X-Git-Url: https://git.arvados.org/arvados.git/blobdiff_plain/d8fde97325067566bcdb877795eaa56a8ee8c201..cd3966ee048de85447418f00869eec59b38fd7b2:/services/api/app/models/authorized_key.rb?ds=sidebyside

diff --git a/services/api/app/models/authorized_key.rb b/services/api/app/models/authorized_key.rb
index 88f8dc8a99..a5c5081c40 100644
--- a/services/api/app/models/authorized_key.rb
+++ b/services/api/app/models/authorized_key.rb
@@ -1,5 +1,9 @@
+# Copyright (C) The Arvados Authors. All rights reserved.
+#
+# SPDX-License-Identifier: AGPL-3.0
+
 class AuthorizedKey < ArvadosModel
-  include AssignUuid
+  include HasUuid
   include KindAndEtag
   include CommonApiTemplate
   before_create :permission_to_set_authorized_user_uuid
@@ -32,9 +36,20 @@ class AuthorizedKey < ArvadosModel
   end
 
   def public_key_must_be_unique
-    key = /ssh-rsa [A-Za-z0-9+\/]+/.match(self.public_key)[0]
-
-    # Valid if no other rows have this public key
-    self.class.where('public_key like ? and uuid <> ?', "%#{key}%", self.uuid).empty?
+    if self.public_key
+      valid_key = SSHKey.valid_ssh_public_key? self.public_key
+
+      if not valid_key
+        errors.add(:public_key, "does not appear to be a valid ssh-rsa or dsa public key")
+      else
+        # Valid if no other rows have this public key
+        if self.class.where('uuid != ? and public_key like ?',
+                            uuid || '', "%#{self.public_key}%").any?
+          errors.add(:public_key, "already exists in the database, use a different key.")
+          return false
+        end
+      end
+    end
+    return true
   end
 end