Loading lib/diaspora/relayable.rb +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ module Diaspora unless comment_or_like.signature_valid? logger.warn "event=receive status=abort reason='object signature not valid' recipient=#{user.diaspora_handle} "\ "sender=#{parent.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}" "sender=#{comment_or_like.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}" return end Loading spec/integration/federation/federation_helper.rb +14 −6 Original line number Diff line number Diff line Loading @@ -17,6 +17,13 @@ def remote_user_on_pod_c end def generate_xml(entity, remote_user, user) if @public DiasporaFederation::Salmon::Slap.generate_xml( remote_user.diaspora_handle, OpenSSL::PKey::RSA.new(remote_user.encryption_key), entity ) else DiasporaFederation::Salmon::EncryptedSlap.generate_xml( remote_user.diaspora_handle, OpenSSL::PKey::RSA.new(remote_user.encryption_key), Loading @@ -24,3 +31,4 @@ def generate_xml(entity, remote_user, user) OpenSSL::PKey::RSA.new(user.encryption_key) ) end end spec/integration/federation/federation_messages_generation.rb 0 → 100644 +164 −0 Original line number Diff line number Diff line def generate_profile @entity = FactoryGirl.build(:profile_entity, diaspora_id: remote_user_on_pod_b.person.diaspora_handle) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_conversation @entity = FactoryGirl.build( :conversation_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, participant_ids: "#{remote_user_on_pod_b.diaspora_handle};#{alice.diaspora_handle}" ) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_status_message @entity = FactoryGirl.build( :status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: @public ) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_forged_status_message substitute_wrong_key(remote_user_on_pod_b, 1) generate_status_message end def generate_reshare @entity = FactoryGirl.build( :reshare_entity, root_diaspora_id: alice.diaspora_handle, root_guid: @local_target.guid, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: true ) generate_xml(@entity, remote_user_on_pod_b, alice) end def mock_private_key_for_user(user) expect(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_private_key_by_diaspora_id, user.person.diaspora_handle) .and_return(user.encryption_key) end def retraction_mock_callbacks(entity, sender) return unless [ DiasporaFederation::Entities::SignedRetraction, DiasporaFederation::Entities::RelayableRetraction ].include?(entity.class) mock_private_key_for_user(sender) allow(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_entity_author_id_by_guid, entity.target_type, entity.target_guid ) .and_return(sender.encryption_key) end def generate_retraction(entity_name, target_object, sender=remote_user_on_pod_b) @entity = FactoryGirl.build( entity_name, diaspora_id: sender.diaspora_handle, target_guid: target_object.guid, target_type: target_object.class.to_s ) retraction_mock_callbacks(@entity, sender) generate_xml(@entity, sender, alice) end def generate_forged_retraction(entity_name, target_object, sender=remote_user_on_pod_b) times = 1 if %i(signed_retraction_entity relayable_retraction_entity).include?(entity_name) times += 2 end substitute_wrong_key(sender, times) generate_retraction(entity_name, target_object, sender) end def generate_relayable_entity(entity_name, target, diaspora_id) @entity = FactoryGirl.build( entity_name, conversation_guid: target.guid, parent_guid: target.guid, diaspora_id: diaspora_id, poll_answer_guid: target.respond_to?(:poll_answers) ? target.poll_answers.first.guid : nil ) end def mock_entity_author_private_key_unavailable(klass) expect(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_author_private_key_by_entity_guid, klass.get_target_entity_type(@entity.to_h), kind_of(String) ) .and_return(nil) end def mock_entity_author_private_key_as(klass, key) expect(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_author_private_key_by_entity_guid, klass.get_target_entity_type(@entity.to_h), @remote_target.guid ) .and_return(key) end def generate_relayable_local_parent(entity_name) klass = FactoryGirl.factory_by_name(entity_name).build_class generate_relayable_entity(entity_name, @local_target, remote_user_on_pod_b.person.diaspora_handle) mock_private_key_for_user(remote_user_on_pod_b) mock_entity_author_private_key_unavailable(klass) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_relayable_remote_parent(entity_name) klass = FactoryGirl.factory_by_name(entity_name).build_class generate_relayable_entity(entity_name, @remote_target, remote_user_on_pod_c.person.diaspora_handle) mock_private_key_for_user(remote_user_on_pod_c) mock_entity_author_private_key_as(klass, remote_user_on_pod_b.encryption_key) generate_xml(@entity, remote_user_on_pod_b, alice) end def substitute_wrong_key(user, times_number) expect(user).to receive(:encryption_key).exactly(times_number).times.and_return( OpenSSL::PKey::RSA.new(1024) ) end # Checks when a remote pod wants to send us a relayable without having a key for declared diaspora ID def generate_relayable_local_parent_wrong_author_key(entity_name) substitute_wrong_key(remote_user_on_pod_b, 2) generate_relayable_local_parent(entity_name) end # Checks when a remote pod B wants to send us a relayable with authorship from a remote pod C user # without having correct signature from him. def generate_relayable_remote_parent_wrong_author_key(entity_name) substitute_wrong_key(remote_user_on_pod_c, 1) generate_relayable_remote_parent(entity_name) end # Checks when a remote pod C wants to send us a relayable from its user, but bypassing the pod B where # remote status came from. def generate_relayable_remote_parent_wrong_parent_key(entity_name) substitute_wrong_key(remote_user_on_pod_b, 2) generate_relayable_remote_parent(entity_name) end spec/integration/federation/receive_federation_messages_spec.rb +145 −97 Original line number Diff line number Diff line require "spec_helper" require "diaspora_federation/test" require "integration/federation/federation_helper" require "integration/federation/federation_messages_generation" require "integration/federation/shared_receive_relayable" require "integration/federation/shared_receive_retraction" require "integration/federation/shared_receive_stream_items" describe Workers::ReceiveEncryptedSalmon do it "treats sharing request receive correctly" do entity = FactoryGirl.build(:request_entity, recipient_id: alice.diaspora_handle) expect(Diaspora::Fetcher::Public).to receive(:queue_for) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_c, alice)) new_contact = alice.contacts.find {|c| c.person.diaspora_handle == remote_user_on_pod_c.diaspora_handle } expect(new_contact).not_to be_nil expect(new_contact.sharing).to eq(true) def post_private_message(recipient_guid, xml) inlined_jobs do post "/receive/users/#{recipient_guid}", guid: recipient_guid, xml: xml end end it "doesn't save the status message if there is no sharing" do entity = FactoryGirl.build(:status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: false) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) def post_public_message(xml) inlined_jobs do post "/receive/public", xml: xml end end expect(StatusMessage.exists?(guid: entity.guid)).to be(false) def post_message(recipient_guid, xml) if @public post_public_message(xml) else post_private_message(recipient_guid, xml) end end describe "with messages which require sharing" do before do def set_up_sharing contact = alice.contacts.find_or_initialize_by(person_id: remote_user_on_pod_b.person.id) contact.sharing = true contact.save end it "treats status message receive correctly" do entity = FactoryGirl.build(:status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: false) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) describe "Receive federation messages feature" do before do allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:queue_public_receive, any_args).and_call_original allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:queue_private_receive, any_args).and_call_original allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:save_person_after_webfinger, any_args).and_call_original end expect(StatusMessage.exists?(guid: entity.guid)).to be(true) context "with public receive" do before do @public = true end it "doesn't accept status message with wrong signature" do expect(remote_user_on_pod_b).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) it "receives account deletion correctly" do post_public_message( generate_xml( DiasporaFederation::Entities::AccountDeletion.new(diaspora_id: remote_user_on_pod_b.diaspora_handle), remote_user_on_pod_b, nil ) ) expect(AccountDeletion.where(diaspora_handle: remote_user_on_pod_b.diaspora_handle).exists?).to be(true) end entity = FactoryGirl.build(:status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: false) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) it "rejects account deletion with wrong diaspora_id" do delete_id = FactoryGirl.generate(:diaspora_id) post_public_message( generate_xml( DiasporaFederation::Entities::AccountDeletion.new(diaspora_id: delete_id), remote_user_on_pod_b, nil ) ) expect(StatusMessage.exists?(guid: entity.guid)).to be(false) expect(AccountDeletion.where(diaspora_handle: delete_id).exists?).to be(false) expect(AccountDeletion.where(diaspora_handle: remote_user_on_pod_b.diaspora_handle).exists?).to be(false) end describe "retractions for non-relayable objects" do %w( retraction signed_retraction ).each do |retraction_entity_name| context "with #{retraction_entity_name}" do %w(status_message photo).each do |target| context "with #{target}" do it_behaves_like "it retracts non-relayable object" do let(:target_object) { FactoryGirl.create(target.to_sym, author: remote_user_on_pod_b.person) } let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } it "reshare of public post passes" do @local_target = FactoryGirl.create(:status_message, author: alice.person, public: true) post_public_message(generate_reshare) expect( Reshare.where(root_guid: @local_target.guid, diaspora_handle: remote_user_on_pod_b.diaspora_handle).first ).not_to be_nil end it "reshare of private post fails" do @local_target = FactoryGirl.create(:status_message, author: alice.person, public: false) post_public_message(generate_reshare) expect( Reshare.where(root_guid: @local_target.guid, diaspora_handle: remote_user_on_pod_b.diaspora_handle).first ).to be_nil end it_behaves_like "messages which are indifferent about sharing fact" context "with sharing" do before do set_up_sharing end it_behaves_like "messages which are indifferent about sharing fact" it_behaves_like "messages which can't be send without sharing" end end context "with private receive" do before do @public = false end describe "with messages which require a status to operate on" do let(:local_message) { FactoryGirl.create(:status_message, author: alice.person) } let(:remote_message) { FactoryGirl.create(:status_message, author: remote_user_on_pod_b.person) } it "treats sharing request recive correctly" do entity = FactoryGirl.build(:request_entity, recipient_id: alice.diaspora_handle) %w(comment like participation).each do |entity| context "with #{entity}" do it_behaves_like "it deals correctly with a relayable" do let(:entity_name) { "#{entity}_entity".to_sym } let(:klass) { entity.camelize.constantize } end end end expect(Diaspora::Fetcher::Public).to receive(:queue_for).exactly(1).times describe "retractions for relayable objects" do let(:sender) { remote_user_on_pod_b } post_private_message(alice.guid, generate_xml(entity, remote_user_on_pod_b, alice)) %w( retraction signed_retraction relayable_retraction ).each do |retraction_entity_name| context "with #{retraction_entity_name}" do context "with comment" do it_behaves_like "it retracts object" do # case for to-upstream federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:comment, author: remote_user_on_pod_b.person, post: local_message) } end expect(alice.contacts.count).to eq(2) new_contact = alice.contacts.order(created_at: :asc).last expect(new_contact).not_to be_nil expect(new_contact.sharing).to eq(true) expect(new_contact.person.diaspora_handle).to eq(remote_user_on_pod_b.diaspora_handle) it_behaves_like "it retracts object" do # case for to-downsteam federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:comment, author: remote_user_on_pod_c.person, post: remote_message) } expect( Notifications::StartedSharing.where( recipient_id: alice.id, target_type: "Person", target_id: remote_user_on_pod_b.person.id ).first ).not_to be_nil end it "doesn't save the private status message if there is no sharing" do post_private_message(alice.guid, generate_status_message) expect(StatusMessage.exists?(guid: @entity.guid)).to be(false) end context "with like" do it_behaves_like "it retracts object" do # case for to-upstream federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:like, author: remote_user_on_pod_b.person, target: local_message) } context "with sharing" do before do set_up_sharing end it_behaves_like "it retracts object" do # case for to-downsteam federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:like, author: remote_user_on_pod_c.person, target: remote_message) } it_behaves_like "messages which are indifferent about sharing fact" it_behaves_like "messages which can't be send without sharing" it "treats profile receive correctly" do post_private_message(alice.guid, generate_profile) expect(Profile.where(diaspora_handle: @entity.diaspora_id).exists?).to be(true) end it "receives conversation correctly" do post_private_message(alice.guid, generate_conversation) expect(Conversation.exists?(guid: @entity.guid)).to be(true) end context "with message" do before do @local_target = FactoryGirl.build(:conversation, author: alice.person) @local_target.participants << remote_user_on_pod_b.person @local_target.participants << remote_user_on_pod_c.person @local_target.save @remote_target = FactoryGirl.build(:conversation, author: remote_user_on_pod_b.person) @remote_target.participants << alice.person @remote_target.participants << remote_user_on_pod_c.person @remote_target.save end it_behaves_like "it deals correctly with a relayable" do let(:entity_name) { :message_entity } let(:klass) { Message } end end end Loading spec/integration/federation/shared_receive_relayable.rb +36 −85 Original line number Diff line number Diff line shared_examples_for "it deals correctly with a relayable" do context "local" do let(:entity) { FactoryGirl.build( entity_name, parent_guid: local_message.guid, diaspora_id: remote_user_on_pod_b.diaspora_handle ) } def mock_private_keys allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_private_key_by_diaspora_id, remote_user_on_pod_b.diaspora_handle) .and_return(remote_user_on_pod_b.encryption_key) allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_author_private_key_by_entity_guid, "Post", kind_of(String)) .and_return(nil) end it "treats upstream receive correctly" do mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) received_entity = klass.find_by(guid: entity.guid) expect(Postzord::Dispatcher).to receive(:build).with(alice, kind_of(klass)).and_call_original post_message(alice.guid, generate_relayable_local_parent(entity_name)) received_entity = klass.find_by(guid: @entity.guid) expect(received_entity).not_to be_nil expect(received_entity.author.diaspora_handle).to eq(remote_user_on_pod_b.person.diaspora_handle) end # Checks when a remote pod wants to send us a relayable without having a key for declared diaspora ID it "rejects an upstream entity with a malformed author signature" do allow(remote_user_on_pod_b).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) expect(klass.exists?(guid: entity.guid)).to be(false) end end context "remote parent" do let(:entity) { FactoryGirl.build( entity_name, parent_guid: remote_message.guid, diaspora_id: remote_user_on_pod_c.diaspora_handle expect(Postzord::Dispatcher).not_to receive(:build) post_message( alice.guid, generate_relayable_local_parent_wrong_author_key(entity_name) ) } def mock_private_keys allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_private_key_by_diaspora_id, remote_user_on_pod_c.diaspora_handle) .and_return(remote_user_on_pod_c.encryption_key) allow(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_author_private_key_by_entity_guid, "Post", remote_message.guid ) .and_return(remote_user_on_pod_b.encryption_key) expect(klass.exists?(guid: @entity.guid)).to be(false) end it "treats downstream receive correctly" do mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) received_entity = klass.find_by(guid: entity.guid) expect(Postzord::Dispatcher).to receive(:build).with(alice, kind_of(klass)).and_call_original unless @public post_message(alice.guid, generate_relayable_remote_parent(entity_name)) received_entity = klass.find_by(guid: @entity.guid) expect(received_entity).not_to be_nil expect(received_entity.author.diaspora_handle).to eq(remote_user_on_pod_c.diaspora_handle) expect(received_entity.author.diaspora_handle).to eq(remote_user_on_pod_c.person.diaspora_handle) end # Checks when a remote pod B wants to send us a relayable with authorship from a remote pod C user # without having correct signature from him. it "rejects a downstream entity with a malformed author signature" do allow(remote_user_on_pod_c).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) expect(klass.exists?(guid: entity.guid)).to be(false) expect(Postzord::Dispatcher).not_to receive(:build) post_message( alice.guid, generate_relayable_remote_parent_wrong_author_key(entity_name) ) expect(klass.exists?(guid: @entity.guid)).to be(false) end # Checks when a remote pod C wants to send us a relayable from its user, but bypassing the pod B where # remote status came from. it "declines downstream receive when sender signed with a wrong key" do allow(remote_user_on_pod_b).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) expect(klass.exists?(guid: entity.guid)).to be(false) end expect(Postzord::Dispatcher).not_to receive(:build) post_message( alice.guid, generate_relayable_remote_parent_wrong_parent_key(entity_name) ) expect(klass.exists?(guid: @entity.guid)).to be(false) end end Loading
