2018-11-21 18:32:04 +00:00
# frozen_string_literal: true
2017-08-28 13:05:18 +00:00
require 'spec_helper'
2020-06-03 18:08:28 +00:00
RSpec . describe 'GPG signed commits' do
2018-11-21 18:00:04 +00:00
let ( :project ) { create ( :project , :public , :repository ) }
2017-08-28 13:05:18 +00:00
2020-02-07 09:08:49 +00:00
it 'changes from unverified to verified when the user changes their email to match the gpg key' , :sidekiq_might_not_need_inline do
2018-11-21 18:33:36 +00:00
ref = GpgHelpers :: SIGNED_AND_AUTHORED_SHA
user = create ( :user , email : 'unrelated.user@example.org' )
2017-08-28 13:05:18 +00:00
2018-07-23 04:34:54 +00:00
perform_enqueued_jobs do
2017-08-28 13:05:18 +00:00
create :gpg_key , key : GpgHelpers :: User1 . public_key , user : user
2021-11-04 00:12:36 +00:00
user . reload # necessary to reload the association with gpg_keys
2017-08-28 13:05:18 +00:00
end
2018-11-21 18:33:36 +00:00
visit project_commit_path ( project , ref )
2017-08-28 13:05:18 +00:00
2020-02-11 09:08:39 +00:00
expect ( page ) . to have_selector ( '.gpg-status-box' , text : 'Unverified' )
2017-08-28 13:05:18 +00:00
2020-02-07 09:08:49 +00:00
# user changes their email which makes the gpg key verified
2018-07-23 04:34:54 +00:00
perform_enqueued_jobs do
2017-08-28 13:05:18 +00:00
user . skip_reconfirmation!
2018-07-02 10:43:06 +00:00
user . update! ( email : GpgHelpers :: User1 . emails . first )
2017-08-28 13:05:18 +00:00
end
2018-11-21 18:33:36 +00:00
visit project_commit_path ( project , ref )
2017-08-28 13:05:18 +00:00
2020-02-11 09:08:39 +00:00
expect ( page ) . to have_selector ( '.gpg-status-box' , text : 'Verified' )
2017-08-28 13:05:18 +00:00
end
2019-10-23 09:06:03 +00:00
it 'changes from unverified to verified when the user adds the missing gpg key' , :sidekiq_might_not_need_inline do
2018-11-21 18:33:36 +00:00
ref = GpgHelpers :: SIGNED_AND_AUTHORED_SHA
user = create ( :user , email : GpgHelpers :: User1 . emails . first )
2017-08-28 13:05:18 +00:00
2018-11-21 18:33:36 +00:00
visit project_commit_path ( project , ref )
2017-08-28 13:05:18 +00:00
2020-02-11 09:08:39 +00:00
expect ( page ) . to have_selector ( '.gpg-status-box' , text : 'Unverified' )
2017-08-28 13:05:18 +00:00
# user adds the gpg key which makes the signature valid
2018-07-23 04:34:54 +00:00
perform_enqueued_jobs do
2017-08-28 13:05:18 +00:00
create :gpg_key , key : GpgHelpers :: User1 . public_key , user : user
end
2018-11-21 18:33:36 +00:00
visit project_commit_path ( project , ref )
2017-08-28 13:05:18 +00:00
2020-02-11 09:08:39 +00:00
expect ( page ) . to have_selector ( '.gpg-status-box' , text : 'Verified' )
2017-08-28 13:05:18 +00:00
end
2018-11-21 18:32:04 +00:00
context 'shows popover badges' , :js do
2017-08-30 12:27:33 +00:00
let ( :user_1 ) do
create :user , email : GpgHelpers :: User1 . emails . first , username : 'nannie.bernhard' , name : 'Nannie Bernhard'
2017-08-28 13:05:18 +00:00
end
2017-08-30 12:27:33 +00:00
let ( :user_1_key ) do
2018-07-23 04:34:54 +00:00
perform_enqueued_jobs do
2017-08-30 12:27:33 +00:00
create :gpg_key , key : GpgHelpers :: User1 . public_key , user : user_1
end
end
2017-08-28 13:05:18 +00:00
2017-08-30 12:27:33 +00:00
let ( :user_2 ) do
create ( :user , email : GpgHelpers :: User2 . emails . first , username : 'bette.cartwright' , name : 'Bette Cartwright' ) . tap do | user |
# secondary, unverified email
2022-07-28 18:09:03 +00:00
create :email , user : user , email : 'mail@koffeinfrei.org'
2017-08-30 12:27:33 +00:00
end
end
2017-08-28 13:05:18 +00:00
2017-08-30 12:27:33 +00:00
let ( :user_2_key ) do
2018-07-23 04:34:54 +00:00
perform_enqueued_jobs do
2017-08-30 12:27:33 +00:00
create :gpg_key , key : GpgHelpers :: User2 . public_key , user : user_2
end
2017-08-28 13:05:18 +00:00
end
2017-08-30 12:27:33 +00:00
it 'unverified signature' do
2018-11-21 18:32:04 +00:00
visit project_commit_path ( project , GpgHelpers :: SIGNED_COMMIT_SHA )
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2017-08-28 13:05:18 +00:00
2020-02-11 09:08:39 +00:00
page . find ( '.gpg-status-box' , text : 'Unverified' ) . click
2018-04-23 21:23:18 +00:00
within '.popover' do
expect ( page ) . to have_content 'This commit was signed with an unverified signature.'
