Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
a9b31786
Commit
a9b31786
authored
Sep 11, 2017
by
Brett Walker
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Make GPG signature verification work with non-primary email (#36959)
parent
4457ae82
Changes
5
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
68 additions
and
22 deletions
+68
-22
app/models/user.rb
app/models/user.rb
+11
-4
doc/user/project/repository/gpg_signed_commits/index.md
doc/user/project/repository/gpg_signed_commits/index.md
+2
-2
spec/factories/emails.rb
spec/factories/emails.rb
+2
-0
spec/models/gpg_key_spec.rb
spec/models/gpg_key_spec.rb
+11
-2
spec/models/user_spec.rb
spec/models/user_spec.rb
+42
-14
No files found.
app/models/user.rb
View file @
a9b31786
...
...
@@ -817,6 +817,17 @@ class User < ActiveRecord::Base
all_emails
end
def
all_verified_emails
verified_emails
=
[]
verified_emails
<<
email
if
confirmed?
&&
!
temp_oauth_email?
verified_emails
.
concat
(
emails
.
select
{
|
e
|
e
.
confirmed?
}.
map
(
&
:email
))
verified_emails
end
def
verified_email?
(
email
)
all_verified_emails
.
include?
(
email
)
end
def
hook_attrs
{
name:
name
,
...
...
@@ -1041,10 +1052,6 @@ class User < ActiveRecord::Base
ensure_rss_token!
end
def
verified_email?
(
email
)
self
.
email
==
email
end
def
sync_attribute?
(
attribute
)
return
true
if
ldap_user?
&&
attribute
==
:email
...
...
doc/user/project/repository/gpg_signed_commits/index.md
View file @
a9b31786
...
...
@@ -26,7 +26,7 @@ to be uploaded to GitLab. For a signature to be verified three conditions need
to be met:
1.
The public key needs to be added your GitLab account
1.
One of the emails in the GPG key matches
your
**primary**
email
1.
One of the emails in the GPG key matches
a
**verified**
email address you use in GitLab
1.
The committer's email matches the verified email from the gpg key
## Generating a GPG key
...
...
@@ -94,7 +94,7 @@ started:
```
1.
Enter you real name, the email address to be associated with this key (should
match
the primary
email address you use in GitLab) and an optional comment
match
a verified
email address you use in GitLab) and an optional comment
(press
<kbd>
Enter
</kbd>
to skip):
```
...
...
spec/factories/emails.rb
View file @
a9b31786
...
...
@@ -2,5 +2,7 @@ FactoryGirl.define do
factory
:email
do
user
email
{
generate
(
:email_alias
)
}
trait
(
:confirmed
)
{
confirmed_at
Time
.
now
}
end
end
spec/models/gpg_key_spec.rb
View file @
a9b31786
...
...
@@ -88,12 +88,21 @@ describe GpgKey do
describe
'#emails_with_verified_status'
do
it
'email is verified if the user has the matching email'
do
user
=
create
:user
,
email:
'bette.cartwright@example.com'
user
=
create
:user
,
email:
'bette.cartwright@example.com'
gpg_key
=
create
:gpg_key
,
key:
GpgHelpers
::
User2
.
public_key
,
user:
user
email_unconfirmed
=
create
:email
,
user:
user
user
.
reload
expect
(
gpg_key
.
emails_with_verified_status
).
to
eq
(
'bette.cartwright@example.com'
=>
true
,
'bette.cartwright@example.net'
=>
false
)
email_confirmed
=
create
:email
,
:confirmed
,
user:
user
,
email:
'bette.cartwright@example.net'
user
.
reload
expect
(
gpg_key
.
emails_with_verified_status
).
to
eq
(
'bette.cartwright@example.com'
=>
true
,
'bette.cartwright@example.net'
=>
fals
e
'bette.cartwright@example.net'
=>
tru
e
)
end
end
...
...
spec/models/user_spec.rb
View file @
a9b31786
...
...
@@ -1093,6 +1093,48 @@ describe User do
end
end
describe
'#all_emails'
do
let
(
:user
)
{
create
(
:user
)
}
it
'returns all emails'
do
email_confirmed
=
create
:email
,
user:
user
,
confirmed_at:
Time
.
now
email_unconfirmed
=
create
:email
,
user:
user
user
.
reload
expect
(
user
.
all_emails
).
to
eq
([
user
.
email
,
email_unconfirmed
.
email
,
email_confirmed
.
email
])
end
end
describe
'#all_verified_emails'
do
let
(
:user
)
{
create
(
:user
)
}
it
'returns only confirmed emails'
do
email_confirmed
=
create
:email
,
user:
user
,
confirmed_at:
Time
.
now
email_unconfirmed
=
create
:email
,
user:
user
user
.
reload
expect
(
user
.
all_verified_emails
).
to
eq
([
user
.
email
,
email_confirmed
.
email
])
end
end
describe
'#verified_email?'
do
let
(
:user
)
{
create
(
:user
)
}
it
'returns true when the email is verified/confirmed'
do
email_confirmed
=
create
:email
,
user:
user
,
confirmed_at:
Time
.
now
email_unconfirmed
=
create
:email
,
user:
user
user
.
reload
expect
(
user
.
verified_email?
(
user
.
email
)).
to
be_truthy
expect
(
user
.
verified_email?
(
email_confirmed
.
email
)).
to
be_truthy
end
it
'returns false when the email is not verified/confirmed'
do
email_unconfirmed
=
create
:email
,
user:
user
user
.
reload
expect
(
user
.
verified_email?
(
email_unconfirmed
.
email
)).
to
be_falsy
end
end
describe
'#requires_ldap_check?'
do
let
(
:user
)
{
described_class
.
new
}
...
...
@@ -2073,20 +2115,6 @@ describe User do
end
end
describe
'#verified_email?'
do
it
'returns true when the email is the primary email'
do
user
=
build
:user
,
email:
'email@example.com'
expect
(
user
.
verified_email?
(
'email@example.com'
)).
to
be
true
end
it
'returns false when the email is not the primary email'
do
user
=
build
:user
,
email:
'email@example.com'
expect
(
user
.
verified_email?
(
'other_email@example.com'
)).
to
be
false
end
end
describe
'#sync_attribute?'
do
let
(
:user
)
{
described_class
.
new
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment