db: correctly unpublish all uids when a key is revoked

database/src/lib.rs

@@ -243,7 +243,7 @@ pub trait Database: Sync + Send {
                 if let Ok(email) = Email::try_from(uid) {
                     if is_status_revoked(binding.revoked(None)) {
                         Some((email, EmailAddressStatus::Revoked))
-                    } else if published_uids.contains(uid) {
+                    } else if !is_revoked && published_uids.contains(uid) {
                         Some((email, EmailAddressStatus::Published))
                     } else {
                         Some((email, EmailAddressStatus::NotPublished))
@@ -261,15 +261,20 @@ pub trait Database: Sync + Send {
             return Ok(ImportResult::Unchanged(TpkStatus { is_revoked, email_status, unparsed_uids }));
         }
 
-        let revoked_uids: Vec<UserID> = full_tpk_new
-            .userids()
-            .filter(|binding| is_status_revoked(binding.revoked(None)))
-            .map(|binding| binding.userid().clone())
-            .collect();
+        // If the key is revoked, consider all uids revoked
+        let newly_revoked_uids: Vec<&UserID> = if is_revoked {
+            published_uids.iter().collect()
+        } else {
+            let revoked_uids: Vec<UserID> = full_tpk_new
+                .userids()
+                .filter(|binding| is_status_revoked(binding.revoked(None)))
+                .map(|binding| binding.userid().clone())
+                .collect();
 
-        let newly_revoked_uids: Vec<&UserID> = published_uids.iter()
-            .filter(|uid| revoked_uids.contains(uid))
-            .collect();
+            published_uids.iter()
+                .filter(|uid| revoked_uids.contains(uid))
+                .collect()
+        };
 
         let published_tpk_new = tpk_filter_userids(
             &full_tpk_new, |uid| {

database/src/test.rs

@@ -522,6 +522,14 @@ pub fn test_upload_revoked_tpk(db: &mut impl Database, log_path: &Path) {
     let email2 = Email::from_str(str_uid2).unwrap();
     let fpr = Fingerprint::try_from(tpk.fingerprint()).unwrap();
 
+    // upload and publish one of the email addresses. those should be
+    // automatically depublished when we upload the revoked key!
+    db.merge(tpk.clone()).unwrap();
+    db.set_email_published(&fpr, &email1).unwrap();
+
+    assert!(db.by_email(&email1).is_some());
+    assert!(db.by_email(&email2).is_none());
+
     tpk = tpk.merge_packets(vec![revocation.into()]).unwrap();
     match tpk.revocation_status() {
         RevocationStatus::Revoked(_) => (),
@@ -539,6 +547,9 @@ pub fn test_upload_revoked_tpk(db: &mut impl Database, log_path: &Path) {
         ),
         unparsed_uids: 0,
     }, tpk_status);
+
+    assert!(db.by_email(&email1).is_none());
+    assert!(db.by_email(&email2).is_none());
 }
 
 pub fn test_uid_revocation(db: &mut impl Database, log_path: &Path) {