From 9ee9dbe9695a0fb74b17511b620e7f382650a9da Mon Sep 17 00:00:00 2001
From: cmrd Senya <senya@riseup.net>
Date: Sat, 19 Aug 2017 16:21:16 +0300
Subject: [PATCH] Fix local migration run without old private key

It was possible to run migration locally without providing old private
key. This way migration was performed but not dispatched, which obviously
leads to desynchronization of the federation state so let's validate sender
before performing any actual actions.

closes #7558
---
 Changelog.md                          |  1 +
 app/models/account_migration.rb       |  5 +++++
 spec/models/account_migration_spec.rb | 10 +++++++++-
 3 files changed, 15 insertions(+), 1 deletion(-)

diff --git a/Changelog.md b/Changelog.md
index 3e034ed6d..157bee633 100644
--- a/Changelog.md
+++ b/Changelog.md
@@ -21,6 +21,7 @@
 * Fix recipient prefill on contacts and profile page [#7599](https://github.com/diaspora/diaspora/pull/7599)
 * Display likes and reshares without login [#7583](https://github.com/diaspora/diaspora/pull/7583)
 * Fix invalid data in the database for user data export [#7614](https://github.com/diaspora/diaspora/pull/7614)
+* Fix local migration run without old private key [#7558](https://github.com/diaspora/diaspora/pull/7558)
 
 ## Features
 * Ask for confirmation when leaving a submittable comment field [#7530](https://github.com/diaspora/diaspora/pull/7530)
diff --git a/app/models/account_migration.rb b/app/models/account_migration.rb
index 266ab521e..ced82ace7 100644
--- a/app/models/account_migration.rb
+++ b/app/models/account_migration.rb
@@ -28,6 +28,7 @@ class AccountMigration < ApplicationRecord
   # executes a migration plan according to this AccountMigration object
   def perform!
     raise "already performed" if performed?
+    validate_sender if locally_initiated?
 
     ActiveRecord::Base.transaction do
       account_deleter.tombstone_person_and_profile
@@ -115,6 +116,10 @@ class AccountMigration < ApplicationRecord
     EphemeralUser.new(old_person.diaspora_handle, old_private_key)
   end
 
+  def validate_sender
+    sender # sender method raises exception when sender can't be instantiated
+  end
+
   def update_all_references
     update_person_references
     update_user_references if user_changed_id_locally?
diff --git a/spec/models/account_migration_spec.rb b/spec/models/account_migration_spec.rb
index 02b79dde5..2121a5a7a 100644
--- a/spec/models/account_migration_spec.rb
+++ b/spec/models/account_migration_spec.rb
@@ -127,7 +127,7 @@ describe AccountMigration, type: :model do
       include_context "with local new user"
 
       it "dispatches account migration message" do
-        expect(account_migration).to receive(:sender).and_return(old_user)
+        expect(account_migration).to receive(:sender).twice.and_return(old_user)
         dispatcher = double
         expect(dispatcher).to receive(:dispatch)
         expect(Diaspora::Federation::Dispatcher).to receive(:build)
@@ -135,6 +135,14 @@ describe AccountMigration, type: :model do
           .and_return(dispatcher)
         account_migration.perform!
       end
+
+      it "doesn't run migration if old key is not provided" do
+        expect(embedded_account_deleter).not_to receive(:tombstone_person_and_profile)
+
+        expect {
+          account_migration.perform!
+        }.to raise_error "can't build sender without old private key defined"
+      end
     end
 
     context "with local old and new users" do