X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/7ad430f157028a8f8ab52c6f17c4864ada271667..8370640cef5110b65ba6c3a2bf9d7f56541b4c7f:/services/api/app/models/authorized_key.rb

diff --git a/services/api/app/models/authorized_key.rb b/services/api/app/models/authorized_key.rb
index 88f8dc8a99..a6bc06593a 100644
--- a/services/api/app/models/authorized_key.rb
+++ b/services/api/app/models/authorized_key.rb
@@ -32,9 +32,19 @@ class AuthorizedKey < ArvadosModel
   end
 
   def public_key_must_be_unique
-    key = /ssh-rsa [A-Za-z0-9+\/]+/.match(self.public_key)[0]
-
-    # Valid if no other rows have this public key
-    self.class.where('public_key like ? and uuid <> ?', "%#{key}%", self.uuid).empty?
+    if self.public_key
+      key = /^ssh-(rsa|dss) [A-Za-z0-9+\/=\+]+\b/.match(self.public_key)
+      
+      if not key
+        errors.add(:public_key, "does not appear to be a valid ssh-rsa or dsa public key")
+      else
+        # Valid if no other rows have this public key
+        if self.class.where('public_key like ?', "%#{key[0]}%").any?
+          errors.add(:public_key, "already exists in the database, use a different key.")
+          return false
+        end
+      end
+    end
+    return true
   end
 end