diaspora-vines 0.1.22 → 0.1.24

data/lib/vines/storage/sql.rb

@@ -18,12 +18,14 @@ module Vines
       class AspectMembership < ActiveRecord::Base
         belongs_to :aspect
         belongs_to :contact
-      
+
         has_one :users, :through => :contact
         has_one :person, :through => :contact
       end
 
       class Contact < ActiveRecord::Base
+        scope :chat_enabled, -> { joins(:aspects).where("aspects.chat_enabled = ?", true) }
+
         belongs_to :users
         belongs_to :person
 
@@ -44,7 +46,7 @@ module Vines
 
         serialize :groups, JSON
       end
-      
+
       class ChatFragment < ActiveRecord::Base
         belongs_to :users
       end
@@ -69,7 +71,7 @@ module Vines
         unless defined? Rails
           raise "You configured diaspora-sql adapter without Diaspora environment"
         end
-        
+
         config = Rails.application.config.database_configuration[Rails.env]
         %w[adapter database host port username password].each do |key|
           @config[key.to_sym] = config[key]
@@ -93,7 +95,7 @@ module Vines
             xuser.authentication_token
 
           # add diaspora contacts
-          xuser.contacts.each do |contact|
+          xuser.contacts.chat_enabled.each do |contact|
             handle = contact.person.diaspora_handle
             ask, subscription, groups = get_diaspora_flags(contact)
             user.roster << Vines::Contact.new(
@@ -121,7 +123,7 @@ module Vines
       def authenticate(username, password)
         user = find_user(username)
 
-        pepper = "#{password}#{Config.instance.pepper}" rescue password
+        pepper = "#{password}#{Devise.pepper}" rescue password
         dbhash = BCrypt::Password.new(user.password) rescue nil
         hash = BCrypt::Engine.hash_secret(pepper, dbhash.salt) rescue nil
 

data/lib/vines/store.rb

@@ -55,16 +55,25 @@ module Vines
       @@sources ||= begin
         pattern = /-{5}BEGIN CERTIFICATE-{5}\n.*?-{5}END CERTIFICATE-{5}\n/m
         files = Dir[File.join(@dir, '*.crt')]
-        files << AppConfig.environment.certificate_authorities if defined?(AppConfig)
+        if defined?(AppConfig)
+          chain = AppConfig.environment.certificate_authorities.get
+          files << chain unless chain.nil?
+        end
         pairs = files.map do |name|
-          File.open(name, "r:UTF-8") do |f|
-            pems = f.read.scan(pattern)
-            certs = pems.map {|pem| OpenSSL::X509::Certificate.new(pem) }
-            certs.reject! {|cert| cert.not_after < Time.now }
-            [name, certs]
+          begin
+            File.open(name, "r:UTF-8") do |f|
+              pems = f.read.scan(pattern)
+              certs = pems.map {|pem| OpenSSL::X509::Certificate.new(pem) }
+              certs.reject! {|cert| cert.not_after < Time.now }
+              [name, certs]
+            end
+          rescue ArgumentError => e
+            puts "Skipping '#{name}' cause of '#{e.message.to_s}'! "+
+                 "Checkout https://wiki.diasporafoundation.org/Vines#FAQ "+
+                 "for further instructions."
           end
         end
-        Hash[pairs]
+        Hash[pairs.compact]
       end
       @@sources.values.flatten
     end
@@ -119,6 +128,9 @@ module Vines
           end
         end
       end
+      puts "Your're using vines without a certificate! "+
+           "Checkout https://wiki.diasporafoundation.org/Vines#Certificates "+
+           "for further instructions."
       nil
     end
 

data/lib/vines/stream.rb

@@ -17,6 +17,11 @@ module Vines
       @config = config
     end
 
+    # Initialize the stream after its connection to the server has completed.
+    # EventMachine calls this method when an incoming connection is accepted
+    # into the event loop.
+    #
+    # Returns nothing.
     def post_init
       @remote_addr, @local_addr = addresses
       @user, @closed, @stanza_size = nil, false, 0
@@ -33,23 +38,34 @@ module Vines
     # stream is first connected as well as for stream restarts during
     # negotiation. Subclasses can override this method to provide a different
     # type of parser (e.g. HTTP).
+    #
+    # Returns nothing.
     def create_parser
-      @parser = Parser.new.tap do |p|
-        p.stream_open {|node| @nodes.push(node) }
-        p.stream_close { close_connection }
-        p.stanza {|node| @nodes.push(node) }
+      @parser = Parser.new.tap do |parser|
+        parser.stream_open {|node| @nodes.push(node) }
+        parser.stream_close { close_connection }
+        parser.stanza {|node| @nodes.push(node) }
       end
     end
 
-    # Advance the state machine into the +Closed+ state so any remaining queued
+    # Advance the state machine into the `Closed` state so any remaining queued
     # nodes are not processed while we're waiting for EM to actually close the
     # connection.
+    #
+    # Returns nothing.
     def close_connection(after_writing=false)
       super
       @closed = true
       advance(Client::Closed.new(self))
     end
 
+    # Read bytes off the stream and feed them into the XML parser. EventMachine
+    # is responsible for calling this method on its event loop as connections
+    # become readable.
+    #
+    # data - The byte String sent to the server from the client, hopefully XML.
+    #
+    # Returns nothing.
     def receive_data(data)
       return if @closed
       @stanza_size += data.bytesize
@@ -62,6 +78,8 @@ module Vines
 
     # Reset the connection's XML parser when a new <stream:stream> header
     # is received.
+    #
+    # Returns nothing.
     def reset
       create_parser
     end
@@ -72,7 +90,7 @@ module Vines
       @config.storage(domain || self.domain)
     end
 
-    # Returns the Vines::Config::Host virtual host for the stream's domain.
+    # Returns the Config::Host virtual host for the stream's domain.
     def vhost
       @config.vhost(domain)
     end
@@ -80,6 +98,10 @@ module Vines
     # Reload the user's information into their active connections. Call this
     # after storage.save_user() to sync the new user state with their other
     # connections.
+    #
+    # user - The User whose connection info needs refreshing.
+    #
+    # Returns nothing.
     def update_user_streams(user)
       connected_resources(user.jid.bare).each do |stream|
         stream.user.update_from(user)
@@ -98,13 +120,26 @@ module Vines
       router.interested_resources(*jid, user.jid)
     end
 
-    def ssl_verify_peer(pem); true; end
+    def ssl_verify_peer(pem)
+      # Skip verifying if user accept self-signed certificates
+      return if self.vhost.accept_self_signed?
+      # EM is supposed to close the connection when this returns false,
+      # but it only does that for inbound connections, not when we
+      # make a connection to another server.
+      @store.trusted?(pem).tap do |trusted|
+        close_connection unless trusted
+      end
+    end
 
     def cert_domain_matches?(domain)
       @store.domain?(get_peer_cert, domain)
     end
 
     # Send the data over the wire to this client.
+    #
+    # data - The XML String or XML::Node to write to the socket.
+    #
+    # Returns nothing.
     def write(data)
       log_node(data, :out)
       if data.respond_to?(:to_xml)
@@ -132,7 +167,11 @@ module Vines
     end
 
     # Advance the stream's state machine to the new state. XML nodes received
-    # by the stream will be passed to this state's +node+ method.
+    # by the stream will be passed to this state's `node` method.
+    #
+    # state - The Stream::State to process the stanzas next.
+    #
+    # Returns the new Stream::State.
     def advance(state)
       @state = state
     end
@@ -140,6 +179,10 @@ module Vines
     # Stream level errors close the stream while stanza and SASL errors are
     # written to the client and leave the stream open. All exceptions should
     # pass through this method for consistent handling.
+    #
+    # e - The StandardError, usually XmppError, that occurred.
+    #
+    # Returns nothing.
     def error(e)
       case e
       when SaslError, StanzaError
@@ -160,7 +203,9 @@ module Vines
 
     private
 
-    # Return the remote and local socket addresses used by this connection.
+    # Determine the remote and local socket addresses used by this connection.
+    #
+    # Returns a two-element Array of String addresses.
     def addresses
       [get_peername, get_sockname].map do |addr|
         addr ? Socket.unpack_sockaddr_in(addr)[0, 2].reverse.join(':') : 'unknown'
@@ -169,12 +214,21 @@ module Vines
 
     # Write the StreamError's xml to the stream. Subclasses can override
     # this method with custom error writing behavior.
+    #
+    # A call to `close_stream` should follow this method. Stream level errors
+    # are fatal to the connection.
+    #
+    # e - The StreamError that caused the connection to close.
+    #
+    # Returns nothing.
     def send_stream_error(e)
       write(e.to_xml)
     end
 
-    # Write a closing stream tag to the stream then close the stream. Subclasses
-    # can override this method for custom close behavior.
+    # Write a closing stream tag and close the connection. Subclasses can
+    # override this method for custom close behavior.
+    #
+    # Returns nothing.
     def close_stream
       write('</stream:stream>')
       close_connection_after_writing
@@ -187,7 +241,14 @@ module Vines
 
