BigW Consortium Gitlab

key_spec.rb 5.65 KB
Newer Older
gitlabhq committed
1 2
require 'spec_helper'

3
describe Key, :mailer do
4 5 6 7 8 9 10
  include Gitlab::CurrentSettings

  describe 'modules' do
    subject { described_class }
    it { is_expected.to include_module(Gitlab::CurrentSettings) }
  end

gitlabhq committed
11
  describe "Associations" do
12
    it { is_expected.to belong_to(:user) }
gitlabhq committed
13 14 15
  end

  describe "Validation" do
16
    it { is_expected.to validate_presence_of(:title) }
17 18
    it { is_expected.to validate_length_of(:title).is_at_most(255) }

19
    it { is_expected.to validate_presence_of(:key) }
20
    it { is_expected.to validate_length_of(:key).is_at_most(5000) }
21 22 23 24
    it { is_expected.to allow_value(attributes_for(:rsa_key_2048)[:key]).for(:key) }
    it { is_expected.to allow_value(attributes_for(:dsa_key_2048)[:key]).for(:key) }
    it { is_expected.to allow_value(attributes_for(:ecdsa_key_256)[:key]).for(:key) }
    it { is_expected.to allow_value(attributes_for(:ed25519_key_256)[:key]).for(:key) }
25
    it { is_expected.not_to allow_value('foo-bar').for(:key) }
gitlabhq committed
26 27
  end

Nihad Abbasov committed
28
  describe "Methods" do
29
    let(:user) { create(:user) }
30
    it { is_expected.to respond_to :projects }
31 32 33
    it { is_expected.to respond_to :publishable_key }

    describe "#publishable_keys" do
34
      it 'replaces SSH key comment with simple identifier of username + hostname' do
35
        expect(build(:key, user: user).publishable_key).to include("#{user.name} (#{Gitlab.config.gitlab.host})")
36 37
      end
    end
38 39

    describe "#update_last_used_at" do
40 41 42
      it 'updates the last used timestamp' do
        key = build(:key)
        service = double(:service)
43

44 45 46
        expect(Keys::LastUsedService).to receive(:new)
          .with(key)
          .and_return(service)
47

48
        expect(service).to receive(:execute)
49

50
        key.update_last_used_at
51 52
      end
    end
gitlabhq committed
53 54
  end

55
  context "validation of uniqueness (based on fingerprint uniqueness)" do
56
    let(:user) { create(:user) }
57

58
    it "accepts the key once" do
59
      expect(build(:key, user: user)).to be_valid
60 61
    end

62
    it "does not accept the exact same key twice" do
63 64 65
      first_key = create(:key, user: user)

      expect(build(:key, user: user, key: first_key.key)).not_to be_valid
66
    end
67 68

    it "does not accept a duplicate key with a different comment" do
69 70
      first_key = create(:key, user: user)
      duplicate = build(:key, user: user, key: first_key.key)
71
      duplicate.key << ' extra comment'
72

73
      expect(duplicate).not_to be_valid
74
    end
75
  end
76 77 78

  context "validate it is a fingerprintable key" do
    it "accepts the fingerprintable key" do
79
      expect(build(:key)).to be_valid
80 81
    end

82 83 84 85 86
    it 'accepts a key with newline charecters after stripping them' do
      key = build(:key)
      key.key = key.key.insert(100, "\n")
      key.key = key.key.insert(40, "\r\n")
      expect(key).to be_valid
87
    end
88

89 90
    it 'rejects the unfingerprintable key (not a key)' do
      expect(build(:key, key: 'ssh-rsa an-invalid-key==')).not_to be_valid
91
    end
92
  end
93

94
  context 'validate it meets key restrictions' do
95
    where(:factory, :minimum, :result) do
96 97
      forbidden = ApplicationSetting::FORBIDDEN_KEY_VALUE

98
      [
99 100 101 102 103
        [:rsa_key_2048,    0, true],
        [:dsa_key_2048,    0, true],
        [:ecdsa_key_256,   0, true],
        [:ed25519_key_256, 0, true],

104 105 106
        [:rsa_key_2048, 1024, true],
        [:rsa_key_2048, 2048, true],
        [:rsa_key_2048, 4096, false],
107

108 109 110
        [:dsa_key_2048, 1024, true],
        [:dsa_key_2048, 2048, true],
        [:dsa_key_2048, 4096, false],
111

112 113
        [:ecdsa_key_256, 256, true],
        [:ecdsa_key_256, 384, false],
114

115
        [:ed25519_key_256, 256, true],
116 117 118 119 120 121
        [:ed25519_key_256, 384, false],

        [:rsa_key_2048,    forbidden, false],
        [:dsa_key_2048,    forbidden, false],
        [:ecdsa_key_256,   forbidden, false],
        [:ed25519_key_256, forbidden, false]
122 123 124 125 126 127 128
      ]
    end

    with_them do
      subject(:key) { build(factory) }

      before do
129
        stub_application_setting("#{key.public_key.type}_key_restriction" => minimum)
130 131 132 133 134 135
      end

      it { expect(key.valid?).to eq(result) }
    end
  end

136
  context 'callbacks' do
137
    it 'adds new key to authorized_file' do
138 139 140
      key = build(:personal_key, id: 7)
      expect(GitlabShellWorker).to receive(:perform_async).with(:add_key, key.shell_id, key.key)
      key.save!
141 142
    end

143
    it 'removes key from authorized_file' do
144 145 146
      key = create(:personal_key)
      expect(GitlabShellWorker).to receive(:perform_async).with(:remove_key, key.shell_id, key.key)
      key.destroy
147 148
    end
  end
149 150 151 152 153 154 155 156 157

  describe '#key=' do
    let(:valid_key) do
      "ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0= dummy@gitlab.com"
    end

    it 'strips white spaces' do
      expect(described_class.new(key: " #{valid_key} ").key).to eq(valid_key)
    end
158 159 160 161 162 163 164 165 166 167

    it 'invalidates the public_key attribute' do
      key = build(:key)

      original = key.public_key
      key.key = valid_key

      expect(original.key_text).not_to be_nil
      expect(key.public_key.key_text).to eq(valid_key)
    end
168
  end
169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191

  describe '#refresh_user_cache', :use_clean_rails_memory_store_caching do
    context 'when the key belongs to a user' do
      it 'refreshes the keys count cache for the user' do
        expect_any_instance_of(Users::KeysCountService)
          .to receive(:refresh_cache)
          .and_call_original

        key = create(:personal_key)

        expect(Users::KeysCountService.new(key.user).count).to eq(1)
      end
    end

    context 'when the key does not belong to a user' do
      it 'does nothing' do
        expect_any_instance_of(Users::KeysCountService)
          .not_to receive(:refresh_cache)

        create(:key)
      end
    end
  end
gitlabhq committed
192
end