root
/
gitlab-ce
mirror of https://gitlab.com/free-releases/gitlab-ce.git
1
0
Fork 0
Code Issues Actions Packages Projects Releases Wiki Activity

move signature cache read to Gpg::Commit 

as we write the cache in the gpg commit class already the read should
also happen there.

This also removes all logic from the main commit class, which just
proxies the call to the Gpg::Commit now.
This commit is contained in:
Alexis Reigel 2017-06-15 10:28:28 +02:00
parent 7b616d39ef
commit 34810acd6c
4 changed files with 52 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
app/models/commit.rb
View File

@ -237,11 +237,6 @@ class Commit
def signature
return @signature if defined?(@signature)
@signature = nil
cached_signature = GpgSignature.find_by(commit_sha: sha)
return cached_signature if cached_signature.present?
@signature = Gitlab::Gpg::Commit.new(self).signature
end

3
lib/gitlab/gpg/commit.rb
View File

@ -16,6 +16,9 @@ module Gitlab
def signature
return unless has_signature?
cached_signature = GpgSignature.find_by(commit_sha: commit.sha)
return cached_signature if cached_signature.present?
Gitlab::Gpg.using_tmp_keychain do
# first we need to get the keyid from the signature to query the gpg
# key belonging to the keyid.

61
spec/lib/gitlab/gpg/commit_spec.rb
View File

@ -11,19 +11,21 @@ RSpec.describe Gitlab::Gpg::Commit do
end
context 'known and verified public key' do
it 'returns a valid signature' do
gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key, user: create(:user, email: GpgHelpers::User1.emails.first)
let!(:gpg_key) do
create :gpg_key, key: GpgHelpers::User1.public_key, user: create(:user, email: GpgHelpers::User1.emails.first)
end
let!(:commit) do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
git_commit: raw_commit,
project: project
create :commit, git_commit: raw_commit, project: project
end
it 'returns a valid signature' do
expect(described_class.new(commit).signature).to have_attributes(
commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33',
project: project,
@ -32,22 +34,33 @@ RSpec.describe Gitlab::Gpg::Commit do
valid_signature: true
)
end
it 'returns the cached signature on second call' do
gpg_commit = described_class.new(commit)
expect(gpg_commit).to receive(:verified_signature).twice.and_call_original
gpg_commit.signature
# consecutive call
expect(gpg_commit).not_to receive(:verified_signature).and_call_original
gpg_commit.signature
end
end
context 'known but unverified public key' do
it 'returns an invalid signature' do
gpg_key = create :gpg_key, key: GpgHelpers::User1.public_key
let!(:gpg_key) { create :gpg_key, key: GpgHelpers::User1.public_key }
let!(:commit) do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
git_commit: raw_commit,
project: project
create :commit, git_commit: raw_commit, project: project
end
it 'returns an invalid signature' do
expect(described_class.new(commit).signature).to have_attributes(
commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33',
project: project,
@ -56,20 +69,33 @@ RSpec.describe Gitlab::Gpg::Commit do
valid_signature: false
)
end
it 'returns the cached signature on second call' do
gpg_commit = described_class.new(commit)
expect(gpg_commit).to receive(:verified_signature).and_call_original
gpg_commit.signature
# consecutive call
expect(gpg_commit).not_to receive(:verified_signature).and_call_original
gpg_commit.signature
end
end
context 'unknown public key' do
it 'returns an invalid signature', :gpg do
let!(:commit) do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
create :commit,
git_commit: raw_commit,
project: project
end
it 'returns an invalid signature' do
expect(described_class.new(commit).signature).to have_attributes(
commit_sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33',
project: project,
@ -78,6 +104,17 @@ RSpec.describe Gitlab::Gpg::Commit do
valid_signature: false
)
end
it 'returns the cached signature on second call' do
gpg_commit = described_class.new(commit)
expect(gpg_commit).to receive(:verified_signature).and_call_original
gpg_commit.signature
# consecutive call
expect(gpg_commit).not_to receive(:verified_signature).and_call_original
gpg_commit.signature
end
end
end
end

82
spec/models/commit_spec.rb
View File

@ -414,86 +414,4 @@ eos
expect(described_class.valid_hash?('a' * 41)).to be false
end
end
describe '#signature' do
it 'returns nil if the commit is not signed' do
expect(commit.signature).to be_nil
end
context 'signed commit', :gpg do
context 'known public key' do
it 'returns a valid signature' do
create :gpg_key, key: GpgHelpers::User1.public_key
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
git_commit: raw_commit,
project: project
expect(commit.signature.valid_signature?).to be_truthy
end
it 'returns the cached validation result on second call', :gpg do
create :gpg_key, key: GpgHelpers::User1.public_key
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
git_commit: raw_commit,
project: project
expect(Gitlab::Gpg::Commit).to receive(:new).and_call_original
expect(commit.signature.valid_signature?).to be_truthy
# second call returns the cache
expect(Gitlab::Gpg::Commit).not_to receive(:new).and_call_original
expect(commit.signature.valid_signature?).to be_truthy
end
end
context 'unknown public key' do
it 'returns an invalid signature if the public key is unknown', :gpg do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
git_commit: raw_commit,
project: project
expect(commit.signature.valid_signature?).to be_falsey
end
it 'returns the cached validation result on second call', :gpg do
raw_commit = double(:raw_commit, signature: [
GpgHelpers::User1.signed_commit_signature,
GpgHelpers::User1.signed_commit_base_data
], sha: '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33')
allow(raw_commit).to receive :save!
commit = create :commit,
git_commit: raw_commit,
project: project
expect(Gitlab::Gpg::Commit).to receive(:new).and_call_original
expect(commit.signature.valid_signature?).to be_falsey
# second call returns the cache
expect(Gitlab::Gpg::Commit).not_to receive(:new).and_call_original
expect(commit.signature.valid_signature?).to be_falsey
end
end
end
end
end