diff options
-rw-r--r-- | app/models/gpg_key.rb | 8 | ||||
-rw-r--r-- | app/models/user.rb | 5 | ||||
-rw-r--r-- | spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb | 86 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 20 |
4 files changed, 90 insertions, 29 deletions
diff --git a/app/models/gpg_key.rb b/app/models/gpg_key.rb index 6ca108d6b87..ec30658e7ea 100644 --- a/app/models/gpg_key.rb +++ b/app/models/gpg_key.rb @@ -53,6 +53,10 @@ class GpgKey < ActiveRecord::Base emails_with_verified_status.any? { |_email, verified| verified } end + def update_invalid_gpg_signatures + Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run + end + private def extract_fingerprint @@ -67,10 +71,6 @@ class GpgKey < ActiveRecord::Base self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first end - def update_invalid_gpg_signatures - run_after_commit { Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run } - end - def notify_user run_after_commit { NotificationService.new.new_gpg_key(self) } end diff --git a/app/models/user.rb b/app/models/user.rb index 5aebd36cf8a..791d099605d 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -155,6 +155,7 @@ class User < ActiveRecord::Base before_validation :set_public_email, if: :public_email_changed? after_update :update_emails_with_primary_email, if: :email_changed? + after_update :update_invalid_gpg_signatures, if: :email_changed? before_save :ensure_authentication_token, :ensure_incoming_email_token before_save :ensure_user_rights_and_limits, if: :external_changed? after_save :ensure_namespace_correct @@ -513,6 +514,10 @@ class User < ActiveRecord::Base end end + def update_invalid_gpg_signatures + gpg_keys.each(&:update_invalid_gpg_signatures) + end + # Returns the groups a user has access to def authorized_groups union = Gitlab::SQL::Union diff --git a/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb b/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb index 48f8fa285aa..42348b3f2c1 100644 --- a/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb +++ b/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb @@ -2,37 +2,39 @@ require 'rails_helper' RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do describe '#run' do - context 'gpg signature did not have an associated gpg key' do - let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' } - let!(:project) { create :project, :repository, path: 'sample-project' } - let!(:commit) do - raw_commit = double(:raw_commit, signature: [ - GpgHelpers::User1.signed_commit_signature, - GpgHelpers::User1.signed_commit_base_data - ], sha: commit_sha) - allow(raw_commit).to receive :save! - - create :commit, git_commit: raw_commit, project: project - end + let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' } + let!(:project) { create :project, :repository, path: 'sample-project' } + let!(:commit) do + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: commit_sha) + allow(raw_commit).to receive :save! - let!(:gpg_signature) do - create :gpg_signature, - project: project, - commit_sha: commit_sha, - gpg_key: nil, - gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, - valid_signature: false - end + create :commit, git_commit: raw_commit, project: project + end - before do - allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit) - end + let!(:gpg_signature) do + create :gpg_signature, + project: project, + commit_sha: commit_sha, + gpg_key: nil, + gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, + valid_signature: false + end + + before do + allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit) + end + + context 'gpg signature did not have an associated gpg key' do + let!(:user) { create :user, email: GpgHelpers::User1.emails.first } it 'updates the signature to being valid when the missing gpg key is added' do # InvalidGpgSignatureUpdater is called by the after_create hook create :gpg_key, key: GpgHelpers::User1.public_key, - user: create(:user, email: GpgHelpers::User1.emails.first) + user: user expect(gpg_signature.reload.valid_signature).to be_truthy end @@ -41,7 +43,41 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do # InvalidGpgSignatureUpdater is called by the after_create hook create :gpg_key, key: GpgHelpers::User2.public_key, - user: create(:user, email: GpgHelpers::User2.emails.first) + user: user + + expect(gpg_signature.reload.valid_signature).to be_falsey + end + end + + context 'gpg signature did have an associated unverified gpg key' do + let!(:user) do + create(:user, email: 'unrelated@example.com').tap do |user| + user.skip_reconfirmation! + end + end + + it 'updates the signature to being valid when the user updates the email address' do + create :gpg_key, + key: GpgHelpers::User1.public_key, + user: user + + expect(gpg_signature.reload.valid_signature).to be_falsey + + # InvalidGpgSignatureUpdater is called by the after_update hook + user.update_attributes!(email: GpgHelpers::User1.emails.first) + + expect(gpg_signature.reload.valid_signature).to be_truthy + end + + it 'keeps the signature at being invalid when the changed email address is still unrelated' do + create :gpg_key, + key: GpgHelpers::User1.public_key, + user: user + + expect(gpg_signature.reload.valid_signature).to be_falsey + + # InvalidGpgSignatureUpdater is called by the after_update hook + user.update_attributes!(email: 'still.unrelated@example.com') expect(gpg_signature.reload.valid_signature).to be_falsey end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 20bdb7e37da..14b0440af9c 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -350,6 +350,26 @@ describe User, models: true do end end + describe 'after update hook' do + describe '.update_invalid_gpg_signatures' do + let(:user) do + create(:user, email: 'tula.torphy@abshire.ca').tap do |user| + user.skip_reconfirmation! + end + end + + it 'does nothing when the name is updated' do + expect(user).not_to receive(:update_invalid_gpg_signatures) + user.update_attributes!(name: 'Bette') + end + + it 'synchronizes the gpg keys when the email is updated' do + expect(user).to receive(:update_invalid_gpg_signatures) + user.update_attributes!(email: 'shawnee.ritchie@denesik.com') + end + end + end + describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") } let(:user) { create(:user) } |