Validate that people don't reuse Gitolite Admin key

root · root · commit 5ca545a51afa · 2015-06-04T05:40:20.000+02:00
diff --git a/app/models/gitolite_public_key.rb b/app/models/gitolite_public_key.rb
@@ -28,6 +28,7 @@ class GitolitePublicKey < ActiveRecord::Base
 
   validate :has_not_been_changed
   validate :key_correctness
+  validate :key_not_admin
   validate :key_uniqueness
 
   ## Scopes
@@ -220,6 +221,11 @@ def key_correctness
     end
 
 
+    def key_not_admin
+      errors.add(:key, :taken_by_gitolite_admin) if fingerprint == RedmineGitHosting::Config.gitolite_ssh_public_key_fingerprint
+    end
+
+
     def key_uniqueness
       return if !new_record?
       existing = GitolitePublicKey.find_by_fingerprint(fingerprint)
diff --git a/lib/redmine_git_hosting/config/gitolite_base.rb b/lib/redmine_git_hosting/config/gitolite_base.rb
@@ -56,6 +56,11 @@ def gitolite_ssh_public_key
       end
 
 
+      def gitolite_ssh_public_key_fingerprint
+        @gitolite_ssh_fingerprint ||= RedmineGitHosting::Utils.ssh_fingerprint(File.read(gitolite_ssh_public_key))
+      end
+
+
       def gitolite_config_file
         File.basename(RedmineGitHosting::Config.get_setting(:gitolite_config_file))
       end
