From a483b7faa13ecc78d1a572eabc54f668af35a1c6 Mon Sep 17 00:00:00 2001 From: Patrick Bajao Date: Wed, 20 Mar 2019 08:07:22 +0800 Subject: [PATCH 1/3] Handle cases when authorized_keys doesn't exist Modify Gitlab::AuthorizedKeys#rm_key and #list_key_ids to handle cases when an `Errno::ENOENT` is raised. Also added test cases in spec to ensure each method will still work when authorized_keys doesn't exist. --- lib/gitlab/authorized_keys.rb | 4 + spec/lib/gitlab/authorized_keys_spec.rb | 152 +++++++++++++++++------- 2 files changed, 110 insertions(+), 46 deletions(-) diff --git a/lib/gitlab/authorized_keys.rb b/lib/gitlab/authorized_keys.rb index 609d2bd9c773c0..3fe72f5fd43f1c 100644 --- a/lib/gitlab/authorized_keys.rb +++ b/lib/gitlab/authorized_keys.rb @@ -68,6 +68,8 @@ def rm_key(id) end true + rescue Errno::ENOENT + false end # Clear the authorized_keys file @@ -96,6 +98,8 @@ def list_key_ids end end end + rescue Errno::ENOENT + [] end private diff --git a/spec/lib/gitlab/authorized_keys_spec.rb b/spec/lib/gitlab/authorized_keys_spec.rb index b0fbe959ff88ff..ffe78967c2a1aa 100644 --- a/spec/lib/gitlab/authorized_keys_spec.rb +++ b/spec/lib/gitlab/authorized_keys_spec.rb @@ -7,15 +7,31 @@ subject { described_class.new(logger) } + after do + delete_authorized_keys_file + end + describe '#add_key' do - it "adds a line at the end of the file and strips trailing garbage" do - create_authorized_keys_fixture - auth_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E" - - expect(logger).to receive(:info).with('Adding key (key-741): ssh-rsa AAAAB3NzaDAxx2E') - expect(subject.add_key('key-741', 'ssh-rsa AAAAB3NzaDAxx2E trailing garbage')) - .to be_truthy - expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{auth_line}\n") + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture + end + + it "adds a line at the end of the file and strips trailing garbage" do + auth_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E" + + expect(logger).to receive(:info).with('Adding key (key-741): ssh-rsa AAAAB3NzaDAxx2E') + expect(subject.add_key('key-741', 'ssh-rsa AAAAB3NzaDAxx2E trailing garbage')) + .to be_truthy + expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{auth_line}\n") + end + end + + context 'authorized_keys file does not exist' do + it 'creates the file' do + expect(subject.add_key('key-741', 'ssh-rsa AAAAB3NzaDAxx2E')).to be_truthy + expect(File.exist?(tmp_authorized_keys_path)).to be_truthy + end end end @@ -27,63 +43,103 @@ ] end - before do - create_authorized_keys_fixture - end + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture + end - it "adds lines at the end of the file" do - auth_line1 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-12\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dsa ASDFASGADG" - auth_line2 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-123\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa GFDGDFSGSDFG" + it "adds lines at the end of the file" do + auth_line1 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-12\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dsa ASDFASGADG" + auth_line2 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-123\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa GFDGDFSGSDFG" - expect(logger).to receive(:info).with('Adding key (key-12): ssh-dsa ASDFASGADG') - expect(logger).to receive(:info).with('Adding key (key-123): ssh-rsa GFDGDFSGSDFG') - expect(subject.batch_add_keys(keys)).to be_truthy - expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{auth_line1}\n#{auth_line2}\n") - end + expect(logger).to receive(:info).with('Adding key (key-12): ssh-dsa ASDFASGADG') + expect(logger).to receive(:info).with('Adding key (key-123): ssh-rsa GFDGDFSGSDFG') + expect(subject.batch_add_keys(keys)).to be_truthy + expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{auth_line1}\n#{auth_line2}\n") + end - context "invalid key" do - let(:keys) { [double(shell_id: 'key-123', key: "ssh-rsa A\tSDFA\nSGADG")] } + context "invalid key" do + let(:keys) { [double(shell_id: 'key-123', key: "ssh-rsa A\tSDFA\nSGADG")] } - it "doesn't add keys" do - expect(subject.batch_add_keys(keys)).to be_falsey - expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n") + it "doesn't add keys" do + expect(subject.batch_add_keys(keys)).to be_falsey + expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n") + end + end + end + + context 'authorized_keys file does not exist' do + it 'creates the file' do + expect(subject.batch_add_keys(keys)).to be_truthy + expect(File.exist?(tmp_authorized_keys_path)).to be_truthy end end end describe '#rm_key' do - it "removes the right line" do - create_authorized_keys_fixture - other_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E" - delete_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E" - erased_line = delete_line.gsub(/./, '#') - File.open(tmp_authorized_keys_path, 'a') do |auth_file| - auth_file.puts delete_line - auth_file.puts other_line - end - - expect(logger).to receive(:info).with('Removing key (key-741)') - expect(subject.rm_key('key-741')).to be_truthy - expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{erased_line}\n#{other_line}\n") + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture + end + + it "removes the right line" do + other_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E" + delete_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E" + erased_line = delete_line.gsub(/./, '#') + File.open(tmp_authorized_keys_path, 'a') do |auth_file| + auth_file.puts delete_line + auth_file.puts other_line + end + + expect(logger).to receive(:info).with('Removing key (key-741)') + expect(subject.rm_key('key-741')).to be_truthy + expect(File.read(tmp_authorized_keys_path)).to eq("existing content\n#{erased_line}\n#{other_line}\n") + end + end + + context 'authorized_keys file does not exist' do + it 'returns false' do + expect(subject.rm_key('key-741')).to be_falsey + end end end describe '#clear' do - it "should return true" do - expect(subject.clear).to be_truthy + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture + end + + it "returns true" do + expect(subject.clear).to be_truthy + end + end + + context 'authorized_keys file does not exist' do + it "still returns true" do + expect(subject.clear).to be_truthy + end end end describe '#list_key_ids' do - before do - create_authorized_keys_fixture( - existing_content: - "key-1\tssh-dsa AAA\nkey-2\tssh-rsa BBB\nkey-3\tssh-rsa CCC\nkey-9000\tssh-rsa DDD\n" - ) + context 'authorized_keys file exists' do + before do + create_authorized_keys_fixture( + existing_content: + "key-1\tssh-dsa AAA\nkey-2\tssh-rsa BBB\nkey-3\tssh-rsa CCC\nkey-9000\tssh-rsa DDD\n" + ) + end + + it 'returns array of key IDs' do + expect(subject.list_key_ids).to eq([1, 2, 3, 9000]) + end end - it 'returns array of key IDs' do - expect(subject.list_key_ids).to eq([1, 2, 3, 9000]) + context 'authorized_keys file does not exist' do + it 'returns an empty array' do + expect(subject.list_key_ids).to be_empty + end end end @@ -92,6 +148,10 @@ def create_authorized_keys_fixture(existing_content: 'existing content') File.open(tmp_authorized_keys_path, 'w') { |file| file.puts(existing_content) } end + def delete_authorized_keys_file + File.delete(tmp_authorized_keys_path) if File.exist?