4 files changed, 19 insertions, 26 deletions

diff --git a/server/alias_plugin.py b/server/alias_plugin.py
index 2001b1b..0b56438 100644
--- a/server/alias_plugin.py
+++ b/server/alias_plugin.py
@@ -14,11 +14,11 @@ from object import ObjectReader, ObjectError
 from permission import PermissionError
 
 class AliasQuery(ElementBase):
-    namespace = 'alias:query'
+    namespace = 'alias:iq:object'
     name = 'query'
     plugin_attrib = 'alias'
     interfaces = set(('node', 'type', 'content', 'permission', 'key'))
-    sub_interfaces = set(('content', 'permission', 'key', 'salt'))
+    sub_interfaces = set(('content', 'permission', 'key'))
 
     def addItem(self, node, key, permission = None):
         item = AliasItem(None, self)
@@ -57,14 +57,6 @@ class AliasPlugin(base.base_plugin):
 
     def handle_alias_query(self, iq):
         caller = iq['from'].bare
-        
-        if iq['alias']['type'] == 'keys':
-            key, salt = ObjectReader(caller).get_private_key();
-            iq.reply()
-            iq['alias']['type'] = 'keys'
-            iq['alias']['key'] = key
-            iq['alias']['salt'] = salt
-            iq.send()
             
         try:
             callee = base64.b64decode(iq['to'].user)
@@ -72,24 +64,23 @@ class AliasPlugin(base.base_plugin):
             logger.error("callee field not base64 encoded")
         
         node = iq['alias']['node']
-        node = ObjectReader(callee, node)
-
-        if iq['alias']['type'] == 'items':
+        node = ObjectReader(node, callee)
+        if iq['alias']['type'] == 'get':
             try:
-                childs = node.get_child_list(caller)
+                content, key = node.get_content(caller)
             except PermissionError:
                 self.send_permission_error(iq, 'Permission')
             else:
                 iq.reply()
-                iq['alias']['type'] = 'items'
+                iq['alias']['type'] = 'get'
                 iq['alias']['node'] = node.hash
-                for name, perm, key in childs:
-                    iq['alias'].addItem(name, key, perm)
+                iq['alias']['content'] = content
+                iq['alias']['key'] = key
                 iq.send()
 
-        if iq['alias']['type'] == 'content':
+        if iq['alias']['type'] == 'list':
             try:
-                content, key = node.get_content(caller)
+                list = node.get_children_list(caller)
             except PermissionError:
                 self.send_permission_error(iq, 'Permission')
             else:
diff --git a/server/object.py b/server/object.py
index 4c1e0c1..31de622 100644
--- a/server/object.py
+++ b/server/object.py
@@ -58,9 +58,9 @@ class ObjectReader(Object):
                     return (int(perm), key)
             return (None, None)
 
-    def get_child_list(self, user):
+    def get_children_list(self, user):
         perm = self.get_permission(user)
-        if not perm & LIST:
+        if not perm or (not perm & LIST):
             logger.error("User {} doesn't have the list permission for object {}"
                           .format(user, self.hash))
             raise PermissionError
@@ -84,7 +84,7 @@ class ObjectReader(Object):
     def get_content(self, user):
         """Return object content and the user key to decrypt it."""
         perm, key = self.get_permission_key(user)
-        if not perm & READ :
+        if not perm or (not perm & READ) :
             logger.error("User {} doesn't have read access to object {}"
                           .format(user, self.hash))
             raise PermissionError
@@ -113,7 +113,7 @@ class ObjectWriter(ObjectReader):
             
     def write(self, user, content):
         perm = self.get_permission(user)
-        if not perm & MODIFY:
+        if not perm or (not perm & MODIFY):
             logger.error("User {} doesn't have the modify permission for object {}"
                           .format(user, self.hash))
             raise PermissionError
@@ -123,7 +123,7 @@ class ObjectWriter(ObjectReader):
     def append(self, user, content, parent):
         parent_object = ObjectReader(parent, self.owner)
         perm = parent_object.get_permission(user)
-        if not perm & APPEND:
+        if not perm or (not perm & APPEND):
             logger.error("User {} doesn't have the modify permission for object {}"
                           .format(user, parent))
             raise PermissionError
diff --git a/server/user.py b/server/user.py
index 7f01149..2909c16 100644
--- a/server/user.py
+++ b/server/user.py
@@ -11,7 +11,8 @@ class User:
 
     def __init__(self, jid):
         self.jid = jid
-        self.hash = hashlib.sha1(jid).hexdigest()
+        self.hash = hashlib.sha256(jid).hexdigest()
+        #self.hash = hashlib.md5(jid).hexdigest()
 
     def register(self, registration):
         ObjectWriter('pubkey', self.jid, split_name = False).write(self.jid, registration['pubkey'])
diff --git a/webclient/lib/alias.js b/webclient/lib/alias.js
index f582587..8c4224a 100644
--- a/webclient/lib/alias.js
+++ b/webclient/lib/alias.js
@@ -142,7 +142,8 @@ var Alias = {
      * @param {String} owner The owner's JID
      */
     getHome: function(owner) {
-        var objectName = MD5.hexdigest(owner);
+        //var objectName = MD5.hexdigest(owner);
+	var objectName = sjcl.codec.hex.fromBits(sjcl.hash.sha256.hash(owner))
         Alias.getObject(objectName, owner);
     },