debian-mirror-gitlab/app/finders/keys_finder.rb

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

84 lines
1.6 KiB
Ruby
Raw Normal View History

2020-01-01 13:55:28 +05:30
# frozen_string_literal: true
class KeysFinder
2021-01-03 14:25:43 +05:30
delegate :find, :find_by_id, to: :execute
2020-01-01 13:55:28 +05:30
InvalidFingerprint = Class.new(StandardError)
GitLabAccessDeniedError = Class.new(StandardError)
FINGERPRINT_ATTRIBUTES = {
'sha256' => 'fingerprint_sha256',
'md5' => 'fingerprint'
}.freeze
2020-03-13 15:44:24 +05:30
def initialize(params)
2020-01-01 13:55:28 +05:30
@params = params
end
def execute
keys = by_key_type
2020-03-13 15:44:24 +05:30
keys = by_users(keys)
2020-01-01 13:55:28 +05:30
keys = sort(keys)
by_fingerprint(keys)
end
private
2020-03-13 15:44:24 +05:30
attr_reader :params
2020-01-01 13:55:28 +05:30
def by_key_type
if params[:key_type] == 'ssh'
Key.regular_keys
else
Key.all
end
end
def sort(keys)
keys.order_last_used_at_desc
end
2020-03-13 15:44:24 +05:30
def by_users(keys)
return keys unless params[:users]
2020-01-01 13:55:28 +05:30
2020-03-13 15:44:24 +05:30
keys.for_user(params[:users])
2020-01-01 13:55:28 +05:30
end
def by_fingerprint(keys)
return keys unless params[:fingerprint].present?
raise InvalidFingerprint unless valid_fingerprint_param?
2020-04-22 19:07:51 +05:30
keys.find_by(fingerprint_query) # rubocop: disable CodeReuse/ActiveRecord
2020-01-01 13:55:28 +05:30
end
def valid_fingerprint_param?
2022-06-21 17:19:12 +05:30
return Base64.decode64(fingerprint).length == 32 if fingerprint_type == "sha256"
return false if Gitlab::FIPS.enabled?
fingerprint =~ /^(\h{2}:){15}\h{2}/
2020-01-01 13:55:28 +05:30
end
def fingerprint_query
fingerprint_attribute = FINGERPRINT_ATTRIBUTES[fingerprint_type]
Key.arel_table[fingerprint_attribute].eq(fingerprint)
end
def fingerprint_type
if params[:fingerprint].start_with?(/sha256:|SHA256:/)
"sha256"
else
"md5"
end
end
def fingerprint
if fingerprint_type == "sha256"
params[:fingerprint].gsub(/sha256:|SHA256:/, "")
else
params[:fingerprint]
end
end
end