From 93e900b99884f9497d5197130e8aeb85976a9789 Mon Sep 17 00:00:00 2001
From: Raphael <raphael@joindiaspora.com>
Date: Sat, 17 Jul 2010 11:29:30 -0700
Subject: [PATCH] fixed comments, did I break request url?

---
 app/models/comment.rb        |  1 +
 app/models/user.rb           |  1 -
 lib/encryptable.rb           | 14 +++++++++-----
 spec/user_encryption_spec.rb | 34 ++++++++++++++++------------------
 4 files changed, 26 insertions(+), 24 deletions(-)

diff --git a/app/models/comment.rb b/app/models/comment.rb
index 8fbd9dd0c2..7643e9eae6 100644
--- a/app/models/comment.rb
+++ b/app/models/comment.rb
@@ -52,6 +52,7 @@ class Comment
 
   def verify_post_creator_signature
     unless person == User.owner
+      puts "verifying post creator sig from #{post.person.real_name}"
       verify_signature(post_creator_signature, post.person)
     else
       true
diff --git a/app/models/user.rb b/app/models/user.rb
index ae4bed8853..4c22fcabd5 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -56,7 +56,6 @@ class User < Person
   end
 
   def receive_friend_request(friend_request)
-    puts friend_request.inspect
     Rails.logger.info("receiving friend request #{friend_request.to_json}")
     GPGME.import(friend_request.exported_key)
     if Request.where(:callback_url => friend_request.callback_url).first
diff --git a/lib/encryptable.rb b/lib/encryptable.rb
index c35ba70c34..75e23632e3 100644
--- a/lib/encryptable.rb
+++ b/lib/encryptable.rb
@@ -9,10 +9,10 @@
     def verify_signature(signature, person)
       return false unless signature && person.key_fingerprint
       validity = nil
-      GPGME::verify(creator_signature, signable_string, 
-        {:armor => true, :always_trust => true}){ |signature|
-        validity =  signature.status == GPGME::GPG_ERR_NO_ERROR &&
-            signature.fpr == person.key_fingerprint
+      GPGME::verify(signature, signable_string, 
+        {:armor => true, :always_trust => true}){ |sig|
+        validity =  sig.status == GPGME::GPG_ERR_NO_ERROR &&
+            sig.fpr == person.key_fingerprint
       }
       return validity
     end
@@ -25,8 +25,12 @@
     end
 
     def sign
+      sign_with_key(User.owner.key)
+    end
+
+    def sign_with_key(key)
       GPGME::sign(signable_string,nil,
-          {:armor=> true, :mode => GPGME::SIG_MODE_DETACH, :signers => [User.owner.key]})
+          {:armor=> true, :mode => GPGME::SIG_MODE_DETACH, :signers => [key]})
     end
   end
 
diff --git a/spec/user_encryption_spec.rb b/spec/user_encryption_spec.rb
index b0083f0ec1..e05b31d298 100644
--- a/spec/user_encryption_spec.rb
+++ b/spec/user_encryption_spec.rb
@@ -100,8 +100,7 @@ describe 'user encryption' do
     
     it 'should verify a remote signature' do 
       message = Factory.build(:status_message, :person => @person)
-      message.creator_signature = GPGME.sign(message.signable_string, nil,
-        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
+      message.creator_signature = message.send(:sign_with_key,@person.key)
       message.save(:validate => false)
       message.verify_creator_signature.should be true
     end
@@ -109,16 +108,14 @@ describe 'user encryption' do
     it 'should know if the signature is from the wrong person' do
       message = Factory.build(:status_message, :person => @person)
       message.save(:validate => false)
-      message.creator_signature = GPGME.sign(message.signable_string, nil,
-        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
+      message.creator_signature = message.send(:sign_with_key,@person.key)
       message.person = @user
       message.verify_creator_signature.should be false
     end
    
     it 'should know if the signature is for the wrong text' do
       message = Factory.build(:status_message, :person => @person)
-      message.creator_signature = GPGME.sign(message.signable_string, nil,
-        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
+      message.creator_signature = message.send(:sign_with_key,@person.key)
       message.message = 'I love VENISON'
       message.save(:validate => false)
       message.verify_creator_signature.should be false
@@ -133,8 +130,7 @@ describe 'user encryption' do
     end
     it 'A message with an invalid signature should be rejected' do
       message = Factory.build(:status_message, :person => @person)
-      message.creator_signature = GPGME.sign(message.signable_string, nil,
-        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@user.key]})
+      message.creator_signature = message.send(:sign )
       message.save
       xml = Post.build_xml_for([message])
       message.destroy
@@ -147,10 +143,9 @@ describe 'user encryption' do
   describe 'comments' do
     before do
       @remote_message = Factory.build(:status_message, :person => @person)
-      @remote_message.creator_signature = GPGME.sign(@remote_message.signable_string, nil,
-        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person.key]})
+      @remote_message.creator_signature = @remote_message.send(:sign_with_key,@person.key)
       @remote_message.save 
-
+      @message = Factory.create(:status_message, :person => @user)
     end
     it 'should attach the creator signature if the user is commenting' do
       @user.comment "Yeah, it was great", :on => @remote_message
@@ -160,29 +155,32 @@ describe 'user encryption' do
     it 'should sign the comment if the user is the post creator' do
       message = Factory.create(:status_message, :person => @user)
       @user.comment "Yeah, it was great", :on => message
-      StatusMessage.first.comments.first.verify_creator_signature.should be true
+      message.comments.first.verify_creator_signature.should be true
       StatusMessage.first.comments.first.verify_post_creator_signature.should be true
     end
     
     it 'should verify a comment made on a remote post by a different friend' do
       comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message)
-      comment.creator_signature = GPGME.sign(comment.signable_string, nil,
-        {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person2.key]})
+      comment.creator_signature = comment.send(:sign_with_key,@person2.key)
       comment.verify_creator_signature.should be true
-
+      comment.valid?.should be false
+      comment.post_creator_signature = comment.send(:sign_with_key,@person.key)
+      comment.verify_post_creator_signature.should be true
+      comment.valid?.should be true
     end
 
     it 'should reject comments on a remote post with only a creator sig' do
         comment = Comment.new(:person => @person2, :text => "balls", :post => @remote_message)
-        comment.creator_signature = GPGME.sign(comment.signable_string, nil,
-          {:mode => GPGME::SIG_MODE_DETACH, :armor => true, :signers => [@person2.key]})
+        comment.creator_signature = comment.send(:sign_with_key,@person2.key)
         comment.verify_creator_signature.should be true
         comment.verify_post_creator_signature.should be false
         comment.save.should be false
     end
 
     it 'should receive remote comments on a user post with a creator sig' do
-      
+        comment = Comment.new(:person => @person2, :text => "balls", :post => @message)
+        comment.creator_signature = comment.send(:sign_with_key,@person2.key)
+        comment.save.should be true
     end
 
   end
-- 
GitLab