also update gpg_signatures when gpg_key is null

b66e3726 · Alexis Reigel · 7f03282f · b66e3726 · b66e3726
Commit b66e3726 authored Jul 06, 2017 by Alexis Reigel
2 changed files
--- a/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
+++ b/lib/gitlab/gpg/invalid_gpg_signature_updater.rb
@@ -7,7 +7,7 @@ module Gitlab

      def run
        GpgSignature
-          .where(valid_signature: false)
+          .where('gpg_key_id IS NULL OR valid_signature = ?', false)
          .where(gpg_key_primary_keyid: @gpg_key.primary_keyid)
          .find_each do |gpg_signature|
            Gitlab::Gpg::Commit.new(gpg_signature.commit).update_signature!(gpg_signature)

--- a/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb
+++ b/spec/lib/gitlab/gpg/invalid_gpg_signature_updater_spec.rb
@@ -19,29 +19,60 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
      create :commit, git_commit: raw_commit, project: project
    end

-    let!(:gpg_signature) do
+    before do
+      allow_any_instance_of(GpgSignature).to receive(:commit).and_return(commit)
+    end
+
+    context 'gpg signature did have an associated gpg key which was removed later' do
+      let!(:user) { create :user, email: GpgHelpers::User1.emails.first }
+
+      let!(:valid_gpg_signature) do
        create :gpg_signature,
          project: project,
          commit_sha: commit_sha,
          gpg_key: nil,
          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
-        valid_signature: false
+          valid_signature: true
      end

-    before do
-      allow_any_instance_of(GpgSignature).to receive(:commit).and_return(commit)
+      it 'assigns the gpg key to the signature when the missing gpg key is added' do
+        # InvalidGpgSignatureUpdater is called by the after_create hook
+        gpg_key = create :gpg_key,
+          key: GpgHelpers::User1.public_key,
+          user: user
+
+        expect(valid_gpg_signature.reload.gpg_key).to eq gpg_key
+      end
+
+      it 'does not assign the gpg key when an unrelated gpg key is added' do
+        # InvalidGpgSignatureUpdater is called by the after_create hook
+        create :gpg_key,
+          key: GpgHelpers::User2.public_key,
+          user: user
+
+        expect(valid_gpg_signature.reload.gpg_key).to be_nil
+      end
    end

    context 'gpg signature did not have an associated gpg key' do
      let!(:user) { create :user, email: GpgHelpers::User1.emails.first }

+      let!(:invalid_gpg_signature) do
+        create :gpg_signature,
+          project: project,
+          commit_sha: commit_sha,
+          gpg_key: nil,
+          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
+          valid_signature: false
+      end
+
      it 'updates the signature to being valid when the missing gpg key is added' do
        # InvalidGpgSignatureUpdater is called by the after_create hook
        create :gpg_key,
          key: GpgHelpers::User1.public_key,
          user: user

-        expect(gpg_signature.reload.valid_signature).to be_truthy
+        expect(invalid_gpg_signature.reload.valid_signature).to be_truthy
      end

      it 'keeps the signature at being invalid when an unrelated gpg key is added' do
@@ -50,7 +81,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
          key: GpgHelpers::User2.public_key,
          user: user

-        expect(gpg_signature.reload.valid_signature).to be_falsey
+        expect(invalid_gpg_signature.reload.valid_signature).to be_falsey
      end
    end

@@ -61,17 +92,26 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
        end
      end

+      let!(:invalid_gpg_signature) do
+        create :gpg_signature,
+          project: project,
+          commit_sha: commit_sha,
+          gpg_key: nil,
+          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
+          valid_signature: false
+      end
+
      it 'updates the signature to being valid when the user updates the email address' do
        create :gpg_key,
          key: GpgHelpers::User1.public_key,
          user: user

-        expect(gpg_signature.reload.valid_signature).to be_falsey
+        expect(invalid_gpg_signature.reload.valid_signature).to be_falsey

        # InvalidGpgSignatureUpdater is called by the after_update hook
        user.update_attributes!(email: GpgHelpers::User1.emails.first)

-        expect(gpg_signature.reload.valid_signature).to be_truthy
+        expect(invalid_gpg_signature.reload.valid_signature).to be_truthy
      end

      it 'keeps the signature at being invalid when the changed email address is still unrelated' do
@@ -79,12 +119,12 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
          key: GpgHelpers::User1.public_key,
          user: user

-        expect(gpg_signature.reload.valid_signature).to be_falsey
+        expect(invalid_gpg_signature.reload.valid_signature).to be_falsey

        # InvalidGpgSignatureUpdater is called by the after_update hook
        user.update_attributes!(email: 'still.unrelated@example.com')

-        expect(gpg_signature.reload.valid_signature).to be_falsey
+        expect(invalid_gpg_signature.reload.valid_signature).to be_falsey
      end
    end
  end