Make GPG validation case insensitive.
In line with other changes in GitLab, make email address validation properly case insensitive. The email address in the commit may be in any case, so it needs downcasing to match the address stored in GitLab for the user. Without this change the comparison fails and commits are not marked as verified. See #37009.
This commit is contained in:
Tim Bishop
parent
171714c923
commit
a212391f0f
3 changed files with 14 additions and 1 deletions
|
|
@ -73,7 +73,7 @@ class GpgKey < ActiveRecord::Base
|
|||
end
|
||||
|
||||
def verified_and_belongs_to_email?(email)
|
||||
emails_with_verified_status.fetch(email, false)
|
||||
emails_with_verified_status.fetch(email.downcase, false)
|
||||
end
|
||||
|
||||
def update_invalid_gpg_signatures
|
||||
|
|
|
|||
5
changelogs/unreleased/fix-gpg-case-insensitive.yml
Normal file
5
changelogs/unreleased/fix-gpg-case-insensitive.yml
Normal file
|
|
@ -0,0 +1,5 @@
|
|||
---
|
||||
title: Compare email addresses case insensitively when verifying GPG signatures
|
||||
merge_request: 14376
|
||||
author: Tim Bishop
|
||||
type: fixed
|
||||
|
|
@ -138,6 +138,14 @@ describe GpgKey do
|
|||
expect(gpg_key.verified?).to be_truthy
|
||||
expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.com')).to be_truthy
|
||||
end
|
||||
|
||||
it 'returns true if one of the email addresses in the key belongs to the user and case-insensitively matches the provided email' do
|
||||
user = create :user, email: 'bette.cartwright@example.com'
|
||||
gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
|
||||
|
||||
expect(gpg_key.verified?).to be_truthy
|
||||
expect(gpg_key.verified_and_belongs_to_email?('Bette.Cartwright@example.com')).to be_truthy
|
||||
end
|
||||
end
|
||||
|
||||
describe '#revoke' do
|
||||
|
|
|
|||
Loading…
Reference in a new issue