remove gpg from keychain when user's email changes

3 files changed, 89 insertions, 27 deletions

diff --git a/spec/features/commits_spec.rb b/spec/features/commits_spec.rb
index c303f29a832..79952eda2ff 100644
--- a/spec/features/commits_spec.rb
+++ b/spec/features/commits_spec.rb
@@ -206,7 +206,8 @@ describe 'Commits' do
   end
 
   describe 'GPG signed commits' do
-    let(:user) { create(:user) }
+    let!(:user) { create :user, email: GpgHelpers::User1.emails.first }
+    let!(:gpg_key) { create :gpg_key, key: GpgHelpers::User1.public_key, user: user }
 
     before do
       project.team << [user, :master]
@@ -214,8 +215,6 @@ describe 'Commits' do
     end
 
     it 'shows the signed status', :gpg do
-      GPGME::Key.import(GpgHelpers::User1.public_key)
-
       # FIXME: add this to the test repository directly
       remote_path = project.repository.path_to_repo
       Dir.mktmpdir do |dir|
@@ -233,6 +232,17 @@ describe 'Commits' do
         expect(page).to have_content 'Unverified'
         expect(page).to have_content 'Verified'
       end
+
+      # user changes his email which makes the gpg key unverified
+      user.skip_reconfirmation!
+      user.update_attributes!(email: 'bette.cartwright@example.org')
+
+      visit namespace_project_commits_path(project.namespace, project, :master)
+
+      within '#commits-list' do
+        expect(page).to have_content 'Unverified'
+        expect(page).not_to have_content 'Verified'
+      end
     end
   end
 end
diff --git a/spec/models/gpg_key_spec.rb b/spec/models/gpg_key_spec.rb
index 4292892da4f..18746ad9d88 100644
--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -22,33 +22,16 @@ describe GpgKey do
       end
     end
 
-    describe 'add_to_keychain' do
-      context "user's email matches one of the key's emails" do
-        it 'calls .add after create' do
-          expect(Gitlab::Gpg::CurrentKeyChain).to receive(:add).with(GpgHelpers::User2.public_key)
-          user = create :user, email: GpgHelpers::User2.emails.first
-          create :gpg_key, user: user, key: GpgHelpers::User2.public_key
-        end
+    describe 'synchronize_keychain' do
+      it 'calls #synchronize_keychain after create' do
+        gpg_key = build :gpg_key
+        expect(gpg_key).to receive(:synchronize_keychain)
+        gpg_key.save!
       end
 
-      context "user's email does not match one of the key's emails" do
-        it 'does not call .add after create' do
-          expect(Gitlab::Gpg::CurrentKeyChain).not_to receive(:add)
-          user = create :user
-          create :gpg_key, user: user, key: GpgHelpers::User2.public_key
-        end
-      end
-    end
-
-    describe 'remove_from_keychain' do
-      it 'calls remove_from_keychain after destroy' do
-        allow(Gitlab::Gpg::CurrentKeyChain).to receive :add
+      it 'calls #remove_from_keychain after destroy' do
         gpg_key = create :gpg_key
-
-        expect(
-          Gitlab::Gpg::CurrentKeyChain
-        ).to receive(:remove).with(GpgHelpers::User1.fingerprint)
-
+        expect(gpg_key).to receive(:synchronize_keychain)
         gpg_key.destroy!
       end
     end
@@ -76,6 +59,15 @@ describe GpgKey do
     end
   end
 
+  describe '#emails_in_keychain', :gpg do
+    it 'returns the emails from the keychain' do
+      user = create :user, email: GpgHelpers::User1.emails.first
+      gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: user
+
+      expect(gpg_key.emails_in_keychain).to eq GpgHelpers::User1.emails
+    end
+  end
+
   describe '#emails_with_verified_status', :gpg do
     context 'key is in the keychain' do
       it 'email is verified if the user has the matching email' do
@@ -104,6 +96,46 @@ describe GpgKey do
     end
   end
 
+  describe '#synchronize_keychain', :gpg do
+    context "user's email matches one of the key's emails" do
+      it 'adds the key to the keychain' do
+        user = create :user, email: GpgHelpers::User1.emails.first
+        gpg_key = create :gpg_key, user: user
+
+        expect(gpg_key).to receive(:add_to_keychain)
+
+        gpg_key.synchronize_keychain
+      end
+    end
+
+    context "user's email does not match one of the key's emails" do
+      it 'does not add the key to the keychain' do
+        user = create :user, email: 'stepanie@cole.us'
+        gpg_key = create :gpg_key, user: user
+
+        expect(gpg_key).to receive(:remove_from_keychain)
+
+        gpg_key.synchronize_keychain
+      end
+    end
+  end
+
+  describe '#add_to_keychain', :gpg do
+    it 'calls .add_to_keychain' do
+      expect(Gitlab::Gpg::CurrentKeyChain).to receive(:add).with(GpgHelpers::User2.public_key)
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
+      gpg_key.send(:add_to_keychain)
+    end
+  end
+
+  describe '#remove_from_keychain', :gpg do
+    it 'calls .remove_from_keychain' do
+      allow(Gitlab::Gpg::CurrentKeyChain).to receive(:remove).with(GpgHelpers::User2.fingerprint)
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key
+      gpg_key.send(:remove_from_keychain)
+    end
+  end
+
   describe 'notification' do
     include EmailHelpers
 
diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb
index 20bdb7e37da..60979fd6c06 100644
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1956,4 +1956,24 @@ describe User, models: true do
       expect(user.allow_password_authentication?).to be_falsey
     end
   end
+
+  context 'callbacks' do
+    context '.synchronize_gpg_keys' do
+      let(:user) do
+        create(:user, email: 'tula.torphy@abshire.ca').tap do |user|
+          user.skip_reconfirmation!
+        end
+      end
+
+      it 'does nothing when the name is updated' do
+        expect(user).not_to receive(:synchronize_gpg_keys)
+        user.update_attributes!(name: 'Bette')
+      end
+
+      it 'synchronizes the gpg keys when the email is updated' do
+        expect(user).to receive(:synchronize_gpg_keys)
+        user.update_attributes!(email: 'shawnee.ritchie@denesik.com')
+      end
+    end
+  end
 end