Commit 978252a3 authored by Alexis Reigel's avatar Alexis Reigel

use new #verification_status

parent 31ad752e
...@@ -82,9 +82,12 @@ class GpgKey < ActiveRecord::Base ...@@ -82,9 +82,12 @@ class GpgKey < ActiveRecord::Base
end end
def revoke def revoke
GpgSignature.where(gpg_key: self, valid_signature: true).update_all( GpgSignature
.where(gpg_key: self)
.where.not(verification_status: GpgSignature.verification_statuses[:unknown_key])
.update_all(
gpg_key_id: nil, gpg_key_id: nil,
valid_signature: false, verification_status: GpgSignature.verification_statuses[:unknown_key],
updated_at: Time.zone.now updated_at: Time.zone.now
) )
......
...@@ -20,6 +20,14 @@ class GpgSignature < ActiveRecord::Base ...@@ -20,6 +20,14 @@ class GpgSignature < ActiveRecord::Base
validates :project_id, presence: true validates :project_id, presence: true
validates :gpg_key_primary_keyid, presence: true validates :gpg_key_primary_keyid, presence: true
# backwards compatibility: legacy records that weren't migrated to use the
# new `#verification_status` have `#valid_signature` set instead
def verified?
return valid_signature if verification_status.nil?
super
end
def gpg_key_primary_keyid def gpg_key_primary_keyid
super&.upcase super&.upcase
end end
......
- if signature - if signature
- if signature.valid_signature? - if signature.verified?
= render partial: 'projects/commit/valid_signature_badge', locals: { signature: signature } = render partial: 'projects/commit/valid_signature_badge', locals: { signature: signature }
- else - else
= render partial: 'projects/commit/invalid_signature_badge', locals: { signature: signature } = render partial: 'projects/commit/invalid_signature_badge', locals: { signature: signature }
...@@ -77,7 +77,6 @@ module Gitlab ...@@ -77,7 +77,6 @@ module Gitlab
gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint, gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint,
gpg_key_user_name: user_infos[:name], gpg_key_user_name: user_infos[:name],
gpg_key_user_email: user_infos[:email], gpg_key_user_email: user_infos[:email],
valid_signature: verification_status == :verified,
verification_status: verification_status verification_status: verification_status
} }
end end
......
...@@ -6,9 +6,15 @@ module Gitlab ...@@ -6,9 +6,15 @@ module Gitlab
end end
def run def run
# `OR valid_signature` is for backwards compatibility: legacy records
# that weren't migrated to use the new `#verification_status` have
# `#valid_signature` set instead
GpgSignature GpgSignature
.select(:id, :commit_sha, :project_id) .select(:id, :commit_sha, :project_id)
.where('gpg_key_id IS NULL OR valid_signature = ?', false) .where('gpg_key_id IS NULL OR valid_signature = ? OR verification_status <> ?',
false,
GpgSignature.verification_statuses[:verified]
)
.where(gpg_key_primary_keyid: @gpg_key.primary_keyid) .where(gpg_key_primary_keyid: @gpg_key.primary_keyid)
.find_each { |sig| sig.gpg_commit.update_signature!(sig) } .find_each { |sig| sig.gpg_commit.update_signature!(sig) }
end end
......
...@@ -6,6 +6,6 @@ FactoryGirl.define do ...@@ -6,6 +6,6 @@ FactoryGirl.define do
project project
gpg_key gpg_key
gpg_key_primary_keyid { gpg_key.primary_keyid } gpg_key_primary_keyid { gpg_key.primary_keyid }
valid_signature true verification_status :verified
end end
end end
...@@ -42,7 +42,7 @@ feature 'Profile > GPG Keys' do ...@@ -42,7 +42,7 @@ feature 'Profile > GPG Keys' do
scenario 'User revokes a key via the key index' do scenario 'User revokes a key via the key index' do
gpg_key = create :gpg_key, user: user, key: GpgHelpers::User2.public_key gpg_key = create :gpg_key, user: user, key: GpgHelpers::User2.public_key
gpg_signature = create :gpg_signature, gpg_key: gpg_key, valid_signature: true gpg_signature = create :gpg_signature, gpg_key: gpg_key, verification_status: :verified
visit profile_gpg_keys_path visit profile_gpg_keys_path
...@@ -51,7 +51,7 @@ feature 'Profile > GPG Keys' do ...@@ -51,7 +51,7 @@ feature 'Profile > GPG Keys' do
expect(page).to have_content('Your GPG keys (0)') expect(page).to have_content('Your GPG keys (0)')
expect(gpg_signature.reload).to have_attributes( expect(gpg_signature.reload).to have_attributes(
valid_signature: false, verification_status: 'unknown_key',
gpg_key: nil gpg_key: nil
) )
end end
......
...@@ -56,7 +56,6 @@ describe Gitlab::Gpg::Commit do ...@@ -56,7 +56,6 @@ describe Gitlab::Gpg::Commit do
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first, gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first, gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: true,
verification_status: 'verified' verification_status: 'verified'
) )
end end
...@@ -96,7 +95,6 @@ describe Gitlab::Gpg::Commit do ...@@ -96,7 +95,6 @@ describe Gitlab::Gpg::Commit do
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first, gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first, gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: false,
verification_status: 'same_user_different_email' verification_status: 'same_user_different_email'
) )
end end
...@@ -132,7 +130,6 @@ describe Gitlab::Gpg::Commit do ...@@ -132,7 +130,6 @@ describe Gitlab::Gpg::Commit do
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first, gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first, gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: false,
verification_status: 'other_user' verification_status: 'other_user'
) )
end end
...@@ -169,7 +166,6 @@ describe Gitlab::Gpg::Commit do ...@@ -169,7 +166,6 @@ describe Gitlab::Gpg::Commit do
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first, gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first, gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: false,
verification_status: 'unverified_key' verification_status: 'unverified_key'
) )
end end
...@@ -200,7 +196,6 @@ describe Gitlab::Gpg::Commit do ...@@ -200,7 +196,6 @@ describe Gitlab::Gpg::Commit do
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: nil, gpg_key_user_name: nil,
gpg_key_user_email: nil, gpg_key_user_email: nil,
valid_signature: false,
verification_status: 'unknown_key' verification_status: 'unknown_key'
) )
end end
......
...@@ -46,7 +46,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -46,7 +46,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: nil, gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: true verification_status: 'verified'
end end
it 'assigns the gpg key to the signature when the missing gpg key is added' do it 'assigns the gpg key to the signature when the missing gpg key is added' do
...@@ -60,7 +60,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -60,7 +60,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: true verification_status: 'verified'
) )
end end
...@@ -75,7 +75,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -75,7 +75,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: nil, gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: true verification_status: 'verified'
) )
end end
end end
...@@ -89,7 +89,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -89,7 +89,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: nil, gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false verification_status: 'unknown_key'
end end
it 'updates the signature to being valid when the missing gpg key is added' do it 'updates the signature to being valid when the missing gpg key is added' do
...@@ -103,7 +103,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -103,7 +103,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: true verification_status: 'verified'
) )
end end
...@@ -118,7 +118,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -118,7 +118,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: nil, gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false verification_status: 'unknown_key'
) )
end end
end end
...@@ -136,7 +136,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -136,7 +136,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: nil, gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false verification_status: 'unknown_key'
end end
it 'updates the signature to being valid when the user updates the email address' do it 'updates the signature to being valid when the user updates the email address' do
...@@ -144,7 +144,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -144,7 +144,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
key: GpgHelpers::User1.public_key, key: GpgHelpers::User1.public_key,
user: user user: user
expect(invalid_gpg_signature.reload.valid_signature).to be_falsey expect(invalid_gpg_signature.reload.verification_status).to eq 'unverified_key'
# InvalidGpgSignatureUpdater is called by the after_update hook # InvalidGpgSignatureUpdater is called by the after_update hook
user.update_attributes!(email: GpgHelpers::User1.emails.first) user.update_attributes!(email: GpgHelpers::User1.emails.first)
...@@ -154,7 +154,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -154,7 +154,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: true verification_status: 'verified'
) )
end end
...@@ -168,7 +168,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -168,7 +168,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false verification_status: 'unverified_key'
) )
# InvalidGpgSignatureUpdater is called by the after_update hook # InvalidGpgSignatureUpdater is called by the after_update hook
...@@ -179,7 +179,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do ...@@ -179,7 +179,7 @@ RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
commit_sha: commit_sha, commit_sha: commit_sha,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
valid_signature: false verification_status: 'unverified_key'
) )
end end
end end
......
...@@ -155,15 +155,15 @@ describe GpgKey do ...@@ -155,15 +155,15 @@ describe GpgKey do
describe '#revoke' do describe '#revoke' do
it 'invalidates all associated gpg signatures and destroys the key' do it 'invalidates all associated gpg signatures and destroys the key' do
gpg_key = create :gpg_key gpg_key = create :gpg_key
gpg_signature = create :gpg_signature, valid_signature: true, gpg_key: gpg_key gpg_signature = create :gpg_signature, verification_status: :verified, gpg_key: gpg_key
unrelated_gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key unrelated_gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
unrelated_gpg_signature = create :gpg_signature, valid_signature: true, gpg_key: unrelated_gpg_key unrelated_gpg_signature = create :gpg_signature, verification_status: :verified, gpg_key: unrelated_gpg_key
gpg_key.revoke gpg_key.revoke
expect(gpg_signature.reload).to have_attributes( expect(gpg_signature.reload).to have_attributes(
valid_signature: false, verification_status: 'unknown_key',
gpg_key: nil gpg_key: nil
) )
...@@ -171,7 +171,7 @@ describe GpgKey do ...@@ -171,7 +171,7 @@ describe GpgKey do
# unrelated signature is left untouched # unrelated signature is left untouched
expect(unrelated_gpg_signature.reload).to have_attributes( expect(unrelated_gpg_signature.reload).to have_attributes(
valid_signature: true, verification_status: 'verified',
gpg_key: unrelated_gpg_key gpg_key: unrelated_gpg_key
) )
......
...@@ -25,4 +25,34 @@ RSpec.describe GpgSignature do ...@@ -25,4 +25,34 @@ RSpec.describe GpgSignature do
gpg_signature.commit gpg_signature.commit
end end
end end
describe '#verified?' do
it 'returns true when `verification_status` is not set, but `valid_signature` is true' do
signature = create :gpg_signature, valid_signature: true, verification_status: nil
expect(signature.verified?).to be true
expect(signature.reload.verified?).to be true
end
it 'returns true when `verification_status` is set to :verified' do
signature = create :gpg_signature, verification_status: :verified
expect(signature.verified?).to be true
expect(signature.reload.verified?).to be true
end
it 'returns false when `verification_status` is set to :unknown_key' do
signature = create :gpg_signature, verification_status: :unknown_key
expect(signature.verified?).to be false
expect(signature.reload.verified?).to be false
end
it 'returns false when `verification_status` is not set, but `valid_signature` is false' do
signature = create :gpg_signature, valid_signature: false, verification_status: nil
expect(signature.verified?).to be false
expect(signature.reload.verified?).to be false
end
end
end end
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment