update invalid gpg signatures when key is created
This commit is contained in:
parent
d48eb77a96
commit
24671cd601
|
@ -28,6 +28,7 @@ class GpgKey < ActiveRecord::Base
|
||||||
unless: -> { errors.has_key?(:key) }
|
unless: -> { errors.has_key?(:key) }
|
||||||
|
|
||||||
before_validation :extract_fingerprint, :extract_primary_keyid
|
before_validation :extract_fingerprint, :extract_primary_keyid
|
||||||
|
after_create :update_invalid_gpg_signatures
|
||||||
after_create :notify_user
|
after_create :notify_user
|
||||||
|
|
||||||
def key=(value)
|
def key=(value)
|
||||||
|
@ -66,6 +67,10 @@ class GpgKey < ActiveRecord::Base
|
||||||
self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
|
self.primary_keyid = Gitlab::Gpg.primary_keyids_from_key(key).first
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def update_invalid_gpg_signatures
|
||||||
|
run_after_commit { Gitlab::Gpg::InvalidGpgSignatureUpdater.new(self).run }
|
||||||
|
end
|
||||||
|
|
||||||
def notify_user
|
def notify_user
|
||||||
run_after_commit { NotificationService.new.new_gpg_key(self) }
|
run_after_commit { NotificationService.new.new_gpg_key(self) }
|
||||||
end
|
end
|
||||||
|
|
|
@ -0,0 +1,19 @@
|
||||||
|
module Gitlab
|
||||||
|
module Gpg
|
||||||
|
class InvalidGpgSignatureUpdater
|
||||||
|
def initialize(gpg_key)
|
||||||
|
@gpg_key = gpg_key
|
||||||
|
end
|
||||||
|
|
||||||
|
def run
|
||||||
|
GpgSignature
|
||||||
|
.where(valid_signature: false)
|
||||||
|
.where(gpg_key_primary_keyid: @gpg_key.primary_keyid)
|
||||||
|
.find_each do |gpg_signature|
|
||||||
|
commit = Gitlab::Git::Commit.find(gpg_signature.project.repository, gpg_signature.commit_sha)
|
||||||
|
Gitlab::Gpg::Commit.new(commit).update_signature!(gpg_signature)
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,11 @@
|
||||||
|
require_relative '../support/gpg_helpers'
|
||||||
|
|
||||||
|
FactoryGirl.define do
|
||||||
|
factory :gpg_signature do
|
||||||
|
commit_sha { Digest::SHA1.hexdigest(SecureRandom.hex) }
|
||||||
|
project
|
||||||
|
gpg_key
|
||||||
|
gpg_key_primary_keyid { gpg_key.primary_keyid }
|
||||||
|
valid_signature true
|
||||||
|
end
|
||||||
|
end
|
|
@ -0,0 +1,50 @@
|
||||||
|
require 'rails_helper'
|
||||||
|
|
||||||
|
RSpec.describe Gitlab::Gpg::InvalidGpgSignatureUpdater do
|
||||||
|
describe '#run' do
|
||||||
|
context 'gpg signature did not have an associated gpg key' do
|
||||||
|
let!(:commit_sha) { '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33' }
|
||||||
|
let!(:project) { create :project, :repository, path: 'sample-project' }
|
||||||
|
let!(:commit) do
|
||||||
|
raw_commit = double(:raw_commit, signature: [
|
||||||
|
GpgHelpers::User1.signed_commit_signature,
|
||||||
|
GpgHelpers::User1.signed_commit_base_data
|
||||||
|
], sha: commit_sha)
|
||||||
|
allow(raw_commit).to receive :save!
|
||||||
|
|
||||||
|
create :commit, git_commit: raw_commit, project: project
|
||||||
|
end
|
||||||
|
|
||||||
|
let!(:gpg_signature) do
|
||||||
|
create :gpg_signature,
|
||||||
|
project: project,
|
||||||
|
commit_sha: commit_sha,
|
||||||
|
gpg_key: nil,
|
||||||
|
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
|
||||||
|
valid_signature: false
|
||||||
|
end
|
||||||
|
|
||||||
|
before do
|
||||||
|
allow(Gitlab::Git::Commit).to receive(:find).with(kind_of(Repository), commit_sha).and_return(commit)
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'updates the signature to being valid when the missing gpg key is added' do
|
||||||
|
# InvalidGpgSignatureUpdater is called by the after_create hook
|
||||||
|
create :gpg_key,
|
||||||
|
key: GpgHelpers::User1.public_key,
|
||||||
|
user: create(:user, email: GpgHelpers::User1.emails.first)
|
||||||
|
|
||||||
|
expect(gpg_signature.reload.valid_signature).to be_truthy
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'keeps the signature at being invalid when an unrelated gpg key is added' do
|
||||||
|
# InvalidGpgSignatureUpdater is called by the after_create hook
|
||||||
|
create :gpg_key,
|
||||||
|
key: GpgHelpers::User2.public_key,
|
||||||
|
user: create(:user, email: GpgHelpers::User2.emails.first)
|
||||||
|
|
||||||
|
expect(gpg_signature.reload.valid_signature).to be_falsey
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in New Issue