Add latest changes from gitlab-org/gitlab@15-1-stable-eev15.1.0-rc42

author: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-20 14:10:13 +0300
committer: GitLab Bot <gitlab-bot@gitlab.com> 2022-06-20 14:10:13 +0300
commit: 0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch)
tree: 7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /app/models/key.rb
parent: 72123183a20411a36d607d70b12d57c484394c8e (diff)
1 files changed, 22 insertions, 2 deletions
diff --git a/app/models/key.rb b/app/models/key.rb
index e093f9faad3..5268ce2e040 100644
--- a/app/models/key.rb
+++ b/app/models/key.rb
@@ -1,7 +1,5 @@
 # frozen_string_literal: true
 
-require 'digest/md5'
-
 class Key < ApplicationRecord
   include AfterCommitQueue
   include Sortable
@@ -30,6 +28,7 @@ class Key < ApplicationRecord
 
   validate :key_meets_restrictions
   validate :expiration, on: :create
+  validate :banned_key, if: :should_check_for_banned_key?
 
   delegate :name, :email, to: :user, prefix: true
 
@@ -144,6 +143,27 @@ class Key < ApplicationRecord
     end
   end
 
+  def should_check_for_banned_key?
+    return false unless user
+
+    key_changed? && Feature.enabled?(:ssh_banned_key, user)
+  end
+
+  def banned_key
+    return unless public_key.banned?
+
+    help_page_url = Rails.application.routes.url_helpers.help_page_url(
+      'security/ssh_keys_restrictions',
+      anchor: 'block-banned-or-compromised-keys'
+    )
+
+    errors.add(
+      :key,
+      _('cannot be used because it belongs to a compromised private key. Stop using this key and generate a new one.'),
+      help_page_url: help_page_url
+    )
+  end
+
   def forbidden_key_type_message
     allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase)
author	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-20 14:10:13 +0300
committer	GitLab Bot <gitlab-bot@gitlab.com>	2022-06-20 14:10:13 +0300
commit	0ea3fcec397b69815975647f5e2aa5fe944a8486 (patch)
tree	7979381b89d26011bcf9bdc989a40fcc2f1ed4ff /app/models/key.rb
parent	72123183a20411a36d607d70b12d57c484394c8e (diff)