Backport to v1.2 of PR 2266 2467 2663 (#2788)

* Only check at least one email gpg key (#2266)

* Only require one email (possibly not yet validated)

* Update message error and check validation of commit

* Add integrations tests

* Complete integration for import

* Add pre-check/optimization

* Add some test (not finished)

* Finish

* Fix fixtures

* Fix typo

* Don't guess key ID

* Make repo private to no interfere with other tests (#2467)

* GPG key email verification no longer case sensitive (#2661) (#2663)

* GPG key email verification no longer case sensitive (#2661)

* case insensitive GPG key email verification now cached (#2661)

Signed-off-by: Julian Scholle <julian.scholle@googlemail.com>

models/gpg_key.go

@@ -208,21 +208,27 @@ func parseGPGKey(ownerID int64, e *openpgp.Entity) (*GPGKey, error) {
 	if err != nil {
 		return nil, err
 	}
-	emails := make([]*EmailAddress, len(e.Identities))
-	n := 0
+
+	emails := make([]*EmailAddress, 0, len(e.Identities))
 	for _, ident := range e.Identities {
 		email := strings.ToLower(strings.TrimSpace(ident.UserId.Email))
 		for _, e := range userEmails {
-			if e.Email == email && e.IsActivated {
-				emails[n] = e
+			if e.Email == email {
+				emails = append(emails, e)
 				break
 			}
 		}
-		if emails[n] == nil {
-			return nil, ErrGPGEmailNotFound{ident.UserId.Email}
-		}
-		n++
 	}
+
+	//In the case no email as been found
+	if len(emails) == 0 {
+		failedEmails := make([]string, 0, len(e.Identities))
+		for _, ident := range e.Identities {
+			failedEmails = append(failedEmails, ident.UserId.Email)
+		}
+		return nil, ErrGPGNoEmailFound{failedEmails}
+	}
+
 	content, err := base64EncPubKey(pubkey)
 	if err != nil {
 		return nil, err
@@ -376,8 +382,8 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 		}
 
 		//Find Committer account
-		committer, err := GetUserByEmail(c.Committer.Email)
-		if err != nil { //Skipping not user for commiter
+		committer, err := GetUserByEmail(c.Committer.Email) //This find the user by primary email or activated email so commit will not be valid if email is not
+		if err != nil {                                     //Skipping not user for commiter
 			log.Error(3, "NoCommitterAccount: %v", err)
 			return &CommitVerification{
 				Verified: false,
@@ -395,6 +401,19 @@ func ParseCommitWithSignature(c *git.Commit) *CommitVerification {
 		}
 
 		for _, k := range keys {
+			//Pre-check (& optimization) that emails attached to key can be attached to the commiter email and can validate
+			canValidate := false
+			lowerCommiterEmail := strings.ToLower(c.Committer.Email)
+			for _, e := range k.Emails {
+				if e.IsActivated && strings.ToLower(e.Email) == lowerCommiterEmail {
+					canValidate = true
+					break
+				}
+			}
+			if !canValidate {
+				continue //Skip this key
+			}
+
 			//Generating hash of commit
 			hash, err := populateHash(sig.Hash, []byte(c.Signature.Payload))
 			if err != nil { //Skipping ailed to generate hash