kotovalexarian-likes-gitlab/gitlab-org--gitlab-foss
1
0
Fork 0
Code Releases Activity

store gpg user name and email on the signature

Browse source
This commit is contained in:
Alexis Reigel 2017-07-13 15:22:15 +02:00
parent 506836a695
commit cd01e82873
9 changed files with 88 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
app/models/gpg_key.rb
View file

@ -37,15 +37,21 @@ class GpgKey < ActiveRecord::Base
write_attribute(:key, value) write_attribute(:key, value)
end end
def emails def user_infos
@emails ||= Gitlab::Gpg.emails_from_key(key) @user_infos ||= Gitlab::Gpg.user_infos_from_key(key)
end
def verified_user_infos
user_infos.select do |user_info|
user_info[:email] == user.email
end
end end
def emails_with_verified_status def emails_with_verified_status
emails.map do |email| user_infos.map do |user_info|
[ [
email, user_info[:email],
email == user.email user_info[:email] == user.email
] ]
end.to_h end.to_h
end end

11
db/migrate/20170713104235_add_gpg_key_user_info_to_gpg_signatures.rb Normal file
View file

@ -0,0 +1,11 @@
# See http://doc.gitlab.com/ce/development/migration_style_guide.html
# for more information on how to write migrations for GitLab.
class AddGpgKeyUserInfoToGpgSignatures < ActiveRecord::Migration
DOWNTIME = false
def change
add_column :gpg_signatures, :gpg_key_user_name, :string
add_column :gpg_signatures, :gpg_key_user_email, :string
end
end

2
db/schema.rb
View file

@ -560,6 +560,8 @@ ActiveRecord::Schema.define(version: 20170725145659) do
t.boolean "valid_signature" t.boolean "valid_signature"
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.string "gpg_key_user_name"
t.string "gpg_key_user_email"
end end
add_index "gpg_signatures", ["commit_sha"], name: "index_gpg_signatures_on_commit_sha", using: :btree add_index "gpg_signatures", ["commit_sha"], name: "index_gpg_signatures_on_commit_sha", using: :btree

6
lib/gitlab/gpg.rb
View file

@ -32,11 +32,13 @@ module Gitlab
end end
end end
def emails_from_key(key) def user_infos_from_key(key)
using_tmp_keychain do using_tmp_keychain do
fingerprints = CurrentKeyChain.fingerprints_from_key(key) fingerprints = CurrentKeyChain.fingerprints_from_key(key)
GPGME::Key.find(:public, fingerprints).flat_map { |raw_key| raw_key.uids.map(&:email) } GPGME::Key.find(:public, fingerprints).flat_map do |raw_key|
raw_key.uids.map { |uid| { name: uid.name, email: uid.email } }
end
end end
end end

21
lib/gitlab/gpg/commit.rb
View file

@ -26,10 +26,7 @@ module Gitlab
def update_signature!(cached_signature) def update_signature!(cached_signature)
using_keychain do |gpg_key| using_keychain do |gpg_key|
cached_signature.update_attributes!( cached_signature.update_attributes!(attributes(gpg_key))
valid_signature: gpg_signature_valid_signature_value(gpg_key),
gpg_key: gpg_key
)
end end
end end
@ -59,18 +56,30 @@ module Gitlab
end end
def create_cached_signature!(gpg_key) def create_cached_signature!(gpg_key)
GpgSignature.create!( GpgSignature.create!(attributes(gpg_key))
end
def attributes(gpg_key)
user_infos = user_infos(gpg_key)
{
commit_sha: commit.sha, commit_sha: commit.sha,
project: commit.project, project: commit.project,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint, gpg_key_primary_keyid: gpg_key&.primary_keyid || verified_signature.fingerprint,
gpg_key_user_name: user_infos[:name],
gpg_key_user_email: user_infos[:email],
valid_signature: gpg_signature_valid_signature_value(gpg_key) valid_signature: gpg_signature_valid_signature_value(gpg_key)
) }
end end
def gpg_signature_valid_signature_value(gpg_key) def gpg_signature_valid_signature_value(gpg_key)
!!(gpg_key && gpg_key.verified? && verified_signature.valid?) !!(gpg_key && gpg_key.verified? && verified_signature.valid?)
end end
def user_infos(gpg_key)
gpg_key&.verified_user_infos&.first || gpg_key&.user_infos&.first || {}
end
end end
end end
end end

