nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge pull request #6586 from cmrd-senya/drop-signatures

Browse source 
Remove parent author signature for relayables from the DB
This commit is contained in:
Dennis Schubert 2016-03-03 17:36:12 +01:00
commit 7c88fb7936
6 changed files with 23 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
Changelog.md
View file

@ -1,5 +1,9 @@
# 0.6.0.0 # 0.6.0.0
## Warning: This release contains long migrations
This diaspora\* releases comes with a few database cleanup migrations and they could possible take a while. While you should always do that, it is especially important this time to make sure you run the migrations inside a detachable environment like `screen` or `tmux`. A interrupted SSH session could possibly harm your database. Also, please make a backup.
## The DB environment variable is gone ## The DB environment variable is gone
With Bundler 1.10 supporting optional groups, we removed the DB environment variable. When updating to this release, please update With Bundler 1.10 supporting optional groups, we removed the DB environment variable. When updating to this release, please update
@ -84,6 +88,7 @@ Contributions are very welcome, the hard work is done!
* Enable autosizing for all textareas [#6674](https://github.com/diaspora/diaspora/pull/6674) * Enable autosizing for all textareas [#6674](https://github.com/diaspora/diaspora/pull/6674)
* Stream faces are gone [#6686](https://github.com/diaspora/diaspora/pull/6686) * Stream faces are gone [#6686](https://github.com/diaspora/diaspora/pull/6686)
* Refactor mobile javascript and add tests [#6394](https://github.com/diaspora/diaspora/pull/6394) * Refactor mobile javascript and add tests [#6394](https://github.com/diaspora/diaspora/pull/6394)
* Dropped `parent_author_signature` from relayables [#6586](https://github.com/diaspora/diaspora/pull/6586)
## Bug fixes ## Bug fixes
* Destroy Participation when removing interactions with a post [#5852](https://github.com/diaspora/diaspora/pull/5852) * Destroy Participation when removing interactions with a post [#5852](https://github.com/diaspora/diaspora/pull/5852)

5
app/models/message.rb
View file

@ -21,11 +21,6 @@ class Message < ActiveRecord::Base
# inside, which would cause an infinite recursion # inside, which would cause an infinite recursion
#sign comment as commenter #sign comment as commenter
self.author_signature = self.sign_with_key(self.author.owner.encryption_key) if self.author.owner self.author_signature = self.sign_with_key(self.author.owner.encryption_key) if self.author.owner
if self.author.owns?(self.parent)
#sign comment as post owner
self.parent_author_signature = self.sign_with_key(self.parent.author.owner.encryption_key) if self.parent.author.owner
end
self.save! self.save!
self self
end end

9
db/migrate/20151210213023_remove_signatures_from_relayables.rb Normal file
View file

@ -0,0 +1,9 @@
class RemoveSignaturesFromRelayables < ActiveRecord::Migration
def change
remove_column :comments, :parent_author_signature, :text
remove_column :poll_participations, :parent_author_signature, :text
remove_column :messages, :parent_author_signature, :text
remove_column :participations, :parent_author_signature, :text
remove_column :likes, :parent_author_signature, :text
end
end

7
db/schema.rb
View file

@ -11,7 +11,7 @@
# #
# It's strongly recommended that you check this file into your version control system. # It's strongly recommended that you check this file into your version control system.
ActiveRecord::Schema.define(version: 20151003142048) do ActiveRecord::Schema.define(version: 20151210213023) do
create_table "account_deletions", force: :cascade do |t| create_table "account_deletions", force: :cascade do |t|
t.string "diaspora_handle", limit: 255 t.string "diaspora_handle", limit: 255
@ -108,7 +108,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.integer "author_id", limit: 4, null: false t.integer "author_id", limit: 4, null: false
t.string "guid", limit: 255, null: false t.string "guid", limit: 255, null: false
t.text "author_signature", limit: 65535 t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.integer "likes_count", limit: 4, default: 0, null: false t.integer "likes_count", limit: 4, default: 0, null: false
@ -194,7 +193,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.integer "author_id", limit: 4 t.integer "author_id", limit: 4
t.string "guid", limit: 255 t.string "guid", limit: 255
t.text "author_signature", limit: 65535 t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.string "target_type", limit: 60, null: false t.string "target_type", limit: 60, null: false
@ -231,7 +229,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.text "author_signature", limit: 65535 t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
end end
add_index "messages", ["author_id"], name: "index_messages_on_author_id", using: :btree add_index "messages", ["author_id"], name: "index_messages_on_author_id", using: :btree
@ -320,7 +317,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.string "target_type", limit: 60, null: false t.string "target_type", limit: 60, null: false
t.integer "author_id", limit: 4 t.integer "author_id", limit: 4
t.text "author_signature", limit: 65535 t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at", null: false t.datetime "created_at", null: false
t.datetime "updated_at", null: false t.datetime "updated_at", null: false
t.integer "count", limit: 4, default: 1, null: false t.integer "count", limit: 4, default: 1, null: false
@ -401,7 +397,6 @@ ActiveRecord::Schema.define(version: 20151003142048) do
t.integer "poll_id", limit: 4, null: false t.integer "poll_id", limit: 4, null: false
t.string "guid", limit: 255 t.string "guid", limit: 255
t.text "author_signature", limit: 65535 t.text "author_signature", limit: 65535
t.text "parent_author_signature", limit: 65535
t.datetime "created_at" t.datetime "created_at"
t.datetime "updated_at" t.datetime "updated_at"
end end

