gitlab-org--gitlab-foss/spec/lib/gitlab/gpg/commit_spec.rb

require 'rails_helper'

RSpec.describe Gitlab::Gpg::Commit do
  describe '#signature' do
    let!(:project) { create :project, :repository, path: 'sample-project' }
    let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33'  }

    context 'unisgned commit' do
      it 'returns nil' do
        expect(described_class.new(project.commit).signature).to be_nil
      end
    end

    context 'known and verified public key' do
      let!(:gpg_key) do
        create :gpg_key, key: GpgHelpers::User1.public_key, user: create(:user, email: GpgHelpers::User1.emails.first)
      end

      let!(:commit) do
        raw_commit = double(:raw_commit, signature: [
          GpgHelpers::User1.signed_commit_signature,
          GpgHelpers::User1.signed_commit_base_data
        ], sha: commit_sha)
        allow(raw_commit).to receive :save!

        create :commit, git_commit: raw_commit, project: project
      end

      it 'returns a valid signature' do
        expect(described_class.new(commit).signature).to have_attributes(
          commit_sha: commit_sha,
          project: project,
          gpg_key: gpg_key,
          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
          gpg_key_user_name: GpgHelpers::User1.names.first,
          gpg_key_user_email: GpgHelpers::User1.emails.first,
          valid_signature: true
        )
      end

      it 'returns the cached signature on second call' do
        gpg_commit = described_class.new(commit)

        expect(gpg_commit).to receive(:using_keychain).and_call_original
        gpg_commit.signature

        # consecutive call
        expect(gpg_commit).not_to receive(:using_keychain).and_call_original
        gpg_commit.signature
      end
    end

    context 'known but unverified public key' do
      let!(:gpg_key) { create :gpg_key, key: GpgHelpers::User1.public_key }

      let!(:commit) do
        raw_commit = double(:raw_commit, signature: [
          GpgHelpers::User1.signed_commit_signature,
          GpgHelpers::User1.signed_commit_base_data
        ], sha: commit_sha)
        allow(raw_commit).to receive :save!

        create :commit, git_commit: raw_commit, project: project
      end

      it 'returns an invalid signature' do
        expect(described_class.new(commit).signature).to have_attributes(
          commit_sha: commit_sha,
          project: project,
          gpg_key: gpg_key,
          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
          gpg_key_user_name: GpgHelpers::User1.names.first,
          gpg_key_user_email: GpgHelpers::User1.emails.first,
          valid_signature: false
        )
      end

      it 'returns the cached signature on second call' do
        gpg_commit = described_class.new(commit)

        expect(gpg_commit).to receive(:using_keychain).and_call_original
        gpg_commit.signature

        # consecutive call
        expect(gpg_commit).not_to receive(:using_keychain).and_call_original
        gpg_commit.signature
      end
    end

    context 'unknown public key' do
      let!(:commit) do
        raw_commit = double(:raw_commit, signature: [
          GpgHelpers::User1.signed_commit_signature,
          GpgHelpers::User1.signed_commit_base_data
        ], sha: commit_sha)
        allow(raw_commit).to receive :save!

        create :commit,
          git_commit: raw_commit,
          project: project
      end

      it 'returns an invalid signature' do
        expect(described_class.new(commit).signature).to have_attributes(
          commit_sha: commit_sha,
          project: project,
          gpg_key: nil,
          gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
          gpg_key_user_name: nil,
          gpg_key_user_email: nil,
          valid_signature: false
        )
      end

      it 'returns the cached signature on second call' do
        gpg_commit = described_class.new(commit)

        expect(gpg_commit).to receive(:using_keychain).and_call_original
        gpg_commit.signature

        # consecutive call
        expect(gpg_commit).not_to receive(:using_keychain).and_call_original
        gpg_commit.signature
      end
    end
  end
end
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`require 'rails_helper'`

			`RSpec.describe Gitlab::Gpg::Commit do`
			`describe '#signature' do`
			`let!(:project) { create :project, :repository, path: 'sample-project' }`
extract variable 2017-06-26 03:13:36 -04:00			`let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' }`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00
bail if the commit has no signature 2017-06-15 03:16:50 -04:00			`context 'unisgned commit' do`
			`it 'returns nil' do`
			`expect(described_class.new(project.commit).signature).to be_nil`
			`end`
			`end`

gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`context 'known and verified public key' do`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`let!(:gpg_key) do`
			`create :gpg_key, key: GpgHelpers::User1.public_key, user: create(:user, email: GpgHelpers::User1.emails.first)`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`let!(:commit) do`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`raw_commit = double(:raw_commit, signature: [`
			`GpgHelpers::User1.signed_commit_signature,`
			`GpgHelpers::User1.signed_commit_base_data`
extract variable 2017-06-26 03:13:36 -04:00			`], sha: commit_sha)`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`allow(raw_commit).to receive :save!`

