Commit 8c4b6a32 authored by Alexis Reigel's avatar Alexis Reigel

bail if the commit has no signature

parent 69e511c4
......@@ -242,11 +242,7 @@ class Commit
cached_signature = GpgSignature.find_by(commit_sha: sha)
return cached_signature if cached_signature.present?
gpg_commit = Gitlab::Gpg::Commit.new(self)
return unless gpg_commit.has_signature?
@signature = gpg_commit.signature
@signature = Gitlab::Gpg::Commit.new(self).signature
end
def revert_branch_name
......
......@@ -10,10 +10,12 @@ module Gitlab
end
def has_signature?
@signature_text && @signed_text
!!(@signature_text && @signed_text)
end
def signature
return unless has_signature?
Gitlab::Gpg.using_tmp_keychain do
# first we need to get the keyid from the signature to query the gpg
# key belonging to the keyid.
......@@ -43,7 +45,7 @@ module Gitlab
project: commit.project,
gpg_key: gpg_key,
gpg_key_primary_keyid: gpg_key&.primary_keyid,
valid_signature: !!(gpg_key && verified_signature&.valid?)
valid_signature: !!(gpg_key && verified_signature.valid?)
)
end
end
......
......@@ -4,6 +4,12 @@ RSpec.describe Gitlab::Gpg::Commit do
describe '#signature' do
let!(:project) { create :project, :repository, path: 'sample-project' }
context 'unisgned commit' do
it 'returns nil' do
expect(described_class.new(project.commit).signature).to be_nil
end
end
context 'known public key' do
it 'returns a valid signature' do
gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment