1 files changed, 48 insertions, 0 deletions

diff --git a/spec/services/keys/revoke_service_spec.rb b/spec/services/keys/revoke_service_spec.rb
new file mode 100644
index 00000000000..ec07701b4b7
--- /dev/null
+++ b/spec/services/keys/revoke_service_spec.rb
@@ -0,0 +1,48 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.describe Keys::RevokeService, feature_category: :source_code_management do
+  let(:user) { create(:user) }
+
+  subject(:service) { described_class.new(user) }
+
+  it 'destroys a key' do
+    key = create(:key)
+
+    expect { service.execute(key) }.to change { key.persisted? }.from(true).to(false)
+  end
+
+  it 'unverifies associated signatures' do
+    key = create(:key)
+    signature = create(:ssh_signature, key: key)
+
+    expect do
+      service.execute(key)
+    end.to change { signature.reload.key }.from(key).to(nil)
+      .and change { signature.reload.verification_status }.from('verified').to('revoked_key')
+  end
+
+  it 'does not unverifies signatures if destroy fails' do
+    key = create(:key)
+    signature = create(:ssh_signature, key: key)
+
+    expect(key).to receive(:destroy).and_return(false)
+
+    expect { service.execute(key) }.not_to change { signature.reload.verification_status }
+    expect(key).to be_persisted
+  end
+
+  context 'when revoke_ssh_signatures disabled' do
+    before do
+      stub_feature_flags(revoke_ssh_signatures: false)
+    end
+
+    it 'does not unverifies signatures' do
+      key = create(:key)
+      signature = create(:ssh_signature, key: key)
+
+      expect { service.execute(key) }.not_to change { signature.reload.verification_status }
+    end
+  end
+end