RS, IZ; Not using person in friend request verification

2010-08-05 11:09:36 -07:00 · 2010-08-05 11:09:36 -07:00 · ebe14b5afd
commit ebe14b5afd
parent 15f1527a72
2 changed files with 13 additions and 4 deletions
--- a/app/models/request.rb
+++ b/app/models/request.rb
@ -41,11 +41,16 @@ class Request
 
 #ENCRYPTION
    before_validation :sign_if_mine
-    validates_true_for :creator_signature, :logic => lambda {self.verify_creator_signature}
+    validates_true_for :creator_signature, :logic => lambda {verify_exported_signature}
    
    xml_accessor :creator_signature
    key :creator_signature, String
-    
+   
+    def verify_exported_signature 
+      self.verify_signature_from_key(creator_signature,
+        OpenSSL::PKey::RSA.new(exported_key))
+    end
+
    def signable_accessors
      accessors = self.class.roxml_attrs.collect{|definition| 
        definition.accessor}
--- a/lib/encryptable.rb
+++ b/lib/encryptable.rb
@ -18,11 +18,15 @@
        return false
      end
      Rails.logger.info("Verifying sig on #{signable_string} from person #{person.real_name}")
-      validity = person.key.verify "SHA", Base64.decode64(signature), signable_string
+      verify_signature_from_key(signature, person.key) 
+    end
+   
+    def verify_signature_from_key signature, key
+      validity = key.verify "SHA", Base64.decode64(signature), signable_string
      Rails.logger.info("Validity: #{validity}")
      validity
    end
-    
+
    protected
    def sign_if_mine
      if self.person == User.owner