expect ( page ) . to have_content " GPG Key ID: #{ GpgHelpers :: User2 . primary_keyid } "
2017-08-30 12:27:33 +00:00
end
end
2022-07-28 18:09:03 +00:00
it 'unverified signature: gpg key email does not match the committer_email but is the same user when the committer_email belongs to the user as a confirmed secondary email' do
2017-08-30 12:27:33 +00:00
user_2_key
2022-07-28 18:09:03 +00:00
user_2 . emails . find_by ( email : 'mail@koffeinfrei.org' ) . confirm
2017-08-30 12:27:33 +00:00
2022-07-28 18:09:03 +00:00
visit project_commit_path ( project , GpgHelpers :: SIGNED_COMMIT_SHA )
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2017-08-30 12:27:33 +00:00
2020-02-11 09:08:39 +00:00
page . find ( '.gpg-status-box' , text : 'Unverified' ) . click
2018-04-23 21:23:18 +00:00
within '.popover' do
2022-08-16 12:12:38 +00:00
expect ( page ) . to have_content 'This commit was signed with a verified signature, but the committer email is not associated with the GPG Key.'
2018-04-23 21:23:18 +00:00
expect ( page ) . to have_content 'Bette Cartwright'
expect ( page ) . to have_content '@bette.cartwright'
expect ( page ) . to have_content " GPG Key ID: #{ GpgHelpers :: User2 . primary_keyid } "
2017-08-30 12:27:33 +00:00
end
end
2022-07-28 18:09:03 +00:00
it 'unverified signature: gpg key email does not match the committer_email when the committer_email belongs to the user as a unconfirmed secondary email' do
2017-08-30 12:27:33 +00:00
user_2_key
2018-11-21 18:32:04 +00:00
visit project_commit_path ( project , GpgHelpers :: SIGNED_COMMIT_SHA )
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2017-08-30 12:27:33 +00:00
2020-02-11 09:08:39 +00:00
page . find ( '.gpg-status-box' , text : 'Unverified' ) . click
2018-04-23 21:23:18 +00:00
within '.popover' do
expect ( page ) . to have_content " This commit was signed with a different user's verified signature. "
expect ( page ) . to have_content 'Bette Cartwright'
expect ( page ) . to have_content '@bette.cartwright'
expect ( page ) . to have_content " GPG Key ID: #{ GpgHelpers :: User2 . primary_keyid } "
2017-08-30 12:27:33 +00:00
end
end
2021-11-10 18:12:35 +00:00
it 'unverified signature: commit contains multiple GPG signatures' do
user_1_key
visit project_commit_path ( project , GpgHelpers :: MULTIPLE_SIGNATURES_SHA )
wait_for_all_requests
page . find ( '.gpg-status-box' , text : 'Unverified' ) . click
within '.popover' do
expect ( page ) . to have_content " This commit was signed with multiple signatures. "
end
end
2017-08-30 12:27:33 +00:00
it 'verified and the gpg user has a gitlab profile' do
user_1_key
2018-11-21 18:32:04 +00:00
visit project_commit_path ( project , GpgHelpers :: SIGNED_AND_AUTHORED_SHA )
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2017-08-30 12:27:33 +00:00
2020-02-11 09:08:39 +00:00
page . find ( '.gpg-status-box' , text : 'Verified' ) . click
2018-04-23 21:23:18 +00:00
within '.popover' do
expect ( page ) . to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
expect ( page ) . to have_content 'Nannie Bernhard'
expect ( page ) . to have_content '@nannie.bernhard'
expect ( page ) . to have_content " GPG Key ID: #{ GpgHelpers :: User1 . primary_keyid } "
2017-08-30 12:27:33 +00:00
end
end
it " verified and the gpg user's profile doesn't exist anymore " do
user_1_key
2018-11-21 18:32:04 +00:00
visit project_commit_path ( project , GpgHelpers :: SIGNED_AND_AUTHORED_SHA )
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2017-08-30 12:27:33 +00:00
# wait for the signature to get generated
2020-02-11 09:08:39 +00:00
expect ( page ) . to have_selector ( '.gpg-status-box' , text : 'Verified' )
2017-08-30 12:27:33 +00:00
user_1 . destroy!
refresh
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2017-08-28 13:05:18 +00:00
2020-02-11 09:08:39 +00:00
page . find ( '.gpg-status-box' , text : 'Verified' ) . click
2018-04-23 21:23:18 +00:00
within '.popover' do
expect ( page ) . to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
expect ( page ) . to have_content 'Nannie Bernhard'
expect ( page ) . to have_content 'nannie.bernhard@example.com'
expect ( page ) . to have_content " GPG Key ID: #{ GpgHelpers :: User1 . primary_keyid } "
2017-08-30 12:27:33 +00:00
end
2017-08-28 13:05:18 +00:00
end
end
2019-10-21 15:05:58 +00:00
context 'view signed commit on the tree view' , :js do
shared_examples 'a commit with a signature' do
before do
visit project_tree_path ( project , 'signed-commits' )
2020-07-10 09:09:01 +00:00
wait_for_all_requests
2019-10-21 15:05:58 +00:00
end
it 'displays commit signature' do
2020-02-11 09:08:39 +00:00
expect ( page ) . to have_selector ( '.gpg-status-box' , text : 'Unverified' )
2019-10-21 15:05:58 +00:00
2020-02-11 09:08:39 +00:00
page . find ( '.gpg-status-box' , text : 'Unverified' ) . click
2019-10-21 15:05:58 +00:00
within '.popover' do
2021-11-10 18:12:35 +00:00
expect ( page ) . to have_content 'This commit was signed with multiple signatures.'
2019-10-21 15:05:58 +00:00
end
end
end
context 'with vue tree view enabled' do
it_behaves_like 'a commit with a signature'
end
end
2017-08-28 13:05:18 +00:00
end