Commit Graph

1112 Commits

Author SHA1 Message Date
Mikael Nordfeldth
ab93bb009c XSS vulnerability when remote-subscribing
->raw was used on non-filtered strings for some reasons, changed
to ->text.
2016-01-05 12:15:50 +01:00
Mikael Nordfeldth
f6df44ea85 Handle feed imports with exceptions better 2015-12-31 15:05:35 +01:00
Mikael Nordfeldth
b76461fc78 syntax error 2015-12-27 01:42:03 +01:00
Mikael Nordfeldth
0ac71c2b7b Duplicate URI means we have it already, I assume 2015-12-27 01:40:00 +01:00
Mikael Nordfeldth
306df3dc3b Logging fixes 2015-12-26 16:27:06 +01:00
mmn
0baa9debbc Merge branch 'direct-feed-sub' into 'master'
If we are given a direct URL to a feed, use that



See merge request !54
2015-12-14 21:09:56 +00:00
mmn
0e91a38c9c Merge branch 'firefox-sub-link' into 'master'
Link to add to Firefox as feedreader

This allows easily subscribing to any feed firefox detects in your GNU Social instance.

See merge request !55
2015-12-14 21:08:22 +00:00
mmn
edd62e58fd Merge branch 'at-mention-url' into 'master'
MentionURL Plugin

This plugin enables users to use the syntax `@twitter.com/singpolyma` to mention users the system does not know about, or to be more specific when a nickname is ambiguous.

See merge request !53
2015-12-14 21:01:42 +00:00
Mikael Nordfeldth
acd4980ab4 Fix federation issue with groups (bad list order) 2015-11-08 23:31:23 +01:00
Mikael Nordfeldth
844670f88d Ooops, copypasted something into the wrong place. 2015-11-08 23:24:20 +01:00
Mikael Nordfeldth
65184782aa OStatus usage of static Validate::* calls fixed 2015-11-08 10:33:41 +01:00
Mikael Nordfeldth
7ccd36849e Merge branch 'master' of git.gnu.io:gnu/gnu-social into nightly
Conflicts:
	plugins/OStatus/OStatusPlugin.php

master vs. nightly thing
2015-11-05 16:16:02 +01:00
mmn
f345f1d605 Merge branch 'renew-pshb' into 'master'
Actually use the renew code

We have the code to check once a day and renew, but currently it's
just in a script directory.  This change adds an event listener
hook to check and renew subscriptions daily.

Closes #83

See merge request !38
2015-11-05 15:13:16 +00:00
Mikael Nordfeldth
c950f18546 Merge branch 'master' into nightly
Some merge requests that were aimed at master
2015-11-05 16:07:05 +01:00
mmn
45b24286e5 Merge branch 'status-204' into 'master'
Accept 204 for PuSH subscription

Some hubs (notably, pushpress, used by wordpress.com) return 204 to mean success.

This used to be allowed by the spec, so no harm in accepting it.

See merge request !48
2015-11-05 15:03:42 +00:00
Stephen Paul Weber
a74572b469 Use mb_strlen 2015-10-28 01:46:08 +00:00
Stephen Paul Weber
fe4c8a771b Replace text with nickname if shorter 2015-10-28 01:24:58 +00:00
Stephen Paul Weber
0aa759fab7 Allow mentioning bare domains with OStatus 2015-10-28 01:24:42 +00:00
Stephen Paul Weber
2edf535ecd Add length argument to plugin 2015-10-28 01:24:29 +00:00
Stephen Paul Weber
85d5cfede5 Link to add to Firefox as feedreader 2015-10-28 01:10:28 +00:00
Stephen Paul Weber
e58c529c53 If we are given a direct URL to a feed, use that 2015-10-28 00:54:20 +00:00
Stephen Paul Weber
e1de6e0aa9 Support more author types on RSS
Specifically, any ActivityStreams or ATOM namespaces being used on
an rss channel.
2015-10-27 18:43:57 +00:00
Stephen Paul Weber
4c2bc465a0 Accept 204 for PuSH subscription
Some hubs (notably, pushpress, used by wordpress.com) return 204 to mean success.

This used to be allowed by the spec, so no harm in accepting it.
2015-10-27 03:16:39 +00:00
Stephen Paul Weber
4b31bc3fd2 Enqueue renewals
Better for request times, etc
2015-10-21 01:50:03 +00:00
Stephen Paul Weber
df21c3c95d Renew 1 day *before* the end, not 1 day *after* 2015-10-21 01:49:26 +00:00
Stephen Paul Weber
df46f123dd Actually use the renew code
We have the code to check once a day and renew, but currently it's
just in a script directory.  This change adds an event listener
hook to check and renew subscriptions daily.
2015-10-21 01:10:48 +00:00
Mikael Nordfeldth
2c8536dbf0 Link source==share notices 2015-10-14 01:30:29 +02:00
digital dreamer
d7fd6bac72 Snapshot of the Transifex translation project - October 2015 2015-10-04 18:23:01 +02:00
Mikael Nordfeldth
af1b0915f4 Magic signature discovery and envelope changes 2015-10-04 17:26:35 +02:00
Mikael Nordfeldth
6afa091dca Change some Salmon events and similar
Use Profile instead of User and (if we know it) send along the target
profile, so a Diaspora plugin can encrypt to the receiver.
2015-10-04 17:26:23 +02:00
Mikael Nordfeldth
f4ed171397 Make Magicsig capable of loading public PKCS1 keys 2015-10-04 17:22:19 +02:00
Mikael Nordfeldth
2970333adb Set otherwise undiscovered salmonuri on OStatus script update-profile.php 2015-10-04 17:21:56 +02:00
Mikael Nordfeldth
57f26a97fb var_export without true 2015-10-04 16:40:21 +02:00
Mikael Nordfeldth
4238875ebe autoloading of Crypt_AES and Crypt_RSA is easier 2015-10-04 15:57:11 +02:00
Mikael Nordfeldth
684b9419a0 Add an event to get plugin discovery hints from XRD 2015-10-04 14:46:45 +02:00
Mikael Nordfeldth
2aed59a02a Diaspora plugin is almost there (for remote salmon slaps at least) 2015-10-04 12:06:48 +02:00
Mikael Nordfeldth
9b461db4da Send the entire XMLStringer object in MagicEnvelope events. 2015-10-04 09:59:01 +02:00
Mikael Nordfeldth
184293c634 Break out MagicEnvelope->toXML() functionality to allow for plugin flexibility 2015-10-04 00:17:07 +02:00
Mikael Nordfeldth
30a4393afa Move around some code related to Magic_envelope and signing 2015-10-03 23:35:46 +02:00
Mikael Nordfeldth
a09cf51b99 Move Ostatus_profile->processPost function into plugin 2015-09-29 15:19:13 +02:00
Mikael Nordfeldth
c5a5eaf288 Do we update feeduri and salmonuri for Ostatus_profile now?
When changing from HTTP to HTTPS, following up on commit
59763ceecb
where http to https Ostatus_profile URI changing was first introduced.
2015-07-11 19:46:01 +02:00
Mikael Nordfeldth
24b1e26406 MagicEnvelope called DOMDocument::loadXML statically
but apparently we shouldn't do this, despite recommended on https://secure.php.net/manual/en/domdocument.loadxml.php
2015-07-10 23:24:50 +02:00
Mikael Nordfeldth
55b2d124bc The 'target' is an argument to common_local_url not the target profile 2015-07-10 22:49:38 +02:00
Mikael Nordfeldth
7c4e550e31 Merge branch 'master' into nightly 2015-07-10 16:02:55 +02:00
Mikael Nordfeldth
9a92b58057 ShowstreamAction tidying up
Lots of these changes mean that we're requiring certain values to
either by typed properly or return the expected value. If it doesn't
there should be a fatal exception thrown which we can followup in the
logs and won't go silently suppressed.
2015-07-10 13:44:47 +02:00
Bhuvan Krishna
1ab4c9998a Add executable permission to script missing it 2015-07-10 14:46:08 +05:30
Bhuvan Krishna
d6924f7680 Remove executable permissions where unnecessary 2015-07-10 14:36:34 +05:30
Mikael Nordfeldth
871912a00a Plugins didn't match lib/plugin.php onPluginVersion function definition
I ran:
for i in `grep -R onPluginVersion...version plugins/|cut -d: -f1`; do sed -i '{ s/\(onPluginVersion(\)\(\&\$versions\)/\1array \2/ }' $i; done
2015-06-06 22:04:01 +02:00
Mikael Nordfeldth
6478034e92 Diaspora-compatible Salmon slap receival
We're not all the way there yet, there is something which seems to bugger
up profile discovery from their end.
2015-06-06 17:14:38 +02:00
Mikael Nordfeldth
faf14197cd Diaspora doesn't understand our Salmon POST, so send again 2015-06-06 16:57:29 +02:00
Mikael Nordfeldth
b63054cb1d OStatus update-profile.php script now finds Diaspora salmon URLs 2015-06-06 16:18:22 +02:00
Mikael Nordfeldth
4de125dd84 Moved FeedSubException parent class to own file 2015-06-06 16:02:25 +02:00
Mikael Nordfeldth
268b901048 Maintainer change for Ostatus_profile 2015-06-06 15:58:08 +02:00
Mikael Nordfeldth
57943cad99 Magicsig gets toFingerprint output
We give this as a lowercase, sha256 hexadecimal digest of the string:
TYPE + "." + BASE64(modulus as bytes) + "." + BASE64(exponent as bytes)

Where TYPE in all our cases up until now at least are "RSA"
2015-06-06 14:35:48 +02:00
Mikael Nordfeldth
c5f79fd2f3 Magicsig gets toFingerprint function. 2015-06-06 14:33:43 +02:00
Mikael Nordfeldth
e212f2ae77 Moved Diaspora specific metadata to own plugin 2015-06-06 13:49:27 +02:00
Mikael Nordfeldth
fe6498e7c8 Send objects instead of integers to File_to_post::processNew 2015-06-04 17:36:11 +02:00
Mikael Nordfeldth
4e9e3cf0d5 Moving Ostatus_profile processShare to SharePlugin 2015-03-12 15:47:21 +01:00
Mikael Nordfeldth
2a32af084f ImageFile $id argument is only for File objects
Remember to eliminate the Avatar/group logo call to ImageFile->resize!
2015-03-11 00:20:48 +01:00
Mikael Nordfeldth
1e89540c3f Merge branch 'nightly', beginning of 1.2.x
Conflicts:
	plugins/APC/locale/APC.pot
	plugins/APC/locale/ast/LC_MESSAGES/APC.po
	plugins/APC/locale/be-tarask/LC_MESSAGES/APC.po
	plugins/APC/locale/br/LC_MESSAGES/APC.po
	plugins/APC/locale/de/LC_MESSAGES/APC.po
	plugins/APC/locale/es/LC_MESSAGES/APC.po
	plugins/APC/locale/eu/LC_MESSAGES/APC.po
	plugins/APC/locale/fr/LC_MESSAGES/APC.po
	plugins/APC/locale/gl/LC_MESSAGES/APC.po
	plugins/APC/locale/he/LC_MESSAGES/APC.po
	plugins/APC/locale/ia/LC_MESSAGES/APC.po
	plugins/APC/locale/id/LC_MESSAGES/APC.po
	plugins/APC/locale/it/LC_MESSAGES/APC.po
	plugins/APC/locale/mk/LC_MESSAGES/APC.po
	plugins/APC/locale/ms/LC_MESSAGES/APC.po
	plugins/APC/locale/nb/LC_MESSAGES/APC.po
	plugins/APC/locale/nl/LC_MESSAGES/APC.po
	plugins/APC/locale/pl/LC_MESSAGES/APC.po
	plugins/APC/locale/pt/LC_MESSAGES/APC.po
	plugins/APC/locale/pt_BR/LC_MESSAGES/APC.po
	plugins/APC/locale/ru/LC_MESSAGES/APC.po
	plugins/APC/locale/tl/LC_MESSAGES/APC.po
	plugins/APC/locale/uk/LC_MESSAGES/APC.po
	plugins/APC/locale/zh_CN/LC_MESSAGES/APC.po
	plugins/Adsense/locale/Adsense.pot
	plugins/Adsense/locale/be-tarask/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/br/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ca/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/de/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/es/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/eu/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/fr/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/gl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/he/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ia/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/it/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ja/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ka/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/lb/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/lt/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/mk/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ms/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/nb/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/nl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/pl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/pt/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/pt_BR/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/ru/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/sv/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/tl/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/tr/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/uk/LC_MESSAGES/Adsense.po
	plugins/Adsense/locale/zh_CN/LC_MESSAGES/Adsense.po
	plugins/Aim/locale/Aim.pot
	plugins/Aim/locale/af/LC_MESSAGES/Aim.po
	plugins/Aim/locale/ca/LC_MESSAGES/Aim.po
	plugins/Aim/locale/de/LC_MESSAGES/Aim.po
	plugins/Aim/locale/es/LC_MESSAGES/Aim.po
	plugins/Aim/locale/eu/LC_MESSAGES/Aim.po
	plugins/Aim/locale/fi/LC_MESSAGES/Aim.po
	plugins/Aim/locale/fr/LC_MESSAGES/Aim.po
	plugins/Aim/locale/gl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/ia/LC_MESSAGES/Aim.po
	plugins/Aim/locale/it/LC_MESSAGES/Aim.po
	plugins/Aim/locale/mk/LC_MESSAGES/Aim.po
	plugins/Aim/locale/ms/LC_MESSAGES/Aim.po
	plugins/Aim/locale/nl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/pl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/pt/LC_MESSAGES/Aim.po
	plugins/Aim/locale/sv/LC_MESSAGES/Aim.po
	plugins/Aim/locale/tl/LC_MESSAGES/Aim.po
	plugins/Aim/locale/uk/LC_MESSAGES/Aim.po
	plugins/Blog/locale/Blog.pot
	plugins/Blog/locale/ar/LC_MESSAGES/Blog.po
	plugins/Blog/locale/br/LC_MESSAGES/Blog.po
	plugins/Blog/locale/ca/LC_MESSAGES/Blog.po
	plugins/Blog/locale/de/LC_MESSAGES/Blog.po
	plugins/Blog/locale/es/LC_MESSAGES/Blog.po
	plugins/Blog/locale/eu/LC_MESSAGES/Blog.po
	plugins/Blog/locale/fr/LC_MESSAGES/Blog.po
	plugins/Blog/locale/gl/LC_MESSAGES/Blog.po
	plugins/Blog/locale/ia/LC_MESSAGES/Blog.po
	plugins/Blog/locale/it/LC_MESSAGES/Blog.po
	plugins/Blog/locale/lt/LC_MESSAGES/Blog.po
	plugins/Blog/locale/mk/LC_MESSAGES/Blog.po
	plugins/Blog/locale/nl/LC_MESSAGES/Blog.po
	plugins/Blog/locale/tl/LC_MESSAGES/Blog.po
	plugins/Blog/locale/tr/LC_MESSAGES/Blog.po
	plugins/Irc/locale/Irc.pot
	plugins/Irc/locale/ca/LC_MESSAGES/Irc.po
	plugins/Irc/locale/de/LC_MESSAGES/Irc.po
	plugins/Irc/locale/es/LC_MESSAGES/Irc.po
	plugins/Irc/locale/eu/LC_MESSAGES/Irc.po
	plugins/Irc/locale/fi/LC_MESSAGES/Irc.po
	plugins/Irc/locale/fr/LC_MESSAGES/Irc.po
	plugins/Irc/locale/gl/LC_MESSAGES/Irc.po
	plugins/Irc/locale/ia/LC_MESSAGES/Irc.po
	plugins/Irc/locale/it/LC_MESSAGES/Irc.po
	plugins/Irc/locale/ja/LC_MESSAGES/Irc.po
	plugins/Irc/locale/mk/LC_MESSAGES/Irc.po
	plugins/Irc/locale/nl/LC_MESSAGES/Irc.po
	plugins/Irc/locale/sv/LC_MESSAGES/Irc.po
	plugins/Irc/locale/tl/LC_MESSAGES/Irc.po
	plugins/Irc/locale/tr/LC_MESSAGES/Irc.po
	plugins/Irc/locale/uk/LC_MESSAGES/Irc.po
	plugins/Spotify/locale/Spotify.pot
	plugins/Spotify/locale/de/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/es/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/fr/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/gl/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/he/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/ia/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/mk/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/nl/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/sv/LC_MESSAGES/Spotify.po
	plugins/Spotify/locale/tl/LC_MESSAGES/Spotify.po
	plugins/TinyMCE/locale/TinyMCE.pot
	plugins/TinyMCE/locale/ca/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/de/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/eo/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/es/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/fr/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/gl/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/he/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ia/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/id/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ja/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/mk/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ms/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/nb/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/nl/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/pt/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/pt_BR/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/ru/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/tl/LC_MESSAGES/TinyMCE.po
	plugins/TinyMCE/locale/uk/LC_MESSAGES/TinyMCE.po
	plugins/XCache/locale/XCache.pot
	plugins/XCache/locale/ast/LC_MESSAGES/XCache.po
	plugins/XCache/locale/br/LC_MESSAGES/XCache.po
	plugins/XCache/locale/de/LC_MESSAGES/XCache.po
	plugins/XCache/locale/es/LC_MESSAGES/XCache.po
	plugins/XCache/locale/eu/LC_MESSAGES/XCache.po
	plugins/XCache/locale/fi/LC_MESSAGES/XCache.po
	plugins/XCache/locale/fr/LC_MESSAGES/XCache.po
	plugins/XCache/locale/gl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/he/LC_MESSAGES/XCache.po
	plugins/XCache/locale/ia/LC_MESSAGES/XCache.po
	plugins/XCache/locale/id/LC_MESSAGES/XCache.po
	plugins/XCache/locale/mk/LC_MESSAGES/XCache.po
	plugins/XCache/locale/ms/LC_MESSAGES/XCache.po
	plugins/XCache/locale/nb/LC_MESSAGES/XCache.po
	plugins/XCache/locale/nl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/pl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/pt/LC_MESSAGES/XCache.po
	plugins/XCache/locale/pt_BR/LC_MESSAGES/XCache.po
	plugins/XCache/locale/ru/LC_MESSAGES/XCache.po
	plugins/XCache/locale/tl/LC_MESSAGES/XCache.po
	plugins/XCache/locale/tr/LC_MESSAGES/XCache.po
	plugins/XCache/locale/uk/LC_MESSAGES/XCache.po
	plugins/YammerImport/locale/YammerImport.pot
	plugins/YammerImport/locale/br/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/de/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/es/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/eu/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/fr/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/gl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/ia/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/mk/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/ms/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/nl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/pl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/ru/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/tl/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/tr/LC_MESSAGES/YammerImport.po
	plugins/YammerImport/locale/uk/LC_MESSAGES/YammerImport.po
2015-03-09 11:01:17 +01:00
Mikael Nordfeldth
55894f02c7 TagProfileAction and OStatusPlugin now use less redundant code 2015-03-08 20:14:46 +01:00
digital dreamer
a452a3b1a0 Snapshot of the Transifex translation project - February 2015 2015-03-08 09:34:38 +01:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
c1e3cfe7a7 ensureFeedURL will return Ostatus_profile early if already stored 2015-02-20 14:47:12 +01:00
Mikael Nordfeldth
0590f2975e Merge branch 'utf8mb4' into nightly
Conflicts because of urlhash fixes:
	classes/File.php
	classes/File_redirection.php
	classes/File_thumbnail.php
2015-02-19 20:50:40 +01:00
Mikael Nordfeldth
45dc76de26 File and File_redirection adhoc storage methods updated for urlhash 2015-02-19 19:05:24 +01:00
Mikael Nordfeldth
0deaf6c50c use common_purify to purify HTML, one function to rule them all 2015-02-18 00:14:28 +01:00
Mikael Nordfeldth
9aa59c7f62 forgot primary key column to updateWithKeys in SalmonAction 2015-02-17 21:31:35 +01:00
Mikael Nordfeldth
59763ceecb SalmonAction now updates remote URI if it was stale.
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.

This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
2015-02-17 17:35:45 +01:00
Mikael Nordfeldth
2f86cd8602 utf8mb4 conversion on database with index adjusts 2015-02-12 18:18:55 +01:00
Mikael Nordfeldth
39dce9e348 Merge commit 'refs/merge-requests/36' of https://gitorious.org/social/mainline into merge-requests/36 2015-02-08 23:11:47 +01:00
Chimo
11053431d6 Populate 'created' property on ostatus_source
The 'created' column in ostatus_source SQL table has NOT NULL restriction.
INSERTs fail when running MySQL/MariaDB in strict mode if this is not
populated.
2015-02-08 13:41:29 -05:00
Mikael Nordfeldth
1bda6fb9be General code quality improvement for easier understanding
Also made sure we only match local group IDs in recognizedFeed for PushhubAction
2015-02-08 11:47:15 +01:00
Mikael Nordfeldth
4b77f88a17 Merge commit 'refs/merge-requests/34' of https://gitorious.org/social/mainline into merge-requests/34 2015-02-08 11:21:36 +01:00
Chimo
56c0cd621a Remove NOT NULL restriction on FeedSub last_update
Fixes an issue where INSERTs fail if MySQL/MariaDB runs in "strict
mode".
2015-02-07 11:08:03 -05:00
Chimo
937adf05c9 Remove NOT NULL restriction on HubSub 'lease'
This fixes an issue where INSERTs in HubSub fail if MySQL/MariaDB is
running in "strict mode" since the default lease time in
PushHubAction::subunsub is null.

