don't sync to keychain file

7e13d967 · Alexis Reigel · d1101ec0 · 7e13d967 · 7e13d967 · 7e13d967
Commit 7e13d967 authored Jun 12, 2017 by Alexis Reigel
6 changed files
--- a/app/models/gpg_key.rb
+++ b/app/models/gpg_key.rb
@@ -21,9 +21,7 @@ class GpgKey < ActiveRecord::Base
    unless: -> { errors.has_key?(:key) }
  before_validation :extract_fingerprint
-  after_create :synchronize_keychain
  after_create :notify_user
-  after_destroy :synchronize_keychain
  def key=(value)
    value.strip! unless value.blank?
@@ -34,29 +32,15 @@ class GpgKey < ActiveRecord::Base
    @emails ||= Gitlab::Gpg.emails_from_key(key)
  end
-  def emails_in_keychain
-    @emails_in_keychain ||= Gitlab::Gpg::CurrentKeyChain.emails(fingerprint)
-  end
  def emails_with_verified_status
    emails.map do |email|
      [
        email,
-        email == user.email && emails_in_keychain.include?(email)
+        email == user.email
      ]
    end
  end
-  def synchronize_keychain
-    if emails.include?(user.email)
-      add_to_keychain
-    else
-      remove_from_keychain
-    end
-    @emails_in_keychain = nil
-  end
  private
  def extract_fingerprint
@@ -65,14 +49,6 @@ class GpgKey < ActiveRecord::Base
    self.fingerprint = Gitlab::Gpg.fingerprints_from_key(key).first
  end
-  def add_to_keychain
-    Gitlab::Gpg::CurrentKeyChain.add(key)
-  end
-  def remove_from_keychain
-    Gitlab::Gpg::CurrentKeyChain.remove(fingerprint)
-  end
  def notify_user
    run_after_commit { NotificationService.new.new_gpg_key(self) }
  end

--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -155,7 +155,6 @@ class User < ActiveRecord::Base
  before_validation :set_public_email, if: :public_email_changed?
  after_update :update_emails_with_primary_email, if: :email_changed?
-  after_update :synchronize_gpg_keys, if: :email_changed?
  before_save :ensure_authentication_token, :ensure_incoming_email_token
  before_save :ensure_user_rights_and_limits, if: :external_changed?
  after_save :ensure_namespace_correct
@@ -1158,10 +1157,4 @@ class User < ActiveRecord::Base
  ensure
    Gitlab::ExclusiveLease.cancel(lease_key, uuid)
  end
-  def synchronize_gpg_keys
-    gpg_keys.each do |gpg_key|
-      gpg_key.synchronize_keychain
-    end
-  end
 end
--- a/lib/gitlab/gpg.rb
+++ b/lib/gitlab/gpg.rb
@@ -2,24 +2,6 @@ module Gitlab
  module Gpg
    extend self
-    module CurrentKeyChain
-      extend self
-      def add(key)
-        GPGME::Key.import(key)
-      end
-      def remove(fingerprint)
-        # `#get` raises an EOFError if the keychain is empty, which is why we
-        # use the friendlier `#find`
-        GPGME::Key.find(:public, fingerprint).each(&:delete!)
-      end
-      def emails(fingerprint)
-        GPGME::Key.find(:public, fingerprint).flat_map { |raw_key| raw_key.uids.map(&:email) }
-      end
-    end
    def fingerprints_from_key(key)
      using_tmp_keychain do
        import = GPGME::Key.import(key)

--- a/spec/lib/gitlab/gpg_spec.rb
+++ b/spec/lib/gitlab/gpg_spec.rb
@@ -29,36 +29,3 @@ describe Gitlab::Gpg do
    end
  end
 end
-describe Gitlab::Gpg::CurrentKeyChain, :gpg do
-  describe '.emails' do
-    it 'returns the emails' do
-      Gitlab::Gpg::CurrentKeyChain.add(GpgHelpers::User2.public_key)
-      expect(
-        described_class.emails(GpgHelpers::User2.fingerprint)
-      ).to match_array GpgHelpers::User2.emails
-    end
-  end
-  describe '.add', :gpg do
-    it 'stores the key in the keychain' do
-      expect(GPGME::Key.find(:public, GpgHelpers::User1.fingerprint)).to eq []
-      Gitlab::Gpg::CurrentKeyChain.add(GpgHelpers::User1.public_key)
-      expect(GPGME::Key.find(:public, GpgHelpers::User1.fingerprint)).not_to eq []
-    end
-  end
-  describe '.remove', :gpg do
-    it 'removes the key from the keychain' do
-      Gitlab::Gpg::CurrentKeyChain.add(GpgHelpers::User1.public_key)
-      expect(GPGME::Key.find(:public, GpgHelpers::User1.fingerprint)).not_to eq []
-      Gitlab::Gpg::CurrentKeyChain.remove(GpgHelpers::User1.fingerprint)
-      expect(GPGME::Key.find(:public, GpgHelpers::User1.fingerprint)).to eq []
-    end
-  end
-end
--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -21,20 +21,6 @@ describe GpgKey do
        expect(gpg_key.fingerprint).to eq GpgHelpers::User1.fingerprint
      end
    end
-    describe 'synchronize_keychain' do
-      it 'calls #synchronize_keychain after create' do
-        gpg_key = build :gpg_key
-        expect(gpg_key).to receive(:synchronize_keychain)
-        gpg_key.save!
-      end
-      it 'calls #remove_from_keychain after destroy' do
-        gpg_key = create :gpg_key
-        expect(gpg_key).to receive(:synchronize_keychain)
-        gpg_key.destroy!
-      end
-    end
  end
  describe '#key=' do
@@ -59,80 +45,15 @@ describe GpgKey do
    end
  end
-  describe '#emails_in_keychain', :gpg do
-    it 'returns the emails from the keychain' do
-      user = create :user, email: GpgHelpers::User1.emails.first
-      gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: user
-      expect(gpg_key.emails_in_keychain).to eq GpgHelpers::User1.emails
-    end
-  end
  describe '#emails_with_verified_status', :gpg do
-    context 'key is in the keychain' do
+    it 'email is verified if the user has the matching email' do
-      it 'email is verified if the user has the matching email' do
+      user = create :user, email: 'bette.cartwright@example.com'
-        user = create :user, email: 'bette.cartwright@example.com'
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
-        gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
+      expect(gpg_key.emails_with_verified_status).to match_array [
-        expect(gpg_key.emails_with_verified_status).to match_array [
+        ['bette.cartwright@example.com', true],
-          ['bette.cartwright@example.com', true],
+        ['bette.cartwright@example.net', false]
-          ['bette.cartwright@example.net', false]
+      ]
-        ]
-      end
-    end
-    context 'key is in not the keychain' do
-      it 'emails are unverified' do
-        user = create :user, email: 'bette.cartwright@example.com'
-        gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
-        Gitlab::Gpg::CurrentKeyChain.remove(GpgHelpers::User2.fingerprint)
-        expect(gpg_key.emails_with_verified_status).to match_array [
-          ['bette.cartwright@example.com', false],
-          ['bette.cartwright@example.net', false]
-        ]
-      end
-    end
-  end
-  describe '#synchronize_keychain', :gpg do
-    context "user's email matches one of the key's emails" do
-      it 'adds the key to the keychain' do
-        user = create :user, email: GpgHelpers::User1.emails.first
-        gpg_key = create :gpg_key, user: user
-        expect(gpg_key).to receive(:add_to_keychain)
-        gpg_key.synchronize_keychain
-      end
-    end
-    context "user's email does not match one of the key's emails" do
-      it 'does not add the key to the keychain' do
-        user = create :user, email: 'stepanie@cole.us'
-        gpg_key = create :gpg_key, user: user
-        expect(gpg_key).to receive(:remove_from_keychain)
-        gpg_key.synchronize_keychain
-      end
-    end
-  end
-  describe '#add_to_keychain', :gpg do
-    it 'calls .add_to_keychain' do
-      expect(Gitlab::Gpg::CurrentKeyChain).to receive(:add).with(GpgHelpers::User2.public_key)
-      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
-      gpg_key.send(:add_to_keychain)
-    end
-  end
-  describe '#remove_from_keychain', :gpg do
-    it 'calls .remove_from_keychain' do
-      allow(Gitlab::Gpg::CurrentKeyChain).to receive(:remove).with(GpgHelpers::User2.fingerprint)
-      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
-      gpg_key.send(:remove_from_keychain)
    end
  end

--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1956,24 +1956,4 @@ describe User, models: true do
      expect(user.allow_password_authentication?).to be_falsey
    end
  end
-  context 'callbacks' do
-    context '.synchronize_gpg_keys' do
-      let(:user) do
-        create(:user, email: 'tula.torphy@abshire.ca').tap do |user|
-          user.skip_reconfirmation!
-        end
-      end
-      it 'does nothing when the name is updated' do
-        expect(user).not_to receive(:synchronize_gpg_keys)
-        user.update_attributes!(name: 'Bette')
-      end
-      it 'synchronizes the gpg keys when the email is updated' do
-        expect(user).to receive(:synchronize_gpg_keys)
-        user.update_attributes!(email: 'shawnee.ritchie@denesik.com')
-      end
-    end
-  end
 end