diff --git a/app/controllers/requests_controller.rb b/app/controllers/requests_controller.rb index 3cd8a4960..e324357e0 100644 --- a/app/controllers/requests_controller.rb +++ b/app/controllers/requests_controller.rb @@ -54,12 +54,17 @@ class RequestsController < ApplicationController #socket to tell people this failed? end } - rescue Exception => e - flash[:error] = e.message - end - - flash[:notice] = "we tried our best to send a message to #{account}" unless flash[:error] - redirect_to aspects_manage_path + rescue Exception => e + flash[:error] = e.message + end + + if params[:getting_started] + redirect_to getting_started_path(:step=>params[:getting_started]) + else + flash[:notice] = "we tried our best to send a message to #{account}" unless flash[:error] + respond_with :location => aspects_manage_path + return + end end end diff --git a/lib/diaspora/user/receiving.rb b/lib/diaspora/user/receiving.rb index 44170f20d..62eb9f05f 100644 --- a/lib/diaspora/user/receiving.rb +++ b/lib/diaspora/user/receiving.rb @@ -8,10 +8,10 @@ module Diaspora webfinger = EMWebfinger.new(salmon.author_email) webfinger.on_person { |salmon_author| - if salmon.verified_for_key?(salmon_author.public_key) - Rails.logger.info("data in salmon: #{salmon.parsed_data}") - self.receive(salmon.parsed_data, salmon_author) - end + if salmon.verified_for_key?(salmon_author.public_key) + Rails.logger.info("data in salmon: #{salmon.parsed_data}") + self.receive(salmon.parsed_data, salmon_author) + end } end @@ -20,29 +20,45 @@ module Diaspora Rails.logger.debug("Receiving object for #{self.real_name}:\n#{object.inspect}") Rails.logger.debug("From: #{object.person.inspect}") if object.person - sender_in_xml = sender(object, xml) - if (salmon_author != sender_in_xml) - raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} " - end + if object.is_a?(Comment) + e = EMWebfinger.new(object.diaspora_handle) - if object.is_a? Request - return receive_request object, sender_in_xml - end - raise "Not friends with that person" unless self.contact_for(salmon_author) + e.on_person { |person| + + if person.class == Person + sender_in_xml = sender(object, xml, person) + if (salmon_author != sender_in_xml) + raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} " + end + + receive_comment object, xml + end + } - if object.is_a? Retraction - receive_retraction object, xml - elsif object.is_a? Profile - receive_profile object, xml - elsif object.is_a?(Comment) - receive_comment object, xml else - receive_post object, xml + sender_in_xml = sender(object, xml) + + if (salmon_author != sender_in_xml) + raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} " + end + + if object.is_a? Request + return receive_request object, sender_in_xml + end + raise "Not friends with that person" unless self.contact_for(salmon_author) + + if object.is_a? Retraction + receive_retraction object, xml + elsif object.is_a? Profile + receive_profile object, xml + else + receive_post object, xml + end end end - def sender(object, xml) + def sender(object, xml, webfingered_person = nil) if object.is_a? Retraction sender = object.person elsif object.is_a? Request @@ -50,7 +66,7 @@ module Diaspora elsif object.is_a? Profile sender = Diaspora::Parser.owner_id_from_xml xml elsif object.is_a?(Comment) - object.person = Person.by_webfinger(object.diaspora_handle) + object.person = webfingered_person sender = (owns?(object.post))? object.person : object.post.person else sender = object.person @@ -77,9 +93,9 @@ module Diaspora request.person.save old_request = Request.first(:id => request.id) Rails.logger.info("I got a reqest_id #{request.id} with old request #{old_request.inspect}") - request.aspect_id = old_request.aspect_id if old_request - request.save - receive_friend_request(request) + request.aspect_id = old_request.aspect_id if old_request + request.save + receive_friend_request(request) end def receive_profile profile, xml diff --git a/lib/em-webfinger.rb b/lib/em-webfinger.rb index 6b3d82326..b9eaf03bf 100644 --- a/lib/em-webfinger.rb +++ b/lib/em-webfinger.rb @@ -9,8 +9,7 @@ class EMWebfinger # Raise an error if identifier has a port number raise "Identifier is invalid" if(@account.strip.match(/\:\d+$/)) # Raise an error if identifier is not a valid email (generous regexp) - raise "Identifier is invalid" if !(@account=~ /\A.*\@.*\..*\Z/) - end + raise "Identifier is invalid" if !(@account=~ /^[a-zA-Z][\w\.-]*[a-zA-Z0-9]@[a-zA-Z0-9][\w\.-]*[a-zA-Z0-9]\.[a-zA-Z][a-zA-Z\.]*[a-zA-Z]$/) def fetch raise 'you need to set a callback before calling fetch' if @callbacks.empty? diff --git a/spec/models/comment_spec.rb b/spec/models/comment_spec.rb index 70b99582a..b7eafb8d3 100644 --- a/spec/models/comment_spec.rb +++ b/spec/models/comment_spec.rb @@ -73,7 +73,6 @@ describe Comment do it 'should send a comment a person made on your post to all people' do comment = Comment.new(:person_id => @person.id, :diaspora_handle => @person.diaspora_handle, :text => "cats", :post => @user_status) User::QUEUE.should_receive(:add_post_request).twice - Person.should_receive(:by_webfinger).and_return(@person) user.receive comment.to_diaspora_xml, @person end