nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

RS, IZ; Not using person in friend request verification

Browse source
This commit is contained in:
Raphael 2010-08-05 11:09:36 -07:00
parent 15f1527a72
commit ebe14b5afd
2 changed files with 13 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/models/request.rb
View file

@ -41,11 +41,16 @@ class Request
#ENCRYPTION #ENCRYPTION
before_validation :sign_if_mine before_validation :sign_if_mine
validates_true_for :creator_signature, :logic => lambda {self.verify_creator_signature} validates_true_for :creator_signature, :logic => lambda {verify_exported_signature}
xml_accessor :creator_signature xml_accessor :creator_signature
key :creator_signature, String key :creator_signature, String
def verify_exported_signature
self.verify_signature_from_key(creator_signature,
OpenSSL::PKey::RSA.new(exported_key))
end
def signable_accessors def signable_accessors
accessors = self.class.roxml_attrs.collect{|definition| accessors = self.class.roxml_attrs.collect{|definition|
definition.accessor} definition.accessor}

8
lib/encryptable.rb
View file

@ -18,11 +18,15 @@
return false return false
end end
Rails.logger.info("Verifying sig on #{signable_string} from person #{person.real_name}") Rails.logger.info("Verifying sig on #{signable_string} from person #{person.real_name}")
validity = person.key.verify "SHA", Base64.decode64(signature), signable_string verify_signature_from_key(signature, person.key)
end
def verify_signature_from_key signature, key
validity = key.verify "SHA", Base64.decode64(signature), signable_string
Rails.logger.info("Validity: #{validity}") Rails.logger.info("Validity: #{validity}")
validity validity
end end
protected protected
def sign_if_mine def sign_if_mine
if self.person == User.owner if self.person == User.owner