DG IZ; post senders are now verified by diaspora handles

nithyananthan · Oct 29, 2010 · 5a9bfa7 · 5a9bfa7
1 parent 15bd24a
commit 5a9bfa7
Show file tree

Hide file tree

Showing 6 changed files with 35 additions and 37 deletions.
diff --git a/app/models/person.rb b/app/models/person.rb
@@ -106,7 +106,7 @@ def exported_key= new_key
 
   #database calls
   def self.by_account_identifier(identifier)
-    identifier = identifier.strip.downcase.gsub('acct:', '') if identifier
+    identifier = identifier.strip.downcase.gsub('acct:', '')
     self.first(:diaspora_handle => identifier)
   end
 

diff --git a/app/models/post.rb b/app/models/post.rb
@@ -11,14 +11,14 @@ class Post
   include Diaspora::Webhooks
   include Diaspora::Socketable
 
-  xml_accessor :_id
-  xml_accessor :person, :as => Person
-  xml_reader   :public
+  xml_reader :_id
+  xml_reader :diaspora_handle
+  xml_reader :public
   xml_reader :created_at
 
-  key :public   , Boolean, :default => false
+  key :public, Boolean, :default => false
 
-  key :person_id, ObjectId
+  key :diaspora_handle, String
   key :user_refs, Integer, :default => 0
 
   many :comments, :class_name => 'Comment', :foreign_key => :post_id, :order => 'created_at ASC'

diff --git a/app/models/user.rb b/app/models/user.rb
@@ -216,6 +216,8 @@ def validate_aspect_permissions(aspect_ids)
 
   def build_post(class_name, options = {})
     options[:person] = self.person
+    options[:diaspora_handle] = self.person.diaspora_handle
+
     model_class = class_name.to_s.camelize.constantize
     post = model_class.instantiate(options)
     post.save

diff --git a/lib/diaspora/user/receiving.rb b/lib/diaspora/user/receiving.rb
@@ -21,7 +21,7 @@ def receive xml, salmon_author
         Rails.logger.debug("From: #{object.person.inspect}") if object.person
 
 
-        if object.is_a?(Comment) 
+        if object.is_a?(Comment) || object.is_a?(Post)
           e = EMWebfinger.new(object.diaspora_handle)
 
           e.on_person { |person|
@@ -32,7 +32,14 @@ def receive xml, salmon_author
                 raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} "
               end
 
-              receive_comment object, xml
+              raise "Not friends with that person" unless self.contact_for(salmon_author)
+
+              if object.is_a?(Comment) 
+                receive_comment object, xml
+              else
+                receive_post object, xml
+              end
+
             end
           }
 
@@ -65,11 +72,14 @@ def sender(object, xml, webfingered_person = nil)
           sender = object.person
         elsif object.is_a? Profile
           sender = Diaspora::Parser.owner_id_from_xml xml
-        elsif object.is_a?(Comment)
-          object.person = webfingered_person 
-          sender = (owns?(object.post))? object.person : object.post.person
+
         else
-          sender = object.person
+          object.person = webfingered_person
+          if object.is_a?(Comment)
+            sender = (owns?(object.post))? object.person : object.post.person
+          else
+            sender = object.person
+          end
         end
         sender
       end

diff --git a/spec/models/album_spec.rb b/spec/models/album_spec.rb
@@ -65,18 +65,4 @@
     end
   end
 
-  describe '#to_xml' do
-    let(:doc) { album.to_xml }
-    it 'has a name' do
-      doc.at_xpath('./name').text.should == album.name
-    end
-
-    it 'has an id' do
-      doc.at_xpath('./_id').text.should == album.id.to_s
-    end
-
-    it 'includes the person' do
-      doc.at_xpath('./person/_id').text.should == album.person.id.to_s
-    end
-  end
 end
diff --git a/spec/models/post_spec.rb b/spec/models/post_spec.rb
@@ -7,17 +7,7 @@
 describe Post do
   before do
     @user = make_user
-  end
-
-  describe 'xml' do
-    before do
-      @message = Factory.create(:status_message, :person => @user.person)
-    end
-
-    it 'should serialize to xml with its person' do
-      @message.to_xml.to_s.include?(@user.person.diaspora_handle).should == true
-    end
-
+    @aspect = @user.aspect(:name => "winners")
   end
 
   describe 'deletion' do
@@ -29,5 +19,15 @@
       Comment.all(:text => "hey").empty?.should == true
     end
   end
+
+  describe 'serialization' do
+    it 'should serialize the handle and not the sender' do
+      post = @user.post :status_message, :message => "hello", :to => @aspect.id
+      xml = post.to_diaspora_xml
+
+      xml.include?(@user.person.id.to_s).should be false
+      xml.include?(@user.person.diaspora_handle).should be true
+    end
+  end
 end