make sure email addresses used with 'tell' and 'killperson' exist in keyring (#267)

* name keys after emails, not usernames

* use emails to specify users

* rename and add function to get emails from keyrings
* rename directories holding gpg test fixtures

* deny emails that aren't in the keyring, and test.

* require 'killperson' emails to exist in keyring

* change test to reflect killperson must use email

* remove no-longer-needed test function

* factor function _assert_keychain_contains_emais()

* fix/make lint happy

src/_utils/_git_secret_tools.sh

@@ -561,6 +561,25 @@ function _user_required {
   fi
 }
 
+function _assert_keychain_contains_emails {
+  local homedir=$1
+  local emails=$2
+
+  local gpg_uids
+  gpg_uids=$(_get_users_in_gpg_keyring "$homedir")
+  for email in "${emails[@]}"; do
+    local email_ok=0
+    for uid in $gpg_uids; do
+        if [[ "$uid" == "$email" ]]; then
+            email_ok=1
+        fi
+    done
+    if [[ $email_ok -eq 0 ]]; then
+      _abort "email not found in gpg keyring: $email"
+    fi
+  done
+}
+
 
 function _get_raw_filename {
   echo "$(dirname "$1")/$(basename "$1" "$SECRETS_EXTENSION")" | sed -e 's#^\./##'
@@ -574,9 +593,20 @@ function _get_encrypted_filename {
 }
 
 
+function _get_users_in_gpg_keyring {
+  local homedir=$1
+  local result
+  local args=()
+  if [[ -n "$homedir" ]]; then
+    args+=( "--homedir" "$homedir" )
+  fi
+  result=$($SECRETS_GPG_COMMAND "${args[@]}" --no-permission-warning --list-public-keys --with-colon --fixed-list-mode | grep ^uid: | gawk -F':' '{print $10;}' | sed 's/.*<\(.*\)>.*/\1/')
+
+  echo "$result"
+}
 
 
-function _get_users_in_keyring {
+function _get_users_in_gitsecret_keyring {
   # This function is required to show the users in the keyring.
   # `whoknows` command uses it internally.
   # It basically just parses the `gpg` public keys
@@ -599,7 +629,7 @@ function _get_recipients {
   # It basically just parses the `gpg` public keys
 
   local result
-  result=$(_get_users_in_keyring | sed 's/^/-r/')   # put -r before each user
+  result=$(_get_users_in_gitsecret_keyring | sed 's/^/-r/')   # put -r before each user
   echo "$result"
 }
 

src/commands/git_secret_killperson.sh

@@ -24,10 +24,12 @@ function killperson {
   if [[ ${#emails[@]} -eq 0 ]]; then
     _abort "at least one email is required for killperson."
   fi
-
   # Getting the local git-secret `gpg` key directory:
   local secrets_dir_keys
   secrets_dir_keys=$(_get_secrets_dir_keys)
+
+  _assert_keychain_contains_emails "$secrets_dir_keys" "${emails[@]}"
+
   for email in "${emails[@]}"; do
     $SECRETS_GPG_COMMAND --homedir "$secrets_dir_keys" --no-permission-warning --batch --yes --delete-key "$email"
     local exit_code=$?

src/commands/git_secret_tell.sh

@@ -64,6 +64,8 @@ function tell {
     _abort "you must provide at least one email address."
   fi
 
+  _assert_keychain_contains_emails "$homedir" "${emails[@]}"
+
   local start_key_cnt
   start_key_cnt=$(get_gpg_key_count)
   for email in "${emails[@]}"; do

src/commands/git_secret_whoknows.sh

@@ -21,6 +21,6 @@ function whoknows {
   local keys
 
   # Getting the users from gpg:
-  keys=$(_get_users_in_keyring)
+  keys=$(_get_users_in_gitsecret_keyring)
   echo "$keys"
 }

tests/_test_base.bash

@@ -34,9 +34,9 @@ GPGTEST="$SECRETS_GPG_COMMAND --homedir=$TEST_GPG_HOMEDIR --no-permission-warnin
 # Personal data:
 
 # user3 created with '--quick-key-generate' and has only an email, no username.
-TEST_DEFAULT_USER="user3"
-TEST_SECOND_USER="user2"
-TEST_ATTACKER_USER="attacker1"
+TEST_DEFAULT_USER="user3@gitsecret.io"
+TEST_SECOND_USER="user2@gitsecret.io"
+TEST_ATTACKER_USER="attacker1@gitsecret.io"
 
