Move the key restriction validation to its own class

eb05bdc6 · Nick Thomas · b84ca08e · eb05bdc6 · eb05bdc6 · eb05bdc6
4 changed file
--- a/app/models/application_setting.rb
+++ b/app/models/application_setting.rb
@@ -15,13 +15,9 @@ class ApplicationSetting < ActiveRecord::Base

  # Setting a key restriction to `-1` means that all keys of this type are
  # forbidden.
-  FORBIDDEN_KEY_VALUE = -1
+  FORBIDDEN_KEY_VALUE = KeyRestrictionValidator::FORBIDDEN
  SUPPORTED_KEY_TYPES = %i[rsa dsa ecdsa ed25519].freeze

-  def self.supported_key_restrictions(type)
-    [0, *Gitlab::SSHPublicKey.supported_sizes(type), FORBIDDEN_KEY_VALUE]
-  end
-
  serialize :restricted_visibility_levels # rubocop:disable Cop/ActiveRecordSerialize
  serialize :import_sources # rubocop:disable Cop/ActiveRecordSerialize
  serialize :disabled_oauth_sign_in_sources, Array # rubocop:disable Cop/ActiveRecordSerialize
@@ -156,9 +152,7 @@ class ApplicationSetting < ActiveRecord::Base
            numericality: { greater_than_or_equal_to: 0 }

  SUPPORTED_KEY_TYPES.each do |type|
-    validates :"#{type}_key_restriction",
-              presence: true,
-              inclusion: { in: ApplicationSetting.supported_key_restrictions(type) }
+    validates :"#{type}_key_restriction", presence: true, key_restriction: { type: type }
  end

  validates_each :restricted_visibility_levels do |record, attr, value|

--- a/app/validators/key_restriction_validator.rb
+++ b/app/validators/key_restriction_validator.rb
+class KeyRestrictionValidator < ActiveModel::EachValidator
+  FORBIDDEN = -1
+
+  def self.supported_sizes(type)
+    Gitlab::SSHPublicKey.supported_sizes(type)
+  end
+
+  def self.supported_key_restrictions(type)
+    [0, *supported_sizes(type), FORBIDDEN]
+  end
+
+  def validate_each(record, attribute, value)
+    unless valid_restriction?(value)
+      record.errors.add(attribute, "must be forbidden, allowed, or one of these sizes: #{supported_sizes_message}")
+    end
+  end
+
+  private
+
+  def supported_sizes_message
+    sizes = self.class.supported_sizes(options[:type])
+    sizes.to_sentence(last_word_connector: ', or ', two_words_connector: ' or ')
+  end
+
+  def valid_restriction?(value)
+    choices = self.class.supported_key_restrictions(options[:type])
+    choices.include?(value)
+  end
+end
--- a/lib/api/settings.rb
+++ b/lib/api/settings.rb
@@ -125,7 +125,7 @@ module API
      ApplicationSetting::SUPPORTED_KEY_TYPES.each do |type|
        optional :"#{type}_key_restriction",
                 type: Integer,
-                 values: ApplicationSetting.supported_key_restrictions(type),
+                 values: KeyRestrictionValidator.supported_key_restrictions(type),
                 desc: "Restrictions on the complexity of uploaded #{type.upcase} keys. A value of #{ApplicationSetting::FORBIDDEN_KEY_VALUE} disables all #{type.upcase} keys."
      end


--- a/spec/models/application_setting_spec.rb
+++ b/spec/models/application_setting_spec.rb
@@ -85,7 +85,7 @@ describe ApplicationSetting do
        let(:field) { :"#{type}_key_restriction" }

        it { is_expected.to validate_presence_of(field) }
-        it { is_expected.to allow_value(*described_class.supported_key_restrictions(type)).for(field) }
+        it { is_expected.to allow_value(*KeyRestrictionValidator.supported_key_restrictions(type)).for(field) }
        it { is_expected.not_to allow_value(128).for(field) }
      end
    end