getAliases for Profile and Notice
Also move fancyurlfix into site-wide $config['fix']['fancyurls'] TODO: getByUri should make use of this directly I guess?
This commit is contained in:
parent
5f7032dfee
commit
b59dacb806
|
@ -412,6 +412,55 @@ abstract class Managed_DataObject extends Memcached_DataObject
|
||||||
return intval($this->id);
|
return intval($this->id);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* WARNING: Only use this on Profile and Notice. We should probably do
|
||||||
|
* this with traits/"implements" or whatever, but that's over the top
|
||||||
|
* right now, I'm just throwing this in here to avoid code duplication
|
||||||
|
* in Profile and Notice classes.
|
||||||
|
*/
|
||||||
|
public function getAliases()
|
||||||
|
{
|
||||||
|
$aliases = array();
|
||||||
|
$aliases[$this->getUri()] = $this->getID();
|
||||||
|
|
||||||
|
try {
|
||||||
|
$aliases[$this->getUrl()] = $this->getID();
|
||||||
|
} catch (InvalidUrlException $e) {
|
||||||
|
// getUrl failed because no valid URL could be returned, just ignore it
|
||||||
|
}
|
||||||
|
|
||||||
|
if (common_config('fix', 'fancyurls')) {
|
||||||
|
/**
|
||||||
|
* Here we add some hacky hotfixes for remote lookups that have been taught the
|
||||||
|
* (at least now) wrong URI but it's still obviously the same user. Such as:
|
||||||
|
* - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1
|
||||||
|
* - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1
|
||||||
|
* - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1
|
||||||
|
* - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1
|
||||||
|
*/
|
||||||
|
foreach ($aliases as $alias=>$id) {
|
||||||
|
try {
|
||||||
|
// get a "fancy url" version of the alias, even without index.php/
|
||||||
|
$alt_url = common_fake_local_fancy_url($alias);
|
||||||
|
// store this as well so remote sites can be sure we really are the same profile
|
||||||
|
$aliases[$alt_url] = $id;
|
||||||
|
} catch (Exception $e) {
|
||||||
|
// Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
// get a non-"fancy url" version of the alias, i.e. add index.php/
|
||||||
|
$alt_url = common_fake_local_nonfancy_url($alias);
|
||||||
|
// store this as well so remote sites can be sure we really are the same profile
|
||||||
|
$aliases[$alt_url] = $id;
|
||||||
|
} catch (Exception $e) {
|
||||||
|
// Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return $aliases;
|
||||||
|
}
|
||||||
|
|
||||||
// 'update' won't write key columns, so we have to do it ourselves.
|
// 'update' won't write key columns, so we have to do it ourselves.
|
||||||
// This also automatically calls "update" _before_ it sets the keys.
|
// This also automatically calls "update" _before_ it sets the keys.
|
||||||
// FIXME: This only works with single-column primary keys so far! Beware!
|
// FIXME: This only works with single-column primary keys so far! Beware!
|
||||||
|
|
|
@ -81,6 +81,9 @@ $default =
|
||||||
'log_queries' => false, // true to log all DB queries
|
'log_queries' => false, // true to log all DB queries
|
||||||
'log_slow_queries' => 0, // if set, log queries taking over N seconds
|
'log_slow_queries' => 0, // if set, log queries taking over N seconds
|
||||||
'mysql_foreign_keys' => false), // if set, enables experimental foreign key support on MySQL
|
'mysql_foreign_keys' => false), // if set, enables experimental foreign key support on MySQL
|
||||||
|
'fix' =>
|
||||||
|
array('fancyurls' => true, // makes sure aliases in WebFinger etc. are not f'd by index.php/ URLs
|
||||||
|
),
|
||||||
'syslog' =>
|
'syslog' =>
|
||||||
array('appname' => 'statusnet', # for syslog
|
array('appname' => 'statusnet', # for syslog
|
||||||
'priority' => 'debug', # XXX: currently ignored
|
'priority' => 'debug', # XXX: currently ignored
|
||||||
|
|
|
@ -36,12 +36,10 @@ class WebFingerPlugin extends Plugin
|
||||||
const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';
|
const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';
|
||||||
|
|
||||||
public $http_alias = false;
|
public $http_alias = false;
|
||||||
public $fancyurlfix = true; // adds + interprets some extra aliases related to 'index.php/' URLs
|
|
||||||
|
|
||||||
public function initialize()
|
public function initialize()
|
||||||
{
|
{
|
||||||
common_config_set('webfinger', 'http_alias', $this->http_alias);
|
common_config_set('webfinger', 'http_alias', $this->http_alias);
|
||||||
common_config_set('webfinger', 'fancyurlfix', $this->fancyurlfix);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public function onRouterInitialized($m)
|
public function onRouterInitialized($m)
|
||||||
|
@ -106,7 +104,7 @@ class WebFingerPlugin extends Plugin
|
||||||
$user = User::getByUri($resource);
|
$user = User::getByUri($resource);
|
||||||
$profile = $user->getProfile();
|
$profile = $user->getProfile();
|
||||||
} catch (NoResultException $e) {
|
} catch (NoResultException $e) {
|
||||||
if (common_config('webfinger', 'fancyurlfix')) {
|
if (common_config('fix', 'fancyurls')) {
|
||||||
try {
|
try {
|
||||||
try { // if it's a /index.php/ url
|
try { // if it's a /index.php/ url
|
||||||
// common_fake_local_fancy_url can throw an exception
|
// common_fake_local_fancy_url can throw an exception
|
||||||
|
|
|
@ -31,49 +31,18 @@ abstract class WebFingerResource
|
||||||
|
|
||||||
public function getAliases()
|
public function getAliases()
|
||||||
{
|
{
|
||||||
$aliases = array();
|
$aliases = $this->object->getAliases();
|
||||||
|
|
||||||
// Add the URI as an identity, this is _not_ necessarily an HTTP url
|
// Some sites have changed from http to https and still want
|
||||||
$uri = $this->object->getUri();
|
// (because remote sites look for it) verify that they are still
|
||||||
$aliases[$uri] = true;
|
// the same identity as they were on HTTP. Should NOT be used if
|
||||||
if (common_config('webfinger', 'http_alias')
|
// you've run HTTPS all the time!
|
||||||
&& strtolower(parse_url($uri, PHP_URL_SCHEME)) === 'https') {
|
if (common_config('webfinger', 'http_alias')) {
|
||||||
$aliases[preg_replace('/^https:/', 'http:', $uri, 1)] = true;
|
foreach ($aliases as $alias=>$id) {
|
||||||
}
|
if (!strtolower(parse_url($alias, PHP_URL_SCHEME)) === 'https') {
|
||||||
|
continue;
|
||||||
try {
|
|
||||||
$aliases[$this->object->getUrl()] = true;
|
|
||||||
} catch (InvalidUrlException $e) {
|
|
||||||
// getUrl failed because no valid URL could be returned, just ignore it
|
|
||||||
}
|
|
||||||
|
|
||||||
if (common_config('webfinger', 'fancyurlfix')) {
|
|
||||||
/**
|
|
||||||
* Here we add some hacky hotfixes for remote lookups that have been taught the
|
|
||||||
* (at least now) wrong URI but it's still obviously the same user. Such as:
|
|
||||||
* - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1
|
|
||||||
* - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1
|
|
||||||
* - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1
|
|
||||||
* - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1
|
|
||||||
*/
|
|
||||||
foreach(array_keys($aliases) as $alias) {
|
|
||||||
try {
|
|
||||||
// get a "fancy url" version of the alias, even without index.php/
|
|
||||||
$alt_url = common_fake_local_fancy_url($alias);
|
|
||||||
// store this as well so remote sites can be sure we really are the same profile
|
|
||||||
$aliases[$alt_url] = true;
|
|
||||||
} catch (Exception $e) {
|
|
||||||
// Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
|
||||||
// get a non-"fancy url" version of the alias, i.e. add index.php/
|
|
||||||
$alt_url = common_fake_local_nonfancy_url($alias);
|
|
||||||
// store this as well so remote sites can be sure we really are the same profile
|
|
||||||
$aliases[$alt_url] = true;
|
|
||||||
} catch (Exception $e) {
|
|
||||||
// Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
|
|
||||||
}
|
}
|
||||||
|
$aliases[preg_replace('/^https:/', 'http:', $alias, 1)] = $id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue
Block a user