diff options
author | Alexis Reigel <mail@koffeinfrei.org> | 2017-06-15 10:57:50 +0300 |
---|---|---|
committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-07-27 16:42:53 +0300 |
commit | 7b616d39efaa7cba933d17dfae010d393c18d057 (patch) | |
tree | f476d5ac7ef39ba01c77983e91315758eff54ddd /spec/lib/gitlab/gpg/commit_spec.rb | |
parent | 8c4b6a32fcc5786383904fa1d5cf8b317bec7a7f (diff) |
gpg signature is only valid when key is verified
Diffstat (limited to 'spec/lib/gitlab/gpg/commit_spec.rb')
-rw-r--r-- | spec/lib/gitlab/gpg/commit_spec.rb | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb index c4d92b8bbbf..2a583dc1bd5 100644 --- a/spec/lib/gitlab/gpg/commit_spec.rb +++ b/spec/lib/gitlab/gpg/commit_spec.rb @@ -10,9 +10,9 @@ RSpec.describe Gitlab::Gpg::Commit do end end - context 'known public key' do + context 'known and verified public key' do it 'returns a valid signature' do - gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key + gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: create(:user, email: GpgHelpers::User1.emails.first) raw_commit = double(:raw_commit, signature: [ GpgHelpers::User1.signed_commit_signature, @@ -34,6 +34,30 @@ RSpec.describe Gitlab::Gpg::Commit do end end + context 'known but unverified public key' do + it 'returns an invalid signature' do + gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key + + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! + + commit = create :commit, + git_commit: raw_commit, + project: project + + expect(described_class.new(commit).signature).to have_attributes( + commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', + project: project, + gpg_key: gpg_key, + gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, + valid_signature: false + ) + end + end + context 'unknown public key' do it 'returns an invalid signature', :gpg do raw_commit = double(:raw_commit, signature: [ |