1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
# frozen_string_literal: true
require 'spec_helper'
RSpec.describe Gitlab::Ssh::Commit, feature_category: :source_code_management do
let_it_be(:project) { create(:project, :repository) }
let_it_be(:signed_by_key) { create(:key) }
let_it_be(:fingerprint) { signed_by_key.fingerprint_sha256 }
let(:commit) { create(:commit, project: project) }
let(:signature_text) { 'signature_text' }
let(:signed_text) { 'signed_text' }
let(:signature_data) { [signature_text, signed_text] }
let(:verifier) { instance_double('Gitlab::Ssh::Signature') }
let(:verification_status) { :verified }
subject(:signature) { described_class.new(commit).signature }
before do
allow(Gitlab::Git::Commit).to receive(:extract_signature_lazily)
.with(Gitlab::Git::Repository, commit.sha)
.and_return(signature_data)
allow(verifier).to receive_messages({
verification_status: verification_status,
signed_by_key: signed_by_key,
key_fingerprint: fingerprint
})
allow(Gitlab::Ssh::Signature).to receive(:new)
.with(signature_text, signed_text, commit.committer_email)
.and_return(verifier)
end
describe '#signature' do
it 'returns the cached signature on multiple calls' do
ssh_commit = described_class.new(commit)
expect(ssh_commit).to receive(:create_cached_signature!).and_call_original
ssh_commit.signature
expect(ssh_commit).not_to receive(:create_cached_signature!)
ssh_commit.signature
end
context 'when all expected data is present' do
it 'calls signature verifier and uses returned attributes' do
expect(signature).to have_attributes(
commit_sha: commit.sha,
project: project,
key_id: signed_by_key.id,
key_fingerprint_sha256: signed_by_key.fingerprint_sha256,
user_id: signed_by_key.user_id,
verification_status: 'verified'
)
end
end
context 'when signed_by_key is nil' do
let_it_be(:signed_by_key) { nil }
let_it_be(:fingerprint) { nil }
let(:verification_status) { :unknown_key }
it 'creates signature without a key_id' do
expect(signature).to have_attributes(
commit_sha: commit.sha,
project: project,
key_id: nil,
key_fingerprint_sha256: nil,
user_id: nil,
verification_status: 'unknown_key'
)
end
end
end
describe '#update_signature!' do
it 'updates verification status' do
allow(verifier).to receive(:verification_status).and_return(:unverified)
signature
stored_signature = CommitSignatures::SshSignature.find_by_commit_sha(commit.sha)
allow(verifier).to receive(:verification_status).and_return(:verified)
expect { described_class.new(commit).update_signature!(stored_signature) }.to(
change { signature.reload.verification_status }.from('unverified').to('verified')
)
end
end
end
|