Fix SMIME signature for emails on push

This prevents emails from being signed multiple times when there are multiple recipients. Changelog: fixed

Fix SMIME signature for emails on push
This prevents emails from being signed multiple times when there are multiple recipients. Changelog: fixed
20439de2 · Heinrich Lee Yu · 45da3d6d · 20439de2 · 20439de2
Commit 20439de2 authored Oct 25, 2021 by Heinrich Lee Yu
Show whitespace changes
Inline Side-by-side

Showing with 46 additions and 8 deletions

app/workers/emails_on_push_worker.rb app/workers/emails_on_push_worker.rb +9 -8

spec/workers/emails_on_push_worker_spec.rb spec/workers/emails_on_push_worker_spec.rb +37 -0

No files found.
--- a/app/workers/emails_on_push_worker.rb
+++ b/app/workers/emails_on_push_worker.rb
@@ -87,13 +87,14 @@ class EmailsOnPushWorker # rubocop:disable Scalability/IdempotentWorker
  private
  def send_email(recipient, project_id, options)
-    # Generating the body of this email can be expensive, so only do it once
+    @email ||= Notify.repository_push_email(project_id, options).tap do |mail|
-    @skip_premailer ||= email.present?
+      Premailer::Rails::Hook.perform(mail)
-    @email ||= Notify.repository_push_email(project_id, options)
+    end
-    email.to = recipient
+    current_email = email.dup
-    email.add_message_id
+    current_email.to = recipient
-    email.header[:skip_premailer] = true if skip_premailer
+    current_email.add_message_id
-    email.deliver_now
+    current_email.header[:skip_premailer] = true
+    current_email.deliver_now
  end
 end
--- a/spec/workers/emails_on_push_worker_spec.rb
+++ b/spec/workers/emails_on_push_worker_spec.rb
@@ -139,6 +139,43 @@ RSpec.describe EmailsOnPushWorker, :mailer do
          perform
        end
+        context 'when SMIME signing is enabled' do
+          include SmimeHelper
+          before :context do
+            @root_ca = generate_root
+            @cert = generate_cert(signer_ca: @root_ca)
+          end
+          let(:root_certificate) do
+            Gitlab::X509::Certificate.new(@root_ca[:key], @root_ca[:cert])
+          end
+          let(:certificate) do
+            Gitlab::X509::Certificate.new(@cert[:key], @cert[:cert])
+          end
+          before do
+            allow(Gitlab::X509::Certificate).to receive_messages(from_files: certificate)
+            Mail.register_interceptor(Gitlab::Email::Hook::SmimeSignatureInterceptor)
+          end
+          after do
+            Mail.unregister_interceptor(Gitlab::Email::Hook::SmimeSignatureInterceptor)
+          end
+          it 'does not sign the email multiple times' do
+            perform
+            ActionMailer::Base.deliveries.each do |mail|
+              expect(mail.header['Content-Type'].value).to match('multipart/signed').and match('protocol="application/x-pkcs7-signature"')
+              expect(mail.to_s.scan(/Content-Disposition: attachment;\r\n filename=smime.p7s/).size).to eq(1)
+            end
+          end
+        end
      end
      context "when recipients are invalid" do