From 36f265fa2fc5daedaf21ce08f2aa5047960d4dc5 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:11:30 -0700 Subject: [PATCH 01/17] Log safely --- app/models/comment.rb | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/app/models/comment.rb b/app/models/comment.rb index bd72721ee..7b0c2b62e 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -58,8 +58,12 @@ class Comment end def signature_valid? - Rails.logger.warn "Received comment has person #{person.inspect}" - Rails.logger.warn "Received comment has person key #{person.serialized_key}" if person + if person + Rails.logger.warn "Received comment has person #{person.inspect}" if person + Rails.logger.warn "Received comment has person key #{person.serialized_key}" if person + else + Rails.logger.warn "Received comment has no person" + end verify_signature(creator_signature, person) && verify_signature(post_creator_signator, post.person) end From f186dd98c844b91849bfd25afc1a429b028f8501 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:13:44 -0700 Subject: [PATCH 02/17] SIGNATOR --- app/models/comment.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/comment.rb b/app/models/comment.rb index 7b0c2b62e..50e970d8a 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -64,7 +64,7 @@ class Comment else Rails.logger.warn "Received comment has no person" end - verify_signature(creator_signature, person) && verify_signature(post_creator_signator, post.person) + verify_signature(creator_signature, person) && verify_signature(post_creator_signature, post.person) end protected From a65f512fa3af49901c831006d483ca6f7cac618e Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:29:06 -0700 Subject: [PATCH 03/17] verify post creator signature in receive --- app/models/comment.rb | 2 +- app/models/user.rb | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/models/comment.rb b/app/models/comment.rb index 50e970d8a..ce119f62c 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -64,7 +64,7 @@ class Comment else Rails.logger.warn "Received comment has no person" end - verify_signature(creator_signature, person) && verify_signature(post_creator_signature, post.person) + verify_signature(creator_signature, person) end protected diff --git a/app/models/user.rb b/app/models/user.rb index 409e964e3..a825864ed 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -195,6 +195,7 @@ class User person.save elsif object.is_a?(Comment) + raise "Signature was not valid on: #{object.inspect}" unless post.person == self || object.verify_post_creator_signature dispatch_comment object unless owns?(object) object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object)) else From 958627cc1c55517f6dc4b4c6d08378d1d102d67f Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:32:33 -0700 Subject: [PATCH 04/17] RS IZ object.post --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index a825864ed..b56064e9b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -195,7 +195,7 @@ class User person.save elsif object.is_a?(Comment) - raise "Signature was not valid on: #{object.inspect}" unless post.person == self || object.verify_post_creator_signature + raise "Signature was not valid on: #{object.inspect}" unless object.post.person == self || object.verify_post_creator_signature dispatch_comment object unless owns?(object) object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object)) else From 7feb30e3e1cfa74466a400f398e22e7c945bc8c7 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:41:16 -0700 Subject: [PATCH 05/17] RS, IZ, try saving the comment --- app/models/user.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/models/user.rb b/app/models/user.rb index b56064e9b..cd071492b 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -196,6 +196,7 @@ class User elsif object.is_a?(Comment) raise "Signature was not valid on: #{object.inspect}" unless object.post.person == self || object.verify_post_creator_signature + object.save dispatch_comment object unless owns?(object) object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object)) else From 9f11a474d8c13d96f2cafddc686ed334e8758e0c Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:46:04 -0700 Subject: [PATCH 06/17] Take out some logging, put in log user on receive --- app/controllers/publics_controller.rb | 1 - app/models/comment.rb | 7 +------ app/models/user.rb | 4 ++-- 3 files changed, 3 insertions(+), 9 deletions(-) diff --git a/app/controllers/publics_controller.rb b/app/controllers/publics_controller.rb index e7b994ff5..011996829 100644 --- a/app/controllers/publics_controller.rb +++ b/app/controllers/publics_controller.rb @@ -29,7 +29,6 @@ class PublicsController < ApplicationController Rails.logger.error("Received post #{params[:xml]} for nonexistent person #{params[:id]}") return end - Rails.logger.debug "PublicsController has received: #{params[:xml]}" @user.receive params[:xml] if params[:xml] end diff --git a/app/models/comment.rb b/app/models/comment.rb index ce119f62c..1b5be0077 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -58,12 +58,7 @@ class Comment end def signature_valid? - if person - Rails.logger.warn "Received comment has person #{person.inspect}" if person - Rails.logger.warn "Received comment has person key #{person.serialized_key}" if person - else - Rails.logger.warn "Received comment has no person" - end + Rails.logger.warn "Received comment has no person" unless person verify_signature(creator_signature, person) end diff --git a/app/models/user.rb b/app/models/user.rb index cd071492b..0e57d0601 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -166,7 +166,7 @@ class User def receive xml object = Diaspora::Parser.from_xml(xml) Rails.logger.debug("Receiving object:\n#{object.inspect}") - raise "Signature was not valid on: #{object.inspect}" unless object.signature_valid? + raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.signature_valid? if object.is_a? Retraction if object.type == 'Person' && object.signature_valid? @@ -195,7 +195,7 @@ class User person.save elsif object.is_a?(Comment) - raise "Signature was not valid on: #{object.inspect}" unless object.post.person == self || object.verify_post_creator_signature + raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.post.person == self || object.verify_post_creator_signature object.save dispatch_comment object unless owns?(object) object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object)) From c3fe3bf4433dae02a153019d5621302d078dc274 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:48:34 -0700 Subject: [PATCH 07/17] RS, IZ, check against self.person, not self in user receive --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index 0e57d0601..e43f44f51 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -195,7 +195,7 @@ class User person.save elsif object.is_a?(Comment) - raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.post.person == self || object.verify_post_creator_signature + raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.post.person == self.person || object.verify_post_creator_signature object.save dispatch_comment object unless owns?(object) object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object)) From c7974f804663b444b888005796353ecac0c8d483 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 11:53:32 -0700 Subject: [PATCH 08/17] Save comment's person in receive --- app/models/user.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/app/models/user.rb b/app/models/user.rb index e43f44f51..bd3ddfa61 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -195,6 +195,7 @@ class User person.save elsif object.is_a?(Comment) + object.person.save raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.post.person == self.person || object.verify_post_creator_signature object.save dispatch_comment object unless owns?(object) From f3c20bf3c037a080c52f1ef82392a79399e64ac8 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 12:01:11 -0700 Subject: [PATCH 09/17] accept comments from strangers --- app/models/comment.rb | 3 +-- app/models/user.rb | 1 - 2 files changed, 1 insertion(+), 3 deletions(-) diff --git a/app/models/comment.rb b/app/models/comment.rb index 1b5be0077..23dad39e9 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -58,8 +58,7 @@ class Comment end def signature_valid? - Rails.logger.warn "Received comment has no person" unless person - verify_signature(creator_signature, person) + person ? verify_signature(creator_signature, person) : true end protected diff --git a/app/models/user.rb b/app/models/user.rb index bd3ddfa61..e43f44f51 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -195,7 +195,6 @@ class User person.save elsif object.is_a?(Comment) - object.person.save raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.post.person == self.person || object.verify_post_creator_signature object.save dispatch_comment object unless owns?(object) From 5a92f9e8a834c319a5f568af3ff486dbcf9fd032 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 12:07:35 -0700 Subject: [PATCH 10/17] Do some logging --- app/models/comment.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/models/comment.rb b/app/models/comment.rb index 23dad39e9..29a82b243 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -58,6 +58,8 @@ class Comment end def signature_valid? + Rails.logger.warn "Validating signature on comment from: #{person.inspect}" + Rails.logger.warn "#{person.real_name}" if person person ? verify_signature(creator_signature, person) : true end From 6a48c07c90f77b02b2eefe2893e93001de298a2d Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 12:10:22 -0700 Subject: [PATCH 11/17] Return if nil --- app/models/comment.rb | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/app/models/comment.rb b/app/models/comment.rb index 29a82b243..b77a918f5 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -58,9 +58,8 @@ class Comment end def signature_valid? - Rails.logger.warn "Validating signature on comment from: #{person.inspect}" - Rails.logger.warn "#{person.real_name}" if person - person ? verify_signature(creator_signature, person) : true + return true if person.nil? + verify_signature(creator_signature, person) end protected From 1d69b88e2ecf852c2db51fdf4d7d7f93d07a5851 Mon Sep 17 00:00:00 2001 From: ilya Date: Thu, 26 Aug 2010 12:17:35 -0700 Subject: [PATCH 12/17] to id so that change of group works --- app/models/group.rb | 2 +- app/models/user.rb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/app/models/group.rb b/app/models/group.rb index 432ff697c..ae33ada7b 100644 --- a/app/models/group.rb +++ b/app/models/group.rb @@ -21,7 +21,7 @@ class Group end def posts_by_person_id( id ) - id = ensure_bson id + id = id.to_id posts.detect{|x| x.person.id == id } end end diff --git a/app/models/user.rb b/app/models/user.rb index e43f44f51..53a5e4a32 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -51,7 +51,7 @@ class User puts posts_to_move.inspect to_group.people << friend to_group.posts << posts_to_move - from_group.person_ids.delete(ensure_bson(friend.id)) + from_group.person_ids.delete(friend.id.to_id) posts_to_move.each{ |x| from_group.post_ids.delete(x.id)} from_group.save to_group.save From 3554de48d858fbc19b6ac7000510ea5db3743153 Mon Sep 17 00:00:00 2001 From: ilya Date: Thu, 26 Aug 2010 12:24:53 -0700 Subject: [PATCH 13/17] trying image url --- app/views/groups/edit.html.haml | 1 + 1 file changed, 1 insertion(+) diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml index d6e227b5f..9ccdd3a65 100644 --- a/app/views/groups/edit.html.haml +++ b/app/views/groups/edit.html.haml @@ -16,6 +16,7 @@ stuff -for person in group.people %li.person + = image_tag person.profile.image_url unless person.profile.image_url.nil? = person.real_name From df74020a16dc2e7f33ad03792511906a050848c7 Mon Sep 17 00:00:00 2001 From: ilya Date: Thu, 26 Aug 2010 12:27:10 -0700 Subject: [PATCH 14/17] small thumbnail --- app/views/groups/edit.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml index 9ccdd3a65..e3547a827 100644 --- a/app/views/groups/edit.html.haml +++ b/app/views/groups/edit.html.haml @@ -16,7 +16,7 @@ stuff -for person in group.people %li.person - = image_tag person.profile.image_url unless person.profile.image_url.nil? + = image_tag person.profile.image_url(:thumb_small) unless person.profile.image_url.nil? = person.real_name From 915144e08b120fdec98b8a3f86c0ba9957e91b45 Mon Sep 17 00:00:00 2001 From: ilya Date: Thu, 26 Aug 2010 12:32:14 -0700 Subject: [PATCH 15/17] size 30 by 30 --- app/views/groups/edit.html.haml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/views/groups/edit.html.haml b/app/views/groups/edit.html.haml index e3547a827..c8e3e4fc4 100644 --- a/app/views/groups/edit.html.haml +++ b/app/views/groups/edit.html.haml @@ -16,7 +16,7 @@ stuff -for person in group.people %li.person - = image_tag person.profile.image_url(:thumb_small) unless person.profile.image_url.nil? + = image_tag (person.profile.image_url(:thumb_small),:size => "30x30") unless person.profile.image_url.nil? = person.real_name From 31f79be06834ca426df671ae1a3e84b68669c76b Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 14:38:06 -0700 Subject: [PATCH 16/17] Save the person on receiving a comment --- app/models/comment.rb | 1 - app/models/user.rb | 2 ++ 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/app/models/comment.rb b/app/models/comment.rb index b77a918f5..3057b98e4 100644 --- a/app/models/comment.rb +++ b/app/models/comment.rb @@ -58,7 +58,6 @@ class Comment end def signature_valid? - return true if person.nil? verify_signature(creator_signature, person) end diff --git a/app/models/user.rb b/app/models/user.rb index e43f44f51..dcb4d3c2f 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -166,6 +166,8 @@ class User def receive xml object = Diaspora::Parser.from_xml(xml) Rails.logger.debug("Receiving object:\n#{object.inspect}") + Rails.logger.debug("From: #{object.person.inspect}") if object.person + object.person.save if object.is_a? Comment && Person.find_by_id(object.person_id).nil? raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.signature_valid? if object.is_a? Retraction if object.type == 'Person' && object.signature_valid? From 1ce34bc6fc7f5fafad6dc3392999edc3be843975 Mon Sep 17 00:00:00 2001 From: Raphael Date: Thu, 26 Aug 2010 14:42:16 -0700 Subject: [PATCH 17/17] Parenthases --- app/models/user.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/models/user.rb b/app/models/user.rb index 2594065a1..c12730dba 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -167,7 +167,7 @@ class User object = Diaspora::Parser.from_xml(xml) Rails.logger.debug("Receiving object:\n#{object.inspect}") Rails.logger.debug("From: #{object.person.inspect}") if object.person - object.person.save if object.is_a? Comment && Person.find_by_id(object.person_id).nil? + object.person.save if object.is_a?(Comment) && Person.find_by_id(object.person_id).nil? raise "In receive for #{self.real_name}, signature was not valid on: #{object.inspect}" unless object.signature_valid? if object.is_a? Retraction if object.type == 'Person' && object.signature_valid?