6
spec/lib/gitlab/gpg/commit_spec.rb
View file

@ -32,6 +32,8 @@ RSpec.describe Gitlab::Gpg::Commit do
project: project, project: project,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: true valid_signature: true
) )
end end
@ -67,6 +69,8 @@ RSpec.describe Gitlab::Gpg::Commit do
project: project, project: project,
gpg_key: gpg_key, gpg_key: gpg_key,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: GpgHelpers::User1.names.first,
gpg_key_user_email: GpgHelpers::User1.emails.first,
valid_signature: false valid_signature: false
) )
end end
@ -102,6 +106,8 @@ RSpec.describe Gitlab::Gpg::Commit do
project: project, project: project,
gpg_key: nil, gpg_key: nil,
gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid,
gpg_key_user_name: nil,
gpg_key_user_email: nil,
valid_signature: false valid_signature: false
) )
end end

14
spec/lib/gitlab/gpg_spec.rb
View file

@ -28,16 +28,18 @@ describe Gitlab::Gpg do
end end
end end
describe '.emails_from_key' do describe '.user_infos_from_key' do
it 'returns the emails' do it 'returns the names and emails' do
expect( user_infos = described_class.user_infos_from_key(GpgHelpers::User1.public_key)
described_class.emails_from_key(GpgHelpers::User1.public_key) expect(user_infos).to eq([{
).to eq GpgHelpers::User1.emails name: GpgHelpers::User1.names.first,
email: GpgHelpers::User1.emails.first
}])
end end
it 'returns an empty array when the key is invalid' do it 'returns an empty array when the key is invalid' do
expect( expect(
described_class.emails_from_key('bogus') described_class.user_infos_from_key('bogus')
).to eq [] ).to eq []
end end
end end

26
spec/models/gpg_key_spec.rb
View file

@ -46,11 +46,31 @@ describe GpgKey do
end end
end end
describe '#emails' do describe '#user_infos' do
it 'returns the emails from the gpg key' do it 'returns the user infos from the gpg key' do
gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key
expect(Gitlab::Gpg).to receive(:user_infos_from_key).with(gpg_key.key)
expect(gpg_key.emails).to eq GpgHelpers::User1.emails gpg_key.user_infos
end
end
describe '#verified_user_infos' do
it 'returns the user infos if it is verified' do
user = create :user, email: GpgHelpers::User1.emails.first
gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: user
expect(gpg_key.verified_user_infos).to eq([{
name: GpgHelpers::User1.names.first,
email: GpgHelpers::User1.emails.first
}])
end
it 'returns an empty array if the user info is not verified' do
user = create :user, email: 'unrelated@example.com'
gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: user
expect(gpg_key.verified_user_infos).to eq([])
end end
end end

8
spec/support/gpg_helpers.rb
View file

@ -98,6 +98,10 @@ module GpgHelpers
'5F7EA3981A5845B141ABD522CCFBE19F00AC8B1D' '5F7EA3981A5845B141ABD522CCFBE19F00AC8B1D'
end end
def names
['Nannie Bernhard']
end
def emails def emails
['nannie.bernhard@example.com'] ['nannie.bernhard@example.com']
end end
@ -187,6 +191,10 @@ module GpgHelpers
'6D494CA6FC90C0CAE0910E42BF9D925F911EFD65' '6D494CA6FC90C0CAE0910E42BF9D925F911EFD65'
end end
def names
['Bette Cartwright', 'Bette Cartwright']
end
def emails def emails
['bette.cartwright@example.com', 'bette.cartwright@example.net'] ['bette.cartwright@example.com', 'bette.cartwright@example.net']
end end