Merge branch 'master' of github.com:diaspora/diaspora_rails into

friend-refactor, also fixed more specs

Conflicts:
	app/models/person.rb
	app/models/user.rb
	spec/factories.rb

Rakefile

@@ -4,5 +4,4 @@
 require File.expand_path('../config/application', __FILE__)
 require 'rake'
 ENV['GNUPGHOME'] = File.expand_path("../../gpg/diaspora-#{Rails.env}/", __FILE__)
-GPGME::check_version({})
 Rails::Application.load_tasks

app/models/person.rb

@@ -5,13 +5,15 @@ class Person
   xml_accessor :_id
   xml_accessor :email
   xml_accessor :url
-  xml_accessor :key_fingerprint
+  xml_accessor :serialized_key
   xml_accessor :profile, :as => Profile
   
   
   key :email, String, :unique => true
   key :url, String
-  key :key_fingerprint, String
+
+  key :serialized_key, String 
+
 
   key :owner_id, ObjectId
   key :user_refs, Integer, :default => 0
@@ -26,26 +28,28 @@ class Person
   timestamps!
 
   before_validation :clean_url
-  validates_presence_of :email, :url, :key_fingerprint, :profile
+
+  validates_presence_of :email, :url, :serialized_key, :profile
   validates_format_of :url, :with =>
      /^(https?):\/\/[a-z0-9]+([\-\.]{1}[a-z0-9]+)*(\.[a-z]{2,5})?(:[0-9]{1,5})?(\/.*)?$/ix
   
 
-  after_destroy :remove_all_traces, :remove_key
+  after_destroy :remove_all_traces
-
-  scope :friends, where(:_type => "Person", :active => true)
-
  
   def real_name
     "#{profile.first_name.to_s} #{profile.last_name.to_s}"
   end
 
   def key
-    GPGME::Ctx.new.get_key key_fingerprint
+    OpenSSL::PKey::RSA.new( serialized_key )
   end
 
+  def key= new_key
+    raise TypeError unless new_key.class == OpenSSL::PKey::RSA
+    serialized_key = new_key.export
+  end
   def export_key
-    GPGME::export(key_fingerprint, :armor => true)
+    key.public_key.export
   end
 
 
@@ -82,6 +86,9 @@ class Person
     end
   end
 
+  def mine?(post)
+    self == post.person
+  end
 
 
   protected
@@ -99,10 +106,4 @@ class Person
     self.posts.delete_all
   end
 
-  def remove_key
-    puts 'Removing key from keyring in test environment' if Rails.env == 'test'
-    ctx = GPGME::Ctx.new
-    ctx.delete_key(key)
-  end
-
  end

app/models/post.rb

@@ -49,24 +49,24 @@ class Post
   end
 
 #ENCRYPTION
-    before_validation :sign_if_mine
+  before_validation :sign_if_mine
-    validates_true_for :creator_signature, :logic => lambda {self.verify_creator_signature}
+  validates_true_for :creator_signature, :logic => lambda {self.verify_creator_signature}
   
-    xml_accessor :creator_signature
+  xml_accessor :creator_signature
-    key :creator_signature, String
+  key :creator_signature, String
   
-    def signable_accessors
+  def signable_accessors
-      accessors = self.class.roxml_attrs.collect{|definition| 
+    accessors = self.class.roxml_attrs.collect{|definition| 
-        definition.accessor}
+      definition.accessor}
-      accessors.delete 'person'
+    accessors.delete 'person'
-      accessors.delete 'creator_signature'
+    accessors.delete 'creator_signature'
-      accessors
+    accessors
-    end
+  end
 
-    def signable_string
+  def signable_string
-      signable_accessors.collect{|accessor| 
+    signable_accessors.collect{|accessor| 
-        (self.send accessor.to_sym).to_s}.join ';'
+      (self.send accessor.to_sym).to_s}.join ';'
-    end
+  end
   
   def log_inspection
     Rails.logger.info self.inspect

app/models/profile.rb

@@ -20,6 +20,10 @@ class Profile
     self._parent_document.id
   end
   
+  def person
+    Person.first(:id => self.person_id)
+  end
+  
   def to_diaspora_xml
     "<post>"+ self.to_xml.to_s + "</post>"
   end

app/models/request.rb

@@ -28,15 +28,23 @@ class Request
   scope :for_user, lambda{ |user| where(:destination_url => user.url) }
   scope :from_user, lambda{ |user| where(:destination_url.ne => user.url) }
 
-  def self.instantiate(options ={})
+  def self.instantiate(options = {})
     person = options[:from]
     self.new(:destination_url => options[:to], :callback_url => person.url, :person => person, :exported_key => person.export_key)
   end
 
   def activate_friend 
-    p = Person.where(:url => self.person.url).first
+    from_user = Person.first(:url => self.callback_url).owner
-    p.active = true
+    puts from_user.inspect
-    p.save
+    from_user.friends << from_user.pending_friends.delete(person)
+  end
+  
+  def set_pending_friend
+    p = Person.first(:id => self.person.id)
+    
+    puts p.inspect
+    self.person.save  #save pending friend
+    
   end
  
 #ENCRYPTION

app/models/retraction.rb

@@ -20,15 +20,23 @@ class Retraction
   attr_accessor :type
 
   def perform
-    return unless verify_signature(@creator_signature, Post.first(:id => post_id).person)
-     
     begin
+      return unless signature_valid?
       self.type.constantize.destroy(self.post_id)
     rescue NameError
       Rails.logger.info("Retraction for unknown type recieved.")
     end
   end
 
+  def signature_valid?
+    target = self.type.constantize.first(:id => self.post_id)
+    if target.is_a? Person
+      verify_signature(@creator_signature, self.type.constantize.first(:id => self.post_id))
+    else 
+      verify_signature(@creator_signature, self.type.constantize.first(:id => self.post_id).person)
+    end
+  end
+
   def self.person_id_from(object)
     if object.is_a? Person
       object.id

app/models/user.rb

@@ -10,9 +10,11 @@ class User
   one :person, :class_name => 'Person', :foreign_key => :owner_id
   many :friends, :in => :friend_ids, :class_name => 'Person'
 
-  #before_validation_on_create :assign_key
+  before_validation_on_create :assign_key
   before_validation :do_bad_things
   
+  ######## Posting ########
+
 
   def method_missing(method, *args)
     self.person.send(method, *args)
@@ -32,7 +34,7 @@ class User
   ######### Friend Requesting
   def send_friend_request_to(friend_url)
     unless Person.where(:url => friend_url).first
-      p = Request.instantiate(:to => friend_url, :from => self)
+      p = Request.instantiate(:to => friend_url, :from => self.person)
       if p.save
         p.push_to_url friend_url
       end
@@ -53,18 +55,22 @@ class User
   def ignore_friend_request(friend_request_id)
     request = Request.first(:id => friend_request_id)
     person = request.person
-    person.destroy unless person.active
+    person.destroy unless self.friends.include? person
     request.destroy
   end
 
   def receive_friend_request(friend_request)
     Rails.logger.info("receiving friend request #{friend_request.to_json}")
-    GPGME.import(friend_request.exported_key)
+    
+    friend_request.person.serialized_key = friend_request.exported_key
     if Request.where(:callback_url => friend_request.callback_url).first
       friend_request.activate_friend
       friend_request.destroy
     else
       friend_request.person.save
+      
+      friend_request.create_pending_friend
+      
       friend_request.save
     end
   end
@@ -92,9 +98,7 @@ class User
 
   
   ###Helpers############
-  def mine?(post)
+
-    self == post.person
-  end
 
   def terse_url
     terse= self.url.gsub(/https?:\/\//, '')
@@ -114,32 +118,11 @@ class User
   protected
   
   def assign_key
-    keys = GPGME.list_keys(self.real_name, true)
+    self.person.serialized_key ||= generate_key.export
-    if keys.empty?
-      generate_key
-    end
-    self.key_fingerprint = GPGME.list_keys(self.real_name, true).first.subkeys.first.fingerprint
   end
 
   def generate_key
-    puts "Generating key"
+    OpenSSL::PKey::RSA::generate 1024 
-    puts paramstring
-    ctx = GPGME::Ctx.new
-    ctx.genkey(paramstring, nil, nil)
-    
   end
 
-  def paramstring
-"<GnupgKeyParms format=\"internal\">
-Key-Type: DSA
-Key-Length: 512
-Subkey-Type: ELG-E
-Subkey-Length: 512
-Name-Real: #{self.real_name}
-Name-Comment: #{self.url}
-Name-Email: #{self.email}
-Expire-Date: 0
-</GnupgKeyParms>"
-
-  end
 end

config/environment.rb

@@ -4,5 +4,4 @@ Haml::Template.options[:format] = :html5
 # Initialize the rails application
 Diaspora::Application.initialize!
 