(tmp_authorized_keys_path) + end + def tmp_authorized_keys_path Gitlab.config.gitlab_shell.authorized_keys_file end -- GitLab From 5ee0338e75c62270943954d55f2ec77c2e5cf88f Mon Sep 17 00:00:00 2001 From: Patrick Bajao Date: Wed, 20 Mar 2019 08:49:27 +0800 Subject: [PATCH 2/3] Remove unneeded line in spec --- ee/spec/migrations/update_authorized_keys_file_spec.rb | 2 -- 1 file changed, 2 deletions(-) diff --git a/ee/spec/migrations/update_authorized_keys_file_spec.rb b/ee/spec/migrations/update_authorized_keys_file_spec.rb index dad0cef2fa2c84..74e2b41822d9ce 100644 --- a/ee/spec/migrations/update_authorized_keys_file_spec.rb +++ b/ee/spec/migrations/update_authorized_keys_file_spec.rb @@ -16,8 +16,6 @@ end it 'sets authorized_keys_enabled to true' do - FileUtils.touch(authorized_keys_file) - migration.up expect(described_class::ApplicationSetting.last.authorized_keys_enabled).to be_truthy -- GitLab From 2ee1fc228961e2127358422ebef546cd7cb3c492 Mon Sep 17 00:00:00 2001 From: Patrick Bajao Date: Thu, 21 Mar 2019 12:42:28 +0800 Subject: [PATCH 3/3] Update Gitlab::AuthorizedKeys specs to be clearer --- spec/lib/gitlab/authorized_keys_spec.rb | 44 ++++++++++++++++++++++--- 1 file changed, 40 insertions(+), 4 deletions(-) diff --git a/spec/lib/gitlab/authorized_keys_spec.rb b/spec/lib/gitlab/authorized_keys_spec.rb index ffe78967c2a1aa..42bc509eeef29f 100644 --- a/spec/lib/gitlab/authorized_keys_spec.rb +++ b/spec/lib/gitlab/authorized_keys_spec.rb @@ -7,16 +7,16 @@ subject { described_class.new(logger) } - after do - delete_authorized_keys_file - end - describe '#add_key' do context 'authorized_keys file exists' do before do create_authorized_keys_fixture end + after do + delete_authorized_keys_file + end + it "adds a line at the end of the file and strips trailing garbage" do auth_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa AAAAB3NzaDAxx2E" @@ -28,6 +28,10 @@ end context 'authorized_keys file does not exist' do + before do + delete_authorized_keys_file + end + it 'creates the file' do expect(subject.add_key('key-741', 'ssh-rsa AAAAB3NzaDAxx2E')).to be_truthy expect(File.exist?(tmp_authorized_keys_path)).to be_truthy @@ -48,6 +52,10 @@ create_authorized_keys_fixture end + after do + delete_authorized_keys_file + end + it "adds lines at the end of the file" do auth_line1 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-12\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-dsa ASDFASGADG" auth_line2 = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-123\",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty ssh-rsa GFDGDFSGSDFG" @@ -69,6 +77,10 @@ end context 'authorized_keys file does not exist' do + before do + delete_authorized_keys_file + end + it 'creates the file' do expect(subject.batch_add_keys(keys)).to be_truthy expect(File.exist?(tmp_authorized_keys_path)).to be_truthy @@ -82,6 +94,10 @@ create_authorized_keys_fixture end + after do + delete_authorized_keys_file + end + it "removes the right line" do other_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-742\",options ssh-rsa AAAAB3NzaDAxx2E" delete_line = "command=\"#{Gitlab.config.gitlab_shell.path}/bin/gitlab-shell key-741\",options ssh-rsa AAAAB3NzaDAxx2E" @@ -98,6 +114,10 @@ end context 'authorized_keys file does not exist' do + before do + delete_authorized_keys_file + end + it 'returns false' do expect(subject.rm_key('key-741')).to be_falsey end @@ -110,12 +130,20 @@ create_authorized_keys_fixture end + after do + delete_authorized_keys_file + end + it "returns true" do expect(subject.clear).to be_truthy end end context 'authorized_keys file does not exist' do + before do + delete_authorized_keys_file + end + it "still returns true" do expect(subject.clear).to be_truthy end @@ -131,12 +159,20 @@ ) end + after do + delete_authorized_keys_file + end + it 'returns array of key IDs' do expect(subject.list_key_ids).to eq([1, 2, 3, 9000]) end end context 'authorized_keys file does not exist' do + before do + delete_authorized_keys_file + end + it 'returns an empty array' do expect(subject.list_key_ids).to be_empty end -- GitLab