nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge branch 'malicious_friend_refactor' of github.com:diaspora/diaspora

Browse source
This commit is contained in:
ilya 2010-10-12 15:55:02 -07:00
commit b53462ee93
3 changed files with 29 additions and 7 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/diaspora/user/receiving.rb
View file

@ -14,14 +14,13 @@ module Diaspora
Rails.logger.debug("Receiving object for #{self.real_name}:\n#{object.inspect}") Rails.logger.debug("Receiving object for #{self.real_name}:\n#{object.inspect}")
Rails.logger.debug("From: #{object.person.inspect}") if object.person Rails.logger.debug("From: #{object.person.inspect}") if object.person
sender_in_xml = sender(object, xml) sender_in_xml = sender(object, xml)
if (salmon_author == sender_in_xml) if (salmon_author == sender_in_xml)
if object.is_a? Retraction if object.is_a? Retraction
receive_retraction object, xml receive_retraction object, xml
elsif object.is_a? Request elsif object.is_a? Request
receive_request object, xml receive_request object, sender_in_xml
elsif object.is_a? Profile elsif object.is_a? Profile
receive_profile object, xml receive_profile object, xml
elsif object.is_a?(Comment) elsif object.is_a?(Comment)
@ -30,7 +29,7 @@ module Diaspora
receive_post object, xml receive_post object, xml
end end
else else
raise "Possibly Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} " raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} "
end end
end end
@ -38,7 +37,7 @@ module Diaspora
if object.is_a? Retraction if object.is_a? Retraction
sender = object.person sender = object.person
elsif object.is_a? Request elsif object.is_a? Request
sender = Diaspora::Parser.parse_or_find_person_from_xml( xml ) sender = object.person
elsif object.is_a? Profile elsif object.is_a? Profile
sender = Diaspora::Parser.owner_id_from_xml xml sender = Diaspora::Parser.owner_id_from_xml xml
elsif object.is_a?(Comment) elsif object.is_a?(Comment)
@ -62,8 +61,7 @@ module Diaspora
end end
end end
def receive_request request, xml def receive_request request, person
person = Diaspora::Parser.parse_or_find_person_from_xml( xml )
person.serialized_public_key ||= request.exported_key person.serialized_public_key ||= request.exported_key
request.person = person request.person = person
request.person.save request.person.save

2
lib/salmon/salmon.rb
View file

@ -113,7 +113,7 @@ HEADER
if @author if @author
@author @author
else else
Person.by_webfinger @author_email @author ||= Person.by_webfinger @author_email
end end
end end

24
spec/models/comments_spec.rb
View file

@ -53,6 +53,30 @@ describe Comment do
@user.reload @user.reload
end end
it 'should receive a comment from a person not on the pod' do
user3 = Factory.create :user
aspect3 = user3.aspect(:name => "blah")
friend_users(@user, @aspect, user3, aspect3)
comment = Comment.new(:person_id => user3.person.id, :text => "hey", :post => @user_status)
comment.creator_signature = comment.sign_with_key(user3.encryption_key)
comment.post_creator_signature = comment.sign_with_key(@user.encryption_key)
xml = @user.salmon(comment).xml_for(@user2)
user3.person.delete
user3.delete
@user_status.reload
@user_status.comments.should == []
@user2.receive_salmon(xml)
@user_status.reload
@user_status.comments.include?(comment).should be true
end
it 'should have the post in the aspects post list' do it 'should have the post in the aspects post list' do
aspect = Aspect.first(:id => @aspect.id) aspect = Aspect.first(:id => @aspect.id)
aspect.people.size.should == 2 aspect.people.size.should == 2