lib/diaspora/relayable.rb +1 −1 Original line number Diff line number Diff line Loading @@ -71,7 +71,7 @@ module Diaspora unless comment_or_like.signature_valid? logger.warn "event=receive status=abort reason='object signature not valid' recipient=#{user.diaspora_handle} "\ "sender=#{parent.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}" "sender=#{comment_or_like.author.diaspora_handle} payload_type=#{self.class} parent_id=#{parent.id}" return end Loading
spec/integration/federation/federation_helper.rb +14 −6 Original line number Diff line number Diff line Loading @@ -17,6 +17,13 @@ def remote_user_on_pod_c end def generate_xml(entity, remote_user, user) if @public DiasporaFederation::Salmon::Slap.generate_xml( remote_user.diaspora_handle, OpenSSL::PKey::RSA.new(remote_user.encryption_key), entity ) else DiasporaFederation::Salmon::EncryptedSlap.generate_xml( remote_user.diaspora_handle, OpenSSL::PKey::RSA.new(remote_user.encryption_key), Loading @@ -24,3 +31,4 @@ def generate_xml(entity, remote_user, user) OpenSSL::PKey::RSA.new(user.encryption_key) ) end end
spec/integration/federation/federation_messages_generation.rb 0 → 100644 +164 −0 Original line number Diff line number Diff line def generate_profile @entity = FactoryGirl.build(:profile_entity, diaspora_id: remote_user_on_pod_b.person.diaspora_handle) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_conversation @entity = FactoryGirl.build( :conversation_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, participant_ids: "#{remote_user_on_pod_b.diaspora_handle};#{alice.diaspora_handle}" ) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_status_message @entity = FactoryGirl.build( :status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: @public ) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_forged_status_message substitute_wrong_key(remote_user_on_pod_b, 1) generate_status_message end def generate_reshare @entity = FactoryGirl.build( :reshare_entity, root_diaspora_id: alice.diaspora_handle, root_guid: @local_target.guid, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: true ) generate_xml(@entity, remote_user_on_pod_b, alice) end def mock_private_key_for_user(user) expect(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_private_key_by_diaspora_id, user.person.diaspora_handle) .and_return(user.encryption_key) end def retraction_mock_callbacks(entity, sender) return unless [ DiasporaFederation::Entities::SignedRetraction, DiasporaFederation::Entities::RelayableRetraction ].include?(entity.class) mock_private_key_for_user(sender) allow(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_entity_author_id_by_guid, entity.target_type, entity.target_guid ) .and_return(sender.encryption_key) end def generate_retraction(entity_name, target_object, sender=remote_user_on_pod_b) @entity = FactoryGirl.build( entity_name, diaspora_id: sender.diaspora_handle, target_guid: target_object.guid, target_type: target_object.class.to_s ) retraction_mock_callbacks(@entity, sender) generate_xml(@entity, sender, alice) end def generate_forged_retraction(entity_name, target_object, sender=remote_user_on_pod_b) times = 1 if %i(signed_retraction_entity relayable_retraction_entity).include?(entity_name) times += 2 end substitute_wrong_key(sender, times) generate_retraction(entity_name, target_object, sender) end def generate_relayable_entity(entity_name, target, diaspora_id) @entity = FactoryGirl.build( entity_name, conversation_guid: target.guid, parent_guid: target.guid, diaspora_id: diaspora_id, poll_answer_guid: target.respond_to?(:poll_answers) ? target.poll_answers.first.guid : nil ) end def mock_entity_author_private_key_unavailable(klass) expect(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_author_private_key_by_entity_guid, klass.get_target_entity_type(@entity.to_h), kind_of(String) ) .and_return(nil) end def mock_entity_author_private_key_as(klass, key) expect(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_author_private_key_by_entity_guid, klass.get_target_entity_type(@entity.to_h), @remote_target.guid ) .and_return(key) end def generate_relayable_local_parent(entity_name) klass = FactoryGirl.factory_by_name(entity_name).build_class generate_relayable_entity(entity_name, @local_target, remote_user_on_pod_b.person.diaspora_handle) mock_private_key_for_user(remote_user_on_pod_b) mock_entity_author_private_key_unavailable(klass) generate_xml(@entity, remote_user_on_pod_b, alice) end def generate_relayable_remote_parent(entity_name) klass = FactoryGirl.factory_by_name(entity_name).build_class generate_relayable_entity(entity_name, @remote_target, remote_user_on_pod_c.person.diaspora_handle) mock_private_key_for_user(remote_user_on_pod_c) mock_entity_author_private_key_as(klass, remote_user_on_pod_b.encryption_key) generate_xml(@entity, remote_user_on_pod_b, alice) end