diff --git a/app/models/retraction.rb b/app/models/retraction.rb index a42624bd2..c9cf8dd77 100644 --- a/app/models/retraction.rb +++ b/app/models/retraction.rb @@ -9,10 +9,11 @@ class Retraction retraction.post_id = object.person.id retraction.type = object.person.class.to_s else - retraction.post_id= object.id + retraction.post_id = object.id retraction.type = object.class.to_s end retraction.person_id = person_id_from(object) + retraction.send(:sign_if_mine) retraction end @@ -27,7 +28,7 @@ class Retraction def perform receiving_user_id Rails.logger.debug "Performing retraction for #{post_id}" begin - return unless signature_valid? + return unless signature_valid? Rails.logger.debug("Retracting #{self.type} id: #{self.post_id}") target = self.type.constantize.first(self.post_id) target.unsocket_from_uid receiving_user_id if target.respond_to? :unsocket_from_uid @@ -62,7 +63,13 @@ class Retraction xml_reader :creator_signature def creator_signature - @creator_signature ||= sign if person_id == User.owner.id + object = self.type.constantize.first(:id => post_id) + + if object.class == Person && person_id == object.id + @creator_signature || sign_with_key(object.key) + elsif person_id == object.person.id + @creator_signature || sign_if_mine + end end def creator_signature= input diff --git a/app/models/user.rb b/app/models/user.rb index 730f3099a..9fef4edfb 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -125,7 +125,6 @@ class User if object.is_a? Retraction object.perform self.id - elsif object.is_a? Request person = Diaspora::Parser.get_or_create_person_object_from_xml( xml ) person.serialized_key ||= object.exported_key @@ -133,12 +132,11 @@ class User object.person.save object.save receive_friend_request(object) - elsif object.is_a? Profile person = Diaspora::Parser.owner_id_from_xml xml person.profile = object person.save - else + elsif object.verify_creator_signature == true Rails.logger.debug("Saving object with success: #{object.save}") object.socket_to_uid( id) if object.respond_to? :socket_to_uid end diff --git a/spec/lib/diaspora_parser_spec.rb b/spec/lib/diaspora_parser_spec.rb index da96e80d9..d3ab854ed 100644 --- a/spec/lib/diaspora_parser_spec.rb +++ b/spec/lib/diaspora_parser_spec.rb @@ -39,15 +39,6 @@ describe Diaspora::Parser do end end - it 'should discard types which are not of type post' do - xml = " - - " - - @user.receive xml - Post.count.should == 0 - end - describe "parsing compliant XML object" do before do diff --git a/spec/models/retraction_spec.rb b/spec/models/retraction_spec.rb index da11dbfae..5c8695fea 100644 --- a/spec/models/retraction_spec.rb +++ b/spec/models/retraction_spec.rb @@ -22,4 +22,6 @@ describe Retraction do @post.destroy end end + + end diff --git a/spec/user_encryption_spec.rb b/spec/user_encryption_spec.rb index 437c9124e..f03a1edab 100644 --- a/spec/user_encryption_spec.rb +++ b/spec/user_encryption_spec.rb @@ -3,12 +3,6 @@ include ApplicationHelper include Diaspora::Parser describe 'user encryption' do - before :all do - #ctx = GPGME::Ctx.new - #keys = ctx.keys - #keys.each{|k| ctx.delete_key(k, true)} - - end before do unstub_mocha_stubs @user = Factory.create(:user) @@ -68,6 +62,17 @@ describe 'user encryption' do message = @user.post :status_message, :message => "hi" message.verify_creator_signature.should be true end + + it 'should sign a retraction on create' do + + unstub_mocha_stubs + message = @user.post :status_message, :message => "hi" + + + retraction = Retraction.for(message) + retraction.verify_creator_signature.should be true + + end it 'should not be able to verify a message from a person without a key' do person = Factory.create(:person, :serialized_key => "lskdfhdlfjnh;klsf") @@ -106,10 +111,14 @@ describe 'user encryption' do xml = message.to_xml.to_s xml.include?(message.creator_signature).should be true end + it 'A message with an invalid signature should be rejected' do - message = Factory.build(:status_message, :person => @person) + @user2 = Factory.create :user + + message = @user2.post :status_message, :message => "hey" message.creator_signature = "totally valid" - message.save + message.save(:validate => false) + xml = message.to_diaspora_xml message.destroy Post.count.should be 0