_content) }
|
|
|
|
end
|
|
|
|
|
|
|
|
def delete_authorized_keys_file
|
|
|
|
File.delete(tmp_authorized_keys_path) if File.exist?(tmp_authorized_keys_path)
|
|
|
|
end
|
|
|
|
|
|
|
|
def tmp_authorized_keys_path
|
|
|
|
Gitlab.config.gitlab_shell.authorized_keys_file
|
|
|
|
end
|
|
|
|
end
|