From c6343bbd740f958e87d7ddbb37af3276c12522f8 Mon Sep 17 00:00:00 2001
From: Jason Robinson <mail@jasonrobinson.me>
Date: Sun, 6 Aug 2017 16:06:45 +0300
Subject: [PATCH] Fix regression in handling Diaspora relayables

Due to security fix in 0.14.0. Payload and entity handle need to be allowed to be different when handling relayables.
---
 CHANGELOG.md                            | 5 +++++
 federation/entities/diaspora/mappers.py | 8 +++++---
 2 files changed, 10 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 52ee6e5..844c694 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -1,5 +1,10 @@
 # Changelog
 
+## [unreleased]
+
+### Fixed
+* Fix regression in handling Diaspora relayables due to security fix in 0.14.0. Payload and entity handle need to be allowed to be different when handling relayables.
+
 ## [0.14.0] - 2017-08-06
 
 ### Security
diff --git a/federation/entities/diaspora/mappers.py b/federation/entities/diaspora/mappers.py
index 2acb27a..bb8a174 100644
--- a/federation/entities/diaspora/mappers.py
+++ b/federation/entities/diaspora/mappers.py
@@ -88,8 +88,6 @@ def element_to_objects(element, sender, sender_key_fetcher=None, user=None):
     if hasattr(cls, "fill_extra_attributes"):
         transformed = cls.fill_extra_attributes(transformed)
     entity = cls(**transformed)
-    if not check_sender_and_entity_handle_match(sender, entity.handle):
-        return []
     # Add protocol name
     entity._source_protocol = "diaspora"
     # Save element object to entity for possible later use
@@ -97,8 +95,8 @@ def element_to_objects(element, sender, sender_key_fetcher=None, user=None):
     # Save receiving guid to object
     if user and hasattr(user, "guid"):
         entity._receiving_guid = user.guid
-    # If relayable, fetch sender key for validation
     if issubclass(cls, DiasporaRelayableMixin):
+        # If relayable, fetch sender key for validation
         entity._xml_tags = get_element_child_info(element, "tag")
         if sender_key_fetcher:
             entity._sender_key = sender_key_fetcher(entity.handle)
@@ -106,6 +104,10 @@ def element_to_objects(element, sender, sender_key_fetcher=None, user=None):
             profile = retrieve_and_parse_profile(entity.handle)
             if profile:
                 entity._sender_key = profile.public_key
+    else:
+        # If not relayable, ensure handles match
+        if not check_sender_and_entity_handle_match(sender, entity.handle):
+            return []
     try:
         entity.validate()
     except ValueError as ex: