Merge branch '0.9.x' into righttoleave

2010-12-15 16:48:28 -05:00 · 2010-12-15 16:48:28 -05:00 · e16cb8c03a
commit e16cb8c03a
parent d840578aa0 0330bad688
8 changed files with 441 additions and 21 deletions
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@ -165,7 +165,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
    }

    /**
-     * Is this action read only?
+     * We expose AtomPub here, so non-GET/HEAD reqs must be read/write.
     *
     * @param array $args other arguments
     *
@ -174,11 +174,7 @@ class ApiStatusesShowAction extends ApiPrivateAuthAction
    
    function isReadOnly($args)
    {
-        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-	    return true;
-	} else {
-	    return false;
-	}
+        return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD');
    }

    /**
--- a/actions/apitimelineuser.php
+++ b/actions/apitimelineuser.php
@ -235,7 +235,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
    }

    /**
-     * Is this action read only?
+     * We expose AtomPub here, so non-GET/HEAD reqs must be read/write.
     *
     * @param array $args other arguments
     *
@ -244,11 +244,7 @@ class ApiTimelineUserAction extends ApiBareAuthAction
    
    function isReadOnly($args)
    {
-        if ($_SERVER['REQUEST_METHOD'] == 'GET') {
-	    return true;
-	} else {
-	    return false;
-	}
+        return ($_SERVER['REQUEST_METHOD'] == 'GET' || $_SERVER['REQUEST_METHOD'] == 'HEAD');
    }

    /**
@ -309,9 +305,15 @@ class ApiTimelineUserAction extends ApiBareAuthAction
            return;
        }

-        $xml = file_get_contents('php://input');
+        $xml = trim(file_get_contents('php://input'));
+        if (empty($xml)) {
+            $this->clientError(_('Atom post must not be empty.'));
+        }

        $dom = DOMDocument::loadXML($xml);
+        if (!$dom) {
+            $this->clientError(_('Atom post must be well-formed XML.'));
+        }

        if ($dom->documentElement->namespaceURI != Activity::ATOM ||
            $dom->documentElement->localName != 'entry') {
@ -349,7 +351,8 @@ class ApiTimelineUserAction extends ApiBareAuthAction
        }

        if (!empty($saved)) {
-            header("Location: " . common_local_url('ApiStatusesShow', array('notice_id' => $saved->id,
+            header('HTTP/1.1 201 Created');
+            header("Location: " . common_local_url('ApiStatusesShow', array('id' => $saved->id,
                                                                            'format' => 'atom')));
            $this->showSingleAtomStatus($saved);
        }
--- a/actions/oembed.php
+++ b/actions/oembed.php
@ -215,4 +215,15 @@ class OembedAction extends Action
        return;
    }

+    /**
+     * Is this action read-only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean is read only action?
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
 }
--- a/lib/router.php
+++ b/lib/router.php
@ -907,8 +907,8 @@ class Router
            // AtomPub API

            $m->connect('api/statusnet/app/service/:id.xml',
-                        array('action' => 'ApiAtomService',
-                              'id' => Nickname::DISPLAY_FMT));
+                        array('action' => 'ApiAtomService'),
+                        array('id' => Nickname::DISPLAY_FMT));

            $m->connect('api/statusnet/app/service.xml',
                        array('action' => 'ApiAtomService'));
--- a/lib/xrdaction.php
+++ b/lib/xrdaction.php
@ -145,4 +145,16 @@ class XrdAction extends Action

        return (substr($uri, 0, 5) == 'acct:');
    }
+
+    /**
+     * Is this action read-only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean is read only action?
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
 }
--- a/plugins/Autocomplete/autocomplete.php
+++ b/plugins/Autocomplete/autocomplete.php
@ -165,4 +165,16 @@ class AutocompleteAction extends Action
            print json_encode($result) . "\n";
        }
    }
+
+    /**
+     * Is this action read-only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean is read only action?
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
 }
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@ -1552,8 +1552,11 @@ class Ostatus_profile extends Memcached_DataObject
        }

