Validate global uniqueness of public keys.

Author: kubitron

Diff for: app/helpers/gitolite_public_keys_helper.rb

@@ -21,4 +21,16 @@ def keylabel_text(key)
 	    "#{key.user.login}@#{key.title}"
 	end
     end
+
+    def wrap_and_join(in_array,my_or="or")
+	my_array = in_array.map{|x| "\"#{x}\""}
+	length = my_array.length
+	return my_array if length < 2
+	my_array[length-1] = my_or+" "+my_array[length-1]
+	if length == 2
+	    my_array.join(' ')
+	else
+	    my_array.join(', ')
+	end
+    end
 end

Diff for: app/models/gitolite_public_key.rb

@@ -1,3 +1,6 @@
+require 'base64'
+include GitolitePublicKeysHelper
+
 class GitolitePublicKey < ActiveRecord::Base
     STATUS_ACTIVE = 1
     STATUS_LOCKED = 0
@@ -7,6 +10,10 @@ class GitolitePublicKey < ActiveRecord::Base
 
     DEPLOY_PSEUDO_USER = "_deploy_key_"
 
+    # These two constants are related -- don't change one without the other
+    KEY_FORMATS = ['ssh-rsa', 'ssh-dss']
+    KEY_NUM_COMPONENTS = [3,5]
+
     belongs_to :user
     validates_uniqueness_of :title, :scope => :user_id
     validates_uniqueness_of :identifier, :scope => :user_id
@@ -23,18 +30,12 @@ def validate_associated_records_for_deployment_credentials() end
 
     validate :has_not_been_changed
     validates_inclusion_of :key_type, :in => [KEY_TYPE_USER, KEY_TYPE_DEPLOY]
+    validate :key_format_and_uniqueness
 
     before_validation :set_identifier
+    before_validation :strip_whitespace
     before_validation :remove_control_characters
 
-    def has_not_been_changed
-	unless new_record?
-	    %w(identifier key user_id key_type).each do |attribute|
-		errors.add(attribute, 'may not be changed') unless changes[attribute].blank?
-	    end
-	end
-    end
-
     def set_identifier
 	self.identifier ||=
 	    begin
@@ -81,11 +82,6 @@ def reset_identifier
 	self.identifier
     end
 
-    # Remove control characters from key
-    def remove_control_characters
-	self.key=key.gsub(/[\a\r\n\t]/,'')
-    end
-
     def to_s ; title ; end
 
     @@myregular = /^redmine_(.*)_\d*_\d*(.pub)?$/
@@ -97,4 +93,113 @@ def self.ident_to_user_token(identifier)
     def self.user_to_user_token(user)
 	user.login.underscore.gsub(/[^0-9a-zA-Z\-]/,'_')
     end
+
+    protected
+
+    # Strip leading and trailing whitespace
+    def strip_whitespace
+	self.title = title.strip
+	self.key = key.strip
+    end
+
+    # Remove control characters from key
+    def remove_control_characters
+	# First -- let the first control char or space stand (to divide key type from key)
+	# Really, this is catching a special case in which there is a \n between type and key.
+	# Most common case turns first space back into space....
+	self.key=key.sub(/[ \r\n\t]/,' ')
+
+	# Next, if comment divided from key by control char, let that one stand as well
+	# We can only tell this if there is an "=" in the key.	So, won't help 1/3 times.
+	self.key=key.sub(/=[ \r\n\t]/,'= ')
+
+	# Delete any remaining control characters....
+	self.key=key.gsub(/[\a\r\n\t]/,'').strip
+    end
+
+    def has_not_been_changed
+	unless new_record?
+	    %w(identifier key user_id key_type).each do |attribute|
+		errors.add(attribute, 'may not be changed') unless changes[attribute].blank?
+	    end
+	end
+    end
+
+    def key_format_and_uniqueness
+	return if key.blank? || !new_record?
+
+	# First, check that key crypto type is present and of correct form.  Also, decode base64 and see if key
+	# crypto type matches.	Note that we ignore presence of comment!
+	keypieces = key.match(/^(\S+)\s+(\S+)/)
+	if !keypieces || keypieces[1].length > 10  # Probably has key as first component
+	    errors.add(:key,l(:error_key_needs_two_components))
+	    return
+	end
+
+	if !(KEY_FORMATS.index(keypieces[1]))
+	    errors.add(:key,l(:error_key_bad_type,:types=>wrap_and_join(KEY_FORMATS,l(:word_or))))
+	    return
+	end
+
+	# Make sure that key has proper number of characters (divisible by 4) and no more than 2 '='
+	if (keypieces[2].length % 4) != 0 || !(keypieces[2].match(/^[a-zA-Z0-9\+\/]+={0,2}$/))
+	    Rails.logger.error "Key error: #{keypieces[2].length % 4}"
+	    errors.add(:key,l(:error_key_corrupted))
+	    return
+	end
+
+	deckey = Base64.decode64(keypieces[2])
+	piecearray=[]
+	while deckey.length >= 4
+	    length = 0
+	    deckey.slice!(0..3).bytes do |byte|
+		length = length * 256 + byte
+	    end
+	    if deckey.length < length
+		errors.add(:key,l(:error_key_corrupted))
+		return
+	    end
+	    piecearray << deckey.slice!(0..length-1)
+	end
+	if deckey.length != 0
+	    errors.add(:key,l(:error_key_corrupted))
+	    return
+	end
+
+	if piecearray[0] != keypieces[1]
+	    errors.add(:key,l(:error_key_type_mismatch,:type1=>keypieces[1],:type2=>piecearray[0]))
+	    return
+	end
+
+	if piecearray.length != KEY_NUM_COMPONENTS[KEY_FORMATS.index(piecearray[0])]
+	    errors.add(:key,l(:error_key_corrupted))
+	    return
+	end
+
+
+	# First version of uniqueness check -- simply check all keys...
+
+	# Check against the gitolite administrator key file (owned by noone).
+	allkeys = [GitolitePublicKey.new({ :user=>nil, :key=>%x[cat '#{Setting.plugin_redmine_git_hosting['gitoliteIdentityPublicKeyFile']}'] })]
+	# Check all active keys
+	allkeys += (GitolitePublicKey.active.all)
+
+	allkeys.each do |existingkey|
+	    existingpieces = existingkey.key.match(/^(\S+)\s+(\S+)/)
+	    if existingpieces && (existingpieces[2] == keypieces[2])
+		# Hm.... have a duplicate key!
+		if existingkey.user == User.current
+		    errors.add(:key,l(:error_key_in_use_by_you,:name=>existingkey.title))
+		elsif User.current.admin?
+		    if existingkey.user
+			errors.add(:key,l(:error_key_in_use_by_other,:login=>existingkey.user.login,:name=>existingkey.title))
+		    else
+			errors.add(:key,l(:error_key_in_use_by_admin))
+		    end
+		else
+		    errors.add(:key,l(:error_key_in_use_by_someone))
+		end
+	    end
+	end
+    end
 end

Diff for: config/locales/bg.yml

@@ -81,6 +81,15 @@ bg:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/bs.yml

@@ -81,6 +81,15 @@ bs:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/ca.yml

@@ -81,6 +81,15 @@ ca:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/cs.yml

@@ -81,6 +81,15 @@ cs:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/da.yml

@@ -81,6 +81,15 @@ da:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/de.yml

@@ -81,6 +81,15 @@ de:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/el.yml

@@ -81,6 +81,15 @@ el:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/en.yml

@@ -81,6 +81,15 @@ en:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/es.yml

@@ -81,6 +81,15 @@ es:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/fi.yml

@@ -81,6 +81,15 @@ fi:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/fr.yml

@@ -81,6 +81,15 @@ fr:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/gl.yml

@@ -81,6 +81,15 @@ gl:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages:

Diff for: config/locales/he.yml

@@ -81,6 +81,15 @@ he:
   error_public_key_create_failed: Failed to create public key.
   error_public_key_update_failed: Failed to update public key.
   label_key_cannot_be_changed_please_create_new_key: 'The key cannot be altered anymore. However, you can delete it and create a new one.'
+  error_key_corrupted: seems to be corrupted.
+  error_key_needs_two_components: 'needs at least two components: [key-type] and [key-value].'
+  error_key_bad_type: 'has a bad type.  Valid types are %{types}.'
+  word_or: or
+  error_key_type_mismatch: type (%{type1}) does not match type within body of key (%{type2}).
+  error_key_in_use_by_you: 'is already in use by you as "%{name}".'
+  error_key_in_use_by_other: 'is already in use by user "%{login}" as "%{name}".'
+  error_key_in_use_by_admin: is already in use as the gitolite administrator key.
+  error_key_in_use_by_someone: is already in use. It belongs to another user (ask administrator for details).
   activerecord:
     errors:
       messages: