Fix issue where ecdsa and other key types are not synced from LDAP (#5092) (#5094)

* Fix issue where ecdsa and other key types are not synced from LDAP authentication provider fixes #5092

* integrations/auth_ldap_test.go: Add Hermes Conrad new ecdsa-sha2-nistp256 publickey fingerprint

* integrations/auth_ldap_test.go: Use ssh-keygen -lf <filename> -E sha256

2 files changed, 4 insertions, 1 deletions

diff --git a/integrations/auth_ldap_test.go b/integrations/auth_ldap_test.go
index f31f598fa4..52fe0fd73f 100644
--- a/integrations/auth_ldap_test.go
+++ b/integrations/auth_ldap_test.go
@@ -43,6 +43,7 @@ var gitLDAPUsers = []ldapUser{
 		SSHKeys: []string{
 			"SHA256:qLY06smKfHoW/92yXySpnxFR10QFrLdRjf/GNPvwcW8",
 			"SHA256:QlVTuM5OssDatqidn2ffY+Lc4YA5Fs78U+0KOHI51jQ",
+			"SHA256:DXdeUKYOJCSSmClZuwrb60hUq7367j4fA+udNC3FdRI",
 		},
 		IsAdmin: true,
 	},
diff --git a/models/user.go b/models/user.go
index 32e7dda2cb..9469d6e793 100644
--- a/models/user.go
+++ b/models/user.go
@@ -29,6 +29,7 @@ import (
 	"github.com/go-xorm/xorm"
 	"github.com/nfnt/resize"
 	"golang.org/x/crypto/pbkdf2"
+	"golang.org/x/crypto/ssh"
 
 	"code.gitea.io/git"
 	api "code.gitea.io/sdk/gitea"
@@ -1454,7 +1455,8 @@ func deleteKeysMarkedForDeletion(keys []string) (bool, error) {
 func addLdapSSHPublicKeys(s *LoginSource, usr *User, SSHPublicKeys []string) bool {
 	var sshKeysNeedUpdate bool
 	for _, sshKey := range SSHPublicKeys {
-		if strings.HasPrefix(strings.ToLower(sshKey), "ssh") {
+		_, _, _, _, err := ssh.ParseAuthorizedKey([]byte(sshKey))
+		if err == nil {
 			sshKeyName := fmt.Sprintf("%s-%s", s.Name, sshKey[0:40])
 			if _, err := AddPublicKey(usr.ID, sshKeyName, sshKey, s.ID); err != nil {
 				log.Error(4, "addLdapSSHPublicKeys[%s]: Error adding LDAP Public SSH Key for user %s: %v", s.Name, usr.Name, err)