diff --git a/spec/lib/exporter_spec.rb b/spec/lib/diaspora/exporter_spec.rb similarity index 100% rename from spec/lib/exporter_spec.rb rename to spec/lib/diaspora/exporter_spec.rb diff --git a/spec/lib/importer_spec.rb b/spec/lib/diaspora/importer_spec.rb similarity index 100% rename from spec/lib/importer_spec.rb rename to spec/lib/diaspora/importer_spec.rb diff --git a/spec/lib/ostatus_builder_spec.rb b/spec/lib/diaspora/ostatus_builder.rb similarity index 100% rename from spec/lib/ostatus_builder_spec.rb rename to spec/lib/diaspora/ostatus_builder.rb diff --git a/spec/lib/diaspora_parser_spec.rb b/spec/lib/diaspora/parser_spec.rb similarity index 100% rename from spec/lib/diaspora_parser_spec.rb rename to spec/lib/diaspora/parser_spec.rb diff --git a/spec/lib/encryptor_spec.rb b/spec/lib/encryptor_spec.rb new file mode 100644 index 000000000..e993dac45 --- /dev/null +++ b/spec/lib/encryptor_spec.rb @@ -0,0 +1,54 @@ +# Copyright (c) 2010, Diaspora Inc. This file is +# licensed under the Affero General Public License version 3 or later. See +# the COPYRIGHT file. + +require 'spec_helper' + +describe 'user encryption' do + before do + @user = Factory.create(:user) + @aspect = @user.aspect(:name => 'dudes') + end + + describe 'key exchange on friending' do + + it 'should receive and marshal a public key from a request' do + remote_user = Factory.build(:user) + remote_user.encryption_key.nil?.should== false + + deliverable = Object.new + deliverable.stub!(:deliver) + Notifier.stub!(:new_request).and_return(deliverable) + Person.should_receive(:by_webfinger).and_return(remote_user.person) + #should move this to friend request, but i found it here + id = remote_user.person.id + original_key = remote_user.exported_key + + request = remote_user.send_friend_request_to( + @user.person, remote_user.aspect(:name => "temp")) + + xml = remote_user.salmon(request).xml_for(@user) + + remote_user.person.delete + remote_user.delete + + person_count = Person.all.count + @user.receive_salmon xml + + Person.all.count.should == person_count + 1 + new_person = Person.first(:id => id) + new_person.exported_key.should == original_key + end + end + + describe 'encryption' do + before do + @string = File.open(File.dirname(__FILE__) + '/../fixtures/fb_status').read + end + it 'should encrypt a string' do + ciphertext = @user.encrypt @string + ciphertext.include?(@string).should be false + @user.decrypt(ciphertext).should == @string + end + end +end diff --git a/spec/models/comment_spec.rb b/spec/models/comment_spec.rb index 1cd8e9b9d..66056789d 100644 --- a/spec/models/comment_spec.rb +++ b/spec/models/comment_spec.rb @@ -97,6 +97,10 @@ describe Comment do user.receive comment.to_diaspora_xml, user2.person end + context 'posts from a remote person' do + before(:all) do + stub_comment_signature_verification + end it 'should not send a comment a person made on his own post to anyone' do User::QUEUE.should_not_receive(:add_post_request) comment = Comment.new(:person_id => @person.id, :text => "balls", :post => @person_status) @@ -108,6 +112,10 @@ describe Comment do comment = Comment.new(:person_id => @person2.id, :text => "balls", :post => @person_status) user.receive comment.to_diaspora_xml, @person end + after(:all) do + unstub_mocha_stubs + end + end it 'should not clear the aspect post array on receiving a comment' do aspect.post_ids.include?(@user_status.id).should be true @@ -130,4 +138,50 @@ describe Comment do comment.to_diaspora_xml.include?(commenter.person.id.to_s).should be true end end + + describe 'comments' do + before do + friend_users(user, aspect, user2, aspect2) + @remote_message = user2.post :status_message, :message => "hello", :to => aspect2.id + + + @message = user.post :status_message, :message => "hi", :to => aspect.id + end + it 'should attach the creator signature if the user is commenting' do + user.comment "Yeah, it was great", :on => @remote_message + @remote_message.comments.first.signature_valid?.should be true + end + + it 'should sign the comment if the user is the post creator' do + message = user.post :status_message, :message => "hi", :to => aspect.id + user.comment "Yeah, it was great", :on => message + message.comments.first.signature_valid?.should be true + message.comments.first.verify_post_creator_signature.should be true + end + + it 'should verify a comment made on a remote post by a different friend' do + comment = Comment.new(:person => user2.person, :text => "cats", :post => @remote_message) + comment.creator_signature = comment.send(:sign_with_key,user2.encryption_key) + comment.signature_valid?.should be true + comment.verify_post_creator_signature.should be false + comment.post_creator_signature = comment.send(:sign_with_key,user.encryption_key) + comment.verify_post_creator_signature.should be true + end + + it 'should reject comments on a remote post with only a creator sig' do + comment = Comment.new(:person => user2.person, :text => "cats", :post => @remote_message) + comment.creator_signature = comment.send(:sign_with_key,user2.encryption_key) + comment.signature_valid?.should be true + comment.verify_post_creator_signature.should be false + end + + it 'should receive remote comments on a user post with a creator sig' do + comment = Comment.new(:person => user2.person, :text => "cats", :post => @message) + comment.creator_signature = comment.send(:sign_with_key,user2.encryption_key) + comment.signature_valid?.should be true + comment.verify_post_creator_signature.should be false + end + + end + end diff --git a/spec/models/request_spec.rb b/spec/models/request_spec.rb index c75b52317..6483c45fa 100644 --- a/spec/models/request_spec.rb +++ b/spec/models/request_spec.rb @@ -28,6 +28,7 @@ describe Request do xml.should include user.person.url xml.should include user.profile.first_name xml.should include user.profile.last_name + xml.should include user.exported_key end it 'should allow me to see only friend requests sent to me' do diff --git a/spec/models/user/receive_spec.rb b/spec/models/user/receive_spec.rb index 07b481b17..ab83b8c5d 100644 --- a/spec/models/user/receive_spec.rb +++ b/spec/models/user/receive_spec.rb @@ -115,6 +115,7 @@ describe User do comment_id = comment.id comment.delete + comment.post_creator_signature = comment.sign_with_key(user.encryption_key) user3.receive comment.to_diaspora_xml, user.person user3.reload diff --git a/spec/models/user_spec.rb b/spec/models/user_spec.rb index 4b2a4d02d..ed3008b84 100644 --- a/spec/models/user_spec.rb +++ b/spec/models/user_spec.rb @@ -10,6 +10,10 @@ describe User do let(:user2) { Factory(:user) } let(:aspect2) { user2.aspect(:name => 'stuff') } + it 'should have a key' do + user.encryption_key.should_not be nil + end + describe "validation" do describe "of associated person" do it "fails if person is not valid" do diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 218def68b..80c863c67 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -25,10 +25,6 @@ RSpec.configure do |config| DatabaseCleaner.strategy = :truncation DatabaseCleaner.orm = "mongo_mapper" - config.before(:suite) do - stub_signature_verification - end - config.before(:each) do stub_sockets DatabaseCleaner.clean @@ -49,10 +45,8 @@ ImageUploader.enable_processing = false Diaspora::WebSocket.unstub!(:unsubscribe) end - def stub_signature_verification - (get_models.map{|model| model.camelize.constantize} - [User]).each do |model| - model.any_instance.stubs(:verify_signature).returns(true) - end + def stub_comment_signature_verification + Comment.any_instance.stubs(:verify_signature).returns(true) end def unstub_mocha_stubs @@ -82,11 +76,12 @@ ImageUploader.enable_processing = false aspect2.reload end - def stub_success(address = 'abc@example.com') + def stub_success(address = 'abc@example.com', opts = {}) host = address.split('@')[1] stub_request(:get, "https://#{host}/.well-known/host-meta").to_return(:status => 200, :body => host_xrd) stub_request(:get, "http://#{host}/.well-known/host-meta").to_return(:status => 200, :body => host_xrd) - if host.include?("joindiaspora.com") + if opts[:diaspora] || host.include?