Commit Graph

886 Commits

Author SHA1 Message Date
Mikael Nordfeldth
acb07ef52f Added saveActivity method to Notice class
saveActivity will accept an Activity which gets parsed and saved through
plugins. So when an ActivityHandlerPlugin (such as Favorite will be soon)
gets a feed to save, this will be the function called instead of saveNew.
2014-07-02 11:38:37 +02:00
Mikael Nordfeldth
d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
c74dc15173 DiscoveryHints gets microformats2 parsing abilities 2014-06-24 01:27:03 +02:00
Mikael Nordfeldth
55418685c4 DiscoveryHints now properly returns hcard url 2014-06-23 20:51:37 +02:00
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys)
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
aaef11077d Default of Magicsig keypair toString should be secure
Prevent crappy coders from leaking private keys.
2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
2cd25039af Quick-return is more comprehensible than long if statements 2014-06-02 19:37:06 +02:00
Mikael Nordfeldth
f7479e3f57 Prepare for WebFinger magicsig data for remote profiles 2014-06-02 19:33:09 +02:00
Mikael Nordfeldth
78805d113a MagicEnvelope discoverKeyPair now returns string
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b Only use a Profile in MagicEnvelope keypair retrieval
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
56194b3cd9 Magicsig importKeys finetuning and getHash() use 2014-06-02 16:11:15 +02:00
Mikael Nordfeldth
dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
00b2bddc7c Clarify it's not base64, but base64url, encoding in Magicsig 2014-06-02 14:51:15 +02:00
Mikael Nordfeldth
993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
c1dc13bef0 Magicsig warning message would fail to get bits 2014-06-02 13:35:29 +02:00
Mikael Nordfeldth
3ef8322b03 There could be unresolvable FeedSub entries 2014-06-01 16:07:08 +02:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4 Use locally cached Salmon keys for profiles
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays)
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad Make MagicEnvelope self-reference
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
ba10da27da Should not normalize Salmon author URIs.
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
3c322abafc There's no guarantee we have an Ostatus_profile for Feedsub 2014-05-19 18:34:44 +02:00
Mikael Nordfeldth
0dad11bb85 Inform and make use of NoProfileException in OStatus actions
This is because Ostatus_profile->localProfile() throws NoProfileException
instead of returning null for profiles which don't exist in Profile table.
2014-05-19 18:07:57 +02:00
Mikael Nordfeldth
63c20e59aa UsersalmonAction cleanup 2014-05-19 18:07:14 +02:00
Mikael Nordfeldth
228dc1f851 Ostatus_profile throws NoProfileException from localProfile()
Some implementations of the exception handling is included here,
the actions come in a later commit.
2014-05-19 17:59:36 +02:00
Mikael Nordfeldth
d2c749c7de NoUriException added and implemented in FeedSub class
This is a specific exception for objects which require URI but lack it,
first implemented in FeedSub to allow for identification of bad entries.
2014-05-19 17:30:04 +02:00
Mikael Nordfeldth
1207f4f06f isLocal() for User_group 2014-05-19 14:46:54 +02:00
Mikael Nordfeldth
7977361193 Too many bird wings ({), sorry Erkan :) 2014-05-07 09:52:50 +02:00
Mikael Nordfeldth
b59beb50e6 misplaced dollar sign, also URLs != attention URIs 2014-05-07 09:20:57 +02:00
Mikael Nordfeldth
c01138c16b Forgot 'new' before the Exception class 2014-05-07 00:06:04 +02:00
Mikael Nordfeldth
074b2b621c Garbage collection script didn't loop through anything 2014-05-06 16:18:47 +02:00
Mikael Nordfeldth
8b12e41351 User object didn't have getNickname() function
We're just jumping on to the Profile->getNickname() function.
2014-05-06 16:08:36 +02:00
Mikael Nordfeldth
869ca2d20b Missed a $user->id to $profile->id translation 2014-05-06 15:43:06 +02:00
Mikael Nordfeldth
c279a33feb More Exceptions for FeedSub doSubscribe and related functions
Now also garbageCollect will now throw exceptions of failures of all kinds
and only reply true/false on entirely successful runs of sub/unsub.
2014-05-06 15:40:57 +02:00
Mikael Nordfeldth
0fa00d5106 Type testing instead of just empty() in OStatusPlugin 2014-05-06 14:36:52 +02:00
Mikael Nordfeldth
1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00
Mikael Nordfeldth
fc3125cf28 More modern coding, stuff related to subscriptions
Also trying to use the newly implemented AlreadyFulfilledException
2014-05-05 23:58:05 +02:00
Mikael Nordfeldth
805958cc23 UsersalmonAction updated to stronger typing standards 2014-05-05 19:38:01 +02:00
Mikael Nordfeldth
595d231d9a GroupsalmonAction updated to stronger typing standards 2014-05-05 19:25:39 +02:00
Mikael Nordfeldth
cdefeda659 More debugging for Salmon activities 2014-05-05 19:10:44 +02:00
Mikael Nordfeldth
bbada781b7 Stronger typing and function access control in OStatus 2014-05-05 19:06:22 +02:00
Mikael Nordfeldth
2ea5f00666 Success debugging was too much noise 2014-05-05 18:59:44 +02:00
Mikael Nordfeldth
960baae1d1 More debugging in Magicsig class verify method 2014-05-05 17:48:21 +02:00
Joshua Judson Rosen
7440dc2145 Prevent spurious refusals of legitimate notices posted to users via Salmon.
Make the logic match the intent described in the comments.

