DG IZ; post senders are now verified by diaspora handles

app/models/person.rb

@@ -106,7 +106,7 @@ class Person
 
   #database calls
   def self.by_account_identifier(identifier)
-    identifier = identifier.strip.downcase.gsub('acct:', '') if identifier
+    identifier = identifier.strip.downcase.gsub('acct:', '')
     self.first(:diaspora_handle => identifier)
   end
 

app/models/post.rb

@@ -11,14 +11,14 @@ class Post
   include Diaspora::Webhooks
   include Diaspora::Socketable
 
-  xml_accessor :_id
+  xml_reader :_id
-  xml_accessor :person, :as => Person
+  xml_reader :diaspora_handle
   xml_reader :public
   xml_reader :created_at
 
   key :public, Boolean, :default => false
 
-  key :person_id, ObjectId
+  key :diaspora_handle, String
   key :user_refs, Integer, :default => 0
 
   many :comments, :class_name => 'Comment', :foreign_key => :post_id, :order => 'created_at ASC'

app/models/user.rb

@@ -216,6 +216,8 @@ class User
 
   def build_post(class_name, options = {})
     options[:person] = self.person
+    options[:diaspora_handle] = self.person.diaspora_handle
+
     model_class = class_name.to_s.camelize.constantize
     post = model_class.instantiate(options)
     post.save

lib/diaspora/user/receiving.rb

@@ -21,7 +21,7 @@ module Diaspora
         Rails.logger.debug("From: #{object.person.inspect}") if object.person
 
 
-        if object.is_a?(Comment) 
+        if object.is_a?(Comment) || object.is_a?(Post)
           e = EMWebfinger.new(object.diaspora_handle)
 
           e.on_person { |person|
@@ -32,7 +32,14 @@ module Diaspora
                 raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} "
               end
 
+              raise "Not friends with that person" unless self.contact_for(salmon_author)
+
+              if object.is_a?(Comment) 
                 receive_comment object, xml
+              else
+                receive_post object, xml
+              end
+
             end
           }
 
@@ -65,12 +72,15 @@ module Diaspora
           sender = object.person
         elsif object.is_a? Profile
           sender = Diaspora::Parser.owner_id_from_xml xml
-        elsif object.is_a?(Comment)
+
+        else
           object.person = webfingered_person
+          if object.is_a?(Comment)
             sender = (owns?(object.post))? object.person : object.post.person
           else
             sender = object.person
           end
+        end
         sender
       end
 

spec/models/album_spec.rb

@@ -65,18 +65,4 @@ describe Album do
     end
   end
 
-  describe '#to_xml' do
-    let(:doc) { album.to_xml }
-    it 'has a name' do
-      doc.at_xpath('./name').text.should == album.name
-    end
-
-    it 'has an id' do
-      doc.at_xpath('./_id').text.should == album.id.to_s
-    end
-
-    it 'includes the person' do
-      doc.at_xpath('./person/_id').text.should == album.person.id.to_s
-    end
-  end
 end

spec/models/post_spec.rb

@@ -7,17 +7,7 @@ require 'spec_helper'
 describe Post do
   before do
     @user = make_user
-  end
+    @aspect = @user.aspect(:name => "winners")
-
-  describe 'xml' do
-    before do
-      @message = Factory.create(:status_message, :person => @user.person)
-    end
-
-    it 'should serialize to xml with its person' do
-      @message.to_xml.to_s.include?(@user.person.diaspora_handle).should == true
-    end
-
   end
 
   describe 'deletion' do
@@ -29,5 +19,15 @@ describe Post do
       Comment.all(:text => "hey").empty?.should == true
     end
   end
+
+  describe 'serialization' do
+    it 'should serialize the handle and not the sender' do
+      post = @user.post :status_message, :message => "hello", :to => @aspect.id
+      xml = post.to_diaspora_xml
+
+      xml.include?(@user.person.id.to_s).should be false
+      xml.include?(@user.person.diaspora_handle).should be true
+    end
+  end
 end