Merge branch 'master' of github.com:diaspora/diaspora

app/models/person.rb

@@ -17,7 +17,7 @@ class Person
 
   key :url,            String
   key :diaspora_handle, String, :unique => true
-  key :serialized_key, String
+  key :serialized_public_key, String
 
   key :owner_id,  ObjectId
 
@@ -29,7 +29,7 @@ class Person
 
   before_destroy :remove_all_traces
   before_validation :clean_url
-  validates_presence_of :url, :profile, :serialized_key
+  validates_presence_of :url, :profile, :serialized_public_key
   validates_format_of :url, :with =>
      /^(https?):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\.[a-z]{2,5})?(:[0-9]{1,5})?(\/.*)?$/ix
 
@@ -49,30 +49,22 @@ class Person
     "#{self.url}receive/users/#{self.id}/"
   end
 
-  def encryption_key
-    OpenSSL::PKey::RSA.new( serialized_key )
-  end
-
-  def encryption_key= new_key
-    raise TypeError unless new_key.class == OpenSSL::PKey::RSA
-    serialized_key = new_key.export
-  end
 
   def public_key_hash
     Base64.encode64 OpenSSL::Digest::SHA256.new(self.exported_key).to_s
   end
 
   def public_key
-    encryption_key.public_key
+    OpenSSL::PKey::RSA.new( serialized_public_key )
   end
 
   def exported_key
-    encryption_key.public_key.export
+    serialized_public_key
   end
 
   def exported_key= new_key
-    raise "Don't change a key" if serialized_key
-    @serialized_key = new_key
+    raise "Don't change a key" if serialized_public_key
+    @serialized_public_key = new_key
   end
 
   def self.by_webfinger( identifier, opts = {})

app/models/user.rb

@@ -18,6 +18,7 @@ class User
   devise :database_authenticatable, :registerable,
          :recoverable, :rememberable, :trackable, :validatable
   key :username, :unique => true
+  key :serialized_private_key, String
 
   key :friend_ids,          Array
   key :pending_request_ids, Array
@@ -251,7 +252,9 @@ class User
   def self.instantiate!( opts = {} )
     opts[:person][:diaspora_handle] = "#{opts[:username]}@#{APP_CONFIG[:terse_pod_url]}"
     opts[:person][:url] = APP_CONFIG[:pod_url]
-    opts[:person][:serialized_key] = generate_key
+    
+    opts[:serialized_private_key] = generate_key
+    opts[:person][:serialized_public_key] = opts[:serialized_private_key].public_key
     User.create(opts)
   end
 
@@ -278,7 +281,20 @@ class User
       }
     }
   end
-    def self.generate_key
-      OpenSSL::PKey::RSA::generate 4096
-    end
+
+
+  def self.generate_key
+    OpenSSL::PKey::RSA::generate 4096
+  end
+  
+  def encryption_key
+    OpenSSL::PKey::RSA.new( serialized_private_key )
+  end
+
+  def encryption_key= new_key
+    raise TypeError unless new_key.class == OpenSSL::PKey::RSA
+    serialized_private_key = new_key.export
+  end
+
+
 end

config/deploy_config.yml

@@ -6,7 +6,7 @@ cross_server:
   deploy_to: '/usr/local/app/diaspora'
   user: 'root'
   repo: 'git://github.com/diaspora/diaspora.git'
-  branch: 'master'
+  branch: 'private_key_user_refactor'
   default_env: 'development'
 servers:
   tom:

lib/diaspora/user/receiving.rb

@@ -43,7 +43,7 @@ module Diaspora
 
       def receive_request request, xml
         person = Diaspora::Parser.parse_or_find_person_from_xml( xml )
-        person.serialized_key ||= request.exported_key
+        person.serialized_public_key ||= request.exported_key
         request.person = person
         request.person.save
         old_request =  Request.first(:id => request.id)

lib/encryptable.rb

@@ -15,7 +15,7 @@
       if person.nil?
         Rails.logger.info("Verifying sig on #{signable_string} but no person is here")
         return false
-      elsif person.encryption_key.nil?
+      elsif person.public_key.nil?
         Rails.logger.info("Verifying sig on #{signable_string} but #{person.real_name} has no key")
         return false
       elsif signature.nil?
@@ -23,7 +23,7 @@
         return false
       end
       Rails.logger.debug("Verifying sig on #{signable_string} from person #{person.real_name}")
-      validity = person.encryption_key.verify "SHA", Base64.decode64(signature), signable_string
+      validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string
       Rails.logger.debug("Validity: #{validity}")
       validity
     end

lib/encryptor.rb

@@ -31,7 +31,7 @@ module Encryptor
     end
 
     def encrypt_aes_key key
-      Base64.encode64 encryption_key.public_encrypt( key.to_json )
+      Base64.encode64 public_key.public_encrypt( key.to_json )
     end
   end
 

spec/factories.rb

@@ -17,7 +17,7 @@ Factory.define :person do |p|
   p.sequence(:url)  {|n| "http://google-#{n}.com/"}
   p.profile Factory.create(:profile)
 
-  p.serialized_key OpenSSL::PKey::RSA.generate(1024).public_key.export
+  p.serialized_public_key OpenSSL::PKey::RSA.generate(1024).public_key.export
 end
 
 Factory.define :album do |p|
@@ -29,16 +29,15 @@ Factory.define :person_with_private_key, :parent => :person do |p|
   p.serialized_key OpenSSL::PKey::RSA.generate(1024).export
 end
 
-Factory.define :person_with_user, :parent => :person_with_private_key do |p|
-end
-
 Factory.define :user do |u|
   u.sequence(:username) {|n| "bob#{n}"}
   u.sequence(:email) {|n| "bob#{n}@pivotallabs.com"}
   u.password "bluepin7"
   u.password_confirmation "bluepin7"
+  u.serialized_private_key  OpenSSL::PKey::RSA.generate(1024).export
   u.after_build do |user|
-    user.person = Factory(:person_with_private_key, :owner_id => user._id,
+    user.person = Factory(:person, :owner_id => user._id,
+                          :serialized_public_key => user.encryption_key.public_key.export,
                           :diaspora_handle => "#{user.username}@#{APP_CONFIG[:pod_url].gsub(/(https?:|www\.)\/\//, '').chop!}")
   end
 end

spec/lib/diaspora_parser_spec.rb

@@ -8,7 +8,9 @@ describe Diaspora::Parser do
   before do
     @user = Factory.create(:user, :email => "bob@aol.com")
     @aspect = @user.aspect(:name => 'spies')
-    @person = Factory.create(:person_with_private_key, :diaspora_handle => "bill@gates.com")
+    
+    @user3 = Factory.create :user
+    @person = @user3.person
     @user2 = Factory.create(:user)
   end
 
@@ -64,12 +66,13 @@ describe Diaspora::Parser do
       original_person_id = @person.id
       xml = request.to_diaspora_xml
 
+      @user3.destroy
       @person.destroy
       Person.all.count.should == person_count -1
       @user.receive xml
       Person.all.count.should == person_count
 
-      Person.first(:_id => original_person_id).serialized_key.include?("PUBLIC").should be true
+      Person.first(:_id => original_person_id).serialized_public_key.include?("PUBLIC").should be true
       url = "http://" + request.callback_url.split("/")[2] + "/"
       Person.where(:url => url).first.id.should == original_person_id
     end
@@ -87,7 +90,7 @@ describe Diaspora::Parser do
 
       @user2.reload
       @user2.person.reload
-      @user2.person.serialized_key.include?("PRIVATE").should be true
+      @user2.serialized_private_key.include?("PRIVATE").should be true
 
       url = "http://" + request.callback_url.split("/")[2] + "/"
       Person.where(:url => url).first.id.should == original_person_id

spec/user_encryption_spec.rb

@@ -9,16 +9,9 @@ describe 'user encryption' do
     unstub_mocha_stubs
     @user = Factory.create(:user)
     @aspect = @user.aspect(:name => 'dudes')
-    @person = Factory.create(:person_with_private_key,
-      :profile => Profile.new(:first_name => 'Remote',
-                              :last_name => 'Friend'),
-      :diaspora_handle => 'somewhere@else.com',
-      :url => 'http://distant-example.com/')
-    @person2 = Factory.create(:person_with_private_key,
-      :profile => Profile.new(:first_name => 'Second',
-                              :last_name => 'Friend'),
-      :diaspora_handle => 'elsewhere@else.com',
-      :url => 'http://distanter-example.com/')
+    
+    @user2 = Factory.create(:user)
+    @aspect2 = @user2.aspect(:name => 'dudes')
   end
 
   after  do
@@ -74,7 +67,10 @@ describe 'user encryption' do
 
   describe 'comments' do
     before do
-      @remote_message = Factory.create(:status_message, :person => @person)
+      friend_users(@user, @aspect, @user2, @aspect2)
+      @remote_message = @user2.post :status_message, :message => "hello", :to => @aspect2.id
+
+
       @message = @user.post :status_message, :message => "hi", :to => @aspect.id
     end
     it 'should attach the creator signature if the user is commenting' do
@@ -90,24 +86,24 @@ describe 'user encryption' do
     end
 
     it 'should verify a comment made on a remote post by a different friend' do
-      comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message)
-      comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key)
+      comment = Comment.new(:person => @user2.person, :text => "cats", :post => @remote_message)
+      comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key)
       comment.signature_valid?.should be true
       comment.verify_post_creator_signature.should be false
-      comment.post_creator_signature = comment.send(:sign_with_key,@person.encryption_key)
+      comment.post_creator_signature = comment.send(:sign_with_key,@user.encryption_key)
       comment.verify_post_creator_signature.should be true
     end
 
     it 'should reject comments on a remote post with only a creator sig' do
-      comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message)
-      comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key)
+      comment = Comment.new(:person => @user2.person, :text => "cats", :post => @remote_message)
+      comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key)
       comment.signature_valid?.should be true
       comment.verify_post_creator_signature.should be false
     end
 
     it 'should receive remote comments on a user post with a creator sig' do
-      comment = Comment.new(:person => @person2, :text => "balls", :post => @message)
-      comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key)
+      comment = Comment.new(:person => @user2.person, :text => "cats", :post => @message)
+      comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key)
       comment.signature_valid?.should be true
       comment.verify_post_creator_signature.should be false
     end