Permanent subscriptions have been removed in PuSH v0.4, but they are
being kept here for backward-compatibility with previous GS/SN versions.
2015-02-07 10:46:13 -05:00
Mikael Nordfeldth
f141565104 Allow delete-inactive for gcfeeds
Garbage collecting should also allow to clean up leftover database entries.
2015-02-04 16:49:03 +01:00
Mikael Nordfeldth
7666ac34f9 Revert "Notices for faves are already sent as they are notices now."
This reverts commit 636d5141e9.

We want the salmon notifyActivity call
2015-02-03 17:50:21 +01:00
Mikael Nordfeldth
636d5141e9 Notices for faves are already sent as they are notices now. 2015-02-03 16:44:13 +01:00
Mikael Nordfeldth
acec8b8cf2 Default value false for $force on Ostatus updateAvatar 2015-01-27 14:14:24 +01:00
Mikael Nordfeldth
cc996f58db Test in Ostatus_profile if avatar is an image before writing to filesystem
This clears one FIXME...

We also fix HTTPClient::quickGet() (and a related call in OStatus testfeed.php).
2015-01-27 14:00:39 +01:00
Mikael Nordfeldth
cdd3c52633 Handle groups better in Ostatus_profile->updateAvatar 2015-01-27 13:38:11 +01:00
Mikael Nordfeldth
482f61ac15 OStatusSub should use inherent attributes
No need to make several common_current_user calls and then getProfile
directly after that, since we have stuff like $this->scoped.
2015-01-27 13:23:49 +01:00
Mikael Nordfeldth
cf46de6ca7 Ostatus_profile smarter test if avatar exists
If you accidentally deleted a remote user's avatar from filesystem,
it'd take until its URL was updated that you got it back. Now it
happens if the local avatar file doesn't exist.
2015-01-26 17:43:09 +01:00
Mikael Nordfeldth
697a00d8e1 Force updateAvatar if desired 2015-01-26 17:26:51 +01:00
Mikael Nordfeldth
7beec74f0c Differentiate on group and user for WebFinger data 2015-01-26 12:18:35 +01:00
Mikael Nordfeldth
aeaee388bf Store remote magicsig public keys locally 2015-01-24 13:06:09 +01:00
Mikael Nordfeldth
2d0155a50f Added Magicsig onProfileDeleteRelated 2015-01-24 12:47:39 +01:00
Mikael Nordfeldth
975ce6d83e Documentation update (clarifying need for php5-gmp in comment) 2015-01-24 12:22:29 +01:00
Mikael Nordfeldth
cce808b27c const'ifying bits and sigalg
Also we should move away from 1024 bit keys as soon as we can.
2015-01-24 12:18:55 +01:00
Mikael Nordfeldth
3a0136fe1f Replace file_get_contents with HTTPClient in testfeed 2015-01-22 11:30:36 +01:00
Mikael Nordfeldth
d492b74e42 holy crap, file_put_contents got args in wrong order 2015-01-18 02:57:08 +01:00
Mikael Nordfeldth
5d9e9aaaf5 Keep the old error message on updateAvatar 2015-01-18 02:48:39 +01:00
Mikael Nordfeldth
010824c4b5 Use HTTPClient to download avatar
also make updateAvatar public so we can call it from update_ostatus_profile.php
2015-01-18 02:44:55 +01:00
Mikael Nordfeldth
0499736bb4 Loose_Ostatusprofile::updateAvatar was identical to Ostatus_profile 2015-01-18 02:39:08 +01:00
Mikael Nordfeldth
ba9abb3c57 Add nohub config setting to allowed non-PuSH feeds 2015-01-16 01:10:55 +01:00
Mikael Nordfeldth
8594a2ba16 FeedPoller plugin, for hubless feeds 2015-01-15 21:13:13 +01:00
Mikael Nordfeldth
57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
db7154c63b Abort on failure instead of return early success 2015-01-13 13:18:57 +01:00
Mikael Nordfeldth
66044b7782 ensureActivityObjectProfile is more thorough than createAct... 2015-01-12 11:47:21 +01:00
Mikael Nordfeldth
73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
d8f4de450c Support for updated aliases
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.

Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?

Currently we do _not_ update the ostatus_profile table with the new URI.
2015-01-10 02:07:39 +01:00
Mikael Nordfeldth
d32fef6039 Merge commit 'refs/merge-requests/28' of https://gitorious.org/social/mainline into merge-requests/28 2015-01-08 16:48:42 +01:00
Joshua Judson Rosen
f246dd4645 OStatusPlugin: fix ensureProfile catch-22 in onCheckActivityAuthorship()
Use profile URL (not URI), like elsewhere.

Profile::getUri() doesn't actually do anything useful, here--
it does nothing unless a plugin (like OStatus) is already
able to resolve the Profile into a backend object (e.g.: an Ostatus_profile).

If we might not already have an Ostatus_profile for a given Profile,
then we need to use $profile->getUrl() and fetch the data from that URL.
2014-12-30 23:56:33 -05:00
Mikael Nordfeldth
d3a8896b2a Merge commit 'refs/merge-requests/26' of https://gitorious.org/social/mainline into merge-requests/26 2014-12-09 13:45:15 +01:00
Joshua Judson Rosen
f71eeaee5a OStatus/scripts/update-profile-data.php: print updated fullnames
Now that we can actually update them again.
2014-12-08 22:06:29 -05:00
Mikael Nordfeldth
812d1eead9 Stronger typing in Ostatus_profile 2014-12-08 19:52:00 +01:00
Mikael Nordfeldth
72d1c3c73e fetch conversation URI in processPost, not processShare 2014-11-27 16:51:21 +01:00
Mikael Nordfeldth
bdb4a41696 Use remote conversation URI info to stitch convos together
If we know the URI sent from the remote party, and we don't know the
notice it is replying to, we might still be able to put it in the same
conversation thread!
2014-11-27 14:06:10 +01:00
Mikael Nordfeldth
8056097478 Try to lookup the profile if we don't know it yet 2014-11-24 23:50:42 +01:00
Mikael Nordfeldth
720c2c9ff2 Ostatus_profile->checkAuthorship returns Profile
not Ostatus_profile
2014-11-24 23:40:06 +01:00
Mikael Nordfeldth
3bf1478f97 Bad parameter count for checkAuthorship
At the same time we change this to call ActivityUtils::checkAuthorship
instead to let the retrieval/verification go through event handling.

rozzin (Joshua Judson Rosen) found this error. Thanks.
2014-11-24 12:49:20 +01:00
Joshua Judson Rosen
4b875e0fd0 Fix OStatus groups by making Ostatus_profile::localProfile() work for groups
We need to look up a feed profile for HandleFeedEntryWithProfile events,
regardless of whether they're an OStatus user, group, or something else;
this is the least hairy way of doing that--the alternative being
to keep spreading the same logic all over the calling code.

Theoretically, this change might allow OStatusGroups to be recorded
as the authors of activities if they pass through any authorless
activities; but that's why we have checkAuthorship().
2014-11-24 12:30:37 +01:00
Joshua Judson Rosen
d2e1a8c706 Ostatus_profile::checkAuthorship(): throw ServerException when bogus non-authorship is detected
Similarly to what ActivityUtils::checkAuthorship does; try to ensure
that activities from ambiguous OStatus feeds (groups and peopletags)
that require explicit authorship don't get in without explicit authors.
2014-11-24 12:29:41 +01:00
Mikael Nordfeldth
496acdc7d9 normalizing acct: URI just to be sure 2014-11-16 18:29:05 +01:00
Mikael Nordfeldth
faae9d069a We're using URLMapper, not Net_URL_Mapper 2014-11-07 15:24:05 +01:00
Mikael Nordfeldth
29ac42addd Diaspora public key published in WebFinger 2014-11-06 21:05:31 +01:00
Mikael Nordfeldth
57b5e2483d A little bit more debugging. 2014-10-25 14:23:15 +02:00
Mikael Nordfeldth
2d0c7c2c99 ensureWebfinger was never complete in StatusNet. Worked a bit on it. 2014-07-27 23:08:02 +02:00
Mikael Nordfeldth
ae62b91940 Unifying HTML stripping functions to common_strip_html 2014-07-14 13:52:23 +02:00
Mikael Nordfeldth
fffacaa27c FavorAction now uses Notice::saveActivity 2014-07-06 01:37:03 +02:00
Mikael Nordfeldth
eda69cabaf Remove Ostatus_profile when releted Profile is deleted 2014-07-04 11:45:42 +02:00
Mikael Nordfeldth
4b40d6bb2a TagprofileAction fiddled with, now doesn't require OStatus override
But it still doesn't quite work properly, so a lot of work is necessary for this.
2014-07-03 14:02:21 +02:00
Mikael Nordfeldth
b63f6e949c Converted all ActivityObject::fromProfile to $profile->asActivityObject 2014-07-03 10:51:36 +02:00
Mikael Nordfeldth
c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
9f4bcbad8a checkAuthorship events, Ostatus_profile rewrite to handle it
Lost dependency of OStatus plugin for lib/microappplugin.php, whoo!

also noting which plugins should be upgraded to new saveActivity support.

Favorite plugin won't work with the new system just yet, it doesn't have
the necessary functions to extract activity objects, but that's coming
in the next (few) commits.
2014-07-02 11:38:45 +02:00
Mikael Nordfeldth
acb07ef52f Added saveActivity method to Notice class
saveActivity will accept an Activity which gets parsed and saved through
plugins. So when an ActivityHandlerPlugin (such as Favorite will be soon)
gets a feed to save, this will be the function called instead of saveNew.
2014-07-02 11:38:37 +02:00
Mikael Nordfeldth
d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
c74dc15173 DiscoveryHints gets microformats2 parsing abilities 2014-06-24 01:27:03 +02:00
Mikael Nordfeldth
55418685c4 DiscoveryHints now properly returns hcard url 2014-06-23 20:51:37 +02:00
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys)
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
aaef11077d Default of Magicsig keypair toString should be secure
Prevent crappy coders from leaking private keys.
2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
2cd25039af Quick-return is more comprehensible than long if statements 2014-06-02 19:37:06 +02:00
Mikael Nordfeldth
f7479e3f57 Prepare for WebFinger magicsig data for remote profiles 2014-06-02 19:33:09 +02:00
Mikael Nordfeldth
78805d113a MagicEnvelope discoverKeyPair now returns string
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b Only use a Profile in MagicEnvelope keypair retrieval
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
56194b3cd9 Magicsig importKeys finetuning and getHash() use 2014-06-02 16:11:15 +02:00
Mikael Nordfeldth
dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
00b2bddc7c Clarify it's not base64, but base64url, encoding in Magicsig 2014-06-02 14:51:15 +02:00
Mikael Nordfeldth
993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
c1dc13bef0 Magicsig warning message would fail to get bits 2014-06-02 13:35:29 +02:00
Mikael Nordfeldth
3ef8322b03 There could be unresolvable FeedSub entries 2014-06-01 16:07:08 +02:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4 Use locally cached Salmon keys for profiles
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays)
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad Make MagicEnvelope self-reference
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
ba10da27da Should not normalize Salmon author URIs.
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
3c322abafc There's no guarantee we have an Ostatus_profile for Feedsub 2014-05-19 18:34:44 +02:00
Mikael Nordfeldth
0dad11bb85 Inform and make use of NoProfileException in OStatus actions
This is because Ostatus_profile->localProfile() throws NoProfileException
instead of returning null for profiles which don't exist in Profile table.
2014-05-19 18:07:57 +02:00
Mikael Nordfeldth
63c20e59aa UsersalmonAction cleanup 2014-05-19 18:07:14 +02:00
Mikael Nordfeldth
228dc1f851 Ostatus_profile throws NoProfileException from localProfile()
Some implementations of the exception handling is included here,
the actions come in a later commit.
2014-05-19 17:59:36 +02:00
Mikael Nordfeldth
d2c749c7de NoUriException added and implemented in FeedSub class
This is a specific exception for objects which require URI but lack it,
first implemented in FeedSub to allow for identification of bad entries.
2014-05-19 17:30:04 +02:00
Mikael Nordfeldth
1207f4f06f isLocal() for User_group 2014-05-19 14:46:54 +02:00
Mikael Nordfeldth
7977361193 Too many bird wings ({), sorry Erkan :) 2014-05-07 09:52:50 +02:00
Mikael Nordfeldth
b59beb50e6 misplaced dollar sign, also URLs != attention URIs 2014-05-07 09:20:57 +02:00
Mikael Nordfeldth
c01138c16b Forgot 'new' before the Exception class 2014-05-07 00:06:04 +02:00
Mikael Nordfeldth
074b2b621c Garbage collection script didn't loop through anything 2014-05-06 16:18:47 +02:00
Mikael Nordfeldth
8b12e41351 User object didn't have getNickname() function
We're just jumping on to the Profile->getNickname() function.
2014-05-06 16:08:36 +02:00
Mikael Nordfeldth
869ca2d20b Missed a $user->id to $profile->id translation 2014-05-06 15:43:06 +02:00
Mikael Nordfeldth
c279a33feb More Exceptions for FeedSub doSubscribe and related functions
Now also garbageCollect will now throw exceptions of failures of all kinds
and only reply true/false on entirely successful runs of sub/unsub.
2014-05-06 15:40:57 +02:00
Mikael Nordfeldth
0fa00d5106 Type testing instead of just empty() in OStatusPlugin 2014-05-06 14:36:52 +02:00
Mikael Nordfeldth
1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00
Mikael Nordfeldth
fc3125cf28 More modern coding, stuff related to subscriptions
Also trying to use the newly implemented AlreadyFulfilledException
2014-05-05 23:58:05 +02:00
Mikael Nordfeldth
805958cc23 UsersalmonAction updated to stronger typing standards 2014-05-05 19:38:01 +02:00
Mikael Nordfeldth
595d231d9a GroupsalmonAction updated to stronger typing standards 2014-05-05 19:25:39 +02:00
Mikael Nordfeldth
cdefeda659 More debugging for Salmon activities 2014-05-05 19:10:44 +02:00
Mikael Nordfeldth
bbada781b7 Stronger typing and function access control in OStatus 2014-05-05 19:06:22 +02:00
Mikael Nordfeldth
2ea5f00666 Success debugging was too much noise 2014-05-05 18:59:44 +02:00
Mikael Nordfeldth
960baae1d1 More debugging in Magicsig class verify method 2014-05-05 17:48:21 +02:00
Joshua Judson Rosen
7440dc2145 Prevent spurious refusals of legitimate notices posted to users via Salmon.
Make the logic match the intent described in the comments.

The intent is clearly "accept notices whenever (A or B or C)", but
the logic implemented was more like "not ((not A) or (not B) or (not C))",
which is a basical boolean algebra fail (each of those ORs need to
become ANDs for double-negation to work).

The practical implication was that, for example, writing a reply
to someone else's notice and including an @-reference to _another_
user on another site to bring them into the discussion would
fail to deliver the notice to the new user because their server
would basically say `oh no, you can't message this user
from someone else's thread' because an earlier check for
the `A' or `C' parts of `(A or B or C)' prevents `B' from
being checked.

cf.: <http://status.hackerposse.com/notice/55846>, which was
refused by the nhcrossing.com server because it didn't know
about <http://sn.jonkman.ca/notice/93724>, even though it would
have passed the later `notice contains a reference to a local user'
check if not for an exception being prematurely thrown.

The whole idea of reporting `which specific check FAILED'
in an `if ANY SUCCEEDS' analysis is just bogus, so nix all of
the distinct ClientExceptions--a single `ALL FAILED' exception
is the only one that makes sense.
2014-05-05 13:35:38 +02:00
Mikael Nordfeldth
b77a09fdee Notice URIs are not necessarily URLs.
Let's use getUrl() for URL retrieval. May throw exceptions, but
only if it's a Notice that cannot be linked like that anyway.
2014-04-30 20:44:23 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
639cf48cc7 OStatus onStartNoticeSourceLink to use exceptions 2014-04-19 22:18:36 +02:00
Mikael Nordfeldth
c00491cd7a Cosmetic changes to common_redirect, clientError, serverError
Since these functions exit (or throw exception) after running, there
is no need to have a 'return' statement or similar afterwards.
2014-03-10 00:25:57 +01:00
Mikael Nordfeldth
8d655bc706 Add support for 'nohub' sub_state in FeedSub
(requires upgrade.php run)
2014-03-09 23:03:54 +01:00
Mikael Nordfeldth
779ce40ac3 Add functions to avoid direct variable access 2014-03-09 13:31:05 +01:00
Mikael Nordfeldth
a1b0d5fa7e FeedSub gets a plugin event handler for sub/unsub 2014-03-09 13:27:28 +01:00
Mikael Nordfeldth
e571e64e9e Make ostatussub conform to coding standards a bit 2014-03-05 13:44:45 +01:00
Mikael Nordfeldth
dc0ae2785d SubMirror now works again against old PuSH
There was a problem with (specifically at least) PuSHpress for
Wordpress. A previous attempt to perform a DB transaction backfired
because the remote side could connect to the callback before our
commit had gone through.

I take full responsibility for introducing the bug in the first place :)
2014-03-03 00:01:13 +01:00
Mikael Nordfeldth
8b04bcb310 Prepare for >1024 RSA keys for Salmon signatures 2014-03-02 11:47:38 +01:00
Mikael Nordfeldth
fc047bd6e6 Minor code cleanup with group related actions (thanks brw12)
Originated from brw12 who noticed an incorrect variable name used in
an error message in actions/apigroupjoin.php:109
2014-03-01 12:01:17 +01:00
Mikael Nordfeldth
698a7adb83 mentions from OStatus lookup were missing a 'type' attribute in common_linkify_mention 2014-02-23 21:49:55 +01:00
Mikael Nordfeldth
b81d7c425d better comment for PuSH <0.4 hack 2014-01-01 19:47:41 +01:00
Mikael Nordfeldth
b6f5f58f1a Attention structure has changed recently 2013-11-19 13:38:38 +01:00
Mikael Nordfeldth
3dcce8d987 Don't miss integer 0 values from find() 2013-11-19 13:30:14 +01:00
Mikael Nordfeldth
700dce386a WebFingerResource for profiles now WebFingerResource_Profile 2013-11-09 00:49:00 +01:00
Mikael Nordfeldth
1223c17568 Remote StatusNet sites would throw 400 if no hub.verify_token 2013-11-06 12:46:59 +01:00
Mikael Nordfeldth
ab4113168f PuSH 0.4: No outgoing 'sync' verifications. Feed renewal script. No auto-renewal.
Among other things (such as permanent subscriptions), Pubsubhubbub 0.4
removed the "sync" verification method. This means that any incoming
PuSH subscription requests that follow the 0.4 spec won't really
_require_that we handle it as a background process, but if we were to
try direct verification of the subscription - and fail - there's no way
we could  pick up the ball again. So _essentially_ we require background
processing with retries.

This means we must implement something like the "poorman cron" or
similar, so background processing can be handled
on-demand/on-site-visit. This is how Friendica, Drupal etc. handles it
and is necessary for environments where we can't run separate queue
daemons.

When the poorman-cron-ish thing is implemented, auto-renewal will work
for all users.

PuSH 0.4 spec:
    https://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html
More on PuSH 0.4 release (incl. breaking changes):
    https://groups.google.com/forum/#!msg/pubsubhubbub/7RPlYMds4RI/2mIHQTdV3aoJ
2013-11-02 20:02:28 +01:00
Mikael Nordfeldth
db889922ac We don't do local_push_bypass 2013-11-02 17:42:32 +01:00
Mikael Nordfeldth
6ef1967cec Notice metadata for WebFinger. Not sure if implemented properly.
This is more of a proof of concept and will likely not stay in exactly
this form. We should reasonably deliver the entire notice upon webfinger
querying.
2013-11-01 17:37:18 +01:00