Commit 4ccd767a authored by Zeger-Jan van de Weg's avatar Zeger-Jan van de Weg

Only publish ssh key-type and key

parent 58c76605
......@@ -29,6 +29,7 @@ v 7.14.0 (unreleased)
- Disabled autocapitalize and autocorrect on login field (Daryl Chan)
- Mention group and project name in creation, update and deletion notices (Achilleas Pipinellis)
- Remove redis-store TTL monkey patch
- Remove comments and email addresses when publicly exposing ssh keys (Zeger-Jan van de Weg)
v 7.13.2
- Fix randomly failed spec
......@@ -54,6 +55,8 @@ v 7.13.1
v 7.13.0
- Remove repository graph log to fix slow cache updates after push event (Stan Hu)
- Return comments in created order in merge request API (Stan Hu)
v 7.13.0 (unreleased)
- Only enable HSTS header for HTTPS and port 443 (Stan Hu)
- Fix user autocomplete for unauthenticated users accessing public projects (Stan Hu)
- Fix redirection to home page URL for unauthorized users (Daniel Gerhardt)
......
......@@ -39,6 +39,11 @@ def strip_white_space
self.key = key.strip unless key.blank?
end
def publishable_key
#Removes anything beyond the keytype and key itself
self.key.split[0..1].join(' ')
end
# projects that has this key
def projects
user.authorized_projects
......
......@@ -619,7 +619,7 @@ def short_website_url
end
def all_ssh_keys
keys.map(&:key)
keys.map(&:publishable_key)
end
def temp_oauth_email?
......
......@@ -48,6 +48,17 @@
expect(response.body).not_to eq("")
expect(response.body).to eq(user.all_ssh_keys.join("\n"))
# Unique part of key 1
expect(response.body).to match(/PWx6WM4lhHNedGfBpPJNPpZ/)
# Key 2
expect(response.body).to match(/AQDmTillFzNTrrGgwaCKaSj/)
end
it "should not render the comment of the key" do
get :get_keys, username: user.username
expect(response.body).not_to match(/dummy@gitlab.com/)
end
it "should respond with text/plain content type" do
......
......@@ -100,7 +100,7 @@
factory :key do
title
key do
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0="
"ssh-rsa AAAAB3NzaC1yc2EAAAABJQAAAIEAiPWx6WM4lhHNedGfBpPJNPpZ7yKu+dnn1SJejgt4596k6YjzGGphH2TUxwKzxcKDKKezwkpfnxPkSMkuEspGRt/aZZ9wa++Oi7Qkr8prgHc4soW6NUlfDzpvZK2H5E7eQaSeP3SAwGmQKUFHCddNaP0L+hM7zhFNzjFvpaMgJw0= dummy@gitlab.com"
end
factory :deploy_key, class: 'DeployKey' do
......
......@@ -32,6 +32,13 @@
describe "Methods" do
it { is_expected.to respond_to :projects }
it { is_expected.to respond_to :publishable_key }
describe "#publishable_keys" do
it 'strips all personal information' do
expect(build(:key).publishable_key).not_to match(/dummy@gitlab/)
end
end
end
context "validation of uniqueness" do
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment