gpg signature is only valid when key is verified

1 files changed, 26 insertions, 2 deletions

diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb
index c4d92b8bbbf..2a583dc1bd5 100644
--- a/spec/lib/gitlab/gpg/commit_spec.rb
+++ b/spec/lib/gitlab/gpg/commit_spec.rb
@@ -10,9 +10,9 @@ RSpec.describe Gitlab::Gpg::Commit do
       end
     end
 
-    context 'known public key' do
+    context 'known and verified public key' do
       it 'returns a valid signature' do
-        gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key
+        gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: create(:user, email: GpgHelpers::User1.emails.first)
 
         raw_commit = double(:raw_commit, signature: [
           GpgHelpers::User1.signed_commit_signature,
@@ -34,6 +34,30 @@ RSpec.describe Gitlab::Gpg::Commit do
       end
     end
 
+    context 'known but unverified public key' do
+      it 'returns an invalid signature' do
+        gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key
+
+        raw_commit = double(:raw_commit, signature: [
+          GpgHelpers::User1.signed_commit_signature,
+          GpgHelpers::User1.signed_commit_base_data
+        ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
+        allow(raw_commit).to receive :save!
+
+        commit = create :commit,
+          git_commit: raw_commit,
+          project: project
+
+        expect(described_class.new(commit).signature).to have_attributes(
+          commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33',
+          project: project,
+          gpg_key: gpg_key,
+          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
+          valid_signature: false
+        )
+      end
+    end
+
     context 'unknown public key' do
       it 'returns an invalid signature', :gpg do
         raw_commit = double(:raw_commit, signature: [