From 8c4b6a32fcc5786383904fa1d5cf8b317bec7a7f Mon Sep 17 00:00:00 2001
From: Alexis Reigel <mail@koffeinfrei.org>
Date: Thu, 15 Jun 2017 09:16:50 +0200
Subject: [PATCH] bail if the commit has no signature

---
 app/models/commit.rb               | 6 +-----
 lib/gitlab/gpg/commit.rb           | 6 ++++--
 spec/lib/gitlab/gpg/commit_spec.rb | 6 ++++++
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/app/models/commit.rb b/app/models/commit.rb
index 6c5556902ec..ed8b9a79a7a 100644
--- a/app/models/commit.rb
+++ b/app/models/commit.rb
@@ -242,11 +242,7 @@ class Commit
     cached_signature = GpgSignature.find_by(commit_sha: sha)
     return cached_signature if cached_signature.present?
 
-    gpg_commit = Gitlab::Gpg::Commit.new(self)
-
-    return unless gpg_commit.has_signature?
-
-    @signature = gpg_commit.signature
+    @signature = Gitlab::Gpg::Commit.new(self).signature
   end
 
   def revert_branch_name
diff --git a/lib/gitlab/gpg/commit.rb b/lib/gitlab/gpg/commit.rb
index f60e5125c13..f363652745f 100644
--- a/lib/gitlab/gpg/commit.rb
+++ b/lib/gitlab/gpg/commit.rb
@@ -10,10 +10,12 @@ module Gitlab
       end
 
       def has_signature?
-        @signature_text && @signed_text
+        !!(@signature_text && @signed_text)
       end
 
       def signature
+        return unless has_signature?
+
         Gitlab::Gpg.using_tmp_keychain do
           # first we need to get the keyid from the signature to query the gpg
           # key belonging to the keyid.
@@ -43,7 +45,7 @@ module Gitlab
           project: commit.project,
           gpg_key: gpg_key,
           gpg_key_primary_keyid: gpg_key&.primary_keyid,
-          valid_signature: !!(gpg_key && verified_signature&.valid?)
+          valid_signature: !!(gpg_key && verified_signature.valid?)
         )
       end
     end
diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb
index 8b1747eebcc..c4d92b8bbbf 100644
--- a/spec/lib/gitlab/gpg/commit_spec.rb
+++ b/spec/lib/gitlab/gpg/commit_spec.rb
@@ -4,6 +4,12 @@ RSpec.describe Gitlab::Gpg::Commit do
   describe '#signature' do
     let!(:project) { create :project, :repository, path: 'sample-project' }
 
+    context 'unisgned commit' do
+      it 'returns nil' do
+        expect(described_class.new(project.commit).signature).to be_nil
+      end
+    end
+
     context 'known public key' do
       it 'returns a valid signature' do
         gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key