BigW Consortium Gitlab

Commit dd139e65 by Rubén Dávila

Invalidate GpgSignatures associated to GpgKeySubkeys when revoking the GpgKey

parent 2577cc99
......@@ -91,10 +91,11 @@ class GpgKey < ActiveRecord::Base
def revoke
GpgSignature
.where(gpg_key: self)
.with_key_and_subkeys(self)
.where.not(verification_status: GpgSignature.verification_statuses[:unknown_key])
.update_all(
gpg_key_id: nil,
gpg_key_subkey_id: nil,
verification_status: GpgSignature.verification_statuses[:unknown_key],
updated_at: Time.zone.now
)
......
......@@ -21,6 +21,19 @@ class GpgSignature < ActiveRecord::Base
validates :project_id, presence: true
validates :gpg_key_primary_keyid, presence: true
def self.with_key_and_subkeys(gpg_key)
return none unless gpg_key
t = arel_table
subkey_ids = gpg_key&.subkeys&.pluck(:id)
where(
t[:gpg_key_id].eq(gpg_key&.id).or(
t[:gpg_key_subkey_id].in(subkey_ids)
)
)
end
def gpg_key=(model)
case model
when GpgKey
......
......@@ -30,7 +30,7 @@ class CreateGpgKeySubkeysForExistingGpgKeys < ActiveRecord::Migration
def up
GpgKey.with_subkeys.each_batch do |batch|
batch.each do |gpg_key|
return if gpg_key.subkeys.any?
next if gpg_key.subkeys.any?
create_subkeys(gpg_key) && update_signatures(gpg_key)
end
......
......@@ -5,7 +5,7 @@ FactoryGirl.define do
commit_sha { Digest::SHA1.hexdigest(SecureRandom.hex) }
project
gpg_key
gpg_key_primary_keyid { gpg_key.primary_keyid }
gpg_key_primary_keyid { gpg_key.keyid }
verification_status :verified
end
end
......@@ -191,5 +191,29 @@ describe GpgKey do
expect(unrelated_gpg_key.destroyed?).to be false
end
it 'deletes all the associated subkeys' do
gpg_key = create :gpg_key, key: GpgHelpers::User3.public_key
expect(gpg_key.subkeys).to be_present
gpg_key.revoke
expect(gpg_key.subkeys(true)).to be_blank
end
it 'invalidates all signatures associated to the subkeys' do
gpg_key = create :gpg_key, key: GpgHelpers::User3.public_key
gpg_key_subkey = gpg_key.subkeys.last
gpg_signature = create :gpg_signature, verification_status: :verified, gpg_key: gpg_key_subkey
gpg_key.revoke
expect(gpg_signature.reload).to have_attributes(
verification_status: 'unknown_key',
gpg_key: nil,
gpg_key_subkey: nil
)
end
end
end
require 'rails_helper'
RSpec.describe GpgSignature do
let(:gpg_key) { create(:gpg_key) }
let(:gpg_key_subkey) { create(:gpg_key_subkey) }
describe 'associations' do
it { is_expected.to belong_to(:project) }
it { is_expected.to belong_to(:gpg_key) }
......@@ -26,4 +29,26 @@ RSpec.describe GpgSignature do
gpg_signature.commit
end
end
describe '#gpg_key=' do
it 'supports the assignment of a GpgKey' do
gpg_signature = create(:gpg_signature, gpg_key: gpg_key)
expect(gpg_signature.gpg_key).to be_an_instance_of(GpgKey)
end
it 'supports the assignment of a GpgKeySubkey' do
gpg_signature = create(:gpg_signature, gpg_key: gpg_key_subkey)
expect(gpg_signature.gpg_key).to be_an_instance_of(GpgKeySubkey)
end
it 'clears gpg_key and gpg_key_subkey_id when passing nil' do
gpg_signature = create(:gpg_signature, gpg_key: gpg_key_subkey)
gpg_signature.update_attribute(:gpg_key, nil)
expect(gpg_signature.gpg_key_id).to be_nil
expect(gpg_signature.gpg_key_subkey_id).to be_nil
end
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment