From 6d1d59a36bfa3659545027c7daf8b4abd0ac53a2 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 6 Jan 2009 22:24:28 -0500 Subject: [PATCH 1/5] XRDS namespace fix --- actions/publicxrds.php | 2 +- actions/xrds.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/actions/publicxrds.php b/actions/publicxrds.php index 951434c878..30f215af2d 100644 --- a/actions/publicxrds.php +++ b/actions/publicxrds.php @@ -38,7 +38,7 @@ class PublicxrdsAction extends Action { common_start_xml(); common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', 'version' => '2.0')); diff --git a/actions/xrds.php b/actions/xrds.php index 1d516aab72..e82685a78c 100644 --- a/actions/xrds.php +++ b/actions/xrds.php @@ -23,7 +23,7 @@ require_once(INSTALLDIR.'/lib/omb.php'); class XrdsAction extends Action { - function is_readonly() { + function is_readonly() { return true; } @@ -45,7 +45,7 @@ class XrdsAction extends Action { common_start_xml(); common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', 'xml:id' => 'oauth', 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', 'version' => '2.0')); @@ -77,7 +77,7 @@ class XrdsAction extends Action { # XXX: decide whether to include user's ID/nickname in postNotice URL - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', 'xml:id' => 'omb', 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', 'version' => '2.0')); @@ -92,7 +92,7 @@ class XrdsAction extends Action { common_element_end('XRD'); - common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', 'version' => '2.0')); common_element('Type', NULL, 'xri://$xrds*simple'); From b1142ed3ab1797e449d262e115d78cbb75deaa22 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 6 Jan 2009 22:43:43 -0500 Subject: [PATCH 2/5] Revert "XRDS namespace fix" This reverts commit 6d1d59a36bfa3659545027c7daf8b4abd0ac53a2. It seems to interfere with the Yadis discovery. --- actions/publicxrds.php | 2 +- actions/xrds.php | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/actions/publicxrds.php b/actions/publicxrds.php index 30f215af2d..951434c878 100644 --- a/actions/publicxrds.php +++ b/actions/publicxrds.php @@ -38,7 +38,7 @@ class PublicxrdsAction extends Action { common_start_xml(); common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); - common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', 'version' => '2.0')); diff --git a/actions/xrds.php b/actions/xrds.php index e82685a78c..1d516aab72 100644 --- a/actions/xrds.php +++ b/actions/xrds.php @@ -23,7 +23,7 @@ require_once(INSTALLDIR.'/lib/omb.php'); class XrdsAction extends Action { - function is_readonly() { + function is_readonly() { return true; } @@ -45,7 +45,7 @@ class XrdsAction extends Action { common_start_xml(); common_element_start('XRDS', array('xmlns' => 'xri://$xrds')); - common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', 'xml:id' => 'oauth', 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', 'version' => '2.0')); @@ -77,7 +77,7 @@ class XrdsAction extends Action { # XXX: decide whether to include user's ID/nickname in postNotice URL - common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', 'xml:id' => 'omb', 'xmlns:simple' => 'http://xrds-simple.net/core/1.0', 'version' => '2.0')); @@ -92,7 +92,7 @@ class XrdsAction extends Action { common_element_end('XRD'); - common_element_start('XRD', array('xmlns' => 'xri://$XRD*($v*2.0)', + common_element_start('XRD', array('xmlns' => 'xri://$xrd*($v*2.0)', 'version' => '2.0')); common_element('Type', NULL, 'xri://$xrds*simple'); From b5a197217cc00549079e8235f1aefd18c9d44421 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Tue, 6 Jan 2009 22:54:10 -0500 Subject: [PATCH 3/5] Upgrade included OpenID libraries to version 2.1.2 --- extlib/Auth/OpenID.php | 2 +- extlib/Auth/OpenID/Consumer.php | 4 +++- extlib/Auth/OpenID/Server.php | 12 +++++++++--- 3 files changed, 13 insertions(+), 5 deletions(-) diff --git a/extlib/Auth/OpenID.php b/extlib/Auth/OpenID.php index 6a6e54f8b7..6556b5b01e 100644 --- a/extlib/Auth/OpenID.php +++ b/extlib/Auth/OpenID.php @@ -20,7 +20,7 @@ /** * The library version string */ -define('Auth_OpenID_VERSION', '2.1.1'); +define('Auth_OpenID_VERSION', '2.1.2'); /** * Require the fetcher code. diff --git a/extlib/Auth/OpenID/Consumer.php b/extlib/Auth/OpenID/Consumer.php index 6631cbaa90..a72684c6b8 100644 --- a/extlib/Auth/OpenID/Consumer.php +++ b/extlib/Auth/OpenID/Consumer.php @@ -711,7 +711,9 @@ class Auth_OpenID_GenericConsumer { return $this->_completeInvalid($message, $endpoint); } - return new Auth_OpenID_SetupNeededResponse($endpoint); + $user_setup_url = $message->getArg(Auth_OpenID_OPENID2_NS, + 'user_setup_url'); + return new Auth_OpenID_SetupNeededResponse($endpoint, $user_setup_url); } /** diff --git a/extlib/Auth/OpenID/Server.php b/extlib/Auth/OpenID/Server.php index e746bcc574..f1db4d8725 100644 --- a/extlib/Auth/OpenID/Server.php +++ b/extlib/Auth/OpenID/Server.php @@ -765,12 +765,17 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { function Auth_OpenID_CheckIDRequest($identity, $return_to, $trust_root = null, $immediate = false, - $assoc_handle = null, $server = null) + $assoc_handle = null, $server = null, + $claimed_id = null) { $this->namespace = Auth_OpenID_OPENID2_NS; $this->assoc_handle = $assoc_handle; $this->identity = $identity; - $this->claimed_id = $identity; + if ($claimed_id === null) { + $this->claimed_id = $identity; + } else { + $this->claimed_id = $claimed_id; + } $this->return_to = $return_to; $this->trust_root = $trust_root; $this->server =& $server; @@ -1098,7 +1103,8 @@ class Auth_OpenID_CheckIDRequest extends Auth_OpenID_Request { $this->trust_root, false, $this->assoc_handle, - $this->server); + $this->server, + $this->claimed_id); $setup_request->message = $this->message; $setup_url = $setup_request->encodeToURL($server_url); From 2a58260b82f8cd377f46d04e926093668b090272 Mon Sep 17 00:00:00 2001 From: Ori Avtalion Date: Wed, 7 Jan 2009 00:39:41 +0200 Subject: [PATCH 4/5] Update README to refer to the git repository --- README | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/README b/README index a3ea5fa585..1ef31a8c10 100644 --- a/README +++ b/README @@ -667,7 +667,7 @@ Upgrading ========= If you've been using Laconica 0.6, 0.5 or lower, or if you've been -tracking the "darcs" version of the software, you will probably want +tracking the "git" version of the software, you will probably want to upgrade and keep your existing data. There is no automated upgrade procedure in Laconica 0.6.4. Try these step-by-step instructions; read to the end first before trying them. @@ -1068,7 +1068,7 @@ The primary output for Laconica is syslog, unless you configured a separate logfile. This is probably the first place to look if you're getting weird behaviour from Laconica. -If you're tracking the unstable version of Laconica in the darcs +If you're tracking the unstable version of Laconica in the git repository (see below), and you get a compilation error ("unexpected T_STRING") in the browser, check to see that you don't have any conflicts in your code. @@ -1103,12 +1103,12 @@ Unstable version ================ If you're adventurous or impatient, you may want to install the -development version of Laconica. To get it, use the darcs version -control tool (http://darcs.net/) like so: +development version of Laconica. To get it, use the git version +control tool (http://git-scm.com/) like so: - darcs get http://laconi.ca/darcs/ mublog + git clone http://laconi.ca/software/laconica.git -To keep it up-to-date, use 'darcs pull'. Watch for conflicts! +To keep it up-to-date, use 'git pull'. Watch for conflicts! Further information =================== From 28d17d8d90b8b15eec2baa19d7c3bfaf5ad057db Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Wed, 7 Jan 2009 18:24:41 -0500 Subject: [PATCH 5/5] OpenMicroBlogging spec moved to its own source tree I've moved the OpenMicroBlogging spec to its own project on Gitorious, at http://gitorious.org/projects/openmicroblogging . It can be retrieved at: git://gitorious.org/openmicroblogging/mainline.git --- doc/openmicroblogging.txt | 325 -------------------------------------- 1 file changed, 325 deletions(-) delete mode 100644 doc/openmicroblogging.txt diff --git a/doc/openmicroblogging.txt b/doc/openmicroblogging.txt deleted file mode 100644 index a0df04035e..0000000000 --- a/doc/openmicroblogging.txt +++ /dev/null @@ -1,325 +0,0 @@ -=============================== -OpenMicroBlogging specification -=============================== - -:Author: Evan Prodromou (Control Yourself, Inc.) -:Contact: evan@controlezvous.ca -:Revision: 0.1.1 -:Date: 2008-07-07 -:Copyright: To the extent possible under law, Control Yourself, Inc - has waived all copyright, moral rights, database rights, - and any other rights that might be asserted over - The OpenMicroBlogging specification. - -Purpose -======= - -To allow users of one microblogging service to publish notices to -users of another service, given the other users' permission. - -Enabling technologies -===================== - -Depends on OAuth 1.0, OAuth Discovery 1.0, YADIS 1.0. - -We piggy-back additional information onto these protocols to pass -microblogging information back and forth. - -Terminology -=========== - -microblogging service - undefined. -user - undefined. -listen - to allow a remote service to send notices to the user's local - service on a remote user's behalf. -listener - the person listening. -listenee - the user sending notices. -remote service - the listenee's microblogging service. -local service - the listener's microblogging service. -profile URL - "home" URL for the listener, typically their profile page on a - microblogging site. -nickname - An alphanumeric short name for a person, 1-64 characters. -identifier URI - A globally unique and unchanging identifying URI for a user. - Need not be an URL. [*]_ -notice URI - A unique and unchanging identifier for a notice. Need not be an - URL. [*]_ - -.. [*] May be the profile URL, if it's defined not to change or be - re-used. The profile URL of some services includes the nickname, - and some let the user change his/her nickname. This user's profile - URL may change from 'http://example.net/~john' to - 'http://example.net/~johnsmith' A tag URI, like - 'tag:example.net,2008:user:1' may be more appropriate here. -.. [*] IWBNI the notice URI is used everywhere the notice is - published; for example, in any RSS feeds. - -Initiation -========== - -The user submits their profile URL [*]_ to the remote service somehow -- -for example, with an HTML form on the remote service's Web site. - -.. [*] For OAuth Discovery, this is the "protected resource". It may - be more correct that the protected resource is the postNotice URL - (see below), but the listener will be more familiar with their own - profile URL. So there will have to be discovery of the postNotice - URL anyways, and it might as well all be done in one step. - -Discovery -========= - -The remote service recovers a YADIS document from the profile URL, as -described in OAuth Discovery. - -The request token service must have a LocalID associated with it, -containing the identifier URI for the listener. - -The following two extra services must be included in the YADIS -document, with accompanying URIs. - -http://openmicroblogging.org/protocol/0.1/postNotice - Post Notice URL, as defined below. - -http://openmicroblogging.org/protocol/0.1/updateProfile - Update Profile URL, as defined below. - -If any of the URIs is unavailable, the remote service MUST stop -processing. - -Authorization -============= - -The remote service must go through the OAuth 1.0 dance to get -authorization to post notices and update profiles. - -In all OAuth, the consumer key should be the root URL for the -microblogging service, if available. The secret should be the blank -string (''), unless the remote server and local service have negotiated -another key. Such negotiation is out-of-scope for this document, and we -assume an "open" network of microblogging services. But if you want to -have that kind of network, do it with this key. - -The remote service MUST do OAuth for every new listener, regardless of -whether they've already received authorization for posting to the -given postNotice URL. See `Posting a Notice`_ below. - -Request token -------------- - -The remote service uses the defined requestToken URL to get a request -token. - -In the request token HTTP request, the remote service MUST send the -following additional parameter(s): - -omb_version - 'http://openmicroblogging.org/protocol/0.1' -omb_listener - The identifier URI for the listener. - -In the results for the request token request, the local service MUST -send the following additional parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1' - -User authorization ------------------- - -In requesting user authorization, the remote service must send the -following parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listener - The identifier URI for the listener. -omb_listenee - The identifier URI for the listenee. -omb_listenee_profile - The profile URL of the listenee. -omb_listenee_nickname - The nickname of the listenee. -omb_listenee_license - The default license URL for the listenee's stream. Typically the - URL of a Creative Commons license, with the Attribution license - being heavily encouraged. CC0 quitclaim also pretty good. The - local service MAY reject listenees if their licenses are - incompatible with the service. - -The remote service should send as many of the following parameters as -possible. This will help the user decide if they really want to allow -the listening to happen, and allow the local service to store a copy -of the listenee's profile. - -omb_listenee_fullname - The full name of the listenee. Up to 255 chars. -omb_listenee_homepage - The home page of the listenee (may be distinct from the profile - URL). -omb_listenee_bio - A brief biography of the listenee; less than 140 chars. -omb_listenee_location - Physical location of the listenee; less that 255 chars. No fixed - structure, but "Locality, Region, Country" or "Locality, Country" - or "Locality, Region" recommended. -omb_listenee_avatar - URL of a 96px by 96px image in PNG, GIF or JPEG format representing - the listenee. - -The local service, in a successful response, must return the -following additional parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listener_nickname - A nickname for the listener. -omb_listener_profile - The profile URL for the listener, possibly cleaned up or - canonicalized. - -It should return as many of the following as possible: - -omb_listener_fullname - The full name of the listener. Up to 255 chars. -omb_listener_homepage - The home page of the listener (may be distinct from the profile - URL). -omb_listener_bio - A brief biography of the listener; less than 140 chars. -omb_listener_location - Physical location of the listener; less that 255 chars. No fixed - structure, but "Locality, Region, Country" or "Locality, Country" - or "Locality, Region" recommended. -omb_listener_avatar - URL of a 96px by 96px image in PNG, GIF or JPEG format representing - the listener. - -This will allow the remote service to display information about the -listener in the listenee's "listeners" or "subscribers" list. - -Access token ------------- - -The access token step of the OAuth protocol requires no additional -parameters. - -Posting a Notice -================ - -To post a notice to the local service, the remote service sends an HTTP -POST message to the postNotice URL discovered above. The message must -use OAuth authorization. The message must also include the following -parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listenee - The identifier URI for the listenee. -omb_notice - The notice URI. -omb_notice_content - The content of the notice. No maximum, but 140 chars is recommended. - -The message may include the following parameters: - -omb_notice_url - The URL of the notice, if the notice is retrievable. -omb_notice_license - The URL of the license for the notice, if different from the - listenee's default license. -omb_seealso - URL of additional content for the notice; for example, an image, - video, or audio file. -omb_seealso_disposition - One of 'link' or 'inline', to recommend how the extra data should - be shown. Default 'link'. -omb_seealso_mediatype - Internet Media Type of the see-also data. Advisory, probably - shouldn't be trusted. -omb_seealso_license - License for the attached data. May be distinct from the notice's - license (if they're passing along someone else's content). - -The local service should include the following parameters in its -response: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. - -The local service makes no guarantees about the delivery of the notice -to anyone. - -The remote service SHOULD NOT send a message with the same notice URL -to the same postNotice URL more than once. [*]_ If the request returns -a 403 Unauthorized message, the remote service SHOULD NOT post -messages to the same URL again with the same listenee, until another -listener has gone through the OAuth dance. [*]_ - -.. [*] A half-assed optimization. A local service may have a lot of - listeners listening to the same listenee. It would be pointless to - have the remote service post the same notice 100 times to the same - service. However, if the local service wants fine-grained control, - it can have a different postNotice URL for each listener. -.. [*] If there's one postNotice URL per listener, the 403 message - means the listener has told the local service not to allow posting - any more ("unsubscribed"). If there's one postNotice URL per local - service, it means that the count of listeners has dropped to 0. - -Updating a profile -================== - -If the listenee's profile information changes, the remote service MAY -send an HTTP POST message to to the updateProfile URL to tell the -local service about the change. - -The message must use OAuth authorization. The message must also -include the following parameters: - -omb_version - 'http://openmicroblogging.org/protocol/0.1'. -omb_listenee - The identifier URI for the listenee. - -The message may include any of the following parameters: - -omb_listenee_profile - The profile URL of the listenee. -omb_listenee_nickname - The nickname of the listenee. -omb_listenee_license - The default license URL for the listenee's stream. A change in the - default license only applies to future notices; notices previous - to the update SHOULD be treated as under the old license. -omb_listenee_fullname - The full name of the listenee. Up to 255 chars. -omb_listenee_homepage - The home page of the listenee. -omb_listenee_bio - A brief biography of the listenee; less than 140 chars. -omb_listenee_location - Physical location of the listenee; less that 255 chars. -omb_listenee_avatar - URL of a 96px by 96px image in PNG, GIF or JPEG format representing - the listenee. - -Missing parameters should not be construed to mean that the profile -field has been blanked. The remote service MUST set the parameter to -an empty string to show that the field is blank. - -References -========== - -* OAuth: http://oauth.net/ -* OAuth Discovery: http://oauth.net/discovery/1.0 -* XRDS Simple: http://xrds-simple.net/core/1.0/ \ No newline at end of file