-ENV['GNUPGHOME'] = File.expand_path("../../gpg/diaspora-#{Rails.env}/", __FILE__)
+
-GPGME::check_version({})

config/environments/test.rb

@@ -26,8 +26,7 @@ Diaspora::Application.configure do
   config.action_mailer.delivery_method = :test
   config.threadsafe!
   
-  ENV['GNUPGHOME'] = File.expand_path("../../gpg/diaspora-#{Rails.env}/", __FILE__)
+
-  GPGME::check_version({})
   # Use SQL instead of Active Record's schema dumper when creating the test database.
   # This is necessary if your schema can't be completely dumped by the schema dumper,
   # like if you have constraints or database-specific column types

db/seeds/backer.rb

@@ -7,9 +7,6 @@
 #   Mayor.create(:name => 'Daley', :city => citie
 
 require 'config/environment'
-ENV['GNUPGHOME'] = File.expand_path("../../../gpg/diaspora-#{Rails.env}/", __FILE__)
-GPGME::check_version({})
-
 
 def create(backer_number)
   backer_info = [ [5072,"George", "Washington"],

db/seeds/dev.rb

@@ -7,8 +7,7 @@
 #   Mayor.create(:name => 'Daley', :city => citie
 
 require 'config/environment'
-ENV['GNUPGHOME'] = File.expand_path("../../../gpg/diaspora-#{Rails.env}/", __FILE__)
+
-GPGME::check_version({})
 # Create seed user
 user = User.create( :email => "robert@joindiaspora.com", :password => "evankorth", :profile => Profile.new( :first_name => "bobert", :last_name => "brin" ))
 

db/seeds/tom.rb

@@ -7,8 +7,7 @@
 #   Mayor.create(:name => 'Daley', :city => citie
 
 require 'config/environment'
-ENV['GNUPGHOME'] = File.expand_path("../../../gpg/diaspora-#{Rails.env}/", __FILE__)
+
-GPGME::check_version({})
 # Create seed user
 user = User.create( :email => "tom@tom.joindiaspora.com", :password => "evankorth", :url => "http://tom.joindiaspora.com/", :profile => Profile.new( :first_name => "Alexander", :last_name => "Hamiltom" ))
 

lib/diaspora/webhooks.rb

@@ -7,7 +7,7 @@ module Diaspora
         @@queue = MessageHandler.new
 
         def notify_people
-          if self.person_id == User.owner.id
+          if self.person_id == User.owner.person.id
             push_to(people_with_permissions)
           end
         end
@@ -39,7 +39,8 @@ module Diaspora
         end
 
         def people_with_permissions
-          Person.friends.all
+          puts "#{self.person.owner.friends.count} foo"
+          self.person.owner.friends.all
         end
 
         def self.build_xml_for(posts)

lib/encryptable.rb

@@ -7,21 +7,27 @@
     end
     
     def verify_signature(signature, person)
-      return false unless signature && person.key_fingerprint
+      if person.nil?
-      validity = nil
+        Rails.logger.info("Verifying sig on #{signable_string} but no person is here")
+        return false
+      elsif person.key.nil?
+        Rails.logger.info("Verifying sig on #{signable_string} but #{person.real_name} has no key")
+        return false
+      elsif signature.nil?
+        Rails.logger.info("Verifying sig on #{signable_string} but #{person.real_name} did not sign")
+        return false
+      end
       Rails.logger.info("Verifying sig on #{signable_string} from person #{person.real_name}")
-      GPGME::verify(signature, signable_string, 
+      validity = person.key.verify "SHA", Base64.decode64(signature), signable_string
-        {:armor => true, :always_trust => true}){ |signature_analysis|
+      Rails.logger.info("Validity: #{validity}")
-        #puts signature_analysis
+      validity
-        validity =  signature_analysis.status == GPGME::GPG_ERR_NO_ERROR &&
-            signature_analysis.fpr == person.key_fingerprint
-      }
-      return validity
     end
     
     protected
     def sign_if_mine
       if self.person == User.owner
+
+
         self.creator_signature = sign
       end
     end
@@ -32,8 +38,8 @@
 
     def sign_with_key(key)
       Rails.logger.info("Signing #{signable_string}")
-      GPGME::sign(signable_string,nil,
+      Base64.encode64(key.sign "SHA", signable_string)
-          {:armor=> true, :mode => GPGME::SIG_MODE_DETACH, :signers => [key]})
+      
     end
   end
 

lib/tasks/gpg.rake

@@ -1,8 +0,0 @@
-namespace :gpg do
-  desc 'Clear the gpg keyrings'
-  task :clear do
-    ctx = GPGME::Ctx.new
-    keys = ctx.keys
-    keys.each{|k| ctx.delete_key(k, true)}
-  end
-end

spec/factories.rb

@@ -2,8 +2,6 @@
 #http://github.com/thoughtbot/factory_girl
 # http://railscasts.com/episodes/158-factories-not-fixtures
 #This inclsion, because gpg-agent(not needed) is never run and hence never sets any env. variables on a MAC
-ENV['GNUPGHOME'] = File.expand_path("../../gpg/diaspora-#{Rails.env}/", __FILE__)
-GPGME::check_version({})
 
 Factory.define :profile do |p|
   p.first_name "Robert"
@@ -13,8 +11,13 @@ end
 Factory.define :person do |p|
   p.sequence(:email) {|n| "bob-person-#{n}@aol.com"}
   p.sequence(:url)  {|n| "http://google-#{n}.com/"}
-  p.key_fingerprint GPGME::list_keys("Wesley").first.subkeys.first.fingerprint
   p.profile Factory.create(:profile)
+
+  p.serialized_key OpenSSL::PKey::RSA.generate(1024).public_key.export
+end
+
+Factory.define :person_with_private_key, :parent => :person do |p|
+  p.serialized_key OpenSSL::PKey::RSA.generate(1024).export
 end
 
 Factory.define :user do |u|
@@ -22,7 +25,7 @@ Factory.define :user do |u|
   u.password "bluepin7"
   u.password_confirmation "bluepin7"
 
-  u.sequence(:person) {|p| Factory.create(:person, :email => "robert-#{p}@grimm.org")}
+  u.sequence(:person) {|p| Factory.create(:person_with_private_key, :email => "robert-#{p}@grimm.org")}
 end
 
 Factory.define :status_message do |m|

spec/lib/web_hooks_spec.rb

@@ -7,12 +7,15 @@ describe Diaspora do
   describe Webhooks do
     before do
       @user = Factory.create(:user, :email => "bob@aol.com")
+      @user.person.save
       @person = Factory.create(:person)
+      @user.friends << @person
+      @user.save
     end
 
     describe "body" do
       before do
-        @post = Factory.create(:status_message, :person => @user)
+        @post = Factory.create(:status_message, :person => @user.person)
       end
 
       it "should add the following methods to Post on inclusion" do
@@ -26,12 +29,12 @@ describe Diaspora do
       end
 
       it "should retrieve all valid person endpoints" do
-        Factory.create(:person, :url => "http://www.bob.com/")
+        @user.friends << Factory.create(:person, :url => "http://www.bob.com/")
-        Factory.create(:person, :url => "http://www.alice.com/")
+        @user.friends << Factory.create(:person, :url => "http://www.alice.com/")
-        Factory.create(:person, :url => "http://www.jane.com/")
+        @user.friends << Factory.create(:person, :url => "http://www.jane.com/")
+        @user.save
         
-        non_users = Person.where( :_type => "Person" ).all
+        @post.people_with_permissions.should == @user.friends.map{|friend| friend.url + "receive/ "}
-        @post.people_with_permissions.should == non_users
       end
 
       it "should send an owners post to their people" do
@@ -48,7 +51,8 @@ describe Diaspora do
       end
 
       it "should ensure one url is created for every person" do
-        5.times {Factory.create(:person)}
+        5.times {@user.friends << Factory.create(:person)}
+        @user.save
         @post.people_with_permissions.size.should == 6
       end
 

spec/models/comments_spec.rb

@@ -7,7 +7,7 @@ describe Comment do
       @user.person.save
     end
     it "should be able to comment on his own status" do
-      status = Factory.create(:status_message, :person => @user)
+      status = Factory.create(:status_message, :person => @user.person)
       status.comments.should == []
 
