Make GPG validation case insensitive.

In line with other changes in GitLab, make email address validation
properly case insensitive. The email address in the commit may be in
any case, so it needs downcasing to match the address stored in GitLab
for the user. Without this change the comparison fails and commits are
not marked as verified.

See #37009.

app/models/gpg_key.rb

@@ -73,7 +73,7 @@ class GpgKey < ActiveRecord::Base
   end
 
   def verified_and_belongs_to_email?(email)
-    emails_with_verified_status.fetch(email, false)
+    emails_with_verified_status.fetch(email.downcase, false)
   end
 
   def update_invalid_gpg_signatures

changelogs/unreleased/fix-gpg-case-insensitive.yml

+---
+title: Compare email addresses case insensitively when verifying GPG signatures
+merge_request: 14376
+author: Tim Bishop
+type: fixed

spec/models/gpg_key_spec.rb

@@ -138,6 +138,14 @@ describe GpgKey do
       expect(gpg_key.verified?).to be_truthy
       expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.com')).to be_truthy
     end
+
+    it 'returns true if one of the email addresses in the key belongs to the user and case-insensitively matches the provided email' do
+      user = create :user, email: 'bette.cartwright@example.com'
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
+
+      expect(gpg_key.verified?).to be_truthy
+      expect(gpg_key.verified_and_belongs_to_email?('Bette.Cartwright@example.com')).to be_truthy
+    end
   end
 
   describe '#revoke' do