diff options
author | Brett Walker <brett@digitalmoksha.com> | 2017-09-11 19:12:57 +0200 |
---|---|---|
committer | Brett Walker <brett@digitalmoksha.com> | 2017-09-23 15:24:53 +0200 |
commit | a9b31786971d83c193a1430df7c5c4550ba5aa6b (patch) | |
tree | f44fc10f5eb558644dfa3e246d88e3b721ebd03d | |
parent | 4457ae827251904c28a30c3db06e05495a42b484 (diff) | |
download | gitlab-ce-a9b31786971d83c193a1430df7c5c4550ba5aa6b.tar.gz |
Make GPG signature verification work with non-primary email (#36959)
-rw-r--r-- | app/models/user.rb | 15 | ||||
-rw-r--r-- | doc/user/project/repository/gpg_signed_commits/index.md | 4 | ||||
-rw-r--r-- | spec/factories/emails.rb | 2 | ||||
-rw-r--r-- | spec/models/gpg_key_spec.rb | 13 | ||||
-rw-r--r-- | spec/models/user_spec.rb | 56 |
5 files changed, 68 insertions, 22 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 09c9b3250eb..cdc7c8ad84a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -817,6 +817,17 @@ class User < ActiveRecord::Base all_emails end + def all_verified_emails + verified_emails = [] + verified_emails << email if confirmed? && !temp_oauth_email? + verified_emails.concat(emails.select {|e| e.confirmed?}.map(&:email)) + verified_emails + end + + def verified_email?(email) + all_verified_emails.include?(email) + end + def hook_attrs { name: name, @@ -1041,10 +1052,6 @@ class User < ActiveRecord::Base ensure_rss_token! end - def verified_email?(email) - self.email == email - end - def sync_attribute?(attribute) return true if ldap_user? && attribute == :email diff --git a/doc/user/project/repository/gpg_signed_commits/index.md b/doc/user/project/repository/gpg_signed_commits/index.md index dfe43c6b691..d4ef6a58a11 100644 --- a/doc/user/project/repository/gpg_signed_commits/index.md +++ b/doc/user/project/repository/gpg_signed_commits/index.md @@ -26,7 +26,7 @@ to be uploaded to GitLab. For a signature to be verified three conditions need to be met: 1. The public key needs to be added your GitLab account -1. One of the emails in the GPG key matches your **primary** email +1. One of the emails in the GPG key matches a **verified** email address you use in GitLab 1. The committer's email matches the verified email from the gpg key ## Generating a GPG key @@ -94,7 +94,7 @@ started: ``` 1. Enter you real name, the email address to be associated with this key (should - match the primary email address you use in GitLab) and an optional comment + match a verified email address you use in GitLab) and an optional comment (press <kbd>Enter</kbd> to skip): ``` diff --git a/spec/factories/emails.rb b/spec/factories/emails.rb index 8303861bcfe..c9ab87a15aa 100644 --- a/spec/factories/emails.rb +++ b/spec/factories/emails.rb @@ -2,5 +2,7 @@ FactoryGirl.define do factory :email do user email { generate(:email_alias) } + + trait(:confirmed) { confirmed_at Time.now } end end diff --git a/spec/models/gpg_key_spec.rb b/spec/models/gpg_key_spec.rb index fadc8bfeb61..49c608b284f 100644 --- a/spec/models/gpg_key_spec.rb +++ b/spec/models/gpg_key_spec.rb @@ -88,12 +88,21 @@ describe GpgKey do describe '#emails_with_verified_status' do it 'email is verified if the user has the matching email' do - user = create :user, email: 'bette.cartwright@example.com' + user = create :user, email: 'bette.cartwright@example.com' gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user + email_unconfirmed = create :email, user: user + user.reload + + expect(gpg_key.emails_with_verified_status).to eq( + 'bette.cartwright@example.com' => true, + 'bette.cartwright@example.net' => false + ) + email_confirmed = create :email, :confirmed, user: user, email: 'bette.cartwright@example.net' + user.reload expect(gpg_key.emails_with_verified_status).to eq( 'bette.cartwright@example.com' => true, - 'bette.cartwright@example.net' => false + 'bette.cartwright@example.net' => true ) end end diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index c1affa812aa..e047027adab 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -1093,6 +1093,48 @@ describe User do end end + describe '#all_emails' do + let(:user) { create(:user) } + + it 'returns all emails' do + email_confirmed = create :email, user: user, confirmed_at: Time.now + email_unconfirmed = create :email, user: user + user.reload + expect(user.all_emails).to eq([user.email, email_unconfirmed.email, email_confirmed.email]) + end + end + + describe '#all_verified_emails' do + let(:user) { create(:user) } + + it 'returns only confirmed emails' do + email_confirmed = create :email, user: user, confirmed_at: Time.now + email_unconfirmed = create :email, user: user + user.reload + expect(user.all_verified_emails).to eq([user.email, email_confirmed.email]) + end + end + + describe '#verified_email?' do + let(:user) { create(:user) } + + it 'returns true when the email is verified/confirmed' do + email_confirmed = create :email, user: user, confirmed_at: Time.now + email_unconfirmed = create :email, user: user + user.reload + + expect(user.verified_email?(user.email)).to be_truthy + expect(user.verified_email?(email_confirmed.email)).to be_truthy + end + + it 'returns false when the email is not verified/confirmed' do + email_unconfirmed = create :email, user: user + user.reload + + expect(user.verified_email?(email_unconfirmed.email)).to be_falsy + end + end + describe '#requires_ldap_check?' do let(:user) { described_class.new } @@ -2073,20 +2115,6 @@ describe User do end end - describe '#verified_email?' do - it 'returns true when the email is the primary email' do - user = build :user, email: 'email@example.com' - - expect(user.verified_email?('email@example.com')).to be true - end - - it 'returns false when the email is not the primary email' do - user = build :user, email: 'email@example.com' - - expect(user.verified_email?('other_email@example.com')).to be false - end - end - describe '#sync_attribute?' do let(:user) { described_class.new } |