 #TEST_DEFAULT_FILENAME="file_one"  # no spaces
 #TEST_SECOND_FILENAME="file_two"  # no spaces
@@ -48,16 +48,12 @@ TEST_THIRD_FILENAME="space file three"  # has spaces
 
 
 function test_user_password {
-  # It was set on key creation:
-  echo "${1}pass"
+  # Password for 'user3@gitsecret.io' is 'user3pass'
+  # As it was set on key creation. 
+  echo "$1" | sed -e 's/@.*/pass/' 
 }
 
 
-function test_user_email {
-  # It was set on key creation:
-  echo "${1}@gitsecret.io"
-}
-
 
 # GPG:
 
@@ -106,7 +102,7 @@ function install_fixture_full_key {
   local fp
   local fingerprint
 
-  email=$(test_user_email "$1")
+  email="$1"
 
   \cp "$FIXTURES_DIR/gpg/${1}/private.key" "$private_key"
 
@@ -127,14 +123,14 @@ function install_fixture_full_key {
 function uninstall_fixture_key {
   local email
 
-  email=$(test_user_email "$1")
+  email="$1"
   $GPGTEST --yes --delete-key "$email" > /dev/null 2>&1
 }
 
 
 function uninstall_fixture_full_key {
   local email
-  email=$(test_user_email "$1")
+  email="$1"
 
   local fingerprint="$2"
   if [[ -z "$fingerprint" ]]; then
@@ -203,7 +199,7 @@ function set_state_secret_init {
 function set_state_secret_tell {
   local email
 
-  email=$(test_user_email "$1")
+  email="$1"
   git secret tell -d "$TEST_GPG_HOMEDIR" "$email" > /dev/null 2>&1
 }
 

tests/test_killperson.bats

@@ -25,21 +25,25 @@ function teardown {
 }
 
 
-@test "run 'killperson' with key name" {
-  run git secret killperson "$TEST_DEFAULT_USER"
+@test "run 'killperson' with short name" {
+  local name
+  name=$(echo "$TEST_DEFAULT_USER" | sed -e 's/@.*//')
+
+  # killperson must use full email, not short name
+  run git secret killperson "$name"
+  [ "$status" -eq 1 ]
+
+  # Then whoknows will be ok because user3@gitsecret.io still knows
+  run git secret whoknows
   [ "$status" -eq 0 ]
 
   # Testing output:
   [[ "$output" == *"$TEST_DEFAULT_USER"* ]]
-
-  # Then whoknows must return an error with status code 1:
-  run git secret whoknows
-  [ "$status" -eq 1 ]
 }
 
 
 @test "run 'killperson' with email" {
-  local email=$(test_user_email "$TEST_DEFAULT_USER")
+  local email="$TEST_DEFAULT_USER"
 
   run git secret killperson "$email"
   [ "$status" -eq 0 ]
@@ -58,8 +62,8 @@ function teardown {
   install_fixture_key "$TEST_SECOND_USER"
   set_state_secret_tell "$TEST_SECOND_USER"
 
-  local default_email=$(test_user_email "$TEST_DEFAULT_USER")
-  local second_email=$(test_user_email "$TEST_SECOND_USER")
+  local default_email="$TEST_DEFAULT_USER"
+  local second_email="$TEST_SECOND_USER"
 
   run git secret killperson "$default_email" "$second_email"
   [ "$status" -eq 0 ]

tests/test_tell.bats

@@ -17,6 +17,17 @@ function teardown {
   unset_current_state
 }
 
+@test "run 'tell' on substring of emails" {
+  run git secret tell -d "$TEST_GPG_HOMEDIR" user
+  # this should give an error because there is no user named 'user', 
+  # even though there are users with the substring 'user'.
+  # See issue https://github.com/sobolevn/git-secret/issues/176 
+  [ "$status" -eq 1 ]
+
+  run git secret whoknows 
+  [ "$status" -eq 1 ]   # should error when there are no users told
+  
+}
 
 @test "fail on no users" {
   run _user_required
@@ -85,7 +96,7 @@ function teardown {
 
 
 @test "run 'tell' with '-m'" {
-  email=$(test_user_email $TEST_DEFAULT_USER)
+  local email="$TEST_DEFAULT_USER"
 
   git_set_config_email "$email"
   run git secret tell -d "$TEST_GPG_HOMEDIR" -m

tests/test_whoknows.bats

@@ -61,8 +61,8 @@ function teardown {
 
 @test "run 'whoknows' without any users" {
   # Preparations, removing users:
-  local email1=$(test_user_email "$TEST_DEFAULT_USER")
-  local email2=$(test_user_email "$TEST_SECOND_USER")
+  local email1="$TEST_DEFAULT_USER"
+  local email2="$TEST_SECOND_USER"
   git secret killperson "$email1" "$email2"
 
   # Now whoknows should raise an error: there are no users.