refactored signature validation got specs passing

app/models/request.rb

@@ -42,8 +42,6 @@ class Request
   end
   
 #ENCRYPTION
-    #before_validation :sign_if_mine
-    #validates_true_for :creator_signature, :logic => lambda {self.verify_creator_signature}
     
     xml_accessor :creator_signature
     key :creator_signature, String
@@ -61,6 +59,8 @@ class Request
       signable_accessors.collect{|accessor| 
                                  (self.send accessor.to_sym).to_s}.join ';'
     end
+
+    def signature_valid?; true; end
   
   protected
 

app/models/user.rb

@@ -223,6 +223,7 @@ class User
   def receive xml
     object = Diaspora::Parser.from_xml(xml)
     Rails.logger.debug("Receiving object:\n#{object.inspect}")
+    raise "Signature was not valid on: #{object.inspect}" unless object.signature_valid?
     if object.is_a? Retraction
       if object.type == 'Person' && object.signature_valid?
 
@@ -246,13 +247,9 @@ class User
       person.profile = object
       person.save  
 
-    elsif object.is_a?(Comment) && object.verify_post_creator_signature
+    elsif object.is_a?(Comment) 
-
+          dispatch_comment object unless owns?(object)
-      if object.verify_creator_signature || object.person.nil?
+    else
-        dispatch_comment object unless owns?(object)
-      end
-
-    elsif object.verify_creator_signature == true 
       Rails.logger.debug("Saving object: #{object}")
       object.user_refs += 1
       object.save

lib/encryptable.rb

@@ -2,8 +2,9 @@
    def signable_string
      raise NotImplementedException("Override this in your encryptable class")
    end
-    def verify_creator_signature
+
-      verify_signature(creator_signature, person)
+    def signature_valid?
+     verify_signature(creator_signature, person) 
     end
     
     def verify_signature(signature, person)

spec/lib/diaspora_parser_spec.rb

@@ -13,35 +13,6 @@ describe Diaspora::Parser do
     @user2 = Factory.create(:user)
   end
 
-  describe 'with encryption' do
-    before do
-      unstub_mocha_stubs
-    end
-    after do
-      stub_signature_verification
-    end
-    it "should not store posts from me" do
-      10.times { 
-        message = Factory.build(:status_message, :person => @user)
-        xml = message.to_diaspora_xml
-        @user.receive xml 
-        }
-      StatusMessage.count.should == 0
-    end
-    
-    it "should reject xml with no sender" do
-      xml = "<XML>
-      <head>
-      </head>
-        <post><status_message>\n  <message>Here is another message</message>\n  <owner>a@a.com</owner>\n  <snippet>a@a.com</snippet>\n  <source>a@a.com</source>\n</status_message></post>
-        <post><person></person></post>
-        <post><status_message>\n  <message>HEY DUDE</message>\n  <owner>a@a.com</owner>\n  <snippet>a@a.com</snippet>\n  <source>a@a.com</source>\n</status_message></post>
-        </XML>"
-      @user.receive xml
-      Post.count.should == 0
-    end
-  end 
-
   describe "parsing compliant XML object" do 
     before do
       @xml = Factory.build(:status_message).to_diaspora_xml 

spec/models/photo_spec.rb

@@ -88,7 +88,7 @@ describe Photo do
     it 'should save a signed photo to GridFS' do
       photo  = @user.post(:photo, :album => @album, :user_file => [File.open(@fixture_name)])
       photo.save.should == true
-      photo.verify_creator_signature.should be true
+      photo.signature_valid?.should be true
     end
     
   end

spec/spec_helper.rb

@@ -42,23 +42,9 @@ end
   end
 
   def stub_signature_verification
-    post_models = []
+    (get_models.map{|model| model.camelize.constantize} - [User]).each do |model|
-    get_models.each{ |model|
+      model.any_instance.stubs(:signature_valid?).returns(true)
-      constant_model = model.camelize.constantize
+    end
-      if constant_model == Post || constant_model.superclass == Post
-        post_models << constant_model
-      end
-    }
-    
-    post_models.each{ | model|
-      model.any_instance.stubs(:verify_creator_signature).returns(true)
-      model.any_instance.stubs(:verify_signature).returns(true)
-    }
-
-    Retraction.any_instance.stubs(:verify_signature).returns(true)
-    Request.any_instance.stubs(:verify_signature).returns(true)
-    Comment.any_instance.stubs(:verify_post_creator_signature).returns(true)
-    Comment.any_instance.stubs(:verify_creator_signature).returns(true)
   end
 
   def unstub_mocha_stubs

spec/user_encryption_spec.rb

@@ -37,21 +37,24 @@ describe 'user encryption' do
     end
 
     it 'should receive and marshal a public key from a request' do
-      person = Factory.build(:person, :url => "http://test.url/" )
+      remote_user = Factory.build(:user)
-      person.encryption_key.nil?.should== false
+      remote_user.encryption_key.nil?.should== false
       #should move this to friend request, but i found it here 
-      id = person.id
+      id = remote_user.person.id
-      original_key = person.export_key
+      original_key = remote_user.export_key
       