        // Try the profile url (like foo.example.com or example.com/user/foo)
-
-        $profileUrl = ($object->link) ? $object->link : $hints['profileurl'];
+        if (!empty($object->link)) {
+            $profileUrl = $object->link;
+        } else if (!empty($hints['profileurl'])) {
+            $profileUrl = $hints['profileurl'];
+        }

        if (!empty($profileUrl)) {
            $nickname = self::nicknameFromURI($profileUrl);
@ -1584,9 +1587,11 @@ class Ostatus_profile extends Memcached_DataObject

    protected static function nicknameFromURI($uri)
    {
-        preg_match('/(\w+):/', $uri, $matches);
-
-        $protocol = $matches[1];
+        if (preg_match('/(\w+):/', $uri, $matches)) {
+            $protocol = $matches[1];
+        } else {
+            return null;
+        }

        switch ($protocol) {
        case 'acct':
--- a/tests/atompub/atompub_test.php
+++ b/tests/atompub/atompub_test.php
@ -0,0 +1,381 @@
+#!/usr/bin/env php
+<?php
+/*
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2010, StatusNet, Inc.
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+
+define('INSTALLDIR', realpath(dirname(__FILE__) . '/../..'));
+
+$shortoptions = 'n:p:';
+$longoptions = array('nickname=', 'password=', 'dry-run');
+
+$helptext = <<<END_OF_HELP
+USAGE: atompub_test.php [options]
+
+Runs some tests on the AtomPub interface for the site. You must provide
+a user account to authenticate as; it will be used to make some test
+posts on the site.
+
+Options:
+  -n<user>  --nickname=<user>  Nickname of account to post as
+  -p<pass>  --password=<pass>  Password for account
+  --dry-run                    Skip tests that modify the site (post, delete)
+
+END_OF_HELP;
+
+require_once INSTALLDIR.'/scripts/commandline.inc';
+
+class AtomPubClient
+{
+    public $url;
+    private $user, $pass;
+
+    /**
+     *
+     * @param string $url collection feed URL
+     * @param string $user auth username
+     * @param string $pass auth password
+     */
+    function __construct($url, $user, $pass)
+    {
+        $this->url = $url;
+        $this->user = $user;
+        $this->pass = $pass;
+    }
+
+    /**
+     * Set up an HTTPClient with auth for our resource.
+     *
+     * @param string $method
+     * @return HTTPClient
+     */
+    private function httpClient($method='GET')
+    {
+        $client = new HTTPClient($this->url);
+        $client->setMethod($method);
+        $client->setAuth($this->user, $this->pass);
+        return $client;
+    }
+
+    function get()
+    {
+        $client = $this->httpClient('GET');
+        $response = $client->send();
+        if ($response->isOk()) {
+            return $response->getBody();
+        } else {
+            throw new Exception("Bogus return code: " . $response->getStatus() . ': ' . $response->getBody());
+        }
+    }
+
+    /**
+     * Create a new resource by POSTing it to the collection.
+     * If successful, will return the URL representing the
+     * canonical location of the new resource. Neat!
+     *
+     * @param string $data
+     * @param string $type defaults to Atom entry
+     * @return string URL to the created resource
+     *
+     * @throws exceptions on failure
+     */
+    function post($data, $type='application/atom+xml;type=entry')
+    {
+        $client = $this->httpClient('POST');
+        $client->setHeader('Content-Type', $type);
+        // optional Slug header not used in this case
+        $client->setBody($data);
+        $response = $client->send();
+
+        if ($response->getStatus() != '201') {
+            throw new Exception("Expected HTTP 201 on POST, got " . $response->getStatus() . ': ' . $response->getBody());
+        }
+        $loc = $response->getHeader('Location');
+        $contentLoc = $response->getHeader('Content-Location');
+
+        if (empty($loc)) {
+            throw new Exception("AtomPub POST response missing Location header.");
+        }
+        if (!empty($contentLoc)) {
+            if ($loc != $contentLoc) {
+                throw new Exception("AtomPub POST response Location and Content-Location headers do not match.");
+            }
+
+            // If Content-Location and Location match, that means the response
+            // body is safe to interpret as the resource itself.
+            if ($type == 'application/atom+xml;type=entry') {
+                self::validateAtomEntry($response->getBody());
+            }
+        }
+
+        return $loc;
+    }
+
+    /**
+     * Note that StatusNet currently doesn't allow PUT editing on notices.
+     *
+     * @param string $data
+     * @param string $type defaults to Atom entry
+     * @return true on success
+     *
+     * @throws exceptions on failure
+     */
+    function put($data, $type='application/atom+xml;type=entry')
+    {
+        $client = $this->httpClient('PUT');
+        $client->setHeader('Content-Type', $type);
+        $client->setBody($data);
+        $response = $client->send();
+
+        if ($response->getStatus() != '200' && $response->getStatus() != '204') {
+            throw new Exception("Expected HTTP 200 or 204 on PUT, got " . $response->getStatus() . ': ' . $response->getBody());
+        }
+
+        return true;
+    }
+
+    /**
+     * Delete the resource.
+     *
+     * @return true on success
+     *
+     * @throws exceptions on failure
+     */
+    function delete()
+    {
+        $client = $this->httpClient('DELETE');
+        $client->setBody($data);
+        $response = $client->send();
+
+        if ($response->getStatus() != '200' && $response->getStatus() != '204') {
+            throw new Exception("Expected HTTP 200 or 204 on DELETE, got " . $response->getStatus() . ': ' . $response->getBody());
+        }
+
+        return true;
+    }
+
+    /**
+     * Ensure that the given string is a parseable Atom entry.
+     *
+     * @param string $str
+     * @return boolean
+     * @throws Exception on invalid input
+     */
+    static function validateAtomEntry($str)
+    {
+        if (empty($str)) {
+            throw new Exception('Bad Atom entry: empty');
+        }
+        $dom = new DOMDocument;
+        if (!$dom->loadXML($str)) {
+            throw new Exception('Bad Atom entry: XML is not well formed.');
+        }
+
+        $activity = new Activity($dom->documentRoot);
+        return true;
+    }
+
+    static function entryEditURL($str) {
+        $dom = new DOMDocument;
+        $dom->loadXML($str);
+        $path = new DOMXPath($dom);
+        $path->registerNamespace('atom', 'http://www.w3.org/2005/Atom');
+
+        $links = $path->query('/atom:entry/atom:link[@rel="edit"]', $dom->documentRoot);
+        if ($links && $links->length) {
+            if ($links->length > 1) {
+                throw new Exception('Bad Atom entry; has multiple rel=edit links.');
+            }
+            $link = $links->item(0);
+            $url = $link->getAttribute('href');
+            return $url;
+        } else {
+            throw new Exception('Atom entry lists no rel=edit link.');
+        }
+    }
+
+    static function entryId($str) {
+        $dom = new DOMDocument;
+        $dom->loadXML($str);
+        $path = new DOMXPath($dom);
+        $path->registerNamespace('atom', 'http://www.w3.org/2005/Atom');
+
+        $links = $path->query('/atom:entry/atom:id', $dom->documentRoot);
+        if ($links && $links->length) {
+            if ($links->length > 1) {
+                throw new Exception('Bad Atom entry; has multiple id entries.');
+            }
+            $link = $links->item(0);
+            $url = $link->textContent;
+            return $url;
+        } else {
+            throw new Exception('Atom entry lists no id.');
+        }
+    }
+
+    static function getEntryInFeed($str, $id)
+    {
+        $dom = new DOMDocument;
+        $dom->loadXML($str);
