diff --git a/app/models/request.rb b/app/models/request.rb index af57a9187..5289c757a 100644 --- a/app/models/request.rb +++ b/app/models/request.rb @@ -42,8 +42,6 @@ class Request end #ENCRYPTION - #before_validation :sign_if_mine - #validates_true_for :creator_signature, :logic => lambda {self.verify_creator_signature} xml_accessor :creator_signature key :creator_signature, String @@ -61,6 +59,8 @@ class Request signable_accessors.collect{|accessor| (self.send accessor.to_sym).to_s}.join ';' end + + def signature_valid?; true; end protected diff --git a/app/models/user.rb b/app/models/user.rb index d76279157..dfadaef68 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -223,6 +223,7 @@ class User def receive xml object = Diaspora::Parser.from_xml(xml) Rails.logger.debug("Receiving object:\n#{object.inspect}") + raise "Signature was not valid on: #{object.inspect}" unless object.signature_valid? if object.is_a? Retraction if object.type == 'Person' && object.signature_valid? @@ -246,13 +247,9 @@ class User person.profile = object person.save - elsif object.is_a?(Comment) && object.verify_post_creator_signature - - if object.verify_creator_signature || object.person.nil? - dispatch_comment object unless owns?(object) - end - - elsif object.verify_creator_signature == true + elsif object.is_a?(Comment) + dispatch_comment object unless owns?(object) + else Rails.logger.debug("Saving object: #{object}") object.user_refs += 1 object.save diff --git a/lib/encryptable.rb b/lib/encryptable.rb index 90954924d..17d8ab0c7 100644 --- a/lib/encryptable.rb +++ b/lib/encryptable.rb @@ -2,8 +2,9 @@ def signable_string raise NotImplementedException("Override this in your encryptable class") end - def verify_creator_signature - verify_signature(creator_signature, person) + + def signature_valid? + verify_signature(creator_signature, person) end def verify_signature(signature, person) diff --git a/spec/lib/diaspora_parser_spec.rb b/spec/lib/diaspora_parser_spec.rb index 38be7104d..d57ccc8ce 100644 --- a/spec/lib/diaspora_parser_spec.rb +++ b/spec/lib/diaspora_parser_spec.rb @@ -13,35 +13,6 @@ describe Diaspora::Parser do @user2 = Factory.create(:user) end - describe 'with encryption' do - before do - unstub_mocha_stubs - end - after do - stub_signature_verification - end - it "should not store posts from me" do - 10.times { - message = Factory.build(:status_message, :person => @user) - xml = message.to_diaspora_xml - @user.receive xml - } - StatusMessage.count.should == 0 - end - - it "should reject xml with no sender" do - xml = " - - - \n Here is another message\n a@a.com\n a@a.com\n a@a.com\n - - \n HEY DUDE\n a@a.com\n a@a.com\n a@a.com\n - " - @user.receive xml - Post.count.should == 0 - end - end - describe "parsing compliant XML object" do before do @xml = Factory.build(:status_message).to_diaspora_xml diff --git a/spec/models/photo_spec.rb b/spec/models/photo_spec.rb index de6adf50e..2562b1055 100644 --- a/spec/models/photo_spec.rb +++ b/spec/models/photo_spec.rb @@ -88,7 +88,7 @@ describe Photo do it 'should save a signed photo to GridFS' do photo = @user.post(:photo, :album => @album, :user_file => [File.open(@fixture_name)]) photo.save.should == true - photo.verify_creator_signature.should be true + photo.signature_valid?.should be true end end diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index e5482c521..548c7867d 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -42,23 +42,9 @@ end end def stub_signature_verification - post_models = [] - get_models.each{ |model| - constant_model = model.camelize.constantize - if constant_model == Post || constant_model.superclass == Post - post_models << constant_model - end - } - - post_models.each{ | model| - model.any_instance.stubs(:verify_creator_signature).returns(true) - model.any_instance.stubs(:verify_signature).returns(true) - } - - Retraction.any_instance.stubs(:verify_signature).returns(true) - Request.any_instance.stubs(:verify_signature).returns(true) - Comment.any_instance.stubs(:verify_post_creator_signature).returns(true) - Comment.any_instance.stubs(:verify_creator_signature).returns(true) + (get_models.map{|model| model.camelize.constantize} - [User]).each do |model| + model.any_instance.stubs(:signature_valid?).returns(true) + end end def unstub_mocha_stubs diff --git a/spec/user_encryption_spec.rb b/spec/user_encryption_spec.rb index a70804ebd..896fceb8a 100644 --- a/spec/user_encryption_spec.rb +++ b/spec/user_encryption_spec.rb @@ -37,21 +37,24 @@ describe 'user encryption' do end it 'should receive and marshal a public key from a request' do - person = Factory.build(:person, :url => "http://test.url/" ) - person.encryption_key.nil?.should== false + remote_user = Factory.build(:user) + remote_user.encryption_key.nil?.should== false #should move this to friend request, but i found it here - id = person.id - original_key = person.export_key + id = remote_user.person.id + original_key = remote_user.export_key - request = Request.instantiate(:to =>"http://www.google.com/", :from => person) + request = remote_user.send_friend_request_to( + @user.receive_url, remote_user.group(:name => "temp").id) xml = request.to_diaspora_xml - person.destroy - personcount = Person.all.count - @user.receive xml - Person.all.count.should == personcount + 1 - new_person = Person.first(:url => "http://test.url/") - new_person.id.should == id + + remote_user.person.destroy + remote_user.destroy + + person_count = Person.all.count + proc {@user.receive xml}.should_not raise_error /Signature was not valid/ + Person.all.count.should == person_count + 1 + new_person = Person.first(:id => id) new_person.export_key.should == original_key end end @@ -60,7 +63,7 @@ describe 'user encryption' do it 'should sign a message on create' do message = @user.post :status_message, :message => "hi" - message.verify_creator_signature.should be true + message.signature_valid?.should be true end it 'should sign a retraction on create' do @@ -70,7 +73,7 @@ describe 'user encryption' do retraction = @user.retract(message) - retraction.verify_creator_signature.should be true + retraction.signature_valid?.should be true end @@ -78,14 +81,14 @@ describe 'user encryption' do person = Factory.create(:person, :serialized_key => "lskdfhdlfjnh;klsf") message = Factory.build(:status_message, :person => person) message.save(:validate => false) - lambda {message.verify_creator_signature.should be false}.should raise_error + lambda {message.signature_valid?.should be false}.should raise_error end it 'should verify a remote signature' do message = Factory.build(:status_message, :person => @person) message.creator_signature = message.send(:sign_with_key,@person.encryption_key) message.save(:validate => false) - message.verify_creator_signature.should be true + message.signature_valid?.should be true end it 'should know if the signature is from the wrong person' do @@ -93,7 +96,7 @@ describe 'user encryption' do message.save(:validate => false) message.creator_signature = message.send(:sign_with_key,@person.encryption_key) message.person = @user - message.verify_creator_signature.should be false + message.signature_valid?.should be false end it 'should know if the signature is for the wrong text' do @@ -101,7 +104,7 @@ describe 'user encryption' do message.creator_signature = message.send(:sign_with_key,@person.encryption_key) message.message = 'I love VENISON' message.save(:validate => false) - message.verify_creator_signature.should be false + message.signature_valid?.should be false end end @@ -122,7 +125,7 @@ describe 'user encryption' do xml = message.to_diaspora_xml message.destroy Post.count.should be 0 - @user.receive xml + proc {@user.receive xml}.should raise_error /Signature was not valid/ Post.count.should be 0 end @@ -136,20 +139,20 @@ describe 'user encryption' do end it 'should attach the creator signature if the user is commenting' do @user.comment "Yeah, it was great", :on => @remote_message - @remote_message.comments.first.verify_creator_signature.should be true + @remote_message.comments.first.signature_valid?.should be true end it 'should sign the comment if the user is the post creator' do message = @user.post :status_message, :message => "hi" @user.comment "Yeah, it was great", :on => message - message.comments.first.verify_creator_signature.should be true + message.comments.first.signature_valid?.should be true message.comments.first.verify_post_creator_signature.should be true end it 'should verify a comment made on a remote post by a different friend' do comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message) comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key) - comment.verify_creator_signature.should be true + comment.signature_valid?.should be true comment.verify_post_creator_signature.should be false comment.post_creator_signature = comment.send(:sign_with_key,@person.encryption_key) comment.verify_post_creator_signature.should be true @@ -158,14 +161,14 @@ describe 'user encryption' do it 'should reject comments on a remote post with only a creator sig' do comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message) comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key) - comment.verify_creator_signature.should be true + comment.signature_valid?.should be true comment.verify_post_creator_signature.should be false end it 'should receive remote comments on a user post with a creator sig' do comment = Comment.new(:person => @person2, :text => "balls", :post => @message) comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key) - comment.verify_creator_signature.should be true + comment.signature_valid?.should be true comment.verify_post_creator_signature.should be false end