match the committer's email against the gpg key

the updated verification of a gpg signature requires the committer's email to also match the user's and the key's emails.
author: Alexis Reigel <mail@koffeinfrei.org> 2017-08-24 14:21:30 +0200
committer: Alexis Reigel <mail@koffeinfrei.org> 2017-09-05 12:18:31 +0200
commit: 64855c8e30c53004b2e2c2a65f131f8ab7efa41c (patch)
tree: 2f9a4b4a6ae80847e1f88f068faa7ecb297d0535 /spec/models/gpg_key_spec.rb
parent: 508ff17b3405a4e2275fa137bd7322b728db8ed4 (diff)
download: gitlab-ce-64855c8e30c53004b2e2c2a65f131f8ab7efa41c.tar.gz
1 files changed, 28 insertions, 2 deletions
diff --git a/spec/models/gpg_key_spec.rb b/spec/models/gpg_key_spec.rb
index e48f20bf53b..d436aee6ea3 100644
--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -99,14 +99,14 @@ describe GpgKey do
   end
 
   describe '#verified?' do
-    it 'returns true one of the email addresses in the key belongs to the user' do
+    it 'returns true if one of the email addresses in the key belongs to the user' do
       user = create :user, email: 'bette.cartwright@example.com'
       gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
 
       expect(gpg_key.verified?).to be_truthy
     end
 
-    it 'returns false if one of the email addresses in the key does not belong to the user' do
+    it 'returns false if none of the email addresses in the key does not belong to the user' do
       user = create :user, email: 'someone.else@example.com'
       gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
 
@@ -114,6 +114,32 @@ describe GpgKey do
     end
   end
 
+  describe 'verified_and_belongs_to_email?' do
+    it 'returns false if none of the email addresses in the key does not belong to the user' do
+      user = create :user, email: 'someone.else@example.com'
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
+
+      expect(gpg_key.verified?).to be_falsey
+      expect(gpg_key.verified_and_belongs_to_email?('someone.else@example.com')).to be_falsey
+    end
+
+    it 'returns false if one of the email addresses in the key belongs to the user and does not match the provided email' do
+      user = create :user, email: 'bette.cartwright@example.com'
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
+
+      expect(gpg_key.verified?).to be_truthy
+      expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.net')).to be_falsey
+    end
+
+    it 'returns true if one of the email addresses in the key belongs to the user and matches the provided email' do
+      user = create :user, email: 'bette.cartwright@example.com'
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
+
+      expect(gpg_key.verified?).to be_truthy
+      expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.com')).to be_truthy
+    end
+  end
+
   describe 'notification', :mailer do
     let(:user) { create(:user) }
author	Alexis Reigel <mail@koffeinfrei.org>	2017-08-24 14:21:30 +0200
committer	Alexis Reigel <mail@koffeinfrei.org>	2017-09-05 12:18:31 +0200
commit	64855c8e30c53004b2e2c2a65f131f8ab7efa41c (patch)
tree	2f9a4b4a6ae80847e1f88f068faa7ecb297d0535 /spec/models/gpg_key_spec.rb
parent	508ff17b3405a4e2275fa137bd7322b728db8ed4 (diff)
download	gitlab-ce-64855c8e30c53004b2e2c2a65f131f8ab7efa41c.tar.gz