From cf0df90daecb6c7ba5b602d3f11db38326b7784c Mon Sep 17 00:00:00 2001 From: ilya Date: Sun, 26 Sep 2010 22:08:42 -0700 Subject: [PATCH 1/2] moved the private key into user where it belongs, two failing cucumber tests --- app/models/person.rb | 20 ++++++-------------- app/models/user.rb | 24 ++++++++++++++++++++---- lib/diaspora/user/receiving.rb | 2 +- lib/encryptable.rb | 4 ++-- lib/encryptor.rb | 2 +- spec/factories.rb | 9 ++++----- spec/lib/diaspora_parser_spec.rb | 9 ++++++--- spec/user_encryption_spec.rb | 32 ++++++++++++++------------------ 8 files changed, 54 insertions(+), 48 deletions(-) diff --git a/app/models/person.rb b/app/models/person.rb index 9527a7bb7..2601de2bc 100644 --- a/app/models/person.rb +++ b/app/models/person.rb @@ -17,7 +17,7 @@ class Person key :url, String key :diaspora_handle, String, :unique => true - key :serialized_key, String + key :serialized_public_key, String key :owner_id, ObjectId @@ -29,7 +29,7 @@ class Person before_destroy :remove_all_traces before_validation :clean_url - validates_presence_of :url, :profile, :serialized_key + validates_presence_of :url, :profile, :serialized_public_key validates_format_of :url, :with => /^(https?):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\.[a-z]{2,5})?(:[0-9]{1,5})?(\/.*)?$/ix @@ -49,30 +49,22 @@ class Person "#{self.url}receive/users/#{self.id}/" end - def encryption_key - OpenSSL::PKey::RSA.new( serialized_key ) - end - - def encryption_key= new_key - raise TypeError unless new_key.class == OpenSSL::PKey::RSA - serialized_key = new_key.export - end def public_key_hash Base64.encode64 OpenSSL::Digest::SHA256.new(self.exported_key).to_s end def public_key - encryption_key.public_key + OpenSSL::PKey::RSA.new( serialized_public_key ) end def exported_key - encryption_key.public_key.export + serialized_public_key end def exported_key= new_key - raise "Don't change a key" if serialized_key - @serialized_key = new_key + raise "Don't change a key" if serialized_public_key + @serialized_public_key = new_key end def self.by_webfinger( identifier, opts = {}) diff --git a/app/models/user.rb b/app/models/user.rb index a93b3a727..535577fd3 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -18,6 +18,7 @@ class User devise :database_authenticatable, :registerable, :recoverable, :rememberable, :trackable, :validatable key :username, :unique => true + key :serialized_private_key, String key :friend_ids, Array key :pending_request_ids, Array @@ -251,7 +252,9 @@ class User def self.instantiate!( opts = {} ) opts[:person][:diaspora_handle] = "#{opts[:username]}@#{APP_CONFIG[:terse_pod_url]}" opts[:person][:url] = APP_CONFIG[:pod_url] - opts[:person][:serialized_key] = generate_key + + opts[:serialized_private_key] = generate_key + opts[:person][:serialized_public_key] = opts[:serialized_private_key].public_key User.create(opts) end @@ -278,7 +281,20 @@ class User } } end - def self.generate_key - OpenSSL::PKey::RSA::generate 4096 - end + + + def self.generate_key + OpenSSL::PKey::RSA::generate 4096 + end + + def encryption_key + OpenSSL::PKey::RSA.new( serialized_private_key ) + end + + def encryption_key= new_key + raise TypeError unless new_key.class == OpenSSL::PKey::RSA + serialized_private_key = new_key.export + end + + end diff --git a/lib/diaspora/user/receiving.rb b/lib/diaspora/user/receiving.rb index 39b1af5d2..5d737d8e9 100644 --- a/lib/diaspora/user/receiving.rb +++ b/lib/diaspora/user/receiving.rb @@ -43,7 +43,7 @@ module Diaspora def receive_request request, xml person = Diaspora::Parser.parse_or_find_person_from_xml( xml ) - person.serialized_key ||= request.exported_key + person.serialized_public_key ||= request.exported_key request.person = person request.person.save old_request = Request.first(:id => request.id) diff --git a/lib/encryptable.rb b/lib/encryptable.rb index 5b00ca9ea..133c05156 100644 --- a/lib/encryptable.rb +++ b/lib/encryptable.rb @@ -15,7 +15,7 @@ if person.nil? Rails.logger.info("Verifying sig on #{signable_string} but no person is here") return false - elsif person.encryption_key.nil? + elsif person.public_key.nil? Rails.logger.info("Verifying sig on #{signable_string} but #{person.real_name} has no key") return false elsif signature.nil? @@ -23,7 +23,7 @@ return false end Rails.logger.debug("Verifying sig on #{signable_string} from person #{person.real_name}") - validity = person.encryption_key.verify "SHA", Base64.decode64(signature), signable_string + validity = person.public_key.verify "SHA", Base64.decode64(signature), signable_string Rails.logger.debug("Validity: #{validity}") validity end diff --git a/lib/encryptor.rb b/lib/encryptor.rb index d90e8bdfe..e9c4936e1 100644 --- a/lib/encryptor.rb +++ b/lib/encryptor.rb @@ -31,7 +31,7 @@ module Encryptor end def encrypt_aes_key key - Base64.encode64 encryption_key.public_encrypt( key.to_json ) + Base64.encode64 public_key.public_encrypt( key.to_json ) end end diff --git a/spec/factories.rb b/spec/factories.rb index aecbf74cf..826ca970d 100644 --- a/spec/factories.rb +++ b/spec/factories.rb @@ -17,7 +17,7 @@ Factory.define :person do |p| p.sequence(:url) {|n| "http://google-#{n}.com/"} p.profile Factory.create(:profile) - p.serialized_key OpenSSL::PKey::RSA.generate(1024).public_key.export + p.serialized_public_key OpenSSL::PKey::RSA.generate(1024).public_key.export end Factory.define :album do |p| @@ -29,16 +29,15 @@ Factory.define :person_with_private_key, :parent => :person do |p| p.serialized_key OpenSSL::PKey::RSA.generate(1024).export end -Factory.define :person_with_user, :parent => :person_with_private_key do |p| -end - Factory.define :user do |u| u.sequence(:username) {|n| "bob#{n}"} u.sequence(:email) {|n| "bob#{n}@pivotallabs.com"} u.password "bluepin7" u.password_confirmation "bluepin7" + u.serialized_private_key OpenSSL::PKey::RSA.generate(1024).export u.after_build do |user| - user.person = Factory(:person_with_private_key, :owner_id => user._id, + user.person = Factory(:person, :owner_id => user._id, + :serialized_public_key => user.encryption_key.public_key.export, :diaspora_handle => "#{user.username}@#{APP_CONFIG[:pod_url].gsub(/(https?:|www\.)\/\//, '').chop!}") end end diff --git a/spec/lib/diaspora_parser_spec.rb b/spec/lib/diaspora_parser_spec.rb index e37cf0116..530dca211 100644 --- a/spec/lib/diaspora_parser_spec.rb +++ b/spec/lib/diaspora_parser_spec.rb @@ -8,7 +8,9 @@ describe Diaspora::Parser do before do @user = Factory.create(:user, :email => "bob@aol.com") @aspect = @user.aspect(:name => 'spies') - @person = Factory.create(:person_with_private_key, :diaspora_handle => "bill@gates.com") + + @user3 = Factory.create :user + @person = @user3.person @user2 = Factory.create(:user) end @@ -64,12 +66,13 @@ describe Diaspora::Parser do original_person_id = @person.id xml = request.to_diaspora_xml + @user3.destroy @person.destroy Person.all.count.should == person_count -1 @user.receive xml Person.all.count.should == person_count - Person.first(:_id => original_person_id).serialized_key.include?("PUBLIC").should be true + Person.first(:_id => original_person_id).serialized_public_key.include?("PUBLIC").should be true url = "http://" + request.callback_url.split("/")[2] + "/" Person.where(:url => url).first.id.should == original_person_id end @@ -87,7 +90,7 @@ describe Diaspora::Parser do @user2.reload @user2.person.reload - @user2.person.serialized_key.include?("PRIVATE").should be true + @user2.serialized_private_key.include?