     # Schedule a queue pop on the EM thread to handle the next element. This
     # guarantees all stanzas received on this stream are processed in order.
-    # http://tools.ietf.org/html/rfc6120#section-10.1
+    #
+    #   http://tools.ietf.org/html/rfc6120#section-10.1
+    #
+    # Once a node is processed, this method recursively schedules itself to pop
+    # the next node and so on. A single call to this method effectively begins
+    # an asynchronous node processing loop.
+    #
+    # Returns nothing.
     def process_node_queue
       @nodes.pop do |node|
         Fiber.new do
@@ -225,14 +286,20 @@ module Vines
         ["#{label} stanza:".ljust(PAD), from, to, node])
     end
 
-    # Returns the current +State+ of the stream's state machine. Provided as a
+    # Inspects the current state of the stream's state machine. Provided as a
     # method so subclasses can override the behavior.
+    #
+    # Returns the current Stream::State.
     def state
       @state
     end
 
-    # Return +true+ if this is a valid domain-only JID that can be used in
+    # Determine if this is a valid domain-only JID that can be used in
     # stream initiation stanza headers.
+    #
+    # jid - The String or JID to verify (e.g. 'wonderland.lit').
+    #
+    # Return true if the jid is domain-only.
     def valid_address?(jid)
       JID.new(jid).domain? rescue false
     end

data/lib/vines/stream/client.rb

@@ -60,21 +60,25 @@ module Vines
 
       private
 
-      # The +to+ domain address set on the initial stream header must not change
+      # The `to` domain address set on the initial stream header must not change
       # during stream restarts. This prevents a user from authenticating in one
       # domain, then using a stream in a different domain.
+      #
+      # to - The String domain JID to verify (e.g. 'wonderland.lit').
+      #
+      # Returns true if the client connection is misbehaving and should be closed.
       def domain_change?(to)
         to != @session.domain
       end
 
       def send_stream_header(to)
         attrs = {
-          'xmlns' => NAMESPACES[:client],
+          'xmlns'        => NAMESPACES[:client],
           'xmlns:stream' => NAMESPACES[:stream],
-          'xml:lang' => 'en',
-          'id' => Kit.uuid,
-          'from' => @session.domain,
-          'version' => '1.0'
+          'xml:lang'     => 'en',
+          'id'           => Kit.uuid,
+          'from'         => @session.domain,
+          'version'      => '1.0'
         }
         attrs['to'] = to if to
         write "<stream:stream %s>" % attrs.to_a.map{|k,v| "#{k}='#{v}'"}.join(' ')

data/lib/vines/stream/component.rb

@@ -46,10 +46,10 @@ module Vines
 
       def send_stream_header
         attrs = {
-          'xmlns' => NAMESPACES[:component],
+          'xmlns'        => NAMESPACES[:component],
           'xmlns:stream' => NAMESPACES[:stream],
-          'id' => @stream_id,
-          'from' => @remote_domain
+          'id'           => @stream_id,
+          'from'         => @remote_domain
         }
         write "<stream:stream %s>" % attrs.to_a.map{|k,v| "#{k}='#{v}'"}.join(' ')
       end

data/lib/vines/stream/http.rb

@@ -10,22 +10,28 @@ module Vines
         @session = Http::Session.new(self)
       end
 
-      # Override +Stream#create_parser+ to provide an HTTP parser rather than
+      # Override Stream#create_parser to provide an HTTP parser rather than
       # a Nokogiri XML parser.
+      #
+      # Returns nothing.
       def create_parser
-        @parser = ::Http::Parser.new.tap do |p|
+        @parser = ::Http::Parser.new.tap do |parser|
           body = ''
-          p.on_body = proc {|data| body << data }
-          p.on_message_complete = proc {
+          parser.on_body = proc {|data| body << data }
+          parser.on_message_complete = proc do
             process_request(Request.new(self, @parser, body))
             body = ''
-          }
+          end
         end
       end
 
       # If the session ID is valid, switch this stream's session to the new
       # ID and return true. Some clients, like Google Chrome, reuse one stream
       # for multiple sessions.
+      #
+      # sid - The String session ID.
+      #
+      # Returns true if the server previously distributed this SID to a client.
       def valid_session?(sid)
         if session = Sessions[sid]
           @session = session
@@ -62,13 +68,27 @@ module Vines
 
       # Override Stream#write to queue stanzas rather than immediately writing
       # to the stream. Stanza responses must be paired with a queued request.
+      #
+      # If a request is not waiting, the written stanzas will buffer until they
+      # can be sent in the next response.
+      #
+      # data - The XML String or XML::Node to write to the HTTP socket.
+      #
+      # Returns nothing.
       def write(data)
         @session.write(data)
       end
 
-      # Return an array of Node objects inside the body element.
+      # Parse the one or more stanzas from a single body element. BOSH clients
+      # buffer stanzas sent in quick succession, and send them as a bundle, to
+      # save on the request/response cycle.
+      #
       # TODO This parses the XML again just to strip namespaces. Figure out
       # Nokogiri namespace handling instead.
+      #
+      # body - The XML::Node containing the BOSH `body` element.
+      #
+      # Returns an Array of XML::Node stanzas.
       def parse_body(body)
         body.namespace = nil
         body.elements.map do |node|
@@ -133,8 +153,12 @@ module Vines
         @session.reply(node)
       end
 
-      # Override +Stream#send_stream_error+ to wrap the error XML in a BOSH
+      # Override Stream#send_stream_error to wrap the error XML in a BOSH
       # terminate body tag.
+      #
+      # e - The StreamError that caused the connection to close.
+      #
+      # Returns nothing.
       def send_stream_error(e)
         doc = Nokogiri::XML::Document.new
         node = doc.create_element('body',
@@ -146,12 +170,14 @@ module Vines
         @session.reply(node)
       end
 
-      # Override +Stream#close_stream+ to simply close the connection without
+      # Override Stream#close_stream to simply close the connection without
       # writing a closing stream tag.
+      #
+      # Returns nothing.
       def close_stream
         close_connection_after_writing
         @session.close
       end
     end
   end
-end
+end

data/lib/vines/stream/http/request.rb

@@ -25,13 +25,22 @@ module Vines
 
         attr_reader :stream, :body, :headers, :method, :path, :url, :query
 
+        # Create a new request parsed from an HTTP client connection. We'll try
+        # to keep this request open until there are stanzas available to send
+        # as a response.
+        #
+        # stream - The Stream::Http client connection that received the request.
+        # parser - The Http::Parser that parsed the HTTP request.
+        # body   - The String request body.
         def initialize(stream, parser, body)
-          @stream, @body = stream, body
+          uri       = URI(parser.request_url)
+          @stream   = stream
+          @body     = body
           @headers  = parser.headers
           @method   = parser.http_method
-          @path     = parser.request_path
           @url      = parser.request_url
-          @query    = parser.query_string
+          @path     = uri.path
+          @query    = uri.query
           @received = Time.now
         end
 
@@ -44,10 +53,12 @@ module Vines
         # directory. Take care to prevent directory traversal attacks with paths
         # like ../../../etc/passwd. Use the If-Modified-Since request header
         # to implement caching.
+        #
+        # Returns nothing.
         def reply_with_file(dir)
           path = File.expand_path(File.join(dir, @path))
 
-          # redirect requests missing a slash so relative links work
+          # Redirect requests missing a slash so relative links work.
           if File.directory?(path) && !@path.end_with?('/')
             send_status(301, MOVED, "Location: #{redirect_uri}")
             return
@@ -69,6 +80,8 @@ module Vines
 
         # Send an HTTP 200 OK response wrapping the XMPP node content back
         # to the client.
+        #
+        # Returns nothing.
         def reply(node, content_type)
           body = node.to_s
           header = [
@@ -90,6 +103,8 @@ module Vines
         # Send a 200 OK response, allowing any origin domain to connect to the
         # server, in response to CORS preflight OPTIONS requests. This allows
         # any web application using strophe.js to connect to our BOSH port.
+        #
+        # Returns nothing.
         def reply_to_options
           allow = @headers['Access-Control-Request-Headers']
           headers = [
@@ -107,6 +122,8 @@ module Vines
         # wasn't sent by the client, just return the relative path that
         # was requested. The Location response header must contain the fully
         # qualified URI, but most browsers will accept relative paths as well.
+        #
+        # Returns the String URL.
         def redirect_uri
           host = headers['Host']
           uri = "#{path}/"
@@ -137,6 +154,8 @@ module Vines
         # Stream the contents of the file to the client in a 200 OK response.
         # Send a Last-Modified response header so clients can send us an
         # If-Modified-Since request header for caching.
+        #
+        # Returns nothing.
         def send_file(path, status=200, message='OK')
           header = [
             "HTTP/1.1 #{status} #{message}",
@@ -162,6 +181,8 @@ module Vines
         # HTTP server. Reverse proxy servers (nginx/apache) can use this cookie
         # to implement sticky sessions. Return nil if vroute was not set in
         # config.rb and no cookie should be sent.
+        #
+        # Returns a String cookie value or nil if disabled.
         def vroute_cookie
           route = @stream.config[:http].vroute
           route ? "Set-Cookie: vroute=#{route}; path=/; HttpOnly" : nil
@@ -169,4 +190,4 @@ module Vines
       end
     end
   end
-end
+end