nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6586 from cmrd-senya/drop-signatures

Browse source 
Remove parent author signature for relayables from the DB
This commit is contained in:
Dennis Schubert 2016-03-03 17:36:12 +01:00
commit 7c88fb7936
6 changed files with 23 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Changelog.md
View file

@ -1,5 +1,9 @@
# 0.6.0.0
## Warning: This release contains long migrations
This diaspora\* releases comes with a few database cleanup migrations and they could possible take a while. While you should always do that, it is especially important this time to make sure you run the migrations inside a detachable environment like `screen` or `tmux`. A interrupted SSH session could possibly harm your database. Also, please make a backup.
## The DB environment variable is gone
With Bundler 1.10 supporting optional groups, we removed the DB environment variable. When updating to this release, please update
@ -84,6 +88,7 @@ Contributions are very welcome, the hard work is done!
* Enable autosizing for all textareas [#6674](https://github.com/diaspora/diaspora/pull/6674)
* Stream faces are gone [#6686](https://github.com/diaspora/diaspora/pull/6686)
* Refactor mobile javascript and add tests [#6394](https://github.com/diaspora/diaspora/pull/6394)
* Dropped `parent_author_signature` from relayables [#6586](https://github.com/diaspora/diaspora/pull/6586)
## Bug fixes
* Destroy Participation when removing interactions with a post [#5852](https://github.com/diaspora/diaspora/pull/5852)

5
app/models/message.rb
View file

@ -21,11 +21,6 @@ class Message < ActiveRecord::Base
# inside, which would cause an infinite recursion
#sign comment as commenter
self.author_signature = self.sign_with_key(self.author.owner.encryption_key) if self.author.owner
if self.author.owns?(self.parent)
#sign comment as post owner
self.parent_author_signature = self.sign_with_key(self.parent.author.owner.encryption_key) if self.parent.author.owner
end
self.save!
self
end

9
db/migrate/20151210213023_remove_signatures_from_relayables.rb Normal file
View file

@ -0,0 +1,9 @@
class RemoveSignaturesFromRelayables < ActiveRecord::Migration
def change
remove_column :comments, :parent_author_signature, :text
remove_column :poll_participations, :parent_author_signature, :text
remove_column :messages, :parent_author_signature, :text
remove_column :participations, :parent_author_signature, :text
remove_column :likes, :parent_author_signature, :text
end
end

7
db/schema.rb
View file

@ -11,7 +11,7 @@
#
# It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20151003142048) do
ActiveRecord::Schema.define(version: 20151210213023) do
create_table "account_deletions", force: :cascade do |t|
t.string "diaspora_handle", limit: 255
@ -108,7 +108,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.integer "author_id", limit: 4, null: false
t.string "guid", limit: 255, null: false
t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.integer "likes_count", limit: 4, default: 0, null: false
@ -194,7 +193,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.integer "author_id", limit: 4
t.string "guid", limit: 255
t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.string "target_type", limit: 60, null: false
@ -231,7 +229,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
end
add_index "messages", ["author_id"], name: "index_messages_on_author_id", using: :btree
@ -320,7 +317,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.string "target_type", limit: 60, null: false
t.integer "author_id", limit: 4
t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at", null: false
t.datetime "updated_at", null: false
t.integer "count", limit: 4, default: 1, null: false
@ -401,7 +397,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.integer "poll_id", limit: 4, null: false
t.string "guid", limit: 255
t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at"
t.datetime "updated_at"
end

12
lib/diaspora/relayable.rb
View file

@ -8,6 +8,8 @@ module Diaspora
def self.included(model)
model.class_eval do
attr_writer :parent_author_signature
#these fields must be in the schema for a relayable model
xml_attr :parent_guid
xml_attr :parent_author_signature
@ -77,7 +79,7 @@ module Diaspora
# Check to make sure the signature of the comment or like comes from the person claiming to author it
unless comment_or_like.parent_author == user.person || comment_or_like.verify_parent_author_signature
logger.warn "event=receive status=abort reason='object signature not valid' recipient=#{user.diaspora_handle} "\
logger.warn "event=receive status=abort reason='sender is not valid' recipient=#{user.diaspora_handle} "\
"sender=#{parent.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}"
return
end
@ -108,11 +110,13 @@ module Diaspora
def initialize_signatures
#sign relayable as model creator
self.author_signature = self.sign_with_key(author.owner.encryption_key)
end
if !self.parent.blank? && self.author.owns?(self.parent)
#sign relayable as parent object owner
self.parent_author_signature = sign_with_key(author.owner.encryption_key)
def parent_author_signature
unless parent.blank? || parent.author.owner.nil?
@parent_author_signature = sign_with_key(parent.author.owner.encryption_key)
end
@parent_author_signature
end
# @return [Boolean]

11
spec/shared_behaviors/relayable.rb
View file

@ -61,11 +61,6 @@ shared_examples_for "it is relayable" do
expect(@object_by_parent_author.verify_parent_author_signature).to be true
end
it 'does not sign as the parent author is not parent' do
@object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key)
expect(@object_by_recipient.verify_parent_author_signature).to be false
end
it 'should verify a object made on a remote post by a different contact' do
@object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key)
@object_by_recipient.parent_author_signature = @object_by_recipient.send(:sign_with_key, @local_luke.encryption_key)
@ -90,12 +85,6 @@ shared_examples_for "it is relayable" do
}.to_not change { @dup_object_by_parent_author.class.count }
end
it 'does not process if post_creator_signature is invalid' do
@object_by_parent_author.delete # remove object from db so we set a creator sig
@dup_object_by_parent_author.parent_author_signature = "dsfadsfdsa"
expect(@dup_object_by_parent_author.receive(@local_leia, @local_luke.person)).to eq(nil)
end
it 'signs when the person receiving is the parent author' do
@object_by_recipient.save
@object_by_recipient.receive(@local_luke, @local_leia.person)