diff --git a/Changelog.md b/Changelog.md index b668e51a6..6b12accf0 100644 --- a/Changelog.md +++ b/Changelog.md @@ -1,5 +1,9 @@ # 0.6.0.0 +## Warning: This release contains long migrations + +This diaspora\* releases comes with a few database cleanup migrations and they could possible take a while. While you should always do that, it is especially important this time to make sure you run the migrations inside a detachable environment like `screen` or `tmux`. A interrupted SSH session could possibly harm your database. Also, please make a backup. + ## The DB environment variable is gone With Bundler 1.10 supporting optional groups, we removed the DB environment variable. When updating to this release, please update @@ -84,6 +88,7 @@ Contributions are very welcome, the hard work is done! * Enable autosizing for all textareas [#6674](https://github.com/diaspora/diaspora/pull/6674) * Stream faces are gone [#6686](https://github.com/diaspora/diaspora/pull/6686) * Refactor mobile javascript and add tests [#6394](https://github.com/diaspora/diaspora/pull/6394) +* Dropped `parent_author_signature` from relayables [#6586](https://github.com/diaspora/diaspora/pull/6586) ## Bug fixes * Destroy Participation when removing interactions with a post [#5852](https://github.com/diaspora/diaspora/pull/5852) diff --git a/app/models/message.rb b/app/models/message.rb index 91ef04057..d07f4a8f7 100644 --- a/app/models/message.rb +++ b/app/models/message.rb @@ -21,11 +21,6 @@ class Message < ActiveRecord::Base # inside, which would cause an infinite recursion #sign comment as commenter self.author_signature = self.sign_with_key(self.author.owner.encryption_key) if self.author.owner - - if self.author.owns?(self.parent) - #sign comment as post owner - self.parent_author_signature = self.sign_with_key(self.parent.author.owner.encryption_key) if self.parent.author.owner - end self.save! self end diff --git a/db/migrate/20151210213023_remove_signatures_from_relayables.rb b/db/migrate/20151210213023_remove_signatures_from_relayables.rb new file mode 100644 index 000000000..1d2cb485c --- /dev/null +++ b/db/migrate/20151210213023_remove_signatures_from_relayables.rb @@ -0,0 +1,9 @@ +class RemoveSignaturesFromRelayables < ActiveRecord::Migration + def change + remove_column :comments, :parent_author_signature, :text + remove_column :poll_participations, :parent_author_signature, :text + remove_column :messages, :parent_author_signature, :text + remove_column :participations, :parent_author_signature, :text + remove_column :likes, :parent_author_signature, :text + end +end diff --git a/db/schema.rb b/db/schema.rb index ef4f3daf3..5214e27e4 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20151003142048) do +ActiveRecord::Schema.define(version: 20151210213023) do create_table "account_deletions", force: :cascade do |t| t.string "diaspora_handle", limit: 255 @@ -108,7 +108,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do t.integer "author_id", limit: 4, null: false t.string "guid", limit: 255, null: false t.text "author_signature", limit: 65535 - t.text "parent_author_signature", limit: 65535 t.datetime "created_at", null: false t.datetime "updated_at", null: false t.integer "likes_count", limit: 4, default: 0, null: false @@ -194,7 +193,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do t.integer "author_id", limit: 4 t.string "guid", limit: 255 t.text "author_signature", limit: 65535 - t.text "parent_author_signature", limit: 65535 t.datetime "created_at", null: false t.datetime "updated_at", null: false t.string "target_type", limit: 60, null: false @@ -231,7 +229,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do t.datetime "created_at", null: false t.datetime "updated_at", null: false t.text "author_signature", limit: 65535 - t.text "parent_author_signature", limit: 65535 end add_index "messages", ["author_id"], name: "index_messages_on_author_id", using: :btree @@ -320,7 +317,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do t.string "target_type", limit: 60, null: false t.integer "author_id", limit: 4 t.text "author_signature", limit: 65535 - t.text "parent_author_signature", limit: 65535 t.datetime "created_at", null: false t.datetime "updated_at", null: false t.integer "count", limit: 4, default: 1, null: false @@ -401,7 +397,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do t.integer "poll_id", limit: 4, null: false t.string "guid", limit: 255 t.text "author_signature", limit: 65535 - t.text "parent_author_signature", limit: 65535 t.datetime "created_at" t.datetime "updated_at" end diff --git a/lib/diaspora/relayable.rb b/lib/diaspora/relayable.rb index a99ef1a95..2c6aa7962 100644 --- a/lib/diaspora/relayable.rb +++ b/lib/diaspora/relayable.rb @@ -8,6 +8,8 @@ module Diaspora def self.included(model) model.class_eval do + attr_writer :parent_author_signature + #these fields must be in the schema for a relayable model xml_attr :parent_guid xml_attr :parent_author_signature @@ -77,7 +79,7 @@ module Diaspora # Check to make sure the signature of the comment or like comes from the person claiming to author it unless comment_or_like.parent_author == user.person || comment_or_like.verify_parent_author_signature - logger.warn "event=receive status=abort reason='object signature not valid' recipient=#{user.diaspora_handle} "\ + logger.warn "event=receive status=abort reason='sender is not valid' recipient=#{user.diaspora_handle} "\ "sender=#{parent.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}" return end @@ -108,11 +110,13 @@ module Diaspora def initialize_signatures #sign relayable as model creator self.author_signature = self.sign_with_key(author.owner.encryption_key) + end - if !self.parent.blank? && self.author.owns?(self.parent) - #sign relayable as parent object owner - self.parent_author_signature = sign_with_key(author.owner.encryption_key) + def parent_author_signature + unless parent.blank? || parent.author.owner.nil? + @parent_author_signature = sign_with_key(parent.author.owner.encryption_key) end + @parent_author_signature end # @return [Boolean] diff --git a/spec/shared_behaviors/relayable.rb b/spec/shared_behaviors/relayable.rb index 6973f6e1f..e4532114d 100644 --- a/spec/shared_behaviors/relayable.rb +++ b/spec/shared_behaviors/relayable.rb @@ -61,11 +61,6 @@ shared_examples_for "it is relayable" do expect(@object_by_parent_author.verify_parent_author_signature).to be true end - it 'does not sign as the parent author is not parent' do - @object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key) - expect(@object_by_recipient.verify_parent_author_signature).to be false - end - it 'should verify a object made on a remote post by a different contact' do @object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key) @object_by_recipient.parent_author_signature = @object_by_recipient.send(:sign_with_key, @local_luke.encryption_key) @@ -90,12 +85,6 @@ shared_examples_for "it is relayable" do }.to_not change { @dup_object_by_parent_author.class.count } end - it 'does not process if post_creator_signature is invalid' do - @object_by_parent_author.delete # remove object from db so we set a creator sig - @dup_object_by_parent_author.parent_author_signature = "dsfadsfdsa" - expect(@dup_object_by_parent_author.receive(@local_leia, @local_luke.person)).to eq(nil) - end - it 'signs when the person receiving is the parent author' do @object_by_recipient.save @object_by_recipient.receive(@local_luke, @local_leia.person)