crappyrules
/
notehub
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

bugfix in signature compuation

master
Christian Mueller 12 years ago
parent
40693d39fa
commit
2e50f713fb
4 changed files with 82 additions and 69 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      API.md
  2. 34
      src/notehub/api.clj
  3. 2
      src/notehub/storage.clj
  4. 10
      test/notehub/test/api.clj

3
API.md
Unescape View File

@ -1,9 +1,10 @@
# NoteHub API # NoteHub API
**Version 1.3, status: released.** **Version 1.4, status: released.**
## Changelog ## Changelog
- **V1.4**: Bugfix: no whitespace elimination from the note text is needed now for the signature compuation.
- **V1.3**: New note ID format. - **V1.3**: New note ID format.
- **V1.2**: Theme & fonts can be specified during the publishing. - **V1.2**: Theme & fonts can be specified during the publishing.
- **V1.1**: fields `publisher` and `title` in the response to the note retrieval. - **V1.1**: fields `publisher` and `title` in the response to the note retrieval.

34
src/notehub/api.clj
Unescape View File

@ -11,7 +11,7 @@
[hiccup.util :as util] [hiccup.util :as util]
[notehub.storage :as storage])) [notehub.storage :as storage]))
(def version "1.3") (def version "1.4")
(def domain (def domain
(get-setting (get-setting
@ -60,11 +60,20 @@
(str domain (url year month day title)))))) (str domain (url year month day title))))))
(defn version-manager [f params] (defn version-manager [f params]
(if-let [version (:version params)] (if-let [req-version (:version params)]
(if (and (:noteID params) (< (Double/parseDouble version) 1.3)) (let [req-version (Double/parseDouble req-version)
(let [resp (f (assoc params version (Double/parseDouble version)]
:noteID (sreplace (params :noteID) #" " "/") (if (< req-version version)
:noteID* (params :noteID))) (let [args params
args (if (and (:noteID args) (< req-version 1.3))
(assoc args
:noteID (sreplace (args :noteID) #" " "/")
:noteID* (args :noteID))
args)
args (if (and (:note args) (< req-version 1.4))
(assoc args :note* (sreplace (args :note) #"[\n\r]" ""))
args)
resp (f args)
server-message (get-in resp [:status :message])] server-message (get-in resp [:status :message])]
(assoc-in resp [:status :message] (assoc-in resp [:status :message]
(str (str
@ -72,7 +81,7 @@
(when server-message "; ") (when server-message "; ")
"this API version is deprecated and " "this API version is deprecated and "
"will be disabled by the end of June 2014!"))) "will be disabled by the end of June 2014!")))
(f params)) (f params)))
{:status (create-response false "API version expected")})) {:status (create-response false "API version expected")}))
(defn get-note [{:keys [noteID]}] (defn get-note [{:keys [noteID]}]
@ -88,11 +97,12 @@
{:status (create-response false "noteID '%s' unknown" noteID)})) {:status (create-response false "noteID '%s' unknown" noteID)}))
(defn post-note (defn post-note
[{:keys [note pid signature password] :as params}] [{:keys [note pid signature password note*] :as params}]
;(log "post-note: %s" {:pid pid :signature signature :password password :note note}) ;(log "post-note: %s" {:pid pid :signature signature :password password :note note})
(let [errors (filter identity (let [errors (filter identity
[(when-not (storage/valid-publisher? pid) "pid invalid") [(when-not (storage/valid-publisher? pid) "pid invalid")
(when-not (= signature (storage/sign pid (storage/get-psk pid) note)) ; TODO: remove note* after June 2014
(when-not (= signature (storage/sign pid (storage/get-psk pid) (or note* note)))
"signature invalid") "signature invalid")
(when (blank? note) "note is empty")])] (when (blank? note) "note is empty")])]
(if (empty? errors) (if (empty? errors)
@ -118,12 +128,14 @@
{:status (create-response false (first errors))}))) {:status (create-response false (first errors))})))
(defn update-note [{:keys [noteID note pid signature password noteID*]}] (defn update-note [{:keys [noteID note pid signature password noteID* note*]}]
;(log "update-note: %s" {:pid pid :noteID noteID :signature signature :password password :note note}) ;(log "update-note: %s" {:pid pid :noteID noteID :signature signature :password password :note note})
(let [errors (filter identity (let [errors (filter identity
[(when-not (storage/valid-publisher? pid) "pid invalid") [(when-not (storage/valid-publisher? pid) "pid invalid")
; TODO: noteID* is a hack introduced by backwards-comp. to older APIs ; TODO: noteID* is a hack introduced by backwards-comp. to older APIs
(when-not (= signature (storage/sign pid (storage/get-psk pid) (or noteID* noteID) note password)) (when-not (= signature (storage/sign pid (storage/get-psk pid) (or noteID* noteID)
; TODO: remove note* after June 2014
(or note* note) password))
"signature invalid") "signature invalid")
(when (blank? note) "note is empty") (when (blank? note) "note is empty")
(when-not (storage/valid-password? noteID password) "password invalid")])] (when-not (storage/valid-password? noteID password) "password invalid")])]