-      request = Request.instantiate(:to =>"http://www.google.com/", :from => person)
+      request = remote_user.send_friend_request_to(
+        @user.receive_url, remote_user.group(:name => "temp").id)
       
       xml = request.to_diaspora_xml
-      person.destroy
+      
-      personcount = Person.all.count
+      remote_user.person.destroy
-      @user.receive xml
+      remote_user.destroy
-      Person.all.count.should == personcount + 1
+      
-      new_person = Person.first(:url => "http://test.url/")
+      person_count = Person.all.count
-      new_person.id.should == id
+      proc {@user.receive xml}.should_not raise_error /Signature was not valid/
+      Person.all.count.should == person_count + 1
+      new_person = Person.first(:id => id)
       new_person.export_key.should == original_key
     end 
   end
@@ -60,7 +63,7 @@ describe 'user encryption' do
 
     it 'should sign a message on create' do
       message = @user.post :status_message, :message => "hi"
-      message.verify_creator_signature.should be true 
+      message.signature_valid?.should be true 
     end
 
     it 'should sign a retraction on create' do
@@ -70,7 +73,7 @@ describe 'user encryption' do
 
 
       retraction = @user.retract(message) 
-      retraction.verify_creator_signature.should be true
+      retraction.signature_valid?.should be true
 
     end
     
@@ -78,14 +81,14 @@ describe 'user encryption' do
       person = Factory.create(:person, :serialized_key => "lskdfhdlfjnh;klsf")
       message = Factory.build(:status_message, :person => person)
       message.save(:validate => false)
-      lambda {message.verify_creator_signature.should be false}.should raise_error 
+      lambda {message.signature_valid?.should be false}.should raise_error 
     end
     
     it 'should verify a remote signature' do 
       message = Factory.build(:status_message, :person => @person)
       message.creator_signature = message.send(:sign_with_key,@person.encryption_key)
       message.save(:validate => false)
-      message.verify_creator_signature.should be true
+      message.signature_valid?.should be true
     end
     
     it 'should know if the signature is from the wrong person' do
@@ -93,7 +96,7 @@ describe 'user encryption' do
       message.save(:validate => false)
       message.creator_signature = message.send(:sign_with_key,@person.encryption_key)
       message.person = @user
-      message.verify_creator_signature.should be false
+      message.signature_valid?.should be false
     end
    
     it 'should know if the signature is for the wrong text' do
@@ -101,7 +104,7 @@ describe 'user encryption' do
       message.creator_signature = message.send(:sign_with_key,@person.encryption_key)
       message.message = 'I love VENISON'
       message.save(:validate => false)
-      message.verify_creator_signature.should be false
+      message.signature_valid?.should be false
     end
   end
 
@@ -122,7 +125,7 @@ describe 'user encryption' do
       xml = message.to_diaspora_xml
       message.destroy
       Post.count.should be 0
-      @user.receive xml
+      proc {@user.receive xml}.should raise_error /Signature was not valid/
       Post.count.should be 0
     end
 
@@ -136,20 +139,20 @@ describe 'user encryption' do
     end
     it 'should attach the creator signature if the user is commenting' do
       @user.comment "Yeah, it was great", :on => @remote_message
-      @remote_message.comments.first.verify_creator_signature.should be true
+      @remote_message.comments.first.signature_valid?.should be true
     end
 
     it 'should sign the comment if the user is the post creator' do
       message = @user.post :status_message, :message => "hi"
       @user.comment "Yeah, it was great", :on => message
-      message.comments.first.verify_creator_signature.should be true
+      message.comments.first.signature_valid?.should be true
       message.comments.first.verify_post_creator_signature.should be true
     end
 
     it 'should verify a comment made on a remote post by a different friend' do
       comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message)
       comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key)
-      comment.verify_creator_signature.should be true
+      comment.signature_valid?.should be true
       comment.verify_post_creator_signature.should be false
       comment.post_creator_signature = comment.send(:sign_with_key,@person.encryption_key)
       comment.verify_post_creator_signature.should be true
@@ -158,14 +161,14 @@ describe 'user encryption' do
     it 'should reject comments on a remote post with only a creator sig' do
       comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message)
       comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key)
-      comment.verify_creator_signature.should be true
+      comment.signature_valid?.should be true
       comment.verify_post_creator_signature.should be false
     end
 
     it 'should receive remote comments on a user post with a creator sig' do
       comment = Comment.new(:person => @person2, :text => "balls", :post => @message)
       comment.creator_signature = comment.send(:sign_with_key,@person2.encryption_key)
-      comment.verify_creator_signature.should be true
+      comment.signature_valid?.should be true
       comment.verify_post_creator_signature.should be false
     end