("PRIVATE").should be true url = "http://" + request.callback_url.split("/")[2] + "/" Person.where(:url => url).first.id.should == original_person_id diff --git a/spec/user_encryption_spec.rb b/spec/user_encryption_spec.rb index b74006e3d..2188b106e 100644 --- a/spec/user_encryption_spec.rb +++ b/spec/user_encryption_spec.rb @@ -9,16 +9,9 @@ describe 'user encryption' do unstub_mocha_stubs @user = Factory.create(:user) @aspect = @user.aspect(:name => 'dudes') - @person = Factory.create(:person_with_private_key, - :profile => Profile.new(:first_name => 'Remote', - :last_name => 'Friend'), - :diaspora_handle => 'somewhere@else.com', - :url => 'http://distant-example.com/') - @person2 = Factory.create(:person_with_private_key, - :profile => Profile.new(:first_name => 'Second', - :last_name => 'Friend'), - :diaspora_handle => 'elsewhere@else.com', - :url => 'http://distanter-example.com/') + + @user2 = Factory.create(:user) + @aspect2 = @user2.aspect(:name => 'dudes') end after do @@ -74,7 +67,10 @@ describe 'user encryption' do describe 'comments' do before do - @remote_message = Factory.create(:status_message, :person => @person) + friend_users(@user, @aspect, @user2, @aspect2) + @remote_message = @user2.post :status_message, :message => "hello", :to => @aspect2.id + + @message = @user.post :status_message, :message => "hi", :to => @aspect.id end it 'should attach the creator signature if the user is commenting' do @@ -90,24 +86,24 @@ describe 'user encryption' do end it 'should verify a comment made on a remote post by a different friend' do - comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message) - comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key) + comment = Comment.new(:person => @user2.person, :text => "cats", :post => @remote_message) + comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key) comment.signature_valid?.should be true comment.verify_post_creator_signature.should be false - comment.post_creator_signature = comment.send(:sign_with_key,@person.encryption_key) + comment.post_creator_signature = comment.send(:sign_with_key,@user.encryption_key) comment.verify_post_creator_signature.should be true end it 'should reject comments on a remote post with only a creator sig' do - comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message) - comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key) + comment = Comment.new(:person => @user2.person, :text => "cats", :post => @remote_message) + comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key) comment.signature_valid?.should be true comment.verify_post_creator_signature.should be false end it 'should receive remote comments on a user post with a creator sig' do - comment = Comment.new(:person => @person2, :text => "balls", :post => @message) - comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key) + comment = Comment.new(:person => @user2.person, :text => "cats", :post => @message) + comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key) comment.signature_valid?.should be true comment.verify_post_creator_signature.should be false end From f36b99b03c008cd344d28b2db104877a75756b3a Mon Sep 17 00:00:00 2001 From: ilya Date: Sun, 26 Sep 2010 22:13:28 -0700 Subject: [PATCH 2/2] changed the deploy_config to play on remote --- config/deploy_config.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/deploy_config.yml b/config/deploy_config.yml index 6aacbf3ff..6443a51ac 100644 --- a/config/deploy_config.yml +++ b/config/deploy_config.yml @@ -6,7 +6,7 @@ cross_server: deploy_to: '/usr/local/app/diaspora' user: 'root' repo: 'git://github.com/diaspora/diaspora.git' - branch: 'master' + branch: 'private_key_user_refactor' default_env: 'development' servers: tom: