diff options
author | Alexis Reigel <mail@koffeinfrei.org> | 2017-08-24 15:21:30 +0300 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-09-05 13:18:31 +0300 |
commit | 64855c8e30c53004b2e2c2a65f131f8ab7efa41c (patch) | |
tree | 2f9a4b4a6ae80847e1f88f068faa7ecb297d0535 /lib/gitlab/gpg | |
parent | 508ff17b3405a4e2275fa137bd7322b728db8ed4 (diff) |
match the committer's email against the gpg key
the updated verification of a gpg signature requires the committer's
email to also match the user's and the key's emails.
Diffstat (limited to 'lib/gitlab/gpg')
-rw-r--r-- | lib/gitlab/gpg/commit.rb | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb index f701897955b..16c8ef563da 100644 --- a/lib/gitlab/gpg/commit.rb +++ b/lib/gitlab/gpg/commit.rb @@ -68,6 +68,7 @@ module Gitlab def attributes(gpg_key) user_infos = user_infos(gpg_key) + verification_status = verification_status(gpg_key) { commit_sha: @commit.sha, @@ -76,12 +77,21 @@ module Gitlab gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint, gpg_key_user_name: user_infos[:name], gpg_key_user_email: user_infos[:email], - valid_signature: gpg_signature_valid_signature_value(gpg_key) + valid_signature: verification_status == GpgSignature.verification_statuses[:verified], + verification_status: verification_status } end - def gpg_signature_valid_signature_value(gpg_key) - !!(gpg_key && gpg_key.verified? && verified_signature.valid?) + def verification_status(gpg_key) + if gpg_key && gpg_key.verified_and_belongs_to_email?(@commit.committer_email) && verified_signature.valid? + GpgSignature.verification_statuses[:verified] + elsif gpg_key && gpg_key.verified? && verified_signature.valid? + GpgSignature.verification_statuses[:other_user] + elsif gpg_key + GpgSignature.verification_statuses[:unverified_key] + else + GpgSignature.verification_statuses[:unknown_key] + end end def user_infos(gpg_key) |