Add OpenPGP key to LDAP directory and User model

2024-09-23 15:20:00 +02:00
parent 8f7994d82e
commit 90a8a70c15
12 changed files with 172 additions and 18 deletions
--- a/spec/models/user_spec.rb
+++ b/spec/models/user_spec.rb
@@ -1,20 +1,16 @@
 require 'rails_helper'

 RSpec.describe User, type: :model do
-  let(:user) { create :user, cn: "philipp" }
+  let(:user) { create :user, cn: "philipp", ou: "kosmos.org", email: "philipp@example.com" }
  let(:dn) { "cn=philipp,ou=kosmos.org,cn=users,dc=kosmos,dc=org" }

  describe "#address" do
-    let(:user) { build :user, cn: "jimmy", ou: "kosmos.org" }
-
    it "returns the user address" do
-      expect(user.address).to eq("jimmy@kosmos.org")
+      expect(user.address).to eq("philipp@kosmos.org")
    end
  end

  describe "#mastodon_address" do
-    let(:user) { build :user, cn: "jimmy", ou: "kosmos.org" }
-
    context "Mastodon service not configured" do
      before do
        Setting.mastodon_enabled = false
@@ -32,7 +28,7 @@ RSpec.describe User, type: :model do

      describe "domain is the same as primary domain" do
        it "returns the user address" do
-          expect(user.mastodon_address).to eq("jimmy@kosmos.org")
+          expect(user.mastodon_address).to eq("philipp@kosmos.org")
        end
      end

@@ -42,7 +38,7 @@ RSpec.describe User, type: :model do
        end

        it "returns the user address" do
-          expect(user.mastodon_address).to eq("jimmy@kosmos.social")
+          expect(user.mastodon_address).to eq("philipp@kosmos.social")
        end
      end

@@ -239,7 +235,7 @@ RSpec.describe User, type: :model do

  describe "#nostr_pubkey" do
    before do
-      allow_any_instance_of(User).to receive(:ldap_entry)
+      allow(user).to receive(:ldap_entry)
        .and_return({ nostr_key: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3" })
    end

@@ -250,7 +246,7 @@ RSpec.describe User, type: :model do

  describe "#nostr_pubkey_bech32" do
    before do
-      allow_any_instance_of(User).to receive(:ldap_entry)
+      allow(user).to receive(:ldap_entry)
        .and_return({ nostr_key: "07e188a1ff87ce171d517b8ed2bb7a31b1d3453a0db3b15379ec07b724d232f3" })
    end

@@ -258,4 +254,74 @@ RSpec.describe User, type: :model do
      expect(user.nostr_pubkey_bech32).to eq("npub1qlsc3g0lsl8pw8230w8d9wm6xxcax3f6pkemz5measrmwfxjxteslf2hac")
    end
  end
+
+  describe "OpenPGP key" do
+    let(:alice) { create :user, id: 2, cn: "alice", email: "alice@example.com" }
+    let(:jimmy) { create :user, id: 3, cn: "jimmy", email: "jimmy@example.com" }
+    let(:valid_key_alice) { File.read("#{Rails.root}/spec/fixtures/files/pgp_key_valid_alice.asc") }
+    let(:valid_key_jimmy) { File.read("#{Rails.root}/spec/fixtures/files/pgp_key_valid_jimmy.asc") }
+    let(:fingerprint_alice) { "EB85BB5FA33A75E15E944E63F231550C4F47E38E" }
+    let(:fingerprint_jimmy) { "316BF516236DAF77236B15F6057D93972FB862C3" }
+    let(:gnupg_key_alice) {  }
+    let(:invalid_key) { File.read("#{Rails.root}/spec/fixtures/files/pgp_key_invalid.asc") }
+
+    before do
+      GPGME::Key.import(valid_key_alice)
+      GPGME::Key.import(valid_key_jimmy)
+      alice.update pgp_fpr: fingerprint_alice
+      jimmy.update pgp_fpr: fingerprint_jimmy
+      allow(alice).to receive(:ldap_entry).and_return({ pgp_key: valid_key_alice })
+      allow(jimmy).to receive(:ldap_entry).and_return({ pgp_key: valid_key_jimmy })
+    end
+
+    after do
+      GPGME::Key.get(fingerprint_alice).delete!
+      GPGME::Key.get(fingerprint_jimmy).delete!
+    end
+
+    describe "#acceptable_pgp_key_format" do
+      it "validates the record when the key is valid" do
+        alice.pgp_pubkey = valid_key_alice
+        expect(alice).to be_valid
+      end
+
+      it "adds a validation error when the key is not valid" do
+        user.pgp_pubkey = invalid_key
+        expect(user).to_not be_valid
+        expect(user.errors[:pgp_pubkey]).to be_present
+      end
+    end
+
+    describe "#pgp_pubkey" do
+      it "returns the raw pubkey from LDAP" do
+        expect(alice.pgp_pubkey).to eq(valid_key_alice)
+      end
+    end
+
+    describe "#gnupg_key" do
+      subject { alice.gnupg_key }
+
+      it "returns a GPGME::Key object from the system's GPG keyring" do
+        expect(subject).to be_a(GPGME::Key)
+        expect(subject.fingerprint).to eq(fingerprint_alice)
+        expect(subject.email).to eq("alice@openpgp.example")
+      end
+    end
+
+    describe "#pgp_pubkey_contains_user_address?" do
+      it "returns false when the user address is one of the UIDs of the key" do
+        expect(alice.pgp_pubkey_contains_user_address?).to eq(false)
+      end
+
+      it "returns true when the user address is missing from the UIDs of the key" do
+        expect(jimmy.pgp_pubkey_contains_user_address?).to eq(true)
+      end
+    end
+
+    describe "wkd_hash" do
+      it "returns a z-base32 encoded SHA-1 digest of the username" do
+        expect(alice.wkd_hash).to eq("kei1q4tipxxu1yj79k9kfukdhfy631xe")
+      end
+    end
+  end
 end