spec/features/profiles/keys_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Profile > SSH Keys', feature_category: :user_profile do
  let(:user) { create(:user) }

  before do
    sign_in(user)
  end

  describe 'User adds a key' do
    before do
      visit profile_keys_path
    end

    it 'auto-populates the title', :js do
      click_button('Add new key')
      fill_in('Key', with: attributes_for(:key).fetch(:key))

      expect(page).to have_field("Title", with: "dummy@gitlab.com")
    end

    it 'saves the new key' do
      attrs = attributes_for(:key)

      click_button('Add new key')
      fill_in('Key', with: attrs[:key])
      fill_in('Title', with: attrs[:title])
      click_button('Add key')

      expect(page).to have_content(format(s_('Profiles|SSH Key: %{title}'), title: attrs[:title]))
      expect(page).to have_content(attrs[:key])
      expect(find('[data-testid="breadcrumb-current-link"]')).to have_link(attrs[:title])
    end

    it 'shows a confirmable warning if the key begins with an algorithm name that is unsupported' do
      attrs = attributes_for(:key)

      click_button('Add new key')
      fill_in('Key', with: 'unsupported-ssh-rsa key')
      fill_in('Title', with: attrs[:title])
      click_button('Add key')

      expect(page).to have_selector('.js-add-ssh-key-validation-warning')

      find('.js-add-ssh-key-validation-confirm-submit').click

      expect(page).to have_content('Key is invalid')
    end

    context 'when only DSA and ECDSA keys are allowed' do
      before do
        forbidden = ApplicationSetting::FORBIDDEN_KEY_VALUE
        stub_application_setting(
          rsa_key_restriction: forbidden,
          ed25519_key_restriction: forbidden,
          ecdsa_sk_key_restriction: forbidden,
          ed25519_sk_key_restriction: forbidden
        )
      end

      it 'shows a validation error' do
        attrs = attributes_for(:key)

        click_button('Add new key')
        fill_in('Key', with: attrs[:key])
        fill_in('Title', with: attrs[:title])
        click_button('Add key')

        expect(page).to have_content('Key type is forbidden. Must be DSA or ECDSA')
      end
    end
  end

  it 'user sees their keys' do
    key = create(:key, user: user)
    visit profile_keys_path

    expect(page).to have_content(key.title)
  end

  def destroy_key(path, action, confirmation_button)
    visit path

    page.find("button[aria-label=\"#{action}\"]").click

    page.within('.modal') do
      page.click_button(confirmation_button)
    end

    expect(page).to have_content('Your SSH keys')
    page.within('.gl-new-card-count') do
      expect(page).to have_content('0')
    end
  end

  describe 'User removes a key', :js do
    let!(:key) { create(:key, user: user) }

    context 'via the key index' do
      it 'removes key' do
        destroy_key(profile_keys_path, 'Remove', 'Delete')
      end
    end

    context 'via its details page' do
      it 'removes key' do
        destroy_key(profile_keys_path(key), 'Remove', 'Delete')
      end
    end
  end

  describe 'User revokes a key', :js do
    context 'when a commit is signed using SSH key' do
      let!(:project) { create(:project, :repository) }
      let!(:key) { create(:key, user: user) }
      let!(:commit) { project.commit('ssh-signed-commit') }

      let!(:signature) do
        create(
          :ssh_signature,
          project: project,
          key: key,
          key_fingerprint_sha256: key.fingerprint_sha256,
          commit_sha: commit.sha
        )
      end

      before do
        project.add_developer(user)
      end

      it 'revoking the SSH key marks commits as unverified' do
        visit project_commit_path(project, commit)
        wait_for_all_requests

        find('a.signature-badge', text: 'Verified').click

        within('.popover') do
          expect(page).to have_content("Verified commit")
          expect(page).to have_content("SSH key fingerprint: #{key.fingerprint_sha256}")
        end

        destroy_key(profile_keys_path, 'Revoke', 'Revoke')

        visit project_commit_path(project, commit)
        wait_for_all_requests

        find('a.signature-badge', text: 'Unverified').click

        within('.popover') do
          expect(page).to have_content("Unverified signature")
          expect(page).to have_content('This commit was signed with a key that was revoked.')
          expect(page).to have_content("SSH key fingerprint: #{signature.key_fingerprint_sha256}")
        end
      end
    end
  end
end