diff options
| author | Antoine GIRARD <sapk@users.noreply.github.com> | 2017-09-05 15:45:18 +0200 |
|---|---|---|
| committer | Lunny Xiao <xiaolunwen@gmail.com> | 2017-09-05 21:45:18 +0800 |
| commit | 7c417bbb0d8f3213f34db50f62013e20492d044f (patch) | |
| tree | 45898dac8949fdd6c8c948f7d2a737e1871c7331 /models/gpg_key.go | |
| parent | 5f4210a9b0c8c42fb8f157c233ddc5aec6d9972d (diff) | |
| download | gitea-7c417bbb0d8f3213f34db50f62013e20492d044f.tar.gz gitea-7c417bbb0d8f3213f34db50f62013e20492d044f.zip | |
Only check at least one email gpg key (#2266)
* Only require one email (possibly not yet validated)
* Update message error and check validation of commit
* Add integrations tests
* Complete integration for import
* Add pre-check/optimization
* Add some test (not finished)
* Finish
* Fix fixtures
* Fix typo
* Don't guess key ID
Diffstat (limited to 'models/gpg_key.go')
| -rw-r--r-- | models/gpg_key.go | 36 |
1 files changed, 27 insertions, 9 deletions
diff --git a/models/gpg_key.go b/models/gpg_key.go index 8d10511002..70dd4fbda0 100644 --- a/models/gpg_key.go +++ b/models/gpg_key.go @@ -208,21 +208,27 @@ func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) { if err != nil { return nil, err } - emails := make([]*EmailAddress, len(e.Identities)) - n := 0 + + emails := make([]*EmailAddress, 0, len(e.Identities)) for _, ident := range e.Identities { email := strings.ToLower(strings.TrimSpace(ident.UserId.Email)) for _, e := range userEmails { - if e.Email == email && e.IsActivated { - emails[n] = e + if e.Email == email { + emails = append(emails, e) break } } - if emails[n] == nil { - return nil, ErrGPGEmailNotFound{ident.UserId.Email} + } + + //In the case no email as been found + if len(emails) == 0 { + failedEmails := make([]string, 0, len(e.Identities)) + for _, ident := range e.Identities { + failedEmails = append(failedEmails, ident.UserId.Email) } - n++ + return nil, ErrGPGNoEmailFound{failedEmails} } + content, err := base64EncPubKey(pubkey) if err != nil { return nil, err @@ -380,8 +386,8 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification { } //Find Committer account - committer, err := GetUserByEmail(c.Committer.Email) - if err != nil { //Skipping not user for commiter + committer, err := GetUserByEmail(c.Committer.Email) //This find the user by primary email or activated email so commit will not be valid if email is not + if err != nil { //Skipping not user for commiter log.Error(3, "NoCommitterAccount: %v", err) return &CommitVerification{ Verified: false, @@ -399,6 +405,18 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification { } for _, k := range keys { + //Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate + canValidate := false + for _, e := range k.Emails { + if e.IsActivated && e.Email == c.Committer.Email { + canValidate = true + break + } + } + if !canValidate { + continue //Skip this key + } + //Generating hash of commit hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload)) if err != nil { //Skipping ailed to generate hash |