Merge branch 'fix/gpg/case-insensitive' into 'master'

Make GPG validation case insensitive

See merge request gitlab-org/gitlab-ce!14376

3 files changed, 14 insertions, 1 deletions

diff --git a/app/models/gpg_key.rb b/app/models/gpg_key.rb
index 44deae4234b..54bd5b68777 100644
--- a/app/models/gpg_key.rb
+++ b/app/models/gpg_key.rb
@@ -73,7 +73,7 @@ class GpgKey < ActiveRecord::Base
   end
 
   def verified_and_belongs_to_email?(email)
-    emails_with_verified_status.fetch(email, false)
+    emails_with_verified_status.fetch(email.downcase, false)
   end
 
   def update_invalid_gpg_signatures
diff --git a/changelogs/unreleased/fix-gpg-case-insensitive.yml b/changelogs/unreleased/fix-gpg-case-insensitive.yml
new file mode 100644
index 00000000000..744ec00a4a8
--- /dev/null
+++ b/changelogs/unreleased/fix-gpg-case-insensitive.yml
@@ -0,0 +1,5 @@
+---
+title: Compare email addresses case insensitively when verifying GPG signatures
+merge_request: 14376
+author: Tim Bishop
+type: fixed
diff --git a/spec/models/gpg_key_spec.rb b/spec/models/gpg_key_spec.rb
index fadc8bfeb61..4a4d079b721 100644
--- a/spec/models/gpg_key_spec.rb
+++ b/spec/models/gpg_key_spec.rb
@@ -138,6 +138,14 @@ describe GpgKey do
       expect(gpg_key.verified?).to be_truthy
       expect(gpg_key.verified_and_belongs_to_email?('bette.cartwright@example.com')).to be_truthy
     end
+
+    it 'returns true if one of the email addresses in the key belongs to the user and case-insensitively matches the provided email' do
+      user = create :user, email: 'bette.cartwright@example.com'
+      gpg_key = create :gpg_key, key: GpgHelpers::User2.public_key, user: user
+
+      expect(gpg_key.verified?).to be_truthy
+      expect(gpg_key.verified_and_belongs_to_email?('Bette.Cartwright@example.com')).to be_truthy
+    end
   end
 
   describe '#revoke' do