14
lib/diaspora/relayable.rb
View file

@ -8,6 +8,8 @@ module Diaspora
def self.included(model) def self.included(model)
model.class_eval do model.class_eval do
attr_writer :parent_author_signature
#these fields must be in the schema for a relayable model #these fields must be in the schema for a relayable model
xml_attr :parent_guid xml_attr :parent_guid
xml_attr :parent_author_signature xml_attr :parent_author_signature
@ -77,7 +79,7 @@ module Diaspora
# Check to make sure the signature of the comment or like comes from the person claiming to author it # Check to make sure the signature of the comment or like comes from the person claiming to author it
unless comment_or_like.parent_author == user.person || comment_or_like.verify_parent_author_signature unless comment_or_like.parent_author == user.person || comment_or_like.verify_parent_author_signature
logger.warn "event=receive status=abort reason='object signature not valid' recipient=#{user.diaspora_handle} "\ logger.warn "event=receive status=abort reason='sender is not valid' recipient=#{user.diaspora_handle} "\
"sender=#{parent.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}" "sender=#{parent.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}"
return return
end end
@ -108,11 +110,13 @@ module Diaspora
def initialize_signatures def initialize_signatures
#sign relayable as model creator #sign relayable as model creator
self.author_signature = self.sign_with_key(author.owner.encryption_key) self.author_signature = self.sign_with_key(author.owner.encryption_key)
if !self.parent.blank? && self.author.owns?(self.parent)
#sign relayable as parent object owner
self.parent_author_signature = sign_with_key(author.owner.encryption_key)
end end
def parent_author_signature
unless parent.blank? || parent.author.owner.nil?
@parent_author_signature = sign_with_key(parent.author.owner.encryption_key)
end
@parent_author_signature
end end
# @return [Boolean] # @return [Boolean]

11
spec/shared_behaviors/relayable.rb
View file

@ -61,11 +61,6 @@ shared_examples_for "it is relayable" do
expect(@object_by_parent_author.verify_parent_author_signature).to be true expect(@object_by_parent_author.verify_parent_author_signature).to be true
end end
it 'does not sign as the parent author is not parent' do
@object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key)
expect(@object_by_recipient.verify_parent_author_signature).to be false
end
it 'should verify a object made on a remote post by a different contact' do it 'should verify a object made on a remote post by a different contact' do
@object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key) @object_by_recipient.author_signature = @object_by_recipient.send(:sign_with_key, @local_leia.encryption_key)
@object_by_recipient.parent_author_signature = @object_by_recipient.send(:sign_with_key, @local_luke.encryption_key) @object_by_recipient.parent_author_signature = @object_by_recipient.send(:sign_with_key, @local_luke.encryption_key)
@ -90,12 +85,6 @@ shared_examples_for "it is relayable" do
}.to_not change { @dup_object_by_parent_author.class.count } }.to_not change { @dup_object_by_parent_author.class.count }
end end
it 'does not process if post_creator_signature is invalid' do
@object_by_parent_author.delete # remove object from db so we set a creator sig
@dup_object_by_parent_author.parent_author_signature = "dsfadsfdsa"
expect(@dup_object_by_parent_author.receive(@local_leia, @local_luke.person)).to eq(nil)
end
it 'signs when the person receiving is the parent author' do it 'signs when the person receiving is the parent author' do
@object_by_recipient.save @object_by_recipient.save
@object_by_recipient.receive(@local_luke, @local_leia.person) @object_by_recipient.receive(@local_luke, @local_leia.person)