diff options
| author | Alexis Reigel <mail@koffeinfrei.org> | 2017-06-14 11:51:34 +0200 |
|---|---|---|
| committer | Alexis Reigel <mail@koffeinfrei.org> | 2017-07-27 15:42:53 +0200 |
| commit | 69e511c4c2a0409fa69658cf95bf5c4072b2b2d0 (patch) | |
| tree | 416321052fa4614973a5f29c8f76c05c97b6d84a /spec | |
| parent | 8236b12dff3df6d223888664c820ae54b4e0eaf7 (diff) | |
| download | gitlab-ce-69e511c4c2a0409fa69658cf95bf5c4072b2b2d0.tar.gz | |
cache the gpg commit signature
we store the result of the gpg commit verification in the db because the
gpg verification is an expensive operation.
Diffstat (limited to 'spec')
| -rw-r--r-- | spec/lib/gitlab/gpg/commit_spec.rb | 53 | ||||
| -rw-r--r-- | spec/models/commit_spec.rb | 88 |
2 files changed, 118 insertions, 23 deletions
diff --git a/spec/lib/gitlab/gpg/commit_spec.rb b/spec/lib/gitlab/gpg/commit_spec.rb new file mode 100644 index 00000000000..8b1747eebcc --- /dev/null +++ b/spec/lib/gitlab/gpg/commit_spec.rb @@ -0,0 +1,53 @@ +require 'rails_helper' + +RSpec.describe Gitlab::Gpg::Commit do + describe '#signature' do + let!(:project) { create :project, :repository, path: 'sample-project' } + + context 'known public key' do + it 'returns a valid signature' do + gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key + + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! + + commit = create :commit, + git_commit: raw_commit, + project: project + + expect(described_class.new(commit).signature).to have_attributes( + commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', + project: project, + gpg_key: gpg_key, + gpg_key_primary_keyid: GpgHelpers::User1.primary_keyid, + valid_signature: true + ) + end + end + + context 'unknown public key' do + it 'returns an invalid signature', :gpg do + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! + + commit = create :commit, + git_commit: raw_commit, + project: project + + expect(described_class.new(commit).signature).to have_attributes( + commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', + project: project, + gpg_key: nil, + gpg_key_primary_keyid: nil, + valid_signature: false + ) + end + end + end +end diff --git a/spec/models/commit_spec.rb b/spec/models/commit_spec.rb index 96af675c3f4..4370c78e6fd 100644 --- a/spec/models/commit_spec.rb +++ b/spec/models/commit_spec.rb @@ -421,36 +421,78 @@ eos end context 'signed commit', :gpg do - it 'returns a valid signature if the public key is known' do - create :gpg_key, key: GpgHelpers::User1.public_key + context 'known public key' do + it 'returns a valid signature' do + create :gpg_key, key: GpgHelpers::User1.public_key - raw_commit = double(:raw_commit, signature: [ - GpgHelpers::User1.signed_commit_signature, - GpgHelpers::User1.signed_commit_base_data - ]) - allow(raw_commit).to receive :save! + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! - commit = create :commit, - git_commit: raw_commit, - project: project + commit = create :commit, + git_commit: raw_commit, + project: project - expect(commit.signature).to be_a GPGME::Signature - expect(commit.signature.valid?).to be_truthy + expect(commit.signature.valid_signature?).to be_truthy + end + + it 'returns the cached validation result on second call', :gpg do + create :gpg_key, key: GpgHelpers::User1.public_key + + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! + + commit = create :commit, + git_commit: raw_commit, + project: project + + expect(Gitlab::Gpg::Commit).to receive(:new).and_call_original + expect(commit.signature.valid_signature?).to be_truthy + + # second call returns the cache + expect(Gitlab::Gpg::Commit).not_to receive(:new).and_call_original + expect(commit.signature.valid_signature?).to be_truthy + end end - it 'returns an invalid signature if the public key is unknown', :gpg do - raw_commit = double(:raw_commit, signature: [ - GpgHelpers::User1.signed_commit_signature, - GpgHelpers::User1.signed_commit_base_data - ]) - allow(raw_commit).to receive :save! + context 'unknown public key' do + it 'returns an invalid signature if the public key is unknown', :gpg do + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! - commit = create :commit, - git_commit: raw_commit, - project: project + commit = create :commit, + git_commit: raw_commit, + project: project - expect(commit.signature).to be_a GPGME::Signature - expect(commit.signature.valid?).to be_falsey + expect(commit.signature.valid_signature?).to be_falsey + end + + it 'returns the cached validation result on second call', :gpg do + raw_commit = double(:raw_commit, signature: [ + GpgHelpers::User1.signed_commit_signature, + GpgHelpers::User1.signed_commit_base_data + ], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33') + allow(raw_commit).to receive :save! + + commit = create :commit, + git_commit: raw_commit, + project: project + + expect(Gitlab::Gpg::Commit).to receive(:new).and_call_original + expect(commit.signature.valid_signature?).to be_falsey + + # second call returns the cache + expect(Gitlab::Gpg::Commit).not_to receive(:new).and_call_original + expect(commit.signature.valid_signature?).to be_falsey + end end end end |