nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

verify post creator signature in receive

Browse source
This commit is contained in:
Raphael 2010-08-26 11:29:06 -07:00
parent f186dd98c8
commit a65f512fa3
2 changed files with 2 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
app/models/comment.rb
View file

@ -64,7 +64,7 @@ class Comment
else else
Rails.logger.warn "Received comment has no person" Rails.logger.warn "Received comment has no person"
end end
verify_signature(creator_signature, person) && verify_signature(post_creator_signature, post.person) verify_signature(creator_signature, person)
end end
protected protected

1
app/models/user.rb
View file

@ -195,6 +195,7 @@ class User
person.save person.save
elsif object.is_a?(Comment) elsif object.is_a?(Comment)
raise "Signature was not valid on: #{object.inspect}" unless post.person == self || object.verify_post_creator_signature
dispatch_comment object unless owns?(object) dispatch_comment object unless owns?(object)
object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object)) object.socket_to_uid(id) if (object.respond_to?(:socket_to_uid) && !self.owns?(object))
else else