diff options
| -rw-r--r-- | app/models/gpg_key.rb | 5 | ||||
| -rw-r--r-- | lib/gitlab/gpg/invalid_gpg_signature_updater.rb | 19 | ||||
| -rw-r--r-- | spec/factories/gpg_signature.rb | 11 | ||||
| -rw-r--r-- | spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb | 50 |
4 files changed, 85 insertions, 0 deletions
diff --git a/app/models/gpg_key.rb b/app/models/gpg_key.rb index 137abb60ddc..6ca108d6b87 100644 --- a/app/models/gpg_key.rb +++ b/app/models/gpg_key.rb @@ -28,6 +28,7 @@ class GpgKey < ActiveRecord::Base unless: -> { errors.has_key?(:key) } before_validation :extract_fingerprint, :extract_primary_keyid + after_create :update_invalid_gpg_signatures after_create :notify_user def key=(value) @@ -66,6 +67,10 @@ class GpgKey < ActiveRecord::Base self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first end + def update_invalid_gpg_signatures + run_after_commit { Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run } + end + def notify_user run_after_commit { NotificationService.new.new_gpg_key(self) } end diff --git a/lib/gitlab/gpg/invalid_gpg_signature_updater.rb b/lib/gitlab/gpg/invalid_gpg_signature_updater.rb new file mode 100644 index 00000000000..6511a8f8285 --- /dev/null +++ b/lib/gitlab/gpg/invalid_gpg_signature_updater.rb @@ -0,0 +1,19 @@ +module Gitlab + module Gpg + class InvalidGpgSignatureUpdater + def initialize(gpg_key) + @gpg_key = gpg_key + end + + def run + GpgSignature + .where(valid_signature: false) + .where(gpg_key_primary_keyid: @gpg_key.primary_keyid) + .find_each do |gpg_signature| + commit = Gitlab::Git::Commit.find(gpg_signature.project.repository, gpg_signature.commit_sha) + Gitlab::Gpg::Commit.new(commit).update_signature!(gpg_signature) + end + end + end + end +end diff --git a/spec/factories/gpg_signature.rb b/spec/factories/gpg_signature.rb new file mode 100644 index 00000000000..a5aeffbe12d --- /dev/null +++ b/spec/factories/gpg_signature.rb @@ -0,0 +1,11 @@ +require_relative '../support/gpg_helpers' + +FactoryGirl.define do + factory :gpg_signature do + commit_sha { Digest::SHA1.hexdigest(SecureRandom.hex) } + project + gpg_key + gpg_key_primary_keyid { gpg_key.primary_keyid } + valid_signature true + end +end diff --git a/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb b/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb new file mode 100644 index 00000000000..48f8fa285aa --- /dev/null +++ b/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb @@ -0,0 +1,50 @@ +require 'rails_helper' + +RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do + describe '#run' do + context 'gpg signature did not have an associated gpg key' do + let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' } + let!(:project) { create :project, :repository, path: 'sample-project' } + let!(:commit) do + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: commit_sha) + allow(raw_commit).to receive :save! + + create :commit, git_commit: raw_commit, project: project + end + + let!(:gpg_signature) do + create :gpg_signature, + project: project, + commit_sha: commit_sha, + gpg_key: nil, + gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, + valid_signature: false + end + + before do + allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit) + end + + it 'updates the signature to being valid when the missing gpg key is added' do + # InvalidGpgSignatureUpdater is called by the after_create hook + create :gpg_key, + key: GpgHelpers::User1.public_key, + user: create(:user, email: GpgHelpers::User1.emails.first) + + expect(gpg_signature.reload.valid_signature).to be_truthy + end + + it 'keeps the signature at being invalid when an unrelated gpg key is added' do + # InvalidGpgSignatureUpdater is called by the after_create hook + create :gpg_key, + key: GpgHelpers::User2.public_key, + user: create(:user, email: GpgHelpers::User2.emails.first) + + expect(gpg_signature.reload.valid_signature).to be_falsey + end + end + end +end |