diff options
Diffstat (limited to 'app/validators/key_restriction_validator.rb')
-rw-r--r-- | app/validators/key_restriction_validator.rb | 15 |
1 files changed, 12 insertions, 3 deletions
diff --git a/app/validators/key_restriction_validator.rb b/app/validators/key_restriction_validator.rb index 9809047ae83..0094d6156a3 100644 --- a/app/validators/key_restriction_validator.rb +++ b/app/validators/key_restriction_validator.rb @@ -2,25 +2,34 @@ class KeyRestrictionValidator < ActiveModel::EachValidator FORBIDDEN = -1 + ALLOWED = 0 def self.supported_sizes(type) Gitlab::SSHPublicKey.supported_sizes(type) end def self.supported_key_restrictions(type) - [0, *supported_sizes(type), FORBIDDEN] + if Gitlab::FIPS.enabled? + [*supported_sizes(type), FORBIDDEN] + else + [ALLOWED, *supported_sizes(type), FORBIDDEN] + end end def validate_each(record, attribute, value) unless valid_restriction?(value) - record.errors.add(attribute, "must be forbidden, allowed, or one of these sizes: #{supported_sizes_message}") + record.errors.add(attribute, "must be #{supported_sizes_message}") end end private def supported_sizes_message - sizes = self.class.supported_sizes(options[:type]) + sizes = [] + + sizes << "forbidden" if valid_restriction?(FORBIDDEN) + sizes << "allowed" if valid_restriction?(ALLOWED) + sizes += self.class.supported_sizes(options[:type]) Gitlab::Utils.to_exclusive_sentence(sizes) end |