Merge branch 'master' into collapsable-pipeline-settingscollapsable-pipeline-settings

* master: (260 commits)
  Enable auto-retry in GitLab CI/CD pipeline
  Clean up new navigation templates
  Wait for gitaly to boot during tests
  Update 'Visibility of pipelines'
  refactored code
  Fix note resolution specs
  Add author and MR to changelog
  Tidy up projects API specs
  Resolve outdated diff discussions on push
  Fix migration
  change collapse to resolve and comments to discussions
  add unit tests for new collapse_outdated_diff_comments toggle
  Add functionality to collapse outdated diff comments regardless of discussion resolution
  refactor code based on feedback
  fix spec failures
  Use flexbox for prometheus graph row grouping instead of bootstrap classes
  Fix wrong API status codes
  small refactor
  Hide admin link from default search results for non-admins
  Make search dropdowns consistent
  ...

1 files changed, 179 insertions, 0 deletions

diff --git a/spec/features/signed_commits_spec.rb b/spec/features/signed_commits_spec.rb
new file mode 100644
index 00000000000..8efa5b58141
--- /dev/null
+++ b/spec/features/signed_commits_spec.rb
@@ -0,0 +1,179 @@
+require 'spec_helper'
+
+describe 'GPG signed commits', :js do
+  let(:project) { create(:project, :repository) }
+
+  it 'changes from unverified to verified when the user changes his email to match the gpg key' do
+    user = create :user, email: 'unrelated.user@example.org'
+    project.team << [user, :master]
+
+    Sidekiq::Testing.inline! do
+      create :gpg_key, key: GpgHelpers::User1.public_key, user: user
+    end
+
+    sign_in(user)
+
+    visit project_commits_path(project, :'signed-commits')
+
+    within '#commits-list' do
+      expect(page).to have_content 'Unverified'
+      expect(page).not_to have_content 'Verified'
+    end
+
+    # user changes his email which makes the gpg key verified
+    Sidekiq::Testing.inline! do
+      user.skip_reconfirmation!
+      user.update_attributes!(email: GpgHelpers::User1.emails.first)
+    end
+
+    visit project_commits_path(project, :'signed-commits')
+
+    within '#commits-list' do
+      expect(page).to have_content 'Unverified'
+      expect(page).to have_content 'Verified'
+    end
+  end
+
+  it 'changes from unverified to verified when the user adds the missing gpg key' do
+    user = create :user, email: GpgHelpers::User1.emails.first
+    project.team << [user, :master]
+
+    sign_in(user)
+
+    visit project_commits_path(project, :'signed-commits')
+
+    within '#commits-list' do
+      expect(page).to have_content 'Unverified'
+      expect(page).not_to have_content 'Verified'
+    end
+
+    # user adds the gpg key which makes the signature valid
+    Sidekiq::Testing.inline! do
+      create :gpg_key, key: GpgHelpers::User1.public_key, user: user
+    end
+
+    visit project_commits_path(project, :'signed-commits')
+
+    within '#commits-list' do
+      expect(page).to have_content 'Unverified'
+      expect(page).to have_content 'Verified'
+    end
+  end
+
+  context 'shows popover badges' do
+    let(:user_1) do
+      create :user, email: GpgHelpers::User1.emails.first, username: 'nannie.bernhard', name: 'Nannie Bernhard'
+    end
+
+    let(:user_1_key) do
+      Sidekiq::Testing.inline! do
+        create :gpg_key, key: GpgHelpers::User1.public_key, user: user_1
+      end
+    end
+
+    let(:user_2) do
+      create(:user, email: GpgHelpers::User2.emails.first, username: 'bette.cartwright', name: 'Bette Cartwright').tap do |user|
+        # secondary, unverified email
+        create :email, user: user, email: GpgHelpers::User2.emails.last
+      end
+    end
+
+    let(:user_2_key) do
+      Sidekiq::Testing.inline! do
+        create :gpg_key, key: GpgHelpers::User2.public_key, user: user_2
+      end
+    end
+
+    before do
+      user = create :user
+      project.team << [user, :master]
+
+      sign_in(user)
+    end
+
+    it 'unverified signature' do
+      visit project_commits_path(project, :'signed-commits')
+
+      within(find('.commit', text: 'signed commit by bette cartwright')) do
+        click_on 'Unverified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with an unverified signature.'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
+        end
+      end
+    end
+
+    it 'unverified signature: user email does not match the committer email, but is the same user' do
+      user_2_key
+
+      visit project_commits_path(project, :'signed-commits')
+
+      within(find('.commit', text: 'signed and authored commit by bette cartwright, different email')) do
+        click_on 'Unverified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with a verified signature, but the committer email is not verified to belong to the same user.'
+          expect(page).to have_content 'Bette Cartwright'
+          expect(page).to have_content '@bette.cartwright'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
+        end
+      end
+    end
+
+    it 'unverified signature: user email does not match the committer email' do
+      user_2_key
+
+      visit project_commits_path(project, :'signed-commits')
+
+      within(find('.commit', text: 'signed commit by bette cartwright')) do
+        click_on 'Unverified'
+        within '.popover' do
+          expect(page).to have_content "This commit was signed with a different user's verified signature."
+          expect(page).to have_content 'Bette Cartwright'
+          expect(page).to have_content '@bette.cartwright'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User2.primary_keyid}"
+        end
+      end
+    end
+
+    it 'verified and the gpg user has a gitlab profile' do
+      user_1_key
+
+      visit project_commits_path(project, :'signed-commits')
+
+      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
+        click_on 'Verified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
+          expect(page).to have_content 'Nannie Bernhard'
+          expect(page).to have_content '@nannie.bernhard'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
+        end
+      end
+    end
+
+    it "verified and the gpg user's profile doesn't exist anymore" do
+      user_1_key
+
+      visit project_commits_path(project, :'signed-commits')
+
+      # wait for the signature to get generated
+      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
+        expect(page).to have_content 'Verified'
+      end
+
+      user_1.destroy!
+
+      refresh
+
+      within(find('.commit', text: 'signed and authored commit by nannie bernhard')) do
+        click_on 'Verified'
+        within '.popover' do
+          expect(page).to have_content 'This commit was signed with a verified signature and the committer email is verified to belong to the same user.'
+          expect(page).to have_content 'Nannie Bernhard'
+          expect(page).to have_content 'nannie.bernhard@example.com'
+          expect(page).to have_content "GPG Key ID: #{GpgHelpers::User1.primary_keyid}"
+        end
+      end
+    end
+  end
+end