user may now revoke a gpg key

other than just removing a key, which doesn't affect the verified state
of a commit, revoking a key unverifies all signed commits.

1 files changed, 27 insertions, 0 deletions

diff --git a/spec/models/gpg_key_spec.rb b/spec/models/gpg_key_spec.rb
index ffbf8760e86..ddd0bbfb9ba 100644
--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -95,4 +95,31 @@ describe GpgKey do
       should_email(user)
     end
   end
+
+  describe '#revoke' do
+    it 'invalidates all associated gpg signatures and destroys the key' do
+      gpg_key = create :gpg_key
+      gpg_signature = create :gpg_signature, valid_signature: true, gpg_key: gpg_key
+
+      unrelated_gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
+      unrelated_gpg_signature = create :gpg_signature, valid_signature: true, gpg_key: unrelated_gpg_key
+
+      gpg_key.revoke
+
+      expect(gpg_signature.reload).to have_attributes(
+        valid_signature: false,
+        gpg_key: nil
+      )
+
+      expect(gpg_key.destroyed?).to be true
+
+      # unrelated signature is left untouched
+      expect(unrelated_gpg_signature.reload).to have_attributes(
+        valid_signature: true,
+        gpg_key: unrelated_gpg_key
+      )
+
+      expect(unrelated_gpg_key.destroyed?).to be false
+    end
+  end
 end