From 5a9bfa7405bda153c6db9817d63991e6e2263ae5 Mon Sep 17 00:00:00 2001
From: danielvincent <danielgrippi@gmail.com>
Date: Fri, 29 Oct 2010 16:43:27 -0700
Subject: [PATCH] DG IZ; post senders are now verified by diaspora handles

---
 app/models/person.rb           |  2 +-
 app/models/post.rb             | 10 +++++-----
 app/models/user.rb             |  2 ++
 lib/diaspora/user/receiving.rb | 22 ++++++++++++++++------
 spec/models/album_spec.rb      | 14 --------------
 spec/models/post_spec.rb       | 22 +++++++++++-----------
 6 files changed, 35 insertions(+), 37 deletions(-)

diff --git a/app/models/person.rb b/app/models/person.rb
index c3f8a5a995..aefbc6d5f3 100644
--- a/app/models/person.rb
+++ b/app/models/person.rb
@@ -106,7 +106,7 @@ class Person
 
   #database calls
   def self.by_account_identifier(identifier)
-    identifier = identifier.strip.downcase.gsub('acct:', '') if identifier
+    identifier = identifier.strip.downcase.gsub('acct:', '')
     self.first(:diaspora_handle => identifier)
   end
 
diff --git a/app/models/post.rb b/app/models/post.rb
index 5f9e0ca5c8..5b49dacd58 100644
--- a/app/models/post.rb
+++ b/app/models/post.rb
@@ -11,14 +11,14 @@ class Post
   include Diaspora::Webhooks
   include Diaspora::Socketable
 
-  xml_accessor :_id
-  xml_accessor :person, :as => Person
-  xml_reader   :public
+  xml_reader :_id
+  xml_reader :diaspora_handle
+  xml_reader :public
   xml_reader :created_at
 
-  key :public   , Boolean, :default => false
+  key :public, Boolean, :default => false
 
-  key :person_id, ObjectId
+  key :diaspora_handle, String
   key :user_refs, Integer, :default => 0
 
   many :comments, :class_name => 'Comment', :foreign_key => :post_id, :order => 'created_at ASC'
diff --git a/app/models/user.rb b/app/models/user.rb
index 27dab1e54a..23d67f3fe7 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -216,6 +216,8 @@ class User
 
   def build_post(class_name, options = {})
     options[:person] = self.person
+    options[:diaspora_handle] = self.person.diaspora_handle
+
     model_class = class_name.to_s.camelize.constantize
     post = model_class.instantiate(options)
     post.save
diff --git a/lib/diaspora/user/receiving.rb b/lib/diaspora/user/receiving.rb
index 62eb9f05fd..a651b47932 100644
--- a/lib/diaspora/user/receiving.rb
+++ b/lib/diaspora/user/receiving.rb
@@ -21,7 +21,7 @@ module Diaspora
         Rails.logger.debug("From: #{object.person.inspect}") if object.person
 
 
-        if object.is_a?(Comment) 
+        if object.is_a?(Comment) || object.is_a?(Post)
           e = EMWebfinger.new(object.diaspora_handle)
 
           e.on_person { |person|
@@ -32,7 +32,14 @@ module Diaspora
                 raise "Malicious Post, #{salmon_author.real_name} with id #{salmon_author.id} is sending a #{object.class} as #{sender_in_xml.real_name} with id #{sender_in_xml.id} "
               end
 
-              receive_comment object, xml
+              raise "Not friends with that person" unless self.contact_for(salmon_author)
+
+              if object.is_a?(Comment) 
+                receive_comment object, xml
+              else
+                receive_post object, xml
+              end
+
             end
           }
 
@@ -65,11 +72,14 @@ module Diaspora
           sender = object.person
         elsif object.is_a? Profile
           sender = Diaspora::Parser.owner_id_from_xml xml
-        elsif object.is_a?(Comment)
-          object.person = webfingered_person 
-          sender = (owns?(object.post))? object.person : object.post.person
+
         else
-          sender = object.person
+          object.person = webfingered_person
+          if object.is_a?(Comment)
+            sender = (owns?(object.post))? object.person : object.post.person
+          else
+            sender = object.person
+          end
         end
         sender
       end
diff --git a/spec/models/album_spec.rb b/spec/models/album_spec.rb
index 9bd0e86f8b..b9cde5710c 100644
--- a/spec/models/album_spec.rb
+++ b/spec/models/album_spec.rb
@@ -65,18 +65,4 @@ describe Album do
     end
   end
 
-  describe '#to_xml' do
-    let(:doc) { album.to_xml }
-    it 'has a name' do
-      doc.at_xpath('./name').text.should == album.name
-    end
-
-    it 'has an id' do
-      doc.at_xpath('./_id').text.should == album.id.to_s
-    end
-
-    it 'includes the person' do
-      doc.at_xpath('./person/_id').text.should == album.person.id.to_s
-    end
-  end
 end
diff --git a/spec/models/post_spec.rb b/spec/models/post_spec.rb
index a7e42ede4b..02e70a8366 100644
--- a/spec/models/post_spec.rb
+++ b/spec/models/post_spec.rb
@@ -7,17 +7,7 @@ require 'spec_helper'
 describe Post do
   before do
     @user = make_user
-  end
-
-  describe 'xml' do
-    before do
-      @message = Factory.create(:status_message, :person => @user.person)
-    end
-
-    it 'should serialize to xml with its person' do
-      @message.to_xml.to_s.include?(@user.person.diaspora_handle).should == true
-    end
-
+    @aspect = @user.aspect(:name => "winners")
   end
 
   describe 'deletion' do
@@ -29,5 +19,15 @@ describe Post do
       Comment.all(:text => "hey").empty?.should == true
     end
   end
+
+  describe 'serialization' do
+    it 'should serialize the handle and not the sender' do
+      post = @user.post :status_message, :message => "hello", :to => @aspect.id
+      xml = post.to_diaspora_xml
+
+      xml.include?(@user.person.id.to_s).should be false
+      xml.include?(@user.person.diaspora_handle).should be true
+    end
+  end
 end
 
-- 
GitLab