Show Signer in commit lists and add basic trust (#10425) (#10524)

Backport #10425 Backport #10511 * Show Signer in commit lists and add basic trust (#10425) Show the avatar of the signer in the commit list pages as we do not enforce that the signer is an author or committer. This makes it clearer who has signed the commit. Also display commits signed by non-members differently from members and in particular make it clear when a non-member signer is different from the committer to help reduce the risk of spoofing. Signed-off-by: Andrew Thornton <art27@cantab.net> Fix the signing icon in the view_list.tmpl page (#10511) Co-Authored-By: silverwind <me@silverwind.io> Co-authored-by: guillep2k <18600385+guillep2k@users.noreply.github.com>
2025-08-26 03:18:28 +00:00 · 2020-02-28 17:18:02 +00:00
parent 11300ee582
commit caa2aeaa52
15 changed files with 418 additions and 70 deletions
--- a/routers/repo/commit.go
+++ b/routers/repo/commit.go
@@ -65,7 +65,7 @@ func Commits(ctx *context.Context) {
 		return
 	}
 	commits = models.ValidateCommitsWithEmails(commits)
-	commits = models.ParseCommitsWithSignature(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
 	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
 	ctx.Data["Commits"] = commits

@@ -134,7 +134,7 @@ func SearchCommits(ctx *context.Context) {
 		return
 	}
 	commits = models.ValidateCommitsWithEmails(commits)
-	commits = models.ParseCommitsWithSignature(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
 	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
 	ctx.Data["Commits"] = commits

@@ -180,7 +180,7 @@ func FileHistory(ctx *context.Context) {
 		return
 	}
 	commits = models.ValidateCommitsWithEmails(commits)
-	commits = models.ParseCommitsWithSignature(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
 	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
 	ctx.Data["Commits"] = commits

@@ -262,12 +262,18 @@ func Diff(ctx *context.Context) {
 	setPathsCompareContext(ctx, parentCommit, commit, headTarget)
 	ctx.Data["Title"] = commit.Summary() + " · " + base.ShortSha(commitID)
 	ctx.Data["Commit"] = commit
-	ctx.Data["Verification"] = models.ParseCommitWithSignature(commit)
+	verification := models.ParseCommitWithSignature(commit)
+	ctx.Data["Verification"] = verification
 	ctx.Data["Author"] = models.ValidateCommitWithEmail(commit)
 	ctx.Data["Diff"] = diff
 	ctx.Data["Parents"] = parents
 	ctx.Data["DiffNotAvailable"] = diff.NumFiles() == 0

+	if err := models.CalculateTrustStatus(verification, ctx.Repo.Repository, nil); err != nil {
+		ctx.ServerError("CalculateTrustStatus", err)
+		return
+	}
+
 	note := &git.Note{}
 	err = git.GetNote(ctx.Repo.GitRepo, commitID, note)
 	if err == nil {
--- a/routers/repo/compare.go
+++ b/routers/repo/compare.go
@@ -316,7 +316,7 @@ func PrepareCompareDiff(
 	}

 	compareInfo.Commits = models.ValidateCommitsWithEmails(compareInfo.Commits)
-	compareInfo.Commits = models.ParseCommitsWithSignature(compareInfo.Commits)
+	compareInfo.Commits = models.ParseCommitsWithSignature(compareInfo.Commits, headRepo)
 	compareInfo.Commits = models.ParseCommitsWithStatus(compareInfo.Commits, headRepo)
 	ctx.Data["Commits"] = compareInfo.Commits
 	ctx.Data["CommitCount"] = compareInfo.Commits.Len()
--- a/routers/repo/pull.go
+++ b/routers/repo/pull.go
@@ -477,7 +477,7 @@ func ViewPullCommits(ctx *context.Context) {
 	ctx.Data["Reponame"] = ctx.Repo.Repository.Name
 	commits = prInfo.Commits
 	commits = models.ValidateCommitsWithEmails(commits)
-	commits = models.ParseCommitsWithSignature(commits)
+	commits = models.ParseCommitsWithSignature(commits, ctx.Repo.Repository)
 	commits = models.ParseCommitsWithStatus(commits, ctx.Repo.Repository)
 	ctx.Data["Commits"] = commits
 	ctx.Data["CommitCount"] = commits.Len()
--- a/routers/repo/view.go
+++ b/routers/repo/view.go
@@ -181,7 +181,14 @@ func renderDirectory(ctx *context.Context, treeLink string) {
 	// Show latest commit info of repository in table header,
 	// or of directory if not in root directory.
 	ctx.Data["LatestCommit"] = latestCommit
-	ctx.Data["LatestCommitVerification"] = models.ParseCommitWithSignature(latestCommit)
+	verification := models.ParseCommitWithSignature(latestCommit)
+
+	if err := models.CalculateTrustStatus(verification, ctx.Repo.Repository, nil); err != nil {
+		ctx.ServerError("CalculateTrustStatus", err)
+		return
+	}
+	ctx.Data["LatestCommitVerification"] = verification
+
 	ctx.Data["LatestCommitUser"] = models.ValidateCommitWithEmail(latestCommit)

 	statuses, err := models.GetLatestCommitStatus(ctx.Repo.Repository, ctx.Repo.Commit.ID.String(), 0)
--- a/routers/repo/wiki.go
+++ b/routers/repo/wiki.go
@@ -284,7 +284,7 @@ func renderRevisionPage(ctx *context.Context) (*git.Repository, *git.TreeEntry)
 		return nil, nil
 	}
 	commitsHistory = models.ValidateCommitsWithEmails(commitsHistory)
-	commitsHistory = models.ParseCommitsWithSignature(commitsHistory)
+	commitsHistory = models.ParseCommitsWithSignature(commitsHistory, ctx.Repo.Repository)

 	ctx.Data["Commits"] = commitsHistory