The intent is clearly "accept notices whenever (A or B or C)", but
the logic implemented was more like "not ((not A) or (not B) or (not C))",
which is a basical boolean algebra fail (each of those ORs need to
become ANDs for double-negation to work).

The practical implication was that, for example, writing a reply
to someone else's notice and including an @-reference to _another_
user on another site to bring them into the discussion would
fail to deliver the notice to the new user because their server
would basically say `oh no, you can't message this user
from someone else's thread' because an earlier check for
the `A' or `C' parts of `(A or B or C)' prevents `B' from
being checked.

cf.: <http://status.hackerposse.com/notice/55846>, which was
refused by the nhcrossing.com server because it didn't know
about <http://sn.jonkman.ca/notice/93724>, even though it would
have passed the later `notice contains a reference to a local user'
check if not for an exception being prematurely thrown.

The whole idea of reporting `which specific check FAILED'
in an `if ANY SUCCEEDS' analysis is just bogus, so nix all of
the distinct ClientExceptions--a single `ALL FAILED' exception
is the only one that makes sense.
2014-05-05 13:35:38 +02:00
Mikael Nordfeldth
b77a09fdee Notice URIs are not necessarily URLs.
Let's use getUrl() for URL retrieval. May throw exceptions, but
only if it's a Notice that cannot be linked like that anyway.
2014-04-30 20:44:23 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
639cf48cc7 OStatus onStartNoticeSourceLink to use exceptions 2014-04-19 22:18:36 +02:00
Mikael Nordfeldth
c00491cd7a Cosmetic changes to common_redirect, clientError, serverError
Since these functions exit (or throw exception) after running, there
is no need to have a 'return' statement or similar afterwards.
2014-03-10 00:25:57 +01:00
Mikael Nordfeldth
8d655bc706 Add support for 'nohub' sub_state in FeedSub
(requires upgrade.php run)
2014-03-09 23:03:54 +01:00
Mikael Nordfeldth
779ce40ac3 Add functions to avoid direct variable access 2014-03-09 13:31:05 +01:00
Mikael Nordfeldth
a1b0d5fa7e FeedSub gets a plugin event handler for sub/unsub 2014-03-09 13:27:28 +01:00
Mikael Nordfeldth
e571e64e9e Make ostatussub conform to coding standards a bit 2014-03-05 13:44:45 +01:00
Mikael Nordfeldth
dc0ae2785d SubMirror now works again against old PuSH
There was a problem with (specifically at least) PuSHpress for
Wordpress. A previous attempt to perform a DB transaction backfired
because the remote side could connect to the callback before our
commit had gone through.

I take full responsibility for introducing the bug in the first place :)
2014-03-03 00:01:13 +01:00
Mikael Nordfeldth
8b04bcb310 Prepare for >1024 RSA keys for Salmon signatures 2014-03-02 11:47:38 +01:00
Mikael Nordfeldth
fc047bd6e6 Minor code cleanup with group related actions (thanks brw12)
Originated from brw12 who noticed an incorrect variable name used in
an error message in actions/apigroupjoin.php:109
2014-03-01 12:01:17 +01:00
Mikael Nordfeldth
698a7adb83 mentions from OStatus lookup were missing a 'type' attribute in common_linkify_mention 2014-02-23 21:49:55 +01:00
Mikael Nordfeldth
b81d7c425d better comment for PuSH <0.4 hack 2014-01-01 19:47:41 +01:00
Mikael Nordfeldth
b6f5f58f1a Attention structure has changed recently 2013-11-19 13:38:38 +01:00
Mikael Nordfeldth
3dcce8d987 Don't miss integer 0 values from find() 2013-11-19 13:30:14 +01:00
Mikael Nordfeldth
700dce386a WebFingerResource for profiles now WebFingerResource_Profile 2013-11-09 00:49:00 +01:00
Mikael Nordfeldth
1223c17568 Remote StatusNet sites would throw 400 if no hub.verify_token 2013-11-06 12:46:59 +01:00
Mikael Nordfeldth
ab4113168f PuSH 0.4: No outgoing 'sync' verifications. Feed renewal script. No auto-renewal.
Among other things (such as permanent subscriptions), Pubsubhubbub 0.4
removed the "sync" verification method. This means that any incoming
PuSH subscription requests that follow the 0.4 spec won't really
_require_that we handle it as a background process, but if we were to
try direct verification of the subscription - and fail - there's no way
we could  pick up the ball again. So _essentially_ we require background
processing with retries.

This means we must implement something like the "poorman cron" or
similar, so background processing can be handled
on-demand/on-site-visit. This is how Friendica, Drupal etc. handles it
and is necessary for environments where we can't run separate queue
daemons.

When the poorman-cron-ish thing is implemented, auto-renewal will work
for all users.

PuSH 0.4 spec:
    https://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html
More on PuSH 0.4 release (incl. breaking changes):
    https://groups.google.com/forum/#!msg/pubsubhubbub/7RPlYMds4RI/2mIHQTdV3aoJ
2013-11-02 20:02:28 +01:00
Mikael Nordfeldth
db889922ac We don't do local_push_bypass 2013-11-02 17:42:32 +01:00
Mikael Nordfeldth
6ef1967cec Notice metadata for WebFinger. Not sure if implemented properly.
This is more of a proof of concept and will likely not stay in exactly
this form. We should reasonably deliver the entire notice upon webfinger
querying.
2013-11-01 17:37:18 +01:00
Mikael Nordfeldth
7ddd561837 Salmon only has one "rel" value now, so start deprecating 2013-11-01 17:00:12 +01:00
Mikael Nordfeldth
f110fc5c9a Using GNUSOCIAL_VERSION instead of STATUSNET_VERSION 2013-11-01 13:51:41 +01:00
Mikael Nordfeldth
ca66860a4f Better typing and minor fixes to OStatus related stuff 2013-11-01 13:20:45 +01:00
Mikael Nordfeldth
be62f44ef4 OStatus remote address example now more generic 2013-10-30 15:04:54 +01:00
Mikael Nordfeldth
f75ddaa8aa Getting a profile from URI would throw exceptions on remote URL lookup failures 2013-10-30 14:43:40 +01:00
Mikael Nordfeldth
603d2d3891 Minor Ostatus_profile class reference fixes 2013-10-30 14:14:02 +01:00
Mikael Nordfeldth
9b6633698c Group discovery from text functions polished
Also removed the entirely unused saveGroups function.

Now avoiding multiGet and using listFind in Profile->getGroups()
so we don't have to deal with ArrayWrapper.
2013-10-29 13:40:14 +01:00
Mikael Nordfeldth
f8b49e69d0 Protected function prepare with array $args defaulting to array() 2013-10-29 10:26:46 +01:00
Mikael Nordfeldth
23a6b4595f Reworked the ActivityContext->attention structure
Removing Evan's obscure attentionType solution and directly using the attention array
2013-10-28 22:21:14 +01:00
Mikael Nordfeldth
3ba6374b9d Memcached_DataObject extensions got their update functions more consistent 2013-10-28 19:36:05 +01:00
Mikael Nordfeldth
fcba540a14 Removed legacy OMB. Use OStatus for remote profiles. 2013-10-28 16:22:09 +01:00
Mikael Nordfeldth
38da5ec7f7 Ostatus_profile->processShare now backwards compatible against federating StatusNet nodes
StatusNet was improperly defining the id (URI) of the shared object as a
TagURI, while it should've really been the object's URI of course.
2013-10-21 23:25:47 +02:00
Mikael Nordfeldth
ba46c3d360 SHARE activities would not be imported from federated instances for local notices
"[...] posts _local_ users (like you) make won't get data about "repeated by"
from federated users"

This was because the ActivityObject would processShare where the shared object
has a _local_ 'actor' URI. Ostatus_profile would complain this meant that a
"Local user cannot be referenced as remote.".

So we see if the shared activity object's id (URI) is in our Notice table, so
we don't have to processActivity - and can skip ensureActivityObjectProfile.
2013-10-21 23:25:43 +02:00
Mikael Nordfeldth
3cab5b36c1 Replace common_good_random with common_random_hexstr 2013-10-21 13:20:30 +02:00
Mikael Nordfeldth
a8804010c4 Profile creation always failed because we didn't COMMIT 2013-10-20 17:22:44 +02:00
Mikael Nordfeldth
2729c622ff Minor function definitions so they match Action parent 2013-10-20 17:21:56 +02:00
Mikael Nordfeldth
e868ebfe77 WebFingerResource introduced, instead of strict Profile object
This is the beginning of getting notice URI info via WebFinger

*XrdActionLinks is renamed *WebFingerProfileLinks, check EVENTS.txt
in WebFinger plugin for new events.
2013-10-20 15:48:14 +02:00
Mikael Nordfeldth
8912cdc7a4 Validate::uri replaced with filter_var for HTTP[S] URL checks
Also, a bug in checking the OAuth callback URL for validity was fixed,
where it referenced the wrong variable when going through form data.
2013-10-07 14:46:09 +02:00
Mikael Nordfeldth
4cfd0d24c1 Group logos would not be fetched
update_ostatus_profiles.php did this correctly, but not Ostatus_profile.php
2013-10-06 01:33:27 +02:00
Mikael Nordfeldth
ba481d1e31 LOG_WARNING, not LOG_WARN 2013-10-06 01:33:10 +02:00
Mikael Nordfeldth
1795267df9 Latest phpseclib stuff and moved into its own dir.
Source: https://github.com/phpseclib/phpseclib/
Commit: 77447a3fc7869773007fa3beeb8d6f8de842ec2a

There were bugs.
2013-10-05 00:22:14 +02:00
Mikael Nordfeldth
cd6fa512ac Twitter Import + avatar fixes (cleaning up + fixing)
...there was also a typo in OstatussubAction ($avatarUrl not defined)
2013-10-03 15:28:51 +02:00
Mikael Nordfeldth
b0dfc70a54 Properly unlink all old avatars when deleting/uploading a new
We're also now using $config['image']['jpegquality'] to determine the
quality setting for resized images.

To set Avatar max size, adjust $config['avatar']['maxsize']

The getAvatar call now throws exceptions too. Related changes applied.
Now let's move Profile->avatarUrl to the Avatar class!
2013-10-01 17:00:10 +02:00
Mikael Nordfeldth
a7e748479c Fixed regression in OStatus sub from WebFinger/XML_XRD update
XML_XRD::getAll requires arguments (at least relation). If one really
want all links, just get the 'links' array. It's public!

Also, not all XML_XRD_Element_Link were migrated from the previous
array style.
2013-09-30 23:33:28 +02:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Joshua Judson Rosen
44f7ad612a Correctly distribute notices from remote posters through local groups to remote group-members via OStatus.
Allow the OStatus queue-handler to handle all posts,
and give it the smarts required to make correct decisions
about whether it should or shouldn't relay notices
over OStatus.
cf. http://status.net/open-source/issues/3540

Conflicts (staticGet => getKV):

	plugins/OStatus/lib/ostatusqueuehandler.php
2013-09-29 23:19:11 +02:00