diff options
Diffstat (limited to 'spec/lib/gitlab/x509/signature_spec.rb')
-rw-r--r-- | spec/lib/gitlab/x509/signature_spec.rb | 44 |
1 files changed, 42 insertions, 2 deletions
diff --git a/spec/lib/gitlab/x509/signature_spec.rb b/spec/lib/gitlab/x509/signature_spec.rb index d119a4e2b9d..e0823aa8153 100644 --- a/spec/lib/gitlab/x509/signature_spec.rb +++ b/spec/lib/gitlab/x509/signature_spec.rb @@ -36,6 +36,7 @@ RSpec.describe Gitlab::X509::Signature do it 'returns a verified signature if email does match' do expect(signature.x509_certificate).to have_attributes(certificate_attributes) + expect(signature.x509_certificate.x509_issuer).to have_attributes(issuer_attributes) expect(signature.verified_signature).to be_truthy expect(signature.verification_status).to eq(:verified) @@ -55,6 +56,27 @@ RSpec.describe Gitlab::X509::Signature do expect(signature.verification_status).to eq(:verified) end + context 'when the certificate contains multiple emails' do + before do + allow_any_instance_of(described_class).to receive(:get_certificate_extension).and_call_original + + allow_any_instance_of(described_class).to receive(:get_certificate_extension) + .with('subjectAltName') + .and_return("email:gitlab2@example.com, othername:<unsupported>, email:#{X509Helpers::User1.certificate_email}") + end + + context 'and the email matches one of them' do + it 'returns a verified signature' do + expect(signature.x509_certificate).to have_attributes(certificate_attributes.except(:email, :emails)) + expect(signature.x509_certificate.email).to eq('gitlab2@example.com') + expect(signature.x509_certificate.emails).to contain_exactly('gitlab2@example.com', X509Helpers::User1.certificate_email) + expect(signature.x509_certificate.x509_issuer).to have_attributes(issuer_attributes) + expect(signature.verified_signature).to be_truthy + expect(signature.verification_status).to eq(:verified) + end + end + end + context "if the email matches but isn't confirmed" do let!(:user) { create(:user, :unconfirmed, email: X509Helpers::User1.certificate_email) } @@ -106,6 +128,7 @@ RSpec.describe Gitlab::X509::Signature do subject_key_identifier: X509Helpers::User1.certificate_subject_key_identifier, subject: X509Helpers::User1.certificate_subject, email: X509Helpers::User1.certificate_email, + emails: [X509Helpers::User1.certificate_email], serial_number: X509Helpers::User1.certificate_serial } end @@ -248,15 +271,31 @@ RSpec.describe Gitlab::X509::Signature do .and_return("email:gitlab@example.com, othername:<unsupported>") end - it 'extracts email' do - signature = described_class.new( + let(:signature) do + described_class.new( X509Helpers::User1.signed_commit_signature, X509Helpers::User1.signed_commit_base_data, 'gitlab@example.com', X509Helpers::User1.signed_commit_time ) + end + it 'extracts email' do expect(signature.x509_certificate.email).to eq("gitlab@example.com") + expect(signature.x509_certificate.emails).to contain_exactly("gitlab@example.com") + end + + context 'when there are multiple emails' do + before do + allow_any_instance_of(described_class).to receive(:get_certificate_extension) + .with('subjectAltName') + .and_return("email:gitlab@example.com, othername:<unsupported>, email:gitlab2@example.com") + end + + it 'extracts all the emails' do + expect(signature.x509_certificate.email).to eq("gitlab@example.com") + expect(signature.x509_certificate.emails).to contain_exactly("gitlab@example.com", "gitlab2@example.com") + end end end @@ -311,6 +350,7 @@ RSpec.describe Gitlab::X509::Signature do subject_key_identifier: X509Helpers::User1.tag_certificate_subject_key_identifier, subject: X509Helpers::User1.certificate_subject, email: X509Helpers::User1.certificate_email, + emails: [X509Helpers::User1.certificate_email], serial_number: X509Helpers::User1.tag_certificate_serial } end |