       @user.comment "Yeah, it was great", :on => status
@@ -17,14 +17,14 @@ describe Comment do
     it "should be able to comment on a person's status" do
       person= Factory.create :person
       status = Factory.create(:status_message, :person => person)
-      @user.comment "sup dog", :on => status
+      @user.person.comment "sup dog", :on => status
       
       StatusMessage.first.comments.first.text.should == "sup dog"
-      StatusMessage.first.comments.first.person.should == @user
+      StatusMessage.first.comments.first.person.should == @user.person
     end
 
     it 'should not send out comments when we have no people' do
-      status = Factory.create(:status_message, :person => @user)
+      status = Factory.create(:status_message, :person => @user.person)
       Comment.send(:class_variable_get, :@@queue).should_not_receive(:add_post_request)
       @user.comment "sup dog", :on => status
     end
@@ -34,18 +34,18 @@ describe Comment do
         @person = Factory.create(:person)
         @person_two = Factory.create(:person)
         @person_status = Factory.create(:status_message, :person => @person)
-        @user_status = Factory.create(:status_message, :person => @user)
+        @user_status = Factory.create(:status_message, :person => @user.person)
       end
     
       it "should send a user's comment on a person's post to that person" do
         Comment.send(:class_variable_get, :@@queue).should_receive(:add_post_request)
-        @user.comment "yo", :on => @person_status
+        @user.person.comment "yo", :on => @person_status
       end
     
       it 'should send a user comment on his own post to lots of people' do
         allowed_urls = @user_status.people_with_permissions.map!{|x| x = x.url + "receive/"}
         Comment.send(:class_variable_get, :@@queue).should_receive(:add_post_request).with(allowed_urls, anything )
-        @user.comment "yo", :on => @user_status
+        @user.person.comment "yo", :on => @user_status
       end
     
       it 'should send a comment a person made on your post to all people' do

spec/models/request_spec.rb

@@ -36,11 +36,11 @@ describe Request do
 
   it 'should allow me to see only friend requests sent to me' do 
     user = Factory.create(:user)
-    remote_person = Factory.build(:user, :email => "robert@grimm.com", :url => "http://king.com/")
+    remote_person = Factory.build(:person, :email => "robert@grimm.com", :url => "http://king.com/")
     
-    Request.instantiate(:from => user, :to => remote_person.url).save
+    Request.instantiate(:from => user.person, :to => remote_person.url).save
-    Request.instantiate(:from => user, :to => remote_person.url).save
+    Request.instantiate(:from => user.person, :to => remote_person.url).save
-    Request.instantiate(:from => user, :to => remote_person.url).save
+    Request.instantiate(:from => user.person, :to => remote_person.url).save
     Request.instantiate(:from => remote_person, :to => user.url).save
       
     Request.for_user(user).all.count.should == 1

spec/models/user_spec.rb

@@ -14,23 +14,23 @@ describe User do
     end
 
     it "should be able to accept a pending friend request" do
-      friend = Factory.create(:person, :active => false)
+      friend = Factory.create(:person)
       r = Request.instantiate(:to => @user.url, :from => friend)
       r.save
       Person.all.count.should == 2
       Request.for_user(@user).all.count.should == 1
       @user.accept_friend_request(r.id)
       Request.for_user(@user).all.count.should == 0
-      Person.where(:id => friend.id).first.active.should == true
+      #Person.where(:id => friend.id).first.active.should == true
     end
 
     it 'should be able to ignore a pending friend request' do
-      friend = Factory.create(:person, :active => false)
+      friend = Factory.create(:person)
       r = Request.instantiate(:to => @user.url, :from => friend)
       r.save
 
       Person.count.should == 2
-      friend.active.should == false
+      #friend.active.should == false
 
       @user.ignore_friend_request(r.id)
 
@@ -45,6 +45,8 @@ describe User do
     end
 
     it 'should be able to give me the terse url for webfinger' do
+     @user.person.url = "http://example.com/"
+
       @user.terse_url.should == 'example.com'
     end
 
@@ -56,7 +58,7 @@ describe User do
       queue = Profile.send :class_variable_get, :@@queue
       queue.should_receive(:process)
       
-      @user.update_profile(updated_profile).should == true
+      @user.person.update_profile(updated_profile).should == true
       @user.profile.image_url.should == "http://clown.com"
     end
   end

spec/spec_helper.rb

@@ -52,11 +52,12 @@ end
     
     post_models.each{ | model|
       model.any_instance.stubs(:verify_creator_signature).returns(true)
+      model.any_instance.stubs(:verify_signature).returns(true)
     }
 
+    Retraction.any_instance.stubs(:verify_signature).returns(true)
+    Request.any_instance.stubs(:verify_signature).returns(true)
     Comment.any_instance.stubs(:verify_post_creator_signature).returns(true)
-    Person.any_instance.stubs(:remove_key).returns(true)
-    User.any_instance.stubs(:remove_key).returns(true)
   end
 
   def unstub_mocha_stubs

spec/user_encryption_spec.rb

@@ -12,16 +12,13 @@ describe 'user encryption' do
   before do
     unstub_mocha_stubs
     @user = Factory.create(:user)
-    @user.send(:assign_key)
     @user.save
-    @person = Factory.create(:person,
+    @person = Factory.create(:person_with_private_key,
-      :key_fingerprint => GPGME.list_keys("Remote Friend").first.subkeys.first.fpr,
       :profile => Profile.new(:first_name => 'Remote',
                               :last_name => 'Friend'),
       :email => 'somewhere@else.com',
       :url => 'http://distant-example.com/')
-    @person2 = Factory.create(:person,
+    @person2 = Factory.create(:person_with_private_key,
-      :key_fingerprint => GPGME.list_keys("Second Friend").first.subkeys.first.fpr,
       :profile => Profile.new(:first_name => 'Second',
                               :last_name => 'Friend'),
       :email => 'elsewhere@else.com',
@@ -35,26 +32,9 @@ describe 'user encryption' do
     #keys = ctx.keys
     #keys.each{|k| ctx.delete_key(k, true)}
   end
-  
+  it 'should have a key' do
-  it 'should remove the key from the keyring on person destroy' do
+    @user.key.should_not be nil
-    person = Factory.create :person
-    keyid = person.key_fingerprint
-    original_key = person.export_key
-    GPGME.list_keys(keyid).count.should be 1
-    person.destroy
-    GPGME.list_keys(keyid).count.should be 0
-    GPGME.import(original_key)
-    GPGME.list_keys(keyid).count.should be 1
   end
-
-  it 'should have a key fingerprint' do
-    @user.key_fingerprint.should_not be nil
-  end
-
-  it 'should retrieve a user key' do
-    @user.key.subkeys[0].fpr.should  == @user.key_fingerprint
-  end
-
   describe 'key exchange on friending' do
        it 'should send over a public key' do
       Comment.send(:class_variable_get, :@@queue).stub!(:add_post_request)
@@ -64,9 +44,8 @@ describe 'user encryption' do
 
     it 'should receive and marshal a public key from a request' do
       person = Factory.build(:person, :url => "http://test.url/" )
-      person.key_fingerprint.nil?.should== false
+      person.key.nil?.should== false
       #should move this to friend request, but i found it here 
-      f = person.key_fingerprint
       id = person.id
       original_key = person.export_key
       
@@ -78,9 +57,7 @@ describe 'user encryption' do
       store_objects_from_xml(xml)
       Person.all.count.should == personcount + 1
       new_person = Person.first(:url => "http://test.url/")
-      new_person.key_fingerprint.nil?.should == false
       new_person.id.should == id
-      new_person.key_fingerprint.should == f
       new_person.export_key.should == original_key
     end 
   end
@@ -93,10 +70,10 @@ describe 'user encryption' do
     end
     
     it 'should not be able to verify a message from a person without a key' do 
-      person = Factory.create(:person, :key_fingerprint => "123")
+      person = Factory.create(:person, :serialized_key => "lskdfhdlfjnh;klsf")
       message = Factory.build(:status_message, :person => person)
       message.save(:validate => false)
-      message.verify_creator_signature.should be false
+      lambda {message.verify_creator_signature.should be false}.should raise_error 
     end
     
     it 'should verify a remote signature' do