Commit 00392d92 authored by Alexis Reigel's avatar Alexis Reigel

add verification_status: same_user_different_email

this is used to make a difference between a committer email that belongs
to user, where the user used a different email for the gpg key. this
means that the user is the same, but a different, unverified email is
used for the signature.
parent 2a89037b
...@@ -7,9 +7,10 @@ class GpgSignature < ActiveRecord::Base ...@@ -7,9 +7,10 @@ class GpgSignature < ActiveRecord::Base
enum verification_status: { enum verification_status: {
unverified: 0, unverified: 0,
verified: 1, verified: 1,
other_user: 2, same_user_different_email: 2,
unverified_key: 3, other_user: 3,
unknown_key: 4 unverified_key: 4,
unknown_key: 5
} }
belongs_to :project belongs_to :project
......
...@@ -85,6 +85,8 @@ module Gitlab ...@@ -85,6 +85,8 @@ module Gitlab
def verification_status(gpg_key) def verification_status(gpg_key)
if gpg_key && gpg_key.verified_and_belongs_to_email?(@commit.committer_email) && verified_signature.valid? if gpg_key && gpg_key.verified_and_belongs_to_email?(@commit.committer_email) && verified_signature.valid?
GpgSignature.verification_statuses[:verified] GpgSignature.verification_statuses[:verified]
elsif gpg_key && gpg_key.verified? && verified_signature.valid? && gpg_key.user.all_emails.include?(@commit.committer_email)
GpgSignature.verification_statuses[:same_user_different_email]
elsif gpg_key && gpg_key.verified? && verified_signature.valid? elsif gpg_key && gpg_key.verified? && verified_signature.valid?
GpgSignature.verification_statuses[:other_user] GpgSignature.verification_statuses[:other_user]
elsif gpg_key elsif gpg_key
......
...@@ -28,7 +28,7 @@ describe Gitlab::Gpg::Commit do ...@@ -28,7 +28,7 @@ describe Gitlab::Gpg::Commit do
context 'known key' do context 'known key' do
context 'user matches the key uid' do context 'user matches the key uid' do
context 'user matches the committer' do context 'user email matches the email committer' do
let!(:commit) { create :commit, project: project, sha: commit_sha, committer_email: GpgHelpers::User1.emails.first } let!(:commit) { create :commit, project: project, sha: commit_sha, committer_email: GpgHelpers::User1.emails.first }
let!(:user) { create(:user, email: GpgHelpers::User1.emails.first) } let!(:user) { create(:user, email: GpgHelpers::User1.emails.first) }
...@@ -64,7 +64,47 @@ describe Gitlab::Gpg::Commit do ...@@ -64,7 +64,47 @@ describe Gitlab::Gpg::Commit do
it_behaves_like 'returns the cached signature on second call' it_behaves_like 'returns the cached signature on second call'
end end
context 'user does not match the committer' do context 'user email does not match the committer email, but is the same user' do
let!(:commit) { create :commit, project: project, sha: commit_sha, committer_email: GpgHelpers::User2.emails.first }
let(:user) do
create(:user, email: GpgHelpers::User1.emails.first).tap do |user|
create :email, user: user, email: GpgHelpers::User2.emails.first
end
end
let!(:gpg_key) do
create :gpg_key, key: GpgHelpers::User1.public_key, user: user
end
before do
allow(Rugged::Commit).to receive(:extract_signature)
.with(Rugged::Repository, commit_sha)
.and_return(
[
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
]
)
end
it 'returns an invalid signature' do
expect(described_class.new(commit).signature).to have_attributes(
commit_sha: commit_sha,
project: project,
gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: false,
verification_status: 'same_user_different_email'
)
end
it_behaves_like 'returns the cached signature on second call'
end
context 'user email does not match the committer email' do
let!(:commit) { create :commit, project: project, sha: commit_sha, committer_email: GpgHelpers::User2.emails.first } let!(:commit) { create :commit, project: project, sha: commit_sha, committer_email: GpgHelpers::User2.emails.first }
let(:user) { create(:user, email: GpgHelpers::User1.emails.first) } let(:user) { create(:user, email: GpgHelpers::User1.emails.first) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment