forgejo/models/asymkey/ssh_key_commit_verification_test.go

// Copyright 2023 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT

package asymkey

import (
	"testing"

	"code.gitea.io/gitea/models/db"
	"code.gitea.io/gitea/models/unittest"
	user_model "code.gitea.io/gitea/models/user"
	"code.gitea.io/gitea/modules/git"
	"code.gitea.io/gitea/modules/setting"
	"code.gitea.io/gitea/modules/test"

	"github.com/stretchr/testify/assert"
)

func TestParseCommitWithSSHSignature(t *testing.T) {
	assert.NoError(t, unittest.PrepareTestDatabase())
	user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})
	sshKey := unittest.AssertExistsAndLoadBean(t, &PublicKey{ID: 1000, OwnerID: 2})

	t.Run("No commiter", func(t *testing.T) {
		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, &git.Commit{}, &user_model.User{})
		assert.False(t, commitVerification.Verified)
		assert.Equal(t, NoKeyFound, commitVerification.Reason)
	})

	t.Run("Commiter without keys", func(t *testing.T) {
		user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})

		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, &git.Commit{Committer: &git.Signature{Email: user.Email}}, user)
		assert.False(t, commitVerification.Verified)
		assert.Equal(t, NoKeyFound, commitVerification.Reason)
	})

	t.Run("Correct signature with wrong email", func(t *testing.T) {
		gitCommit := &git.Commit{
			Committer: &git.Signature{
				Email: "non-existent",
			},
			Signature: &git.CommitGPGSignature{
				Payload: `tree 2d491b2985a7ff848d5c02748e7ea9f9f7619f9f
parent 45b03601635a1f463b81963a4022c7f87ce96ef9
author user2 <non-existent> 1699710556 +0100
committer user2 <non-existent> 1699710556 +0100

Using email that isn't known to Forgejo
`,
				Signature: `-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95
f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQIMufOuSjZeDUujrkVK4sl7ICa0WwEftas8UAYxx0Thdkiw2qWjR1U1PKfTLm16/w8
/bS1LX1lZNuzm2LR2qEgw=
-----END SSH SIGNATURE-----
`,
			},
		}
		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
		assert.False(t, commitVerification.Verified)
		assert.Equal(t, NoKeyFound, commitVerification.Reason)
	})

	t.Run("Incorrect signature with correct email", func(t *testing.T) {
		gitCommit := &git.Commit{
			Committer: &git.Signature{
				Email: "user2@example.com",
			},
			Signature: &git.CommitGPGSignature{
				Payload: `tree 853694aae8816094a0d875fee7ea26278dbf5d0f
parent c2780d5c313da2a947eae22efd7dacf4213f4e7f
author user2 <user2@example.com> 1699707877 +0100
committer user2 <user2@example.com> 1699707877 +0100

Add content
`,
				Signature: `-----BEGIN SSH SIGNATURE-----`,
			},
		}

		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
		assert.False(t, commitVerification.Verified)
		assert.Equal(t, NoKeyFound, commitVerification.Reason)
	})

	t.Run("Valid signature with correct email", func(t *testing.T) {
		gitCommit := &git.Commit{
			Committer: &git.Signature{
				Email: "user2@example.com",
			},
			Signature: &git.CommitGPGSignature{
				Payload: `tree 853694aae8816094a0d875fee7ea26278dbf5d0f
parent c2780d5c313da2a947eae22efd7dacf4213f4e7f
author user2 <user2@example.com> 1699707877 +0100
committer user2 <user2@example.com> 1699707877 +0100

Add content
`,
				Signature: `-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95
f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQBe2Fwk/FKY3SBCnG6jSYcO6ucyahp2SpQ/0P+otslzIHpWNW8cQ0fGLdhhaFynJXQ
fs9cMpZVM9BfIKNUSO8QY=
-----END SSH SIGNATURE-----
`,
			},
		}

		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
		assert.True(t, commitVerification.Verified)
		assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)
		assert.Equal(t, sshKey, commitVerification.SigningSSHKey)
	})

	t.Run("Valid signature with noreply email", func(t *testing.T) {
		defer test.MockVariableValue(&setting.Service.NoReplyAddress, "noreply.example.com")()

		gitCommit := &git.Commit{
			Committer: &git.Signature{
				Email: "user2@noreply.example.com",
			},
			Signature: &git.CommitGPGSignature{
				Payload: `tree 4836c7f639f37388bab4050ef5c97bbbd54272fc
parent 795be1b0117ea5c65456050bb9fd84744d4fd9c6
author user2 <user2@noreply.example.com> 1699709594 +0100
committer user2 <user2@noreply.example.com> 1699709594 +0100

Commit with noreply
`,
				Signature: `-----BEGIN SSH SIGNATURE-----
U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95
f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5
AAAAQJz83KKxD6Bz/ZvNpqkA3RPOSQ4LQ5FfEItbtoONkbwV9wAWMnmBqgggo/lnXCJ3oq
muPLbvEduU+Ze/1Ol1pgk=
-----END SSH SIGNATURE-----
`,
			},
		}

		commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)
		assert.True(t, commitVerification.Verified)
		assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)
		assert.Equal(t, sshKey, commitVerification.SigningSSHKey)
	})
}
[GITEA] Add noreply email address as verified for SSH signed Git commits - When someone really wants to avoid sharing their email, they could configure git to use the noreply email for git commits. However if they also wanted to use SSH signing, it would not show up as verified as the noreply email address was technically not an activated email address for the user. - Add unit tests for the `ParseCommitWithSSHSignature` function. - Resolves https://codeberg.org/Codeberg/Community/issues/946 (cherry picked from commit 1685de7eba9343043c1e2cb277482eafb578095a) (cherry picked from commit b1e8858de9d4f1e2f6bee31d4e399b07a7a69a8e) (cherry picked from commit 1a6bf24d28522d57a56dcbdcf23ef19508ac39c8) (cherry picked from commit 01229433456aa0836adbaafa06bcbefcf4111451) (cherry picked from commit cc836148534ecf6e007eeb913cd94264fda171d3) (cherry picked from commit 429febe0dc2e49bae6ce747c318e68a99b1da9a8) (cherry picked from commit 58a9c2ebe9518576a1b399cce9089fd4894a5c38) (cherry picked from commit fef94aff1c8b35d9a10cf735d4c7ba05f82c95b4) (cherry picked from commit 5c6ecd757992f117d3aafc3a2034807cfccbf5a6) (cherry picked from commit ffa33a82bf012dd7918e5c89873bf0309f95f62c) (cherry picked from commit a97de1d5bbc1da33ff04db42025bdccdcd085f68) (cherry picked from commit 57ab2b4a4009fee96e4071e5501d6f27e34f4945) 2023-11-11 13:01:24 +01:00			`// Copyright 2023 The Forgejo Authors. All rights reserved.`
			`// SPDX-License-Identifier: MIT`

			`package asymkey`

			`import (`
			`"testing"`

			`"code.gitea.io/gitea/models/db"`
			`"code.gitea.io/gitea/models/unittest"`
			`user_model "code.gitea.io/gitea/models/user"`
			`"code.gitea.io/gitea/modules/git"`
			`"code.gitea.io/gitea/modules/setting"`
			`"code.gitea.io/gitea/modules/test"`

			`"github.com/stretchr/testify/assert"`
			`)`

			`func TestParseCommitWithSSHSignature(t *testing.T) {`
			`assert.NoError(t, unittest.PrepareTestDatabase())`
			`user2 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 2})`
			`sshKey := unittest.AssertExistsAndLoadBean(t, &PublicKey{ID: 1000, OwnerID: 2})`

			`t.Run("No commiter", func(t *testing.T) {`
			`commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, &git.Commit{}, &user_model.User{})`
			`assert.False(t, commitVerification.Verified)`
			`assert.Equal(t, NoKeyFound, commitVerification.Reason)`
			`})`

			`t.Run("Commiter without keys", func(t *testing.T) {`
			`user := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})`

			`commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, &git.Commit{Committer: &git.Signature{Email: user.Email}}, user)`
			`assert.False(t, commitVerification.Verified)`
			`assert.Equal(t, NoKeyFound, commitVerification.Reason)`
			`})`

			`t.Run("Correct signature with wrong email", func(t *testing.T) {`
			`gitCommit := &git.Commit{`
			`Committer: &git.Signature{`
			`Email: "non-existent",`
			`},`
			`Signature: &git.CommitGPGSignature{`
			Payload: `tree 2d491b2985a7ff848d5c02748e7ea9f9f7619f9f
			`parent 45b03601635a1f463b81963a4022c7f87ce96ef9`
			`author user2 <non-existent> 1699710556 +0100`
			`committer user2 <non-existent> 1699710556 +0100`

			`Using email that isn't known to Forgejo`
			`,
			Signature: `-----BEGIN SSH SIGNATURE-----
			`U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95`
			`f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5`
			`AAAAQIMufOuSjZeDUujrkVK4sl7ICa0WwEftas8UAYxx0Thdkiw2qWjR1U1PKfTLm16/w8`
			`/bS1LX1lZNuzm2LR2qEgw=`
			`-----END SSH SIGNATURE-----`
			`,
			`},`
			`}`
			`commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)`
			`assert.False(t, commitVerification.Verified)`
			`assert.Equal(t, NoKeyFound, commitVerification.Reason)`
			`})`

			`t.Run("Incorrect signature with correct email", func(t *testing.T) {`
			`gitCommit := &git.Commit{`
			`Committer: &git.Signature{`
			`Email: "user2@example.com",`
			`},`
			`Signature: &git.CommitGPGSignature{`
			Payload: `tree 853694aae8816094a0d875fee7ea26278dbf5d0f
			`parent c2780d5c313da2a947eae22efd7dacf4213f4e7f`
			`author user2 <user2@example.com> 1699707877 +0100`
			`committer user2 <user2@example.com> 1699707877 +0100`

			`Add content`
			`,
			Signature: `-----BEGIN SSH SIGNATURE-----`,
			`},`
			`}`

			`commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)`
			`assert.False(t, commitVerification.Verified)`
			`assert.Equal(t, NoKeyFound, commitVerification.Reason)`
			`})`

			`t.Run("Valid signature with correct email", func(t *testing.T) {`
			`gitCommit := &git.Commit{`
			`Committer: &git.Signature{`
			`Email: "user2@example.com",`
			`},`
			`Signature: &git.CommitGPGSignature{`
			Payload: `tree 853694aae8816094a0d875fee7ea26278dbf5d0f
			`parent c2780d5c313da2a947eae22efd7dacf4213f4e7f`
			`author user2 <user2@example.com> 1699707877 +0100`
			`committer user2 <user2@example.com> 1699707877 +0100`

			`Add content`
			`,
			Signature: `-----BEGIN SSH SIGNATURE-----
			`U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95`
			`f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5`
			`AAAAQBe2Fwk/FKY3SBCnG6jSYcO6ucyahp2SpQ/0P+otslzIHpWNW8cQ0fGLdhhaFynJXQ`
			`fs9cMpZVM9BfIKNUSO8QY=`
			`-----END SSH SIGNATURE-----`
			`,
			`},`
			`}`

			`commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)`
			`assert.True(t, commitVerification.Verified)`
			`assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)`
			`assert.Equal(t, sshKey, commitVerification.SigningSSHKey)`
			`})`

			`t.Run("Valid signature with noreply email", func(t *testing.T) {`
			`defer test.MockVariableValue(&setting.Service.NoReplyAddress, "noreply.example.com")()`

			`gitCommit := &git.Commit{`
			`Committer: &git.Signature{`
			`Email: "user2@noreply.example.com",`
			`},`
			`Signature: &git.CommitGPGSignature{`
			Payload: `tree 4836c7f639f37388bab4050ef5c97bbbd54272fc
			`parent 795be1b0117ea5c65456050bb9fd84744d4fd9c6`
			`author user2 <user2@noreply.example.com> 1699709594 +0100`
			`committer user2 <user2@noreply.example.com> 1699709594 +0100`

			`Commit with noreply`
			`,
			Signature: `-----BEGIN SSH SIGNATURE-----
			`U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgoGSe9Zy7Ez9bSJcaTNjh/Y7p95`
			`f5DujjqkpzFRtw6CEAAAADZ2l0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5`
			`AAAAQJz83KKxD6Bz/ZvNpqkA3RPOSQ4LQ5FfEItbtoONkbwV9wAWMnmBqgggo/lnXCJ3oq`
			`muPLbvEduU+Ze/1Ol1pgk=`
			`-----END SSH SIGNATURE-----`
			`,
			`},`
			`}`

			`commitVerification := ParseCommitWithSSHSignature(db.DefaultContext, gitCommit, user2)`
			`assert.True(t, commitVerification.Verified)`
			`assert.Equal(t, "user2 / SHA256:TKfwbZMR7e9OnlV2l1prfah1TXH8CmqR0PvFEXVCXA4", commitVerification.Reason)`
			`assert.Equal(t, sshKey, commitVerification.SigningSSHKey)`
			`})`
			`}`