2
src/notehub/storage.clj
Unescape View File

@ -9,7 +9,7 @@
(defn sign (defn sign
"Returns the MD5 hash for the concatenation of all passed parameters" "Returns the MD5 hash for the concatenation of all passed parameters"
[& args] [& args]
(let [input (sreplace (apply str args) #"[\r\n]" "")] (let [input (apply str args)]
(do (.reset md5Instance) (do (.reset md5Instance)
(.update md5Instance (.getBytes input)) (.update md5Instance (.getBytes input))
(apply str (apply str

10
test/notehub/test/api.clj
Unescape View File

@ -69,7 +69,7 @@
(is (= "noteID 'randomString' unknown" (is (= "noteID 'randomString' unknown"
(get-in (get-in
(parse-string (parse-string
(:body (send-request "/api/note" {:version "1.3" :noteID "randomString"}))) (:body (send-request "/api/note" {:version "1.4" :noteID "randomString"})))
["status" "message"]))) ["status" "message"])))
(is (= "3" (get-in (get-note post-response) [:statistics :views]))))) (is (= "3" (get-in (get-note post-response) [:statistics :views])))))
(testing "creation with wrong signature" (testing "creation with wrong signature"
@ -119,7 +119,7 @@
{:note note {:note note
:pid pid :pid pid
:signature (storage/sign pid psk note) :signature (storage/sign pid psk note)
:version "1.0"}) :version "1.4"})
body (parse-string (:body response)) body (parse-string (:body response))
noteID (body "noteID")] noteID (body "noteID")]
(is (has-status response 200)) (is (has-status response 200))
@ -132,7 +132,7 @@
(:body (send-request [:get "/api/note"] {:version "1.1" (:body (send-request [:get "/api/note"] {:version "1.1"
:noteID (clojure.string/replace noteID #"/" " ")}))) "note"))) :noteID (clojure.string/replace noteID #"/" " ")}))) "note")))
(isnt (= note ((parse-string (isnt (= note ((parse-string
(:body (send-request [:get "/api/note"] {:version "1.3" (:body (send-request [:get "/api/note"] {:version "1.4"
:noteID (clojure.string/replace noteID #"/" " ")}))) "note"))) :noteID (clojure.string/replace noteID #"/" " ")}))) "note")))
(is (do (is (do
(storage/delete-note noteID) (storage/delete-note noteID)
@ -145,7 +145,7 @@
{:note note {:note note
:pid pid :pid pid
:signature (storage/sign pid psk note) :signature (storage/sign pid psk note)
:version "1.0" :version "1.4"
:theme "dark" :theme "dark"
:text-font "Helvetica"}) :text-font "Helvetica"})
body (parse-string (:body response)) body (parse-string (:body response))
@ -167,7 +167,7 @@
{:note note {:note note
:pid pid :pid pid
:signature (storage/sign pid psk note) :signature (storage/sign pid psk note)
:version "1.0" :version "1.4"
:password "qwerty"}) :password "qwerty"})
body (parse-string (:body response)) body (parse-string (:body response))
origID (body "noteID") origID (body "noteID")

Write Preview
Loading…
Cancel
Save