move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`create :commit, git_commit: raw_commit, project: project`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`it 'returns a valid signature' do`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`expect(described_class.new(commit).signature).to have_attributes(`
extract variable 2017-06-26 03:13:36 -04:00			`commit_sha: commit_sha,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`project: project,`
			`gpg_key: gpg_key,`
			`gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,`
store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`gpg_key_user_name: GpgHelpers::User1.names.first,`
			`gpg_key_user_email: GpgHelpers::User1.emails.first,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`valid_signature: true`
			`)`
			`end`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00
			`it 'returns the cached signature on second call' do`
			`gpg_commit = described_class.new(commit)`

memoize verified_signature call 2017-06-15 07:37:03 -04:00			`expect(gpg_commit).to receive(:using_keychain).and_call_original`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`gpg_commit.signature`

			`# consecutive call`
memoize verified_signature call 2017-06-15 07:37:03 -04:00			`expect(gpg_commit).not_to receive(:using_keychain).and_call_original`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`gpg_commit.signature`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`end`

gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`context 'known but unverified public key' do`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`let!(:gpg_key) { create :gpg_key, key: GpgHelpers::User1.public_key }`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`let!(:commit) do`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`raw_commit = double(:raw_commit, signature: [`
			`GpgHelpers::User1.signed_commit_signature,`
			`GpgHelpers::User1.signed_commit_base_data`
extract variable 2017-06-26 03:13:36 -04:00			`], sha: commit_sha)`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`allow(raw_commit).to receive :save!`

move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`create :commit, git_commit: raw_commit, project: project`
			`end`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`it 'returns an invalid signature' do`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`expect(described_class.new(commit).signature).to have_attributes(`
extract variable 2017-06-26 03:13:36 -04:00			`commit_sha: commit_sha,`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`project: project,`
			`gpg_key: gpg_key,`
			`gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,`
store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`gpg_key_user_name: GpgHelpers::User1.names.first,`
			`gpg_key_user_email: GpgHelpers::User1.emails.first,`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`valid_signature: false`
			`)`
			`end`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00
			`it 'returns the cached signature on second call' do`
			`gpg_commit = described_class.new(commit)`

memoize verified_signature call 2017-06-15 07:37:03 -04:00			`expect(gpg_commit).to receive(:using_keychain).and_call_original`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`gpg_commit.signature`

			`# consecutive call`
memoize verified_signature call 2017-06-15 07:37:03 -04:00			`expect(gpg_commit).not_to receive(:using_keychain).and_call_original`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`gpg_commit.signature`
			`end`
gpg signature is only valid when key is verified 2017-06-15 03:57:50 -04:00			`end`

cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`context 'unknown public key' do`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`let!(:commit) do`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`raw_commit = double(:raw_commit, signature: [`
			`GpgHelpers::User1.signed_commit_signature,`
			`GpgHelpers::User1.signed_commit_base_data`
extract variable 2017-06-26 03:13:36 -04:00			`], sha: commit_sha)`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`allow(raw_commit).to receive :save!`

move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`create :commit,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`git_commit: raw_commit,`
			`project: project`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`it 'returns an invalid signature' do`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`expect(described_class.new(commit).signature).to have_attributes(`
extract variable 2017-06-26 03:13:36 -04:00			`commit_sha: commit_sha,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`project: project,`
			`gpg_key: nil,`
store gpg_key_primary_keyid for unknown gpg keys we need to store the keyid to be able to update the signature later in case the missing key is added later. 2017-06-15 06:43:04 -04:00			`gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,`
store gpg user name and email on the signature 2017-07-13 09:22:15 -04:00			`gpg_key_user_name: nil,`
			`gpg_key_user_email: nil,`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`valid_signature: false`
			`)`
			`end`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00
			`it 'returns the cached signature on second call' do`
			`gpg_commit = described_class.new(commit)`

memoize verified_signature call 2017-06-15 07:37:03 -04:00			`expect(gpg_commit).to receive(:using_keychain).and_call_original`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`gpg_commit.signature`

			`# consecutive call`
memoize verified_signature call 2017-06-15 07:37:03 -04:00			`expect(gpg_commit).not_to receive(:using_keychain).and_call_original`
move signature cache read to Gpg::Commit as we write the cache in the gpg commit class already the read should also happen there. This also removes all logic from the main commit class, which just proxies the call to the Gpg::Commit now. 2017-06-15 04:28:28 -04:00			`gpg_commit.signature`
			`end`
cache the gpg commit signature we store the result of the gpg commit verification in the db because the gpg verification is an expensive operation. 2017-06-14 05:51:34 -04:00			`end`
			`end`
			`end`