Skip to content

GPG key email verification is case sensitive

The verification of email addresses on GPG keys appears to be case sensitive. For example, on my GPG key I have A.B.User@mydomain.com, but when my email address is synced from LDAP to my GitLab instance it is stored as a.b.user@mydomain.com. In practice it doesn't matter what case is used in the email address, so maybe GitLab should do a case insensitive check?

The relevant code is here:

https://gitlab.com/gitlab-org/gitlab-ce/blob/master/app/models/gpg_key.rb#L59

It looks like there's some precedence for case-insensitive matching: 7e8fc482

And this quick-hack change worked for me, but might require a little more thought:

--- gpg_key.rb.orig     2017-08-24 23:22:58.627693250 +0100
+++ gpg_key.rb  2017-08-24 23:23:53.972993865 +0100
@@ -56,15 +56,15 @@

   def verified_user_infos
     user_infos.select do |user_info|
-      user_info[:email] == user.email
+      user_info[:email].downcase == user.email.downcase
     end
   end

   def emails_with_verified_status
     user_infos.map do |user_info|
       [
-        user_info[:email],
-        user_info[:email] == user.email
+        user_info[:email].downcase,
+        user_info[:email].downcase == user.email.downcase
       ]
     end.to_h
   end
Edited by username-removed-63055