update signature badges to reflect new states

936be35b · Alexis Reigel · 978252a3 · 936be35b · 936be35b · 936be35b
Commit 936be35b authored Aug 30, 2017 by Alexis Reigel
8 changed files
--- a/app/views/projects/commit/_other_user_signature_badge.html.haml
+++ b/app/views/projects/commit/_other_user_signature_badge.html.haml
+- title = capture do
+  .gpg-popover-icon.invalid
+    = render 'shared/icons/icon_status_notfound_borderless.svg'
+  %div
+    This commit was signed with a different user's verified signature.
+- content = capture do
+  = render partial: 'projects/commit/signature_badge_user', locals: { signature: signature }
+- locals = { signature: signature, title: title, content: content, label: 'Unverified', css_classes: ['invalid'] }
+= render partial: 'projects/commit/signature_badge', locals: locals
--- a/app/views/projects/commit/_same_user_different_email_signature_badge.html.haml
+++ b/app/views/projects/commit/_same_user_different_email_signature_badge.html.haml
+- title = capture do
+  .gpg-popover-icon.invalid
+    = render 'shared/icons/icon_status_notfound_borderless.svg'
+  %div
+    This commit was signed with a verified signature, but the committer email
+    is <strong>not verified</strong> to belong to the same user.
+- content = capture do
+  = render partial: 'projects/commit/signature_badge_user', locals: { signature: signature }
+- locals = { signature: signature, title: title, content: content, label: 'Unverified', css_classes: ['invalid'] }
+= render partial: 'projects/commit/signature_badge', locals: locals
--- a/app/views/projects/commit/_signature.html.haml
+++ b/app/views/projects/commit/_signature.html.haml
 - if signature
-  - if signature.verified?
+  = render partial: "projects/commit/#{signature.verification_status}_signature_badge", locals: { signature: signature }
-    = render partial: 'projects/commit/valid_signature_badge', locals: { signature: signature }
-  - else
-    = render partial: 'projects/commit/invalid_signature_badge', locals: { signature: signature }
--- a/app/views/projects/commit/_unknown_key_signature_badge.html.haml
+++ b/app/views/projects/commit/_unknown_key_signature_badge.html.haml
+= render partial: 'projects/commit/unverified_signature_badge', locals: { signature: signature }
--- a/app/views/projects/commit/_unverified_key_signature_badge.html.haml
+++ b/app/views/projects/commit/_unverified_key_signature_badge.html.haml
+= render partial: 'projects/commit/unverified_signature_badge', locals: { signature: signature }
--- a/app/views/projects/commit/_invalid_signature_badge.html.haml
+++ b/app/views/projects/commit/_invalid_signature_badge.html.haml
--- a/app/views/projects/commit/_valid_signature_badge.html.haml
+++ b/app/views/projects/commit/_valid_signature_badge.html.haml
@@ -2,7 +2,8 @@
  .gpg-popover-icon.valid
    = render 'shared/icons/icon_status_success_borderless.svg'
  %div
-    This commit was signed with a <strong>verified</strong> signature.
+    This commit was signed with a <strong>verified</strong> signature and the
+    committer email is verified to belong to the same user.
 - content = capture do
  = render partial: 'projects/commit/signature_badge_user', locals: { signature: signature }

--- a/spec/features/signed_commits_spec.rb
+++ b/spec/features/signed_commits_spec.rb
@@ -60,45 +60,120 @@ describe 'GPG signed commits', :js do
    end
  end
-  it 'shows popover badges' do
+  context 'shows popover badges' do
-    gpg_user = create :user, email: GpgHelpers::User1.emails.first, username: 'nannie.bernhard', name: 'Nannie Bernhard'
+    let(:user_1) do
-    Sidekiq::Testing.inline! do
+      create :user, email: GpgHelpers::User1.emails.first, username: 'nannie.bernhard', name: 'Nannie Bernhard'
-      create :gpg_key, key: GpgHelpers::User1.public_key, user: gpg_user
    end
-    user = create :user
+    let(:user_1_key) do
-    project.team << [user, :master]
+      Sidekiq::Testing.inline! do
+        create :gpg_key, key: GpgHelpers::User1.public_key, user: user_1
+      end
+    end
-    sign_in(user)
+    let(:user_2) do
-    visit project_commits_path(project, :'signed-commits')
+      create(:user, email: GpgHelpers::User2.emails.first, username: 'bette.cartwright', name: 'Bette Cartwright').tap do |user|
+        # secondary, unverified email
+        create :email, user: user, email: GpgHelpers::User2.emails.last
+      end
+    end
-    # unverified signature
+    let(:user_2_key) do
-    click_on 'Unverified', match: :first
+      Sidekiq::Testing.inline! do
-    within '.popover' do
+        create :gpg_key, key: GpgHelpers::User2.public_key, user: user_2
-      expect(page).to have_content 'This commit was signed with an unverified signature.'
+      end
-      expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
    end
-    # verified and the gpg user has a gitlab profile
+    before do
-    click_on 'Verified', match: :first
+      user = create :user
-    within '.popover' do
+      project.team << [user, :master]
-      expect(page).to have_content 'This commit was signed with a verified signature.'
-      expect(page).to have_content 'Nannie Bernhard'
+      sign_in(user)
-      expect(page).to have_content '@nannie.bernhard'
-      expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
    end
-    # verified and the gpg user's profile doesn't exist anymore
+    it 'unverified signature' do
-    gpg_user.destroy!
+      visit project_commits_path(project, :'signed-commits')
-    visit project_commits_path(project, :'signed-commits')
+      within(find('.commit', text: 'signed commit by bette cartwright')) do
+        click_on 'Unverified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with an unverified signature.'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
+        end
+      end
+    end
+    it 'unverified signature: user email does not match the committer email, but is the same user' do
+      user_2_key
+      visit project_commits_path(project, :'signed-commits')
+      within(find('.commit', text: 'signed and authored commit by bette cartwright, different email')) do
+        click_on 'Unverified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with a verified signature, but the committer email is not verified to belong to the same user.'
+          expect(page).to have_content 'Bette Cartwright'
+          expect(page).to have_content '@bette.cartwright'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
+        end
+      end
+    end
+    it 'unverified signature: user email does not match the committer email' do
+      user_2_key
+      visit project_commits_path(project, :'signed-commits')
+      within(find('.commit', text: 'signed commit by bette cartwright')) do
+        click_on 'Unverified'
+        within '.popover' do
+          expect(page).to have_content "This commit was signed with a different user's verified signature."
+          expect(page).to have_content 'Bette Cartwright'
+          expect(page).to have_content '@bette.cartwright'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
+        end
+      end
+    end
+    it 'verified and the gpg user has a gitlab profile' do
+      user_1_key
+      visit project_commits_path(project, :'signed-commits')
+      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
+        click_on 'Verified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
+          expect(page).to have_content 'Nannie Bernhard'
+          expect(page).to have_content '@nannie.bernhard'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
+        end
+      end
+    end
+    it "verified and the gpg user's profile doesn't exist anymore" do
+      user_1_key
+      visit project_commits_path(project, :'signed-commits')
+      # wait for the signature to get generated
+      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
+        expect(page).to have_content 'Verified'
+      end
+      user_1.destroy!
+      refresh
-    click_on 'Verified', match: :first
+      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
-    within '.popover' do
+        click_on 'Verified'
-      expect(page).to have_content 'This commit was signed with a verified signature.'
+        within '.popover' do
-      expect(page).to have_content 'Nannie Bernhard'
+          expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
-      expect(page).to have_content 'nannie.bernhard@example.com'
+          expect(page).to have_content 'Nannie Bernhard'
-      expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
+          expect(page).to have_content 'nannie.bernhard@example.com'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
+        end
+      end
    end
  end
 end