("diaspora") + puts address stub_request(:get, /webfinger\/\?q=#{address}/).to_return(:status => 200, :body => finger_xrd) stub_request(:get, "http://#{host}/hcard/users/4c8eccce34b7da59ff000002").to_return(:status => 200, :body => hcard_response) else diff --git a/spec/user_encryption_spec.rb b/spec/user_encryption_spec.rb deleted file mode 100644 index 645563b9a..000000000 --- a/spec/user_encryption_spec.rb +++ /dev/null @@ -1,113 +0,0 @@ -# Copyright (c) 2010, Diaspora Inc. This file is -# licensed under the Affero General Public License version 3 or later. See -# the COPYRIGHT file. - -require 'spec_helper' - -describe 'user encryption' do - before do - unstub_mocha_stubs - @user = Factory.create(:user) - @aspect = @user.aspect(:name => 'dudes') - - @user2 = Factory.create(:user) - @aspect2 = @user2.aspect(:name => 'dudes') - end - - after do - stub_signature_verification - #gpgdir = File.expand_path("../../db/gpg-#{Rails.env}", __FILE__) - #ctx = GPGME::Ctx.new - #keys = ctx.keys - #keys.each{|k| ctx.delete_key(k, true)} - end - it 'should have a key' do - @user.encryption_key.should_not be nil - end - describe 'key exchange on friending' do - it 'should send over a public key' do - message_queue.stub!(:add_post_request) - request = @user.send_friend_request_to(Factory.create(:person), @aspect) - request.to_diaspora_xml.include?( @user.exported_key).should be true - end - - it 'should receive and marshal a public key from a request' do - remote_user = Factory.build(:user) - remote_user.encryption_key.nil?.should== false - #should move this to friend request, but i found it here - id = remote_user.person.id - original_key = remote_user.exported_key - - request = remote_user.send_friend_request_to( - @user.person, remote_user.aspect(:name => "temp")) - - xml = request.to_diaspora_xml - - remote_user.person.delete - remote_user.delete - - person_count = Person.all.count - @user.receive xml, remote_user.person - - Person.all.count.should == person_count + 1 - new_person = Person.first(:id => id) - new_person.exported_key.should == original_key - end - end - - describe 'encryption' do - before do - @message = @user.post :status_message, :message => "hi", :to => @aspect.id - end - it 'should encrypt large messages' do - ciphertext = @user.encrypt @message.to_diaspora_xml - ciphertext.include?(@message.to_diaspora_xml).should be false - @user.decrypt(ciphertext).include?(@message.to_diaspora_xml).should be true - end - end - - describe 'comments' do - before do - friend_users(@user, @aspect, @user2, @aspect2) - @remote_message = @user2.post :status_message, :message => "hello", :to => @aspect2.id - - - @message = @user.post :status_message, :message => "hi", :to => @aspect.id - end - it 'should attach the creator signature if the user is commenting' do - @user.comment "Yeah, it was great", :on => @remote_message - @remote_message.comments.first.signature_valid?.should be true - end - - it 'should sign the comment if the user is the post creator' do - message = @user.post :status_message, :message => "hi", :to => @aspect.id - @user.comment "Yeah, it was great", :on => message - message.comments.first.signature_valid?.should be true - message.comments.first.verify_post_creator_signature.should be true - end - - it 'should verify a comment made on a remote post by a different friend' do - comment = Comment.new(:person => @user2.person, :text => "cats", :post => @remote_message) - comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key) - comment.signature_valid?.should be true - comment.verify_post_creator_signature.should be false - comment.post_creator_signature = comment.send(:sign_with_key,@user.encryption_key) - comment.verify_post_creator_signature.should be true - end - - it 'should reject comments on a remote post with only a creator sig' do - comment = Comment.new(:person => @user2.person, :text => "cats", :post => @remote_message) - comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key) - comment.signature_valid?.should be true - comment.verify_post_creator_signature.should be false - end - - it 'should receive remote comments on a user post with a creator sig' do - comment = Comment.new(:person => @user2.person, :text => "cats", :post => @message) - comment.creator_signature = comment.send(:sign_with_key,@user2.encryption_key) - comment.signature_valid?.should be true - comment.verify_post_creator_signature.should be false - end - - end -end