Skip to content

Fix incorrect status on unknown email

Brian Williams requested to merge bwill/fix-unknown-email-ssh-signature-status into master

What does this MR do and why?

Describe in detail what your merge request does and why.

When the signature is verified, but the email address does not correspond to a user in GitLab, we should return the :other_user status instead of the :unverified status. This lets the user know that the signature is valid, but the signature was either signed by somebody else, or they aren't using the correct email address on their account.

Spotted in: !97248 (comment 1175679946)

How to set up and validate locally

Numbered steps to set up and validate the change are strongly suggested.

  1. Enabled the ssh_commit_signatures feature flag via the Rails console: Feature.enable(:ssh_commit_signatures)

  2. Login as root or another user whose email address does not match the one from git config --get user.email

  3. Create an SSH key and add it to your GitLab account.

  4. Create a new project.

  5. Clone the repository and change into the project directory

  6. Configure git to sign commits with SSH:

    git config gpg.format ssh

# Might be id_rsa instead
git config user.signingkey ~/.ssh/id_ed25519

  7. Add a new SSH signed commit and push it

    echo '# SSH Commit Test' > README.md
git add README.md
git commit -S -m 'This commit is signed with ssh'
git push origin main

  8. Reload the project page. Observe that the badge states that the commit belongs to another user.

    Screenshot_2022-11-21_at_10.24.29_AM

MR acceptance checklist

This checklist encourages us to confirm any changes have been analyzed to reduce risks in quality, performance, reliability, security, and maintainability.

Edited by Brian Williams

Merge request reports