diff options
Diffstat (limited to 'app/validators/ssh_key_validator.rb')
| -rw-r--r-- | app/validators/ssh_key_validator.rb | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/app/validators/ssh_key_validator.rb b/app/validators/ssh_key_validator.rb new file mode 100644 index 00000000000..74e86fc6644 --- /dev/null +++ b/app/validators/ssh_key_validator.rb @@ -0,0 +1,31 @@ +# frozen_string_literal: true + +# SshKeyValidator +# +# Custom validator for SSH keys. +# +# class Project < ActiveRecord::Base +# validates :key, ssh_key: true +# end +# +class SshKeyValidator < ActiveModel::EachValidator # rubocop:disable Gitlab/NamespacedClass -- Allow setting ssh_key by convention + def validate_each(record, attribute, value) + public_key = Gitlab::SSHPublicKey.new(value) + + restriction = Gitlab::CurrentSettings.key_restriction_for(public_key.type) + + if restriction == ApplicationSetting::FORBIDDEN_KEY_VALUE + record.errors.add(attribute, forbidden_key_type_message) + elsif public_key.bits < restriction + record.errors.add(attribute, "must be at least #{restriction} bits") + end + end + + private + + def forbidden_key_type_message + allowed_types = Gitlab::CurrentSettings.allowed_key_types.map(&:upcase) + + "type is forbidden. Must be #{Gitlab::Sentence.to_exclusive_sentence(allowed_types)}" + end +end |