2018-11-21 13:32:04 -05:00
|
|
|
# frozen_string_literal: true
|
|
|
|
|
2017-08-28 09:05:18 -04:00
|
|
|
require 'spec_helper'
|
|
|
|
|
2018-11-21 13:33:36 -05:00
|
|
|
describe 'GPG signed commits' do
|
2018-11-21 13:00:04 -05:00
|
|
|
let(:project) { create(:project, :public, :repository) }
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2020-02-07 04:08:49 -05:00
|
|
|
it 'changes from unverified to verified when the user changes their email to match the gpg key', :sidekiq_might_not_need_inline do
|
2018-11-21 13:33:36 -05:00
|
|
|
ref = GpgHelpers::SIGNED_AND_AUTHORED_SHA
|
|
|
|
user = create(:user, email: 'unrelated.user@example.org')
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2018-07-23 00:34:54 -04:00
|
|
|
perform_enqueued_jobs do
|
2017-08-28 09:05:18 -04:00
|
|
|
create :gpg_key, key: GpgHelpers::User1.public_key, user: user
|
|
|
|
end
|
|
|
|
|
2018-11-21 13:33:36 -05:00
|
|
|
visit project_commit_path(project, ref)
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2019-08-15 02:27:55 -04:00
|
|
|
expect(page).to have_button 'Unverified'
|
|
|
|
expect(page).not_to have_button 'Verified'
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2020-02-07 04:08:49 -05:00
|
|
|
# user changes their email which makes the gpg key verified
|
2018-07-23 00:34:54 -04:00
|
|
|
perform_enqueued_jobs do
|
2017-08-28 09:05:18 -04:00
|
|
|
user.skip_reconfirmation!
|
2018-07-02 06:43:06 -04:00
|
|
|
user.update!(email: GpgHelpers::User1.emails.first)
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|
|
|
|
|
2018-11-21 13:33:36 -05:00
|
|
|
visit project_commit_path(project, ref)
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2019-08-15 02:27:55 -04:00
|
|
|
expect(page).not_to have_button 'Unverified'
|
|
|
|
expect(page).to have_button 'Verified'
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|
|
|
|
|
2019-10-23 05:06:03 -04:00
|
|
|
it 'changes from unverified to verified when the user adds the missing gpg key', :sidekiq_might_not_need_inline do
|
2018-11-21 13:33:36 -05:00
|
|
|
ref = GpgHelpers::SIGNED_AND_AUTHORED_SHA
|
|
|
|
user = create(:user, email: GpgHelpers::User1.emails.first)
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2018-11-21 13:33:36 -05:00
|
|
|
visit project_commit_path(project, ref)
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2019-08-15 02:27:55 -04:00
|
|
|
expect(page).to have_button 'Unverified'
|
|
|
|
expect(page).not_to have_button 'Verified'
|
2017-08-28 09:05:18 -04:00
|
|
|
|
|
|
|
# user adds the gpg key which makes the signature valid
|
2018-07-23 00:34:54 -04:00
|
|
|
perform_enqueued_jobs do
|
2017-08-28 09:05:18 -04:00
|
|
|
create :gpg_key, key: GpgHelpers::User1.public_key, user: user
|
|
|
|
end
|
|
|
|
|
2018-11-21 13:33:36 -05:00
|
|
|
visit project_commit_path(project, ref)
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2019-08-15 02:27:55 -04:00
|
|
|
expect(page).not_to have_button 'Unverified'
|
|
|
|
expect(page).to have_button 'Verified'
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|
|
|
|
|
2018-11-21 13:32:04 -05:00
|
|
|
context 'shows popover badges', :js do
|
2017-08-30 08:27:33 -04:00
|
|
|
let(:user_1) do
|
|
|
|
create :user, email: GpgHelpers::User1.emails.first, username: 'nannie.bernhard', name: 'Nannie Bernhard'
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|
|
|
|
|
2017-08-30 08:27:33 -04:00
|
|
|
let(:user_1_key) do
|
2018-07-23 00:34:54 -04:00
|
|
|
perform_enqueued_jobs do
|
2017-08-30 08:27:33 -04:00
|
|
|
create :gpg_key, key: GpgHelpers::User1.public_key, user: user_1
|
|
|
|
end
|
|
|
|
end
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2017-08-30 08:27:33 -04:00
|
|
|
let(:user_2) do
|
|
|
|
create(:user, email: GpgHelpers::User2.emails.first, username: 'bette.cartwright', name: 'Bette Cartwright').tap do |user|
|
|
|
|
# secondary, unverified email
|
|
|
|
create :email, user: user, email: GpgHelpers::User2.emails.last
|
|
|
|
end
|
|
|
|
end
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2017-08-30 08:27:33 -04:00
|
|
|
let(:user_2_key) do
|
2018-07-23 00:34:54 -04:00
|
|
|
perform_enqueued_jobs do
|
2017-08-30 08:27:33 -04:00
|
|
|
create :gpg_key, key: GpgHelpers::User2.public_key, user: user_2
|
|
|
|
end
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|
|
|
|
|
2017-08-30 08:27:33 -04:00
|
|
|
it 'unverified signature' do
|
2018-11-21 13:32:04 -05:00
|
|
|
visit project_commit_path(project, GpgHelpers::SIGNED_COMMIT_SHA)
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2018-11-21 13:00:04 -05:00
|
|
|
click_on 'Unverified'
|
2018-04-23 17:23:18 -04:00
|
|
|
|
|
|
|
within '.popover' do
|
|
|
|
expect(page).to have_content 'This commit was signed with an unverified signature.'