+        $path = new DOMXPath($dom);
+        $path->registerNamespace('atom', 'http://www.w3.org/2005/Atom');
+
+        $query = '/atom:feed/atom:entry[atom:id="'.$id.'"]';
+        $items = $path->query($query, $dom->documentRoot);
+        if ($items && $items->length) {
+            return $items->item(0);
+        } else {
+            return null;
+        }
+    }
+}
+
+
+$user = get_option_value('n', 'nickname');
+$pass = get_option_value('p', 'password');
+
+if (!$user) {
+    die("Must set a user: --nickname=<username>\n");
+}
+if (!$pass) {
+    die("Must set a password: --password=<username>\n");
+}
+
+// discover the feed...
+// @fixme will this actually work?
+$url = common_local_url('ApiTimelineUser', array('format' => 'atom', 'id' => $user));
+
+echo "Collection URL is: $url\n";
+
+$collection = new AtomPubClient($url, $user, $pass);
+
+// confirm the feed has edit links ..... ?
+
+echo "Posting an empty message (should fail)... ";
+try {
+    $noticeUrl = $collection->post('');
+    die("FAILED, succeeded!\n");
+} catch (Exception $e) {
+    echo "ok\n";
+}
+
+echo "Posting an invalid XML message (should fail)... ";
+try {
+    $noticeUrl = $collection->post('<feed<entry>barf</yomomma>');
+    die("FAILED, succeeded!\n");
+} catch (Exception $e) {
+    echo "ok\n";
+}
+
+echo "Posting a valid XML but non-Atom message (should fail)... ";
+try {
+    $noticeUrl = $collection->post('<feed xmlns="http://notatom.com"><id>arf</id><entry><id>barf</id></entry></feed>');
+    die("FAILED, succeeded!\n");
+} catch (Exception $e) {
+    echo "ok\n";
+}
+
+// post!
+$rand = mt_rand(0, 99999);
+$atom = <<<END_ATOM
+<entry xmlns="http://www.w3.org/2005/Atom">
+    <title>This is an AtomPub test post title ($rand)</title>
+    <content>This is an AtomPub test post content ($rand)</content>
+</entry>
+END_ATOM;
+
+echo "Posting a new message... ";
+$noticeUrl = $collection->post($atom);
+echo "ok, got $noticeUrl\n";
+
+echo "Fetching the new notice... ";
+$notice = new AtomPubClient($noticeUrl, $user, $pass);
+$body = $notice->get();
+AtomPubClient::validateAtomEntry($body);
+echo "ok\n";
+
+echo "Getting the notice ID URI... ";
+$noticeUri = AtomPubClient::entryId($body);
+echo "ok: $noticeUri\n";
+
+echo "Confirming new entry points to itself right... ";
+$editUrl = AtomPubClient::entryEditURL($body);
+if ($editUrl != $noticeUrl) {
+    die("Entry lists edit URL as $editUrl, no match!\n");
+}
+echo "OK\n";
+
+echo "Refetching the collection... ";
+$feed = $collection->get();
+echo "ok\n";
+
+echo "Confirming new entry is in the feed... ";
+$entry = AtomPubClient::getEntryInFeed($feed, $noticeUri);
+if (!$entry) {
+    die("missing!\n");
+}
+//  edit URL should match
+echo "ok\n";
+
+echo "Editing notice (should fail)... ";
+try {
+    $notice->put($target, $atom2);
+    die("ERROR: editing a notice should have failed.\n");
+} catch (Exception $e) {
+    echo "ok (failed as expected)\n";
+}
+
+echo "Deleting notice... ";
+$notice->delete();
+echo "ok\n";
+
+echo "Refetching deleted notice to confirm it's gone... ";
+try {
+    $body = $notice->get();
+    var_dump($body);
+    die("ERROR: notice should be gone now.\n");
+} catch (Exception $e) {
+    echo "ok\n";
+}
+
+echo "Refetching the collection.. ";
+$feed = $collection->get();
+echo "ok\n";
+
+echo "Confirming deleted notice is no longer in the feed... ";
+$entry = AtomPubClient::getEntryInFeed($feed, $noticeUri);
+if ($entry) {
+    die("still there!\n");
+}
+echo "ok\n";
+
+// make subscriptions
+// make some posts
+// make sure the posts go through or not depending on the subs
+// remove subscriptions
+// test that they don't go through now
+
+// group memberships too
+
+
+
+
+// make sure we can't post to someone else's feed!
+// make sure we can't delete someone else's messages
+// make sure we can't create/delete someone else's subscriptions
+// make sure we can't create/delete someone else's group memberships
+