2020-01-01 13:55:28 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
class KeysFinder
|
2021-01-03 14:25:43 +05:30
|
|
|
delegate :find, :find_by_id, to: :execute
|
|
|
|
|
2020-01-01 13:55:28 +05:30
|
|
|
InvalidFingerprint = Class.new(StandardError)
|
|
|
|
GitLabAccessDeniedError = Class.new(StandardError)
|
|
|
|
|
|
|
|
FINGERPRINT_ATTRIBUTES = {
|
|
|
|
'sha256' => 'fingerprint_sha256',
|
|
|
|
'md5' => 'fingerprint'
|
|
|
|
}.freeze
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def initialize(params)
|
2020-01-01 13:55:28 +05:30
|
|
|
@params = params
|
|
|
|
end
|
|
|
|
|
|
|
|
def execute
|
|
|
|
keys = by_key_type
|
2020-03-13 15:44:24 +05:30
|
|
|
keys = by_users(keys)
|
2020-01-01 13:55:28 +05:30
|
|
|
keys = sort(keys)
|
|
|
|
|
|
|
|
by_fingerprint(keys)
|
|
|
|
end
|
|
|
|
|
|
|
|
private
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
attr_reader :params
|
2020-01-01 13:55:28 +05:30
|
|
|
|
|
|
|
def by_key_type
|
|
|
|
if params[:key_type] == 'ssh'
|
|
|
|
Key.regular_keys
|
|
|
|
else
|
|
|
|
Key.all
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def sort(keys)
|
|
|
|
keys.order_last_used_at_desc
|
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
def by_users(keys)
|
|
|
|
return keys unless params[:users]
|
2020-01-01 13:55:28 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
keys.for_user(params[:users])
|
2020-01-01 13:55:28 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def by_fingerprint(keys)
|
|
|
|
return keys unless params[:fingerprint].present?
|
|
|
|
raise InvalidFingerprint unless valid_fingerprint_param?
|
|
|
|
|
2020-04-22 19:07:51 +05:30
|
|
|
keys.find_by(fingerprint_query) # rubocop: disable CodeReuse/ActiveRecord
|
2020-01-01 13:55:28 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def valid_fingerprint_param?
|
2022-06-21 17:19:12 +05:30
|
|
|
return Base64.decode64(fingerprint).length == 32 if fingerprint_type == "sha256"
|
|
|
|
|
|
|
|
return false if Gitlab::FIPS.enabled?
|
|
|
|
|
|
|
|
fingerprint =~ /^(\h{2}:){15}\h{2}/
|
2020-01-01 13:55:28 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
def fingerprint_query
|
|
|
|
fingerprint_attribute = FINGERPRINT_ATTRIBUTES[fingerprint_type]
|
|
|
|
|
|
|
|
Key.arel_table[fingerprint_attribute].eq(fingerprint)
|
|
|
|
end
|
|
|
|
|
|
|
|
def fingerprint_type
|
|
|
|
if params[:fingerprint].start_with?(/sha256:|SHA256:/)
|
|
|
|
"sha256"
|
|
|
|
else
|
|
|
|
"md5"
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def fingerprint
|
|
|
|
if fingerprint_type == "sha256"
|
|
|
|
params[:fingerprint].gsub(/sha256:|SHA256:/, "")
|
|
|
|
else
|
|
|
|
params[:fingerprint]
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|