|
|
|
|
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
|
2017-08-30 08:27:33 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'unverified signature: user email does not match the committer email, but is the same user' do
|
|
|
|
user_2_key
|
|
|
|
|
2018-11-21 13:32:04 -05:00
|
|
|
visit project_commit_path(project, GpgHelpers::DIFFERING_EMAIL_SHA)
|
2017-08-30 08:27:33 -04:00
|
|
|
|
2018-11-21 13:00:04 -05:00
|
|
|
click_on 'Unverified'
|
2018-04-23 17:23:18 -04:00
|
|
|
|
|
|
|
within '.popover' do
|
|
|
|
expect(page).to have_content 'This commit was signed with a verified signature, but the committer email is not verified to belong to the same user.'
|
|
|
|
expect(page).to have_content 'Bette Cartwright'
|
|
|
|
expect(page).to have_content '@bette.cartwright'
|
|
|
|
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
|
2017-08-30 08:27:33 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'unverified signature: user email does not match the committer email' do
|
|
|
|
user_2_key
|
|
|
|
|
2018-11-21 13:32:04 -05:00
|
|
|
visit project_commit_path(project, GpgHelpers::SIGNED_COMMIT_SHA)
|
2017-08-30 08:27:33 -04:00
|
|
|
|
2018-11-21 13:00:04 -05:00
|
|
|
click_on 'Unverified'
|
2018-04-23 17:23:18 -04:00
|
|
|
|
|
|
|
within '.popover' do
|
|
|
|
expect(page).to have_content "This commit was signed with a different user's verified signature."
|
|
|
|
expect(page).to have_content 'Bette Cartwright'
|
|
|
|
expect(page).to have_content '@bette.cartwright'
|
|
|
|
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
|
2017-08-30 08:27:33 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'verified and the gpg user has a gitlab profile' do
|
|
|
|
user_1_key
|
|
|
|
|
2018-11-21 13:32:04 -05:00
|
|
|
visit project_commit_path(project, GpgHelpers::SIGNED_AND_AUTHORED_SHA)
|
2017-08-30 08:27:33 -04:00
|
|
|
|
2018-11-21 13:00:04 -05:00
|
|
|
click_on 'Verified'
|
2018-04-23 17:23:18 -04:00
|
|
|
|
|
|
|
within '.popover' do
|
|
|
|
expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
|
|
|
|
expect(page).to have_content 'Nannie Bernhard'
|
|
|
|
expect(page).to have_content '@nannie.bernhard'
|
|
|
|
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
|
2017-08-30 08:27:33 -04:00
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
it "verified and the gpg user's profile doesn't exist anymore" do
|
|
|
|
user_1_key
|
|
|
|
|
2018-11-21 13:32:04 -05:00
|
|
|
visit project_commit_path(project, GpgHelpers::SIGNED_AND_AUTHORED_SHA)
|
2017-08-30 08:27:33 -04:00
|
|
|
|
|
|
|
# wait for the signature to get generated
|
2019-08-15 02:27:55 -04:00
|
|
|
expect(page).to have_button 'Verified'
|
2017-08-30 08:27:33 -04:00
|
|
|
|
|
|
|
user_1.destroy!
|
|
|
|
|
|
|
|
refresh
|
2017-08-28 09:05:18 -04:00
|
|
|
|
2018-11-21 13:00:04 -05:00
|
|
|
click_on 'Verified'
|
2018-04-23 17:23:18 -04:00
|
|
|
|
|
|
|
within '.popover' do
|
|
|
|
expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
|
|
|
|
expect(page).to have_content 'Nannie Bernhard'
|
|
|
|
expect(page).to have_content 'nannie.bernhard@example.com'
|
|
|
|
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
|
2017-08-30 08:27:33 -04:00
|
|
|
end
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|
|
|
|
end
|
2019-10-21 11:05:58 -04:00
|
|
|
|
|
|
|
context 'view signed commit on the tree view', :js do
|
|
|
|
shared_examples 'a commit with a signature' do
|
|
|
|
before do
|
|
|
|
visit project_tree_path(project, 'signed-commits')
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'displays commit signature' do
|
|
|
|
expect(page).to have_button 'Unverified'
|
|
|
|
|
|
|
|
click_on 'Unverified'
|
|
|
|
|
|
|
|
within '.popover' do
|
|
|
|
expect(page).to have_content 'This commit was signed with an unverified signature'
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with vue tree view enabled' do
|
|
|
|
it_behaves_like 'a commit with a signature'
|
|
|
|
end
|
|
|
|
end
|
2017-08-28 09:05:18 -04:00
|
|
|
end
|