kopia lustrzana https://gitlab.com/jaywink/federation
Fix regression in handling Diaspora relayables
Due to security fix in 0.14.0. Payload and entity handle need to be allowed to be different when handling relayables.merge-requests/130/head
rodzic
36da89e0bb
commit
c6343bbd74
|
@ -1,5 +1,10 @@
|
||||||
# Changelog
|
# Changelog
|
||||||
|
|
||||||
|
## [unreleased]
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
* Fix regression in handling Diaspora relayables due to security fix in 0.14.0. Payload and entity handle need to be allowed to be different when handling relayables.
|
||||||
|
|
||||||
## [0.14.0] - 2017-08-06
|
## [0.14.0] - 2017-08-06
|
||||||
|
|
||||||
### Security
|
### Security
|
||||||
|
|
|
@ -88,8 +88,6 @@ def element_to_objects(element, sender, sender_key_fetcher=None, user=None):
|
||||||
if hasattr(cls, "fill_extra_attributes"):
|
if hasattr(cls, "fill_extra_attributes"):
|
||||||
transformed = cls.fill_extra_attributes(transformed)
|
transformed = cls.fill_extra_attributes(transformed)
|
||||||
entity = cls(**transformed)
|
entity = cls(**transformed)
|
||||||
if not check_sender_and_entity_handle_match(sender, entity.handle):
|
|
||||||
return []
|
|
||||||
# Add protocol name
|
# Add protocol name
|
||||||
entity._source_protocol = "diaspora"
|
entity._source_protocol = "diaspora"
|
||||||
# Save element object to entity for possible later use
|
# Save element object to entity for possible later use
|
||||||
|
@ -97,8 +95,8 @@ def element_to_objects(element, sender, sender_key_fetcher=None, user=None):
|
||||||
# Save receiving guid to object
|
# Save receiving guid to object
|
||||||
if user and hasattr(user, "guid"):
|
if user and hasattr(user, "guid"):
|
||||||
entity._receiving_guid = user.guid
|
entity._receiving_guid = user.guid
|
||||||
# If relayable, fetch sender key for validation
|
|
||||||
if issubclass(cls, DiasporaRelayableMixin):
|
if issubclass(cls, DiasporaRelayableMixin):
|
||||||
|
# If relayable, fetch sender key for validation
|
||||||
entity._xml_tags = get_element_child_info(element, "tag")
|
entity._xml_tags = get_element_child_info(element, "tag")
|
||||||
if sender_key_fetcher:
|
if sender_key_fetcher:
|
||||||
entity._sender_key = sender_key_fetcher(entity.handle)
|
entity._sender_key = sender_key_fetcher(entity.handle)
|
||||||
|
@ -106,6 +104,10 @@ def element_to_objects(element, sender, sender_key_fetcher=None, user=None):
|
||||||
profile = retrieve_and_parse_profile(entity.handle)
|
profile = retrieve_and_parse_profile(entity.handle)
|
||||||
if profile:
|
if profile:
|
||||||
entity._sender_key = profile.public_key
|
entity._sender_key = profile.public_key
|
||||||
|
else:
|
||||||
|
# If not relayable, ensure handles match
|
||||||
|
if not check_sender_and_entity_handle_match(sender, entity.handle):
|
||||||
|
return []
|
||||||
try:
|
try:
|
||||||
entity.validate()
|
entity.validate()
|
||||||
except ValueError as ex:
|
except ValueError as ex:
|
||||||
|
|
Ładowanie…
Reference in New Issue