Merge branch 'master' of github.com:diaspora/diaspora

2010-10-19 16:07:03 -07:00 · 2010-10-19 16:07:03 -07:00 · 3557d66749
commit 3557d66749
parent 9309be2d69 24b136bbd9
8 changed files with 96 additions and 47 deletions
--- a/app/views/albums/_new_album.haml
+++ b/app/views/albums/_new_album.haml
@ -2,12 +2,14 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.

-%h1=t('.add_a_new_album')
+.span-12.last
+  .modal_title_bar
+    %h4= t('.add_a_new_album')

-= form_for Album.new do |f|
-  = f.error_messages
-  %p
-    = f.label :name
-    = f.text_field :name
-    = f.hidden_field :to, :value => aspect
-  = f.submit t('.create'), :class => 'button'
+  = form_for Album.new do |f|
+    = f.error_messages
+    %p
+      = f.label :name
+      = f.text_field :name
+      = f.hidden_field :to, :value => aspect
+    = f.submit t('.create'), :class => 'button'
--- a/app/views/aspects/_new_aspect.haml
+++ b/app/views/aspects/_new_aspect.haml
@ -2,10 +2,14 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.

-%h1=t('.add_a_new_aspect')
-= form_for Aspect.new do |aspect|
-  = aspect.error_messages
-  %p
-    = aspect.label :name
-    = aspect.text_field :name
-    = aspect.submit t('.create'), :class => 'button'
+.span-12.last
+  .modal_title_bar
+    %h4= t('.add_a_new_aspect')
+
+  = form_for Aspect.new do |aspect|
+    = aspect.error_messages
+    %p
+      = aspect.label :name
+      = aspect.text_field :name
+      = aspect.submit t('.create'), :class => 'button'
+
--- a/app/views/invitations/_new.haml
+++ b/app/views/invitations/_new.haml
@ -1,15 +1,18 @@
-%h2 Send invitation
-= form_for User.new, :url => invitation_path(User) do |invite|
-  %p
-    = invite.label :email
-    = invite.text_field :email
-  To
-  - unless @aspect.is_a? Aspect
-    = invite.select(:aspects, @aspects_dropdown_array)
-  - else 
-    = invite.select(:aspects, @aspects_dropdown_array, :selected => @aspect.id)
-  Message:
-  = invite.text_area :invite_messages
+.span-12.last
+  .modal_title_bar
+    %h4 Send invitation

-  %p= invite.submit "Send an invitation"
+  = form_for User.new, :url => invitation_path(User) do |invite|
+    %p
+      = invite.label :email
+      = invite.text_field :email
+    To
+    - unless @aspect.is_a? Aspect
+      = invite.select(:aspects, @aspects_dropdown_array)
+    - else 
+      = invite.select(:aspects, @aspects_dropdown_array, :selected => @aspect.id)
+    Message:
+    = invite.text_area :invite_messages
+
+    %p= invite.submit "Send an invitation"

--- a/app/views/requests/_new_request.haml
+++ b/app/views/requests/_new_request.haml
@ -2,20 +2,22 @@
 -#   licensed under the Affero General Public License version 3 or later.  See
 -#   the COPYRIGHT file.

-%h1
-  =t('.add_a_new_friend_to')
-  %i= aspect.name
+.span-12.last
+  .modal_title_bar
+    %h4
+      =t('.add_a_new_friend_to')
+      %i= aspect.name

-= form_for Request.new do |fr_request|
-  = fr_request.error_messages
+  = form_for Request.new do |fr_request|
+    = fr_request.error_messages

-  =t('.enter_a_diaspora_username')
-  %br
-  %i= t '.your_diaspora_username_is', :diaspora_handle  => current_user.diaspora_handle
+    =t('.enter_a_diaspora_username')
+    %br
+    %i= t '.your_diaspora_username_is', :diaspora_handle  => current_user.diaspora_handle

-  %p
-    = fr_request.label :destination_url, t(".friends_username")
-    = fr_request.text_field :destination_url
-  = fr_request.hidden_field :aspect_id, :value => aspect.id
-  = fr_request.submit
+    %p
+      = fr_request.label :destination_url, t(".friends_username")
+      = fr_request.text_field :destination_url
+    = fr_request.hidden_field :aspect_id, :value => aspect.id
+    = fr_request.submit

--- a/pkg/fedora/diaspora-setup
+++ b/pkg/fedora/diaspora-setup
@ -43,13 +43,14 @@ fi
 chmod 777 /var/lib/diaspora/uploads
 chown -R diaspora /var/log/diaspora

+hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
+
 if [ -n "$arg_hostname" ]; then
-    sed -i "/pod_url:/s/$hostname/$arg_hostname/g" config/app_config.yml &&
+    sed -i "/pod_url:/s|$hostname|$arg_hostname|g" config/app_config.yml &&
        echo "config/app_config.yml updated."
    exit 0
 fi

-hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
 while : ; do
    echo "Current hostname is \"$hostname\""
    echo -n "Enter new hostname [$hostname] :"
@ -57,7 +58,7 @@ while : ; do
    echo -n "Use hostname \"$new_hostname\" as pod_url (Yes/No) [Yes]? :"
    read yesno garbage
    test "${yesno:0:1}" = 'y' -o "${yesno:0:1}" = 'Y' -o -z "$yesno" && {
-        sed -i "/pod_url:/s/$hostname/$new_hostname/g" config/app_config.yml &&
+        sed -i "/pod_url:/s|$hostname|$new_hostname|g" config/app_config.yml &&
            echo "config/app_config.yml updated."
        break
    }
--- a/pkg/ubuntu/diaspora-setup
+++ b/pkg/ubuntu/diaspora-setup
@ -46,13 +46,14 @@ fi
 chmod 777 /var/lib/diaspora/uploads
 chown -R diaspora /var/log/diaspora

+hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
+
 if [ -n "$arg_hostname" ]; then
-    sed -i "/pod_url:/s/$hostname/$arg_hostname/g" config/app_config.yml &&
+    sed -i "/pod_url:/s|$hostname|$arg_hostname|g" config/app_config.yml &&
        echo "config/app_config.yml updated."
    exit 0
 fi

-hostname=$( awk '/pod_url:/ { print $2; exit }' <config/app_config.yml)
 while : ; do
    echo "Current hostname is \"$hostname\""
    echo -n "Enter new hostname [$hostname] :"
@ -60,7 +61,7 @@ while : ; do
    echo -n "Use hostname \"$new_hostname\" as pod_url (Yes/No) [Yes]? :"
    read yesno garbage
    test "${yesno:0:1}" = 'y' -o "${yesno:0:1}" = 'Y' -o -z "$yesno" && {
-        sed -i "/pod_url:/s/$hostname/$new_hostname/g" config/app_config.yml &&
+        sed -i "/pod_url:/s|$hostname|$new_hostname|g" config/app_config.yml &&
            echo "config/app_config.yml updated."
        break
    }
--- a/public/stylesheets/sass/application.sass
+++ b/public/stylesheets/sass/application.sass
@ -341,6 +341,7 @@ li.message
        :display block
        :height 100%
        :padding 2px 5px
+        :cursor default

        &:hover
          :background
@ -1044,3 +1045,16 @@ header

  h2
    :display inline
+
+.modal_title_bar
+  :width 100%
+  :background
+    :color #333
+  :margin
+    :bottom 2em
+  h4
+    :color #fff
+    :padding 10px 20px
+    :font
+      :size small
+
--- a/spec/models/user/attack_vectors_spec.rb
+++ b/spec/models/user/attack_vectors_spec.rb
@ -8,6 +8,8 @@ describe User do

  let(:user) { Factory(:user) }
  let(:aspect) { user.aspect(:name => 'heroes') }
+  
+  let(:bad_user) { Factory(:user)}

  let(:user2) { Factory(:user) }
  let(:aspect2) { user2.aspect(:name => 'losers') }
@ -20,6 +22,26 @@ describe User do
    friend_users(user, aspect, user3, aspect3)
  end

+  context 'non-friend valid user' do
+    
+    it 'raises if receives post by non-friend' do
+      pending "need to that posts come from friends.... requests need special treatment(because the person may not be in the db)"
+      post_from_non_friend = bad_user.build_post( :status_message, :message => 'hi')
+      xml = bad_user.salmon(post_from_non_friend).xml_for(user.person)
+
+      post_from_non_friend.delete
+      bad_user.delete
+
+      post_count = Post.count
+      proc{ user.receive_salmon(xml) }.should raise_error /Not friends with that person/
+
+      user.raw_visible_posts.include?(post_from_non_friend).should be false
+
+      Post.count.should == post_count
+    end
+
+  end
+
  context 'malicious friend attack vector' do
    it 'overwrites messages with a different user' do 
      original_message = user2.post :status_message, :message => 'store this!', :to => aspect2.id