def substitute_wrong_key(user, times_number) expect(user).to receive(:encryption_key).exactly(times_number).times.and_return( OpenSSL::PKey::RSA.new(1024) ) end # Checks when a remote pod wants to send us a relayable without having a key for declared diaspora ID def generate_relayable_local_parent_wrong_author_key(entity_name) substitute_wrong_key(remote_user_on_pod_b, 2) generate_relayable_local_parent(entity_name) end # Checks when a remote pod B wants to send us a relayable with authorship from a remote pod C user # without having correct signature from him. def generate_relayable_remote_parent_wrong_author_key(entity_name) substitute_wrong_key(remote_user_on_pod_c, 1) generate_relayable_remote_parent(entity_name) end # Checks when a remote pod C wants to send us a relayable from its user, but bypassing the pod B where # remote status came from. def generate_relayable_remote_parent_wrong_parent_key(entity_name) substitute_wrong_key(remote_user_on_pod_b, 2) generate_relayable_remote_parent(entity_name) end
spec/integration/federation/receive_federation_messages_spec.rb +145 −97 Original line number Diff line number Diff line require "spec_helper" require "diaspora_federation/test" require "integration/federation/federation_helper" require "integration/federation/federation_messages_generation" require "integration/federation/shared_receive_relayable" require "integration/federation/shared_receive_retraction" require "integration/federation/shared_receive_stream_items" describe Workers::ReceiveEncryptedSalmon do it "treats sharing request receive correctly" do entity = FactoryGirl.build(:request_entity, recipient_id: alice.diaspora_handle) expect(Diaspora::Fetcher::Public).to receive(:queue_for) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_c, alice)) new_contact = alice.contacts.find {|c| c.person.diaspora_handle == remote_user_on_pod_c.diaspora_handle } expect(new_contact).not_to be_nil expect(new_contact.sharing).to eq(true) def post_private_message(recipient_guid, xml) inlined_jobs do post "/receive/users/#{recipient_guid}", guid: recipient_guid, xml: xml end end it "doesn't save the status message if there is no sharing" do entity = FactoryGirl.build(:status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: false) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) def post_public_message(xml) inlined_jobs do post "/receive/public", xml: xml end end expect(StatusMessage.exists?(guid: entity.guid)).to be(false) def post_message(recipient_guid, xml) if @public post_public_message(xml) else post_private_message(recipient_guid, xml) end end describe "with messages which require sharing" do before do def set_up_sharing contact = alice.contacts.find_or_initialize_by(person_id: remote_user_on_pod_b.person.id) contact.sharing = true contact.save end it "treats status message receive correctly" do entity = FactoryGirl.build(:status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: false) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) describe "Receive federation messages feature" do before do allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:queue_public_receive, any_args).and_call_original allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:queue_private_receive, any_args).and_call_original allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:save_person_after_webfinger, any_args).and_call_original end expect(StatusMessage.exists?(guid: entity.guid)).to be(true) context "with public receive" do before do @public = true end it "doesn't accept status message with wrong signature" do expect(remote_user_on_pod_b).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) it "receives account deletion correctly" do post_public_message( generate_xml( DiasporaFederation::Entities::AccountDeletion.new(diaspora_id: remote_user_on_pod_b.diaspora_handle), remote_user_on_pod_b, nil ) ) expect(AccountDeletion.where(diaspora_handle: remote_user_on_pod_b.diaspora_handle).exists?).to be(true) end entity = FactoryGirl.build(:status_message_entity, diaspora_id: remote_user_on_pod_b.diaspora_handle, public: false) Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) it "rejects account deletion with wrong diaspora_id" do delete_id = FactoryGirl.generate(:diaspora_id) post_public_message( generate_xml( DiasporaFederation::Entities::AccountDeletion.new(diaspora_id: delete_id), remote_user_on_pod_b, nil ) ) expect(StatusMessage.exists?(guid: entity.guid)).to be(false) expect(AccountDeletion.where(diaspora_handle: delete_id).exists?).to be(false) expect(AccountDeletion.where(diaspora_handle: remote_user_on_pod_b.diaspora_handle).exists?).to be(false) end describe "retractions for non-relayable objects" do %w( retraction signed_retraction ).each do |retraction_entity_name| context "with #{retraction_entity_name}" do %w(status_message photo).each do |target| context "with #{target}" do it_behaves_like "it retracts non-relayable object" do let(:target_object) { FactoryGirl.create(target.to_sym, author: remote_user_on_pod_b.person) } let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } it "reshare of public post passes" do @local_target = FactoryGirl.create(:status_message, author: alice.person, public: true) post_public_message(generate_reshare) expect( Reshare.where(root_guid: @local_target.guid, diaspora_handle: remote_user_on_pod_b.diaspora_handle).first ).not_to be_nil end it "reshare of private post fails" do @local_target = FactoryGirl.create(:status_message, author: alice.person, public: false) post_public_message(generate_reshare) expect( Reshare.where(root_guid: @local_target.guid, diaspora_handle: remote_user_on_pod_b.diaspora_handle).first ).to be_nil end it_behaves_like "messages which are indifferent about sharing fact" context "with sharing" do before do set_up_sharing end it_behaves_like "messages which are indifferent about sharing fact" it_behaves_like "messages which can't be send without sharing" end end context "with private receive" do before do @public = false end describe "with messages which require a status to operate on" do let(:local_message) { FactoryGirl.create(:status_message, author: alice.person) } let(:remote_message) { FactoryGirl.create(:status_message, author: remote_user_on_pod_b.person) } it "treats sharing request recive correctly" do entity = FactoryGirl.build(:request_entity, recipient_id: alice.diaspora_handle) %w(comment like participation).each do |entity| context "with #{entity}" do it_behaves_like "it deals correctly with a relayable" do let(:entity_name) { "#{entity}_entity".to_sym } let(:klass) { entity.camelize.constantize } end end end expect(Diaspora::Fetcher::Public).to receive(:queue_for).exactly(1).times describe "retractions for relayable objects" do let(:sender) { remote_user_on_pod_b } post_private_message(alice.guid, generate_xml(entity, remote_user_on_pod_b, alice)) %w( retraction signed_retraction relayable_retraction ).each do |retraction_entity_name| context "with #{retraction_entity_name}" do context "with comment" do it_behaves_like "it retracts object" do # case for to-upstream federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:comment, author: remote_user_on_pod_b.person, post: local_message) } end expect(alice.contacts.count).to eq(2) new_contact = alice.contacts.order(created_at: :asc).last expect(new_contact).not_to be_nil expect(new_contact.sharing).to eq(true) expect(new_contact.person.diaspora_handle).to eq(remote_user_on_pod_b.diaspora_handle) it_behaves_like "it retracts object" do # case for to-downsteam federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:comment, author: remote_user_on_pod_c.person, post: remote_message) } expect( Notifications::StartedSharing.where( recipient_id: alice.id, target_type: "Person", target_id: remote_user_on_pod_b.person.id ).first ).not_to be_nil end it "doesn't save the private status message if there is no sharing" do post_private_message(alice.guid, generate_status_message) expect(StatusMessage.exists?(guid: @entity.guid)).to be(false) end context "with like" do it_behaves_like "it retracts object" do # case for to-upstream federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:like, author: remote_user_on_pod_b.person, target: local_message) } context "with sharing" do before do set_up_sharing end it_behaves_like "it retracts object" do # case for to-downsteam federation let(:entity_name) { "#{retraction_entity_name}_entity".to_sym } let(:target_object) { FactoryGirl.create(:like, author: remote_user_on_pod_c.person, target: remote_message) } it_behaves_like "messages which are indifferent about sharing fact" it_behaves_like "messages which can't be send without sharing" it "treats profile receive correctly" do post_private_message(alice.guid, generate_profile) expect(Profile.where(diaspora_handle: @entity.diaspora_id).exists?).to be(true) end it "receives conversation correctly" do post_private_message(alice.guid, generate_conversation) expect(Conversation.exists?(guid: @entity.guid)).to be(true) end context "with message" do before do @local_target = FactoryGirl.build(:conversation, author: alice.person) @local_target.participants << remote_user_on_pod_b.person @local_target.participants << remote_user_on_pod_c.person @local_target.save @remote_target = FactoryGirl.build(:conversation, author: remote_user_on_pod_b.person) @remote_target.participants << alice.person @remote_target.participants << remote_user_on_pod_c.person @remote_target.save end it_behaves_like "it deals correctly with a relayable" do let(:entity_name) { :message_entity } let(:klass) { Message } end end end Loading
spec/integration/federation/shared_receive_relayable.rb +36 −85 Original line number Diff line number Diff line shared_examples_for "it deals correctly with a relayable" do context "local" do let(:entity) { FactoryGirl.build( entity_name, parent_guid: local_message.guid, diaspora_id: remote_user_on_pod_b.diaspora_handle ) } def mock_private_keys allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_private_key_by_diaspora_id, remote_user_on_pod_b.diaspora_handle) .and_return(remote_user_on_pod_b.encryption_key) allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_author_private_key_by_entity_guid, "Post", kind_of(String)) .and_return(nil) end it "treats upstream receive correctly" do mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) received_entity = klass.find_by(guid: entity.guid) expect(Postzord::Dispatcher).to receive(:build).with(alice, kind_of(klass)).and_call_original post_message(alice.guid, generate_relayable_local_parent(entity_name)) received_entity = klass.find_by(guid: @entity.guid) expect(received_entity).not_to be_nil expect(received_entity.author.diaspora_handle).to eq(remote_user_on_pod_b.person.diaspora_handle) end # Checks when a remote pod wants to send us a relayable without having a key for declared diaspora ID it "rejects an upstream entity with a malformed author signature" do allow(remote_user_on_pod_b).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) expect(klass.exists?(guid: entity.guid)).to be(false) end end context "remote parent" do let(:entity) { FactoryGirl.build( entity_name, parent_guid: remote_message.guid, diaspora_id: remote_user_on_pod_c.diaspora_handle expect(Postzord::Dispatcher).not_to receive(:build) post_message( alice.guid, generate_relayable_local_parent_wrong_author_key(entity_name) ) } def mock_private_keys allow(DiasporaFederation.callbacks).to receive(:trigger) .with(:fetch_private_key_by_diaspora_id, remote_user_on_pod_c.diaspora_handle) .and_return(remote_user_on_pod_c.encryption_key) allow(DiasporaFederation.callbacks).to receive(:trigger) .with( :fetch_author_private_key_by_entity_guid, "Post", remote_message.guid ) .and_return(remote_user_on_pod_b.encryption_key) expect(klass.exists?(guid: @entity.guid)).to be(false) end it "treats downstream receive correctly" do mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) received_entity = klass.find_by(guid: entity.guid) expect(Postzord::Dispatcher).to receive(:build).with(alice, kind_of(klass)).and_call_original unless @public post_message(alice.guid, generate_relayable_remote_parent(entity_name)) received_entity = klass.find_by(guid: @entity.guid) expect(received_entity).not_to be_nil expect(received_entity.author.diaspora_handle).to eq(remote_user_on_pod_c.diaspora_handle) expect(received_entity.author.diaspora_handle).to eq(remote_user_on_pod_c.person.diaspora_handle) end # Checks when a remote pod B wants to send us a relayable with authorship from a remote pod C user # without having correct signature from him. it "rejects a downstream entity with a malformed author signature" do allow(remote_user_on_pod_c).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) expect(klass.exists?(guid: entity.guid)).to be(false) expect(Postzord::Dispatcher).not_to receive(:build) post_message( alice.guid, generate_relayable_remote_parent_wrong_author_key(entity_name) ) expect(klass.exists?(guid: @entity.guid)).to be(false) end # Checks when a remote pod C wants to send us a relayable from its user, but bypassing the pod B where # remote status came from. it "declines downstream receive when sender signed with a wrong key" do allow(remote_user_on_pod_b).to receive(:encryption_key).and_return(OpenSSL::PKey::RSA.new(1024)) mock_private_keys Workers::ReceiveEncryptedSalmon.new.perform(alice.id, generate_xml(entity, remote_user_on_pod_b, alice)) expect(klass.exists?(guid: entity.guid)).to be(false) end expect(Postzord::Dispatcher).not_to receive(:build) post_message( alice.guid, generate_relayable_remote_parent_wrong_parent_key(entity_name) ) expect(klass.exists?(guid: @entity.guid)).to be(false) end end
