app/services/groups/ssh_certificates/create_service.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51

# frozen_string_literal: true

module Groups
  module SshCertificates
    class CreateService
      def initialize(group, params)
        @group = group
        @params = params
      end

      def execute
        key = params[:key]
        fingerprint = generate_fingerprint(key)

        return ServiceResponse.error(message: 'Group', reason: :forbidden) if group.has_parent?

        # return a key error instead of fingerprint error, as the user has no knowledge of fingerprint.
        unless fingerprint
          return ServiceResponse.error(message: 'Validation failed: Invalid key',
            reason: :unprocessable_entity)
        end

        result = group.ssh_certificates.create!(
          key: key,
          title: params[:title],
          fingerprint: fingerprint
        )

        # title and key attributes are returned as [FILTERED]
        # by config/application.rb#L181-233
        # make attributes unfiltered by running find
        ssh_certificate = group.ssh_certificates.find(result.id)
        ServiceResponse.success(payload: ssh_certificate)

      rescue ActiveRecord::RecordInvalid, ArgumentError => e
        ServiceResponse.error(
          message: e.message,
          reason: :unprocessable_entity
        )
      end

      private

      attr_reader :group, :params

      def generate_fingerprint(key)
        Gitlab::SSHPublicKey.new(key).fingerprint_sha256&.delete_prefix('SHA256:')
      end
    end
  end
end