Commit e75ab064 authored by Alexis Reigel's avatar Alexis Reigel

update invalid gpg signatures when email changes

parent 24671cd6
...@@ -53,6 +53,10 @@ class GpgKey < ActiveRecord::Base ...@@ -53,6 +53,10 @@ class GpgKey < ActiveRecord::Base
emails_with_verified_status.any? { |_email, verified| verified } emails_with_verified_status.any? { |_email, verified| verified }
end end
def update_invalid_gpg_signatures
Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run
end
private private
def extract_fingerprint def extract_fingerprint
...@@ -67,10 +71,6 @@ class GpgKey < ActiveRecord::Base ...@@ -67,10 +71,6 @@ class GpgKey < ActiveRecord::Base
self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
end end
def update_invalid_gpg_signatures
run_after_commit { Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run }
end
def notify_user def notify_user
run_after_commit { NotificationService.new.new_gpg_key(self) } run_after_commit { NotificationService.new.new_gpg_key(self) }
end end
......
...@@ -155,6 +155,7 @@ class User < ActiveRecord::Base ...@@ -155,6 +155,7 @@ class User < ActiveRecord::Base
before_validation :set_public_email, if: :public_email_changed? before_validation :set_public_email, if: :public_email_changed?
after_update :update_emails_with_primary_email, if: :email_changed? after_update :update_emails_with_primary_email, if: :email_changed?
after_update :update_invalid_gpg_signatures, if: :email_changed?
before_save :ensure_authentication_token, :ensure_incoming_email_token before_save :ensure_authentication_token, :ensure_incoming_email_token
before_save :ensure_user_rights_and_limits, if: :external_changed? before_save :ensure_user_rights_and_limits, if: :external_changed?
after_save :ensure_namespace_correct after_save :ensure_namespace_correct
...@@ -513,6 +514,10 @@ class User < ActiveRecord::Base ...@@ -513,6 +514,10 @@ class User < ActiveRecord::Base
end end
end end
def update_invalid_gpg_signatures
gpg_keys.each(&:update_invalid_gpg_signatures)
end
# Returns the groups a user has access to # Returns the groups a user has access to
def authorized_groups def authorized_groups
union = Gitlab::SQL::Union union = Gitlab::SQL::Union
......
...@@ -2,37 +2,39 @@ require 'rails_helper' ...@@ -2,37 +2,39 @@ require 'rails_helper'
RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
describe '#run' do describe '#run' do
context 'gpg signature did not have an associated gpg key' do let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' }
let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' } let!(:project) { create :project, :repository, path: 'sample-project' }
let!(:project) { create :project, :repository, path: 'sample-project' } let!(:commit) do
let!(:commit) do raw_commit = double(:raw_commit, signature: [
raw_commit = double(:raw_commit, signature: [ GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_signature, GpgHelpers::User1.signed_commit_base_data
GpgHelpers::User1.signed_commit_base_data ], sha: commit_sha)
], sha: commit_sha) allow(raw_commit).to receive :save!
allow(raw_commit).to receive :save!
create :commit, git_commit: raw_commit, project: project
end
let!(:gpg_signature) do create :commit, git_commit: raw_commit, project: project
create :gpg_signature, end
project: project,
commit_sha: commit_sha,
gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false
end
before do let!(:gpg_signature) do
allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit) create :gpg_signature,
end project: project,
commit_sha: commit_sha,
gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false
end
before do
allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit)
end
context 'gpg signature did not have an associated gpg key' do
let!(:user) { create :user, email: GpgHelpers::User1.emails.first }
it 'updates the signature to being valid when the missing gpg key is added' do it 'updates the signature to being valid when the missing gpg key is added' do
# InvalidGpgSignatureUpdater is called by the after_create hook # InvalidGpgSignatureUpdater is called by the after_create hook
create :gpg_key, create :gpg_key,
key: GpgHelpers::User1.public_key, key: GpgHelpers::User1.public_key,
user: create(:user, email: GpgHelpers::User1.emails.first) user: user
expect(gpg_signature.reload.valid_signature).to be_truthy expect(gpg_signature.reload.valid_signature).to be_truthy
end end
...@@ -41,7 +43,41 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -41,7 +43,41 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
# InvalidGpgSignatureUpdater is called by the after_create hook # InvalidGpgSignatureUpdater is called by the after_create hook
create :gpg_key, create :gpg_key,
key: GpgHelpers::User2.public_key, key: GpgHelpers::User2.public_key,
user: create(:user, email: GpgHelpers::User2.emails.first) user: user
expect(gpg_signature.reload.valid_signature).to be_falsey
end
end
context 'gpg signature did have an associated unverified gpg key' do
let!(:user) do
create(:user, email: 'unrelated@example.com').tap do |user|
user.skip_reconfirmation!
end
end
it 'updates the signature to being valid when the user updates the email address' do
create :gpg_key,
key: GpgHelpers::User1.public_key,
user: user
expect(gpg_signature.reload.valid_signature).to be_falsey
# InvalidGpgSignatureUpdater is called by the after_update hook
user.update_attributes!(email: GpgHelpers::User1.emails.first)
expect(gpg_signature.reload.valid_signature).to be_truthy
end
it 'keeps the signature at being invalid when the changed email address is still unrelated' do
create :gpg_key,
key: GpgHelpers::User1.public_key,
user: user
expect(gpg_signature.reload.valid_signature).to be_falsey
# InvalidGpgSignatureUpdater is called by the after_update hook
user.update_attributes!(email: 'still.unrelated@example.com')
expect(gpg_signature.reload.valid_signature).to be_falsey expect(gpg_signature.reload.valid_signature).to be_falsey
end end
......
...@@ -350,6 +350,26 @@ describe User, models: true do ...@@ -350,6 +350,26 @@ describe User, models: true do
end end
end end
describe 'after update hook' do
describe '.update_invalid_gpg_signatures' do
let(:user) do
create(:user, email: 'tula.torphy@abshire.ca').tap do |user|
user.skip_reconfirmation!
end
end
it 'does nothing when the name is updated' do
expect(user).not_to receive(:update_invalid_gpg_signatures)
user.update_attributes!(name: 'Bette')
end
it 'synchronizes the gpg keys when the email is updated' do
expect(user).to receive(:update_invalid_gpg_signatures)
user.update_attributes!(email: 'shawnee.ritchie@denesik.com')
end
end
end
describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do describe '#update_tracked_fields!', :clean_gitlab_redis_shared_state do
let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") } let(:request) { OpenStruct.new(remote_ip: "127.0.0.1") }
let(:user) { create(:user) } let(:user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment