IZ MS retractions now use diaspora handle
This commit is contained in:
maxwell
parent
06445901f8
commit
3c8b40c427
4 changed files with 21 additions and 6 deletions
|
|
@ -23,7 +23,7 @@ module SocketsHelper
|
||||||
action_hash[:photo_hash] = object.thumb_hash
|
action_hash[:photo_hash] = object.thumb_hash
|
||||||
end
|
end
|
||||||
|
|
||||||
if object.person.owner_id == uid
|
if object.person && object.person.owner_id == uid
|
||||||
action_hash[:mine?] = true
|
action_hash[:mine?] = true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -83,6 +83,9 @@ module Diaspora
|
||||||
|
|
||||||
def receive_retraction retraction, xml
|
def receive_retraction retraction, xml
|
||||||
if retraction.type == 'Person'
|
if retraction.type == 'Person'
|
||||||
|
unless retraction.person.id.to_s == retraction.post_id.to_s
|
||||||
|
raise "#{retraction.diaspora_handle} trying to unfriend #{retraction.post_id} from #{self.id}"
|
||||||
|
end
|
||||||
Rails.logger.info( "the person id is #{retraction.post_id} the friend found is #{visible_person_by_id(retraction.post_id).inspect}")
|
Rails.logger.info( "the person id is #{retraction.post_id} the friend found is #{visible_person_by_id(retraction.post_id).inspect}")
|
||||||
unfriended_by visible_person_by_id(retraction.post_id)
|
unfriended_by visible_person_by_id(retraction.post_id)
|
||||||
else
|
else
|
||||||
|
|
|
||||||
|
|
@ -27,7 +27,7 @@ describe Diaspora::Parser do
|
||||||
|
|
||||||
it 'should accept retractions' do
|
it 'should accept retractions' do
|
||||||
friend_users(user, aspect, user2, aspect2)
|
friend_users(user, aspect, user2, aspect2)
|
||||||
message = Factory.create(:status_message, :person => user2.person)
|
message = user2.post(:status_message, :message => "cats", :to => aspect2.id)
|
||||||
retraction = Retraction.for(message)
|
retraction = Retraction.for(message)
|
||||||
xml = retraction.to_diaspora_xml
|
xml = retraction.to_diaspora_xml
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -111,17 +111,29 @@ describe "attack vectors" do
|
||||||
end
|
end
|
||||||
|
|
||||||
it 'it should not allow you to send retractions for other people' do
|
it 'it should not allow you to send retractions for other people' do
|
||||||
pending
|
|
||||||
ret = Retraction.new
|
ret = Retraction.new
|
||||||
ret.post_id = user2.person.id
|
ret.post_id = user2.person.id
|
||||||
ret.diaspora_handle = user3.person.diaspora_handle
|
ret.diaspora_handle = user3.person.diaspora_handle
|
||||||
ret.type = user2.person.class.to_s
|
ret.type = user2.person.class.to_s
|
||||||
|
|
||||||
#proc{
|
proc{
|
||||||
user.receive_salmon(user3.salmon(ret).xml_for(user.person))
|
user.receive_salmon(user3.salmon(ret).xml_for(user.person))
|
||||||
#}.should raise_error /Malicious Post/
|
}.should raise_error /#{user3.diaspora_handle} trying to unfriend #{user2.person.id} from #{user.id}/
|
||||||
|
|
||||||
# user.reload.friends.count.should == 2
|
user.reload.friends.count.should == 2
|
||||||
|
end
|
||||||
|
|
||||||
|
it 'it should not allow you to send retractions with xml and salmon handle mismatch' do
|
||||||
|
ret = Retraction.new
|
||||||
|
ret.post_id = user2.person.id
|
||||||
|
ret.diaspora_handle = user2.person.diaspora_handle
|
||||||
|
ret.type = user2.person.class.to_s
|
||||||
|
|
||||||
|
proc{
|
||||||
|
user.receive_salmon(user3.salmon(ret).xml_for(user.person))
|
||||||
|
}.should raise_error /Malicious Post/
|
||||||
|
|
||||||
|
user.reload.friends.count.should == 2
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue