debian-mirror-gitlab/spec/features/signed_commits_spec.rb

188 lines
6.3 KiB
Ruby
Raw Normal View History

2019-02-15 15:39:39 +05:30
# frozen_string_literal: true
2018-03-17 18:26:18 +05:30
require 'spec_helper'
2023-03-04 22:38:38 +05:30
RSpec.describe 'GPG signed commits', feature_category: :source_code_management do
2019-02-15 15:39:39 +05:30
let(:project) { create(:project, :public, :repository) }
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
it 'changes from unverified to verified when the user changes their email to match the gpg key', :sidekiq_might_not_need_inline do
2019-02-15 15:39:39 +05:30
ref = GpgHelpers::SIGNED_AND_AUTHORED_SHA
user = create(:user, email: 'unrelated.user@example.org')
2018-03-17 18:26:18 +05:30
2018-11-18 11:00:15 +05:30
perform_enqueued_jobs do
2018-03-17 18:26:18 +05:30
create :gpg_key, key: GpgHelpers::User1.public_key, user: user
2021-12-11 22:18:48 +05:30
user.reload # necessary to reload the association with gpg_keys
2018-03-17 18:26:18 +05:30
end
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, ref)
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
expect(page).to have_selector('.gpg-status-box', text: 'Unverified')
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
# user changes their email which makes the gpg key verified
2018-11-18 11:00:15 +05:30
perform_enqueued_jobs do
2018-03-17 18:26:18 +05:30
user.skip_reconfirmation!
2018-11-18 11:00:15 +05:30
user.update!(email: GpgHelpers::User1.emails.first)
2018-03-17 18:26:18 +05:30
end
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, ref)
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
expect(page).to have_selector('.gpg-status-box', text: 'Verified')
2018-03-17 18:26:18 +05:30
end
2019-12-26 22:10:19 +05:30
it 'changes from unverified to verified when the user adds the missing gpg key', :sidekiq_might_not_need_inline do
2019-02-15 15:39:39 +05:30
ref = GpgHelpers::SIGNED_AND_AUTHORED_SHA
user = create(:user, email: GpgHelpers::User1.emails.first)
2018-03-17 18:26:18 +05:30
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, ref)
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
expect(page).to have_selector('.gpg-status-box', text: 'Unverified')
2018-03-17 18:26:18 +05:30
# user adds the gpg key which makes the signature valid
2018-11-18 11:00:15 +05:30
perform_enqueued_jobs do
2018-03-17 18:26:18 +05:30
create :gpg_key, key: GpgHelpers::User1.public_key, user: user
end
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, ref)
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
expect(page).to have_selector('.gpg-status-box', text: 'Verified')
2018-03-17 18:26:18 +05:30
end
2019-02-15 15:39:39 +05:30
context 'shows popover badges', :js do
2018-03-17 18:26:18 +05:30
let(:user_1) do
create :user, email: GpgHelpers::User1.emails.first, username: 'nannie.bernhard', name: 'Nannie Bernhard'
end
let(:user_1_key) do
2018-11-18 11:00:15 +05:30
perform_enqueued_jobs do
2018-03-17 18:26:18 +05:30
create :gpg_key, key: GpgHelpers::User1.public_key, user: user_1
end
end
let(:user_2) do
create(:user, email: GpgHelpers::User2.emails.first, username: 'bette.cartwright', name: 'Bette Cartwright').tap do |user|
# secondary, unverified email
2022-07-29 17:44:30 +05:30
create :email, user: user, email: 'mail@koffeinfrei.org'
2018-03-17 18:26:18 +05:30
end
end
let(:user_2_key) do
2018-11-18 11:00:15 +05:30
perform_enqueued_jobs do
2018-03-17 18:26:18 +05:30
create :gpg_key, key: GpgHelpers::User2.public_key, user: user_2
end
end
it 'unverified signature' do
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, GpgHelpers::SIGNED_COMMIT_SHA)
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
page.find('.gpg-status-box', text: 'Unverified').click
2018-11-08 19:23:39 +05:30
within '.popover' do
expect(page).to have_content 'This commit was signed with an unverified signature.'
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
2018-03-17 18:26:18 +05:30
end
end
2022-07-29 17:44:30 +05:30
it 'unverified signature: gpg key email does not match the committer_email but is the same user when the committer_email belongs to the user as a confirmed secondary email' do
2018-03-17 18:26:18 +05:30
user_2_key
2022-07-29 17:44:30 +05:30
user_2.emails.find_by(email: 'mail@koffeinfrei.org').confirm
2018-03-17 18:26:18 +05:30
2022-07-29 17:44:30 +05:30
visit project_commit_path(project, GpgHelpers::SIGNED_COMMIT_SHA)
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
page.find('.gpg-status-box', text: 'Unverified').click
2018-11-08 19:23:39 +05:30
within '.popover' do
2022-08-27 11:52:29 +05:30
expect(page).to have_content 'This commit was signed with a verified signature, but the committer email is not associated with the GPG Key.'
2018-11-08 19:23:39 +05:30
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
2018-03-17 18:26:18 +05:30
end
end
2022-07-29 17:44:30 +05:30
it 'unverified signature: gpg key email does not match the committer_email when the committer_email belongs to the user as a unconfirmed secondary email' do
2018-03-17 18:26:18 +05:30
user_2_key
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, GpgHelpers::SIGNED_COMMIT_SHA)
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
page.find('.gpg-status-box', text: 'Unverified').click
2018-11-08 19:23:39 +05:30
within '.popover' do
expect(page).to have_content "This commit was signed with a different user's verified signature."
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
2018-03-17 18:26:18 +05:30
end
end
2021-12-11 22:18:48 +05:30
it 'unverified signature: commit contains multiple GPG signatures' do
user_1_key
visit project_commit_path(project, GpgHelpers::MULTIPLE_SIGNATURES_SHA)
wait_for_all_requests
page.find('.gpg-status-box', text: 'Unverified').click
within '.popover' do
expect(page).to have_content "This commit was signed with multiple signatures."
end
end
2018-03-17 18:26:18 +05:30
it 'verified and the gpg user has a gitlab profile' do
user_1_key
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, GpgHelpers::SIGNED_AND_AUTHORED_SHA)
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
page.find('.gpg-status-box', text: 'Verified').click
2018-11-08 19:23:39 +05:30
within '.popover' do
2023-03-17 16:20:25 +05:30
expect(page).to have_content 'This commit was signed with a verified signature and the committer email was verified to belong to the same user.'
2018-11-08 19:23:39 +05:30
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
2018-03-17 18:26:18 +05:30
end
end
it "verified and the gpg user's profile doesn't exist anymore" do
user_1_key
2019-02-15 15:39:39 +05:30
visit project_commit_path(project, GpgHelpers::SIGNED_AND_AUTHORED_SHA)
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2018-03-17 18:26:18 +05:30
# wait for the signature to get generated
2020-03-13 15:44:24 +05:30
expect(page).to have_selector('.gpg-status-box', text: 'Verified')
2018-03-17 18:26:18 +05:30
user_1.destroy!
refresh
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2018-03-17 18:26:18 +05:30
2020-03-13 15:44:24 +05:30
page.find('.gpg-status-box', text: 'Verified').click
2018-11-08 19:23:39 +05:30
within '.popover' do
2023-03-17 16:20:25 +05:30
expect(page).to have_content 'This commit was signed with a verified signature and the committer email was verified to belong to the same user.'
2018-11-08 19:23:39 +05:30
expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
2018-03-17 18:26:18 +05:30
end
end
end
2019-12-26 22:10:19 +05:30
context 'view signed commit on the tree view', :js do
shared_examples 'a commit with a signature' do
before do
visit project_tree_path(project, 'signed-commits')
2020-07-28 23:09:34 +05:30
wait_for_all_requests
2019-12-26 22:10:19 +05:30
end
it 'displays commit signature' do
2020-03-13 15:44:24 +05:30
expect(page).to have_selector('.gpg-status-box', text: 'Unverified')
2019-12-26 22:10:19 +05:30
2020-03-13 15:44:24 +05:30
page.find('.gpg-status-box', text: 'Unverified').click
2019-12-26 22:10:19 +05:30
within '.popover' do
2021-12-11 22:18:48 +05:30
expect(page).to have_content 'This commit was signed with multiple signatures.'
2019-12-26 22:10:19 +05:30
end
end
end
context 'with vue tree view enabled' do
it_behaves_like 'a commit with a signature'
end
end
2018-03-17 18:26:18 +05:30
end