gpg_key_spec.rb 6.63 KB
Newer Older
Alexis Reigel's avatar
Alexis Reigel committed
1 2 3 4 5 6 7 8
require 'rails_helper'

describe GpgKey do
  describe "associations" do
    it { is_expected.to belong_to(:user) }
  end

  describe "validation" do
9
    it { is_expected.to validate_presence_of(:user) }
Alexis Reigel's avatar
Alexis Reigel committed
10

Alexis Reigel's avatar
Alexis Reigel committed
11 12
    it { is_expected.to validate_presence_of(:key) }
    it { is_expected.to validate_uniqueness_of(:key) }
Alexis Reigel's avatar
Alexis Reigel committed
13 14 15 16

    it { is_expected.to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }

    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey").for(:key) }
Alexis Reigel's avatar
Alexis Reigel committed
17
    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----\nkey\n-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
Alexis Reigel's avatar
Alexis Reigel committed
18 19 20 21
    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK----------END PGP PUBLIC KEY BLOCK-----").for(:key) }
    it { is_expected.not_to allow_value("-----BEGIN PGP PUBLIC KEY BLOCK-----").for(:key) }
    it { is_expected.not_to allow_value("-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
    it { is_expected.not_to allow_value("key\n-----END PGP PUBLIC KEY BLOCK-----").for(:key) }
Alexis Reigel's avatar
Alexis Reigel committed
22 23 24
    it { is_expected.not_to allow_value('BEGIN PGP').for(:key) }
  end

Alexis Reigel's avatar
Alexis Reigel committed
25
  context 'callbacks' do
Alexis Reigel's avatar
Alexis Reigel committed
26
    describe 'extract_fingerprint' do
27
      it 'extracts the fingerprint from the gpg key' do
28
        gpg_key = described_class.new(key: GpgHelpers::User1.public_key)
Alexis Reigel's avatar
Alexis Reigel committed
29
        gpg_key.valid?
30
        expect(gpg_key.fingerprint).to eq GpgHelpers::User1.fingerprint
Alexis Reigel's avatar
Alexis Reigel committed
31 32
      end
    end
33 34 35 36 37 38 39 40

    describe 'extract_primary_keyid' do
      it 'extracts the primary keyid from the gpg key' do
        gpg_key = described_class.new(key: GpgHelpers::User1.public_key)
        gpg_key.valid?
        expect(gpg_key.primary_keyid).to eq GpgHelpers::User1.primary_keyid
      end
    end
Alexis Reigel's avatar
Alexis Reigel committed
41 42 43 44 45 46 47 48 49 50 51 52 53 54
  end

  describe '#key=' do
    it 'strips white spaces' do
      key = <<~KEY.strip
        -----BEGIN PGP PUBLIC KEY BLOCK-----
        Version: GnuPG v1

        mQENBFMOSOgBCADFCYxmnXFbrDhfvlf03Q/bQuT+nZu46BFGbo7XkUjDowFXJQhP
        -----END PGP PUBLIC KEY BLOCK-----
      KEY

      expect(described_class.new(key: " #{key} ").key).to eq(key)
    end
Alexis Reigel's avatar
Alexis Reigel committed
55 56 57 58

    it 'does not strip when the key is nil' do
      expect(described_class.new(key: nil).key).to be_nil
    end
Alexis Reigel's avatar
Alexis Reigel committed
59
  end
60

61 62
  describe '#user_infos' do
    it 'returns the user infos from the gpg key' do
63
      gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key
64
      expect(Gitlab::Gpg).to receive(:user_infos_from_key).with(gpg_key.key)
65

66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85
      gpg_key.user_infos
    end
  end

  describe '#verified_user_infos' do
    it 'returns the user infos if it is verified' do
      user = create :user, email: GpgHelpers::User1.emails.first
      gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: user

      expect(gpg_key.verified_user_infos).to eq([{
        name: GpgHelpers::User1.names.first,
        email: GpgHelpers::User1.emails.first
      }])
    end

    it 'returns an empty array if the user info is not verified' do
      user = create :user, email: 'unrelated@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: user

      expect(gpg_key.verified_user_infos).to eq([])
86 87
    end
  end
Alexis Reigel's avatar
Alexis Reigel committed
88

Alexis Reigel's avatar
Alexis Reigel committed
89
  describe '#emails_with_verified_status' do
90 91 92 93
    it 'email is verified if the user has the matching email' do
      user = create :user, email: 'bette.cartwright@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

94 95 96 97
      expect(gpg_key.emails_with_verified_status).to eq(
        'bette.cartwright@example.com' => true,
        'bette.cartwright@example.net' => false
      )
98 99 100
    end
  end

101
  describe '#verified?' do
102
    it 'returns true if one of the email addresses in the key belongs to the user' do
103 104 105 106 107 108
      user = create :user, email: 'bette.cartwright@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

      expect(gpg_key.verified?).to be_truthy
    end

109
    it 'returns false if none of the email addresses in the key does not belong to the user' do
110 111 112 113 114 115 116
      user = create :user, email: 'someone.else@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

      expect(gpg_key.verified?).to be_falsey
    end
  end

117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140
  describe 'verified_and_belongs_to_email?' do
    it 'returns false if none of the email addresses in the key does not belong to the user' do
      user = create :user, email: 'someone.else@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

      expect(gpg_key.verified?).to be_falsey
      expect(gpg_key.verified_and_belongs_to_email?('someone.else@example.com')).to be_falsey
    end

    it 'returns false if one of the email addresses in the key belongs to the user and does not match the provided email' do
      user = create :user, email: 'bette.cartwright@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

      expect(gpg_key.verified?).to be_truthy
      expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.net')).to be_falsey
    end

    it 'returns true if one of the email addresses in the key belongs to the user and matches the provided email' do
      user = create :user, email: 'bette.cartwright@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

      expect(gpg_key.verified?).to be_truthy
      expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.com')).to be_truthy
    end
141 142 143 144 145 146 147 148

    it 'returns true if one of the email addresses in the key belongs to the user and case-insensitively matches the provided email' do
      user = create :user, email: 'bette.cartwright@example.com'
      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user

      expect(gpg_key.verified?).to be_truthy
      expect(gpg_key.verified_and_belongs_to_email?('Bette.Cartwright@example.com')).to be_truthy
    end
149 150
  end

151 152 153
  describe '#revoke' do
    it 'invalidates all associated gpg signatures and destroys the key' do
      gpg_key = create :gpg_key
154
      gpg_signature = create :gpg_signature, verification_status: :verified, gpg_key: gpg_key
155 156

      unrelated_gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
157
      unrelated_gpg_signature = create :gpg_signature, verification_status: :verified, gpg_key: unrelated_gpg_key
158 159 160 161

      gpg_key.revoke

      expect(gpg_signature.reload).to have_attributes(
162
        verification_status: 'unknown_key',
163 164 165 166 167 168 169
        gpg_key: nil
      )

      expect(gpg_key.destroyed?).to be true

      # unrelated signature is left untouched
      expect(unrelated_gpg_signature.reload).to have_attributes(
170
        verification_status: 'verified',
171 172 173 174 175 176
        gpg_key: unrelated_gpg_key
      )

      expect(unrelated_gpg_key.destroyed?).to be false
    end
  end
Alexis Reigel's avatar
Alexis Reigel committed
177
end