signed_commits_spec.rb 5.81 KB
Newer Older
1 2 3
require 'spec_helper'

describe 'GPG signed commits', :js do
4
  set(:ref) { :'2d1096e3a0ecf1d2baf6dee036cc80775d4940ba' }
5 6 7 8
  let(:project) { create(:project, :repository) }

  it 'changes from unverified to verified when the user changes his email to match the gpg key' do
    user = create :user, email: 'unrelated.user@example.org'
9
    project.add_maintainer(user)
10

11
    perform_enqueued_jobs do
12 13 14 15 16
      create :gpg_key, key: GpgHelpers::User1.public_key, user: user
    end

    sign_in(user)

17
    visit project_commits_path(project, ref)
18 19 20 21 22 23 24

    within '#commits-list' do
      expect(page).to have_content 'Unverified'
      expect(page).not_to have_content 'Verified'
    end

    # user changes his email which makes the gpg key verified
25
    perform_enqueued_jobs do
26
      user.skip_reconfirmation!
Lin Jen-Shin's avatar
Lin Jen-Shin committed
27
      user.update!(email: GpgHelpers::User1.emails.first)
28 29
    end

30
    visit project_commits_path(project, ref)
31 32 33 34 35 36 37 38 39

    within '#commits-list' do
      expect(page).to have_content 'Unverified'
      expect(page).to have_content 'Verified'
    end
  end

  it 'changes from unverified to verified when the user adds the missing gpg key' do
    user = create :user, email: GpgHelpers::User1.emails.first
40
    project.add_maintainer(user)
41 42 43

    sign_in(user)

44
    visit project_commits_path(project, ref)
45 46 47 48 49 50 51

    within '#commits-list' do
      expect(page).to have_content 'Unverified'
      expect(page).not_to have_content 'Verified'
    end

    # user adds the gpg key which makes the signature valid
52
    perform_enqueued_jobs do
53 54 55
      create :gpg_key, key: GpgHelpers::User1.public_key, user: user
    end

56
    visit project_commits_path(project, ref)
57 58 59 60 61 62 63

    within '#commits-list' do
      expect(page).to have_content 'Unverified'
      expect(page).to have_content 'Verified'
    end
  end

64 65 66
  context 'shows popover badges' do
    let(:user_1) do
      create :user, email: GpgHelpers::User1.emails.first, username: 'nannie.bernhard', name: 'Nannie Bernhard'
67 68
    end

69
    let(:user_1_key) do
70
      perform_enqueued_jobs do
71 72 73
        create :gpg_key, key: GpgHelpers::User1.public_key, user: user_1
      end
    end
74

75 76 77 78 79 80
    let(:user_2) do
      create(:user, email: GpgHelpers::User2.emails.first, username: 'bette.cartwright', name: 'Bette Cartwright').tap do |user|
        # secondary, unverified email
        create :email, user: user, email: GpgHelpers::User2.emails.last
      end
    end
81

82
    let(:user_2_key) do
83
      perform_enqueued_jobs do
84 85
        create :gpg_key, key: GpgHelpers::User2.public_key, user: user_2
      end
86 87
    end

88 89
    before do
      user = create :user
90
      project.add_maintainer(user)
91 92

      sign_in(user)
93 94
    end

95
    it 'unverified signature' do
96
      visit project_commits_path(project, ref)
97

98 99
      within(find('.commit', text: 'signed commit by bette cartwright')) do
        click_on 'Unverified'
Clement Ho's avatar
Clement Ho committed
100 101 102 103 104
      end

      within '.popover' do
        expect(page).to have_content 'This commit was signed with an unverified signature.'
        expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
105 106 107 108 109 110
      end
    end

    it 'unverified signature: user email does not match the committer email, but is the same user' do
      user_2_key

111
      visit project_commits_path(project, ref)
112 113 114

      within(find('.commit', text: 'signed and authored commit by bette cartwright, different email')) do
        click_on 'Unverified'
Clement Ho's avatar
Clement Ho committed
115 116 117 118 119 120 121
      end

      within '.popover' do
        expect(page).to have_content 'This commit was signed with a verified signature, but the committer email is not verified to belong to the same user.'
        expect(page).to have_content 'Bette Cartwright'
        expect(page).to have_content '@bette.cartwright'
        expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
122 123 124 125 126 127
      end
    end

    it 'unverified signature: user email does not match the committer email' do
      user_2_key

128
      visit project_commits_path(project, ref)
129 130 131

      within(find('.commit', text: 'signed commit by bette cartwright')) do
        click_on 'Unverified'
Clement Ho's avatar
Clement Ho committed
132 133 134 135 136 137 138
      end

      within '.popover' do
        expect(page).to have_content "This commit was signed with a different user's verified signature."
        expect(page).to have_content 'Bette Cartwright'
        expect(page).to have_content '@bette.cartwright'
        expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
139 140 141 142 143 144
      end
    end

    it 'verified and the gpg user has a gitlab profile' do
      user_1_key

145
      visit project_commits_path(project, ref)
146 147 148

      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
        click_on 'Verified'
Clement Ho's avatar
Clement Ho committed
149 150 151 152 153 154 155
      end

      within '.popover' do
        expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
        expect(page).to have_content 'Nannie Bernhard'
        expect(page).to have_content '@nannie.bernhard'
        expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
156 157 158 159 160 161
      end
    end

    it "verified and the gpg user's profile doesn't exist anymore" do
      user_1_key

162
      visit project_commits_path(project, ref)
163 164 165 166 167 168 169 170 171

      # wait for the signature to get generated
      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
        expect(page).to have_content 'Verified'
      end

      user_1.destroy!

      refresh
172

173 174
      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
        click_on 'Verified'
Clement Ho's avatar
Clement Ho committed
175 176 177 178 179 180 181
      end

      within '.popover' do
        expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
        expect(page).to have_content 'Nannie Bernhard'
        expect(page).to have_content 'nannie.bernhard@example.com'
        expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
182
      end
183 184 185
    end
  end
end