Merge branch 'malicious_friend_refactor' of github.com:diaspora/diaspora

2010-10-12 15:55:02 -07:00 · 2010-10-12 15:55:02 -07:00 · b53462ee93
commit b53462ee93
parent c00a70dde1 0896052b80
3 changed files with 29 additions and 7 deletions
--- a/lib/diaspora/user/receiving.rb
+++ b/lib/diaspora/user/receiving.rb
@ -14,14 +14,13 @@ module Diaspora
        Rails.logger.debug("Receiving object for #{self.real_name}:\n#{object.inspect}")
        Rails.logger.debug("From: #{object.person.inspect}") if object.person

-
        sender_in_xml = sender(object, xml)

        if (salmon_author == sender_in_xml)
          if object.is_a? Retraction
            receive_retraction object, xml
          elsif object.is_a? Request
-            receive_request object, xml
+            receive_request object, sender_in_xml
          elsif object.is_a? Profile
            receive_profile object, xml
          elsif object.is_a?(Comment)
@ -30,7 +29,7 @@ module Diaspora
            receive_post object, xml
          end
        else
-          raise "Possibly Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} "
+          raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} "
        end
      end

@ -38,7 +37,7 @@ module Diaspora
        if object.is_a? Retraction
          sender = object.person
        elsif object.is_a? Request
-          sender = Diaspora::Parser.parse_or_find_person_from_xml( xml )
+          sender = object.person
        elsif object.is_a? Profile
          sender = Diaspora::Parser.owner_id_from_xml xml
        elsif object.is_a?(Comment)
@ -62,8 +61,7 @@ module Diaspora
        end
      end

-      def receive_request request, xml
-        person = Diaspora::Parser.parse_or_find_person_from_xml( xml )
+      def receive_request request, person
        person.serialized_public_key ||= request.exported_key
        request.person = person
        request.person.save
--- a/lib/salmon/salmon.rb
+++ b/lib/salmon/salmon.rb
@ -113,7 +113,7 @@ HEADER
      if @author
        @author
      else
-        Person.by_webfinger @author_email
+        @author ||= Person.by_webfinger @author_email
      end
    end

--- a/spec/models/comments_spec.rb
+++ b/spec/models/comments_spec.rb
@ -53,6 +53,30 @@ describe Comment do
        @user.reload
      end

+      it 'should receive a comment from a person not on the pod' do
+        user3 = Factory.create :user
+        aspect3 = user3.aspect(:name => "blah")
+
+        friend_users(@user, @aspect, user3, aspect3)
+        
+        comment = Comment.new(:person_id => user3.person.id, :text => "hey", :post => @user_status)
+        comment.creator_signature = comment.sign_with_key(user3.encryption_key)
+
+
+        comment.post_creator_signature = comment.sign_with_key(@user.encryption_key)
+        xml = @user.salmon(comment).xml_for(@user2)
+
+        user3.person.delete
+        user3.delete
+
+         
+        @user_status.reload
+        @user_status.comments.should == []
+        @user2.receive_salmon(xml)
+        @user_status.reload
+        @user_status.comments.include?(comment).should be true
+      end
+
      it 'should have the post in the aspects post list' do
        aspect = Aspect.first(:id => @aspect.id)
        aspect.people.size.should == 2