BigW Consortium Gitlab

Skip to content

G
gitlab-ce
Commit e75ab064 by Alexis Reigel
Options

update invalid gpg signatures when email changes

parent 24671cd6
Showing with 90 additions and 29 deletions
app/models/gpg_key.rb
......@@ -53,6 +53,10 @@ class GpgKey < ActiveRecord::Base
emails_with_verified_status.any? { |_email, verified| verified }
end
def update_invalid_gpg_signatures
Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run
end
private
def extract_fingerprint
......@@ -67,10 +71,6 @@ class GpgKey < ActiveRecord::Base
self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
end
def update_invalid_gpg_signatures
run_after_commit { Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run }
end
def notify_user
run_after_commit { NotificationService.new.new_gpg_key(self) }
end
......
app/models/user.rb
......@@ -155,6 +155,7 @@ class User < ActiveRecord::Base
before_validation :set_public_email, if: :public_email_changed?
after_update :update_emails_with_primary_email, if: :email_changed?
after_update :update_invalid_gpg_signatures, if: :email_changed?
before_save :ensure_authentication_token, :ensure_incoming_email_token
before_save :ensure_user_rights_and_limits, if: :external_changed?
after_save :ensure_namespace_correct
......@@ -513,6 +514,10 @@ class User < ActiveRecord::Base
end
end
def update_invalid_gpg_signatures
gpg_keys.each(&:update_invalid_gpg_signatures)
end
# Returns the groups a user has access to
def authorized_groups
union = Gitlab::SQL::Union
......
spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb
......@@ -2,37 +2,39 @@ require 'rails_helper'
RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
describe '#run' do
context 'gpg signature did not have an associated gpg key' do
let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' }
let!(:project) { create :project, :repository, path: 'sample-project' }
let!(:commit) do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: commit_sha)
allow(raw_commit).to receive :save!
create :commit, git_commit: raw_commit, project: project
end
let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' }
let!(:project) { create :project, :repository, path: 'sample-project' }
let!(:commit) do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: commit_sha)
allow(raw_commit).to receive :save!
let!(:gpg_signature) do
create :gpg_signature,
project: project,
commit_sha: commit_sha,
gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false
end
create :commit, git_commit: raw_commit, project: project
end
before do
allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit)
end
let!(:gpg_signature) do
create :gpg_signature,
project: project,
commit_sha: commit_sha,
gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false
end
before do
allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit)
end
context 'gpg signature did not have an associated gpg key' do
let!(:user) { create :user, email: GpgHelpers::User1.emails.first }
it 'updates the signature to being valid when the missing gpg key is added' do
# InvalidGpgSignatureUpdater is called by the after_create hook
create :gpg_key,
key: GpgHelpers::User1.public_key,
user: create(:user, email: GpgHelpers::User1.emails.first)
user: user
expect(gpg_signature.reload.valid_signature).to be_truthy
end
......@@ -41,7 +43,41 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
# InvalidGpgSignatureUpdater is called by the after_create hook
create :gpg_key,
key: GpgHelpers::User2.public_key,
user: create(:user, email: GpgHelpers::User2.emails.first)
user: user
expect(gpg_signature.reload.valid_signature).to be_falsey
end
end
context 'gpg signature did have an associated unverified gpg key' do
let!(:user) do
create(:user, email: 'unrelated@example.com').tap do |user|
user.skip_reconfirmation!
end
end
it 'updates the signature to being valid when the user updates the email address' do
create :gpg_key,
key: GpgHelpers::User1.public_key,
user: user
expect(gpg_signature.reload.valid_signature).to be_falsey
# InvalidGpgSignatureUpdater is called by the after_update hook
user.update_attributes!(email: GpgHelpers::User1.emails.first)
expect(gpg_signature.reload.valid_signature).to be_truthy
end
it 'keeps the signature at being invalid when the changed email address is still unrelated' do
create :gpg_key,
key: GpgHelpers::User1.public_key,
user: user
expect(gpg_signature.reload.valid_signature).to be_falsey
# InvalidGpgSignatureUpdater is called by the after_update hook
user.update_attributes!(email: 'still.unrelated@example.com')
expect(gpg_signature.reload.valid_signature).to be_falsey
end
......
spec/models/user_spec.rb
......@@ -350,6 +350,26 @@ describe User, models: true do
end
end
describe 'after update hook' do
describe '.update_invalid_gpg_signatures' do
let(:user) do
create(:user, email: 'tula.torphy@abshire.ca').tap do |user|
user.skip_reconfirmation!
end
end
it 'does nothing when the name is updated' do
expect(user).not_to receive(:update_invalid_gpg_signatures)
user.update_attributes!(name: 'Bette')
end
it 'synchronizes the gpg keys when the email is updated' do
expect(user).to receive(:update_invalid_gpg_signatures)
user.update_attributes!(email: 'shawnee.ritchie@denesik.com')
end
end
end
describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do
let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") }
let(:user) { create(:user) }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment