+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
class AuthorizedKey < ArvadosModel
- include AssignUuid
+ include HasUuid
include KindAndEtag
include CommonApiTemplate
- before_create :permission_to_set_authorized_user
- before_update :permission_to_set_authorized_user
+ before_create :permission_to_set_authorized_user_uuid
+ before_update :permission_to_set_authorized_user_uuid
+
+ belongs_to :authorized_user, :foreign_key => :authorized_user_uuid, :class_name => 'User', :primary_key => :uuid
+
+ validate :public_key_must_be_unique
- api_accessible :superuser, :extend => :common do |t|
+ api_accessible :user, extend: :common do |t|
t.add :name
t.add :key_type
- t.add :authorized_user
+ t.add :authorized_user_uuid
t.add :public_key
t.add :expires_at
end
- def permission_to_set_authorized_user
+ def permission_to_set_authorized_user_uuid
# Anonymous users cannot do anything here
return false if !current_user
return true if current_user.is_admin
# All users can attach keys to their own accounts
- return true if current_user.uuid == authorized_user
+ return true if current_user.uuid == authorized_user_uuid
# Default = deny.
false
end
+
+ def public_key_must_be_unique
+ if self.public_key
+ valid_key = SSHKey.valid_ssh_public_key? self.public_key
+
+ if not valid_key
+ errors.add(:public_key, "does not appear to be a valid ssh-rsa or dsa public key")
+ else
+ # Valid if no other rows have this public key
+ if self.class.where('uuid != ? and public_key like ?',
+ uuid || '', "%#{self.public_key}%").any?
+ errors.add(:public_key, "already exists in the database, use a different key.")
+ return false
+ end
+ end
+ end
+ return true
+ end
end
projects / arvados.git / blobdiff