Commit Graph

1415 Commits

Author SHA1 Message Date
Zach Copley
6187266205 - OStatusPlugin should return true if it doesn't need to handle source
attribution
- Remove stray break statement from NoticeList
2010-05-18 15:16:03 -07:00
Brion Vibber
7c828ae5f8 OpenID access control options: trusted provider URL, Launchpad team restrictions. Added an admin panel for setting these and OpenID-only mode, off by default.
To enable the admin panel:
    $config['admin']['panels'][] = 'openid';

Or to set them manually:
    $config['openid']['trusted_provider'] = 'https://login.ubuntu.net/';
    $config['openid']['required_team'] = 'my-project-cabal';
    $config['site']['openidonly'] = true;

OpenID-only mode can still be set from addPlugin() parameters as well for backwards compatibility.
Note: if it's set there, that value will override the setting from the database or config.php.

Note that team restrictions are only really meaningful if a trusted provider is set; otherwise,
any OpenID server could report back that users are members of the given team.

Restrictions are checked only at OpenID authentication time and will not kick off people currently
with a session open; existing remembered logins may also survive these changes.

Using code for Launchpad team support provided by Canonical under AGPLv3, pulled from r27 of
WordPress teams integration plugin:
    https://code.edge.launchpad.net/~canonical-isd-hackers/wordpress-teams-integration/trunk
2010-05-18 13:28:41 -07:00
Brion Vibber
b77878f467 Include notice fragment on 'in context' links in Realtime plugin family. 2010-05-17 19:47:44 +00:00
Brion Vibber
e36df29212 Patch from g0: fix for conversation links in Realtime updates
Previously was using the reply-to URL, which didn't match with other displays.
Now sends to the right conversation page.
2010-05-17 19:37:47 +00:00
James Walker
1999b836c0 accept either salmon endpoint (until they're unified in the spec) 2010-05-14 16:43:41 -04:00
James Walker
275002d88a allow hyphens in subdomains for webfinger addresses 2010-05-14 16:43:41 -04:00
Brion Vibber
5d0593ec34 Fix keys() / keyTypes() mixup in SamplePlugin 2010-05-12 11:09:37 -07:00
Brion Vibber
7915386950 Allow plugins to load their styles for mobile view; fixes bad realtime button layout 2010-05-07 01:28:37 +00:00
Brion Vibber
5996d80c09 Ticket #2184: recognize Palm Pre / WebOS browsers for MobileProfile
One-line addition of 'webos' to the keywords list.
2010-05-06 21:29:04 +00:00
Brion Vibber
8260a88f41 Quick fix for DirectionDetector: only apply <span class="rtl"> once; if it's already there in an incoming message (eg via OStatus), don't reapply it.
Modified from patch from Everplays
2010-05-05 11:28:05 -07:00
Brion Vibber
60825ba535 Clean up reference usage warnings in DirectionDetector plugin 2010-05-05 10:51:05 -07:00
Brion Vibber
5f5d9518bd Avoid spewing giant debug backtrace into exception in certain OStatus subscription failure cases.
The code pattern 'new XXXException($e)' to chain exceptions doesn't actually work as intended, as exceptions are actually expecting a string message here.
This caused an implicit string conversion from HTTP_Request2_Exception, which is a PEAR_Exception, which defines an absurdly detailed __toString() method including a giant HTML table with a backtrace if you happen to be on a web request.
Simply passing $e->getMessage() instead clears this up, as we'll get the nice short message like 'Couldn't connect to tcp://blahblah:80'
2010-05-04 17:11:43 -07:00
Brion Vibber
67eeaa9cf4 Pull localization updates from 0.9.x branch 2010-05-03 12:27:44 -07:00
Brion Vibber
ae2986527c Pull localization updates from 0.9.x 2010-04-29 15:52:10 -07:00
Brion Vibber
dd7b95c2cf Merge branch 'master' into testing 2010-04-23 14:26:57 -07:00
Brion Vibber
9c8052e755 Rerun feed discovery and update the feed, salmon, and hub for the given OStatus remote profile. Restarts subscription fresh as well.
update-profile.php -sexample.com http://example.com/path/to/profile/url
2010-04-23 12:54:31 -07:00
Brion Vibber
4beaba9fb0 Ticket #93: pretty up the auto-submit for OpenID logins a bit.
* throwing in our spinner
* cleanup of texts
* "If this doesn't go through click the button" instead of just a mystery button
* slightly faster submission: immediate at end of page rather than waiting for jQuery to confirm document setup completion
2010-04-23 11:28:50 -07:00
Brion Vibber
0f975f4215 Fix to regression in last commit; wrong field name for homepage blacklist 2010-04-23 08:24:53 -07:00
Brion Vibber
390a2a8624 Fix for Blacklist plugin: was saving an empty entry if blacklist was empty, which would match *all* possible nickname registrations, preventing all registration on mozilla.status.net.
Now saving only non-empty lines, and only matching non-empty lines so we don't fail if we still have a bogus entry.
2010-04-23 07:17:52 -07:00
Brion Vibber
67b8b1334f Fix keys / keyTypes for Blacklist plugin - was spewing notices for undefined array indexes when saving blacklist entries from admin panel 2010-04-23 07:10:36 -07:00
Brion Vibber
fd9d520aeb OStatus: CLI script to force a renewal on the given PuSH subscription. May help when we get out of sync with the hub.
php plugins/OStatus/scripts/resub-feed.php -smysite http://example.com/some/atom/feed
2010-04-22 06:14:40 +02:00
Evan Prodromou
a129c455a2 Fix exceptions with bad gravatar URLs 2010-04-21 18:19:16 -07:00
Evan Prodromou
e28214bfe9 fix reference error in RSSCloud plugin 2010-04-21 18:11:29 -07:00
Brion Vibber
2af12774bf Merge branch 'master' into testing 2010-04-19 19:46:11 +02:00
Brion Vibber
acea534044 Disable the send-notice form at the top of the page OStatus subscription confirmation page to work around bugs in Cloudy theme.
This is really just a hack for the broken CSS in the Cloudy theme, I think; copying from other non-notice-navigation pages that do this as well. There will be plenty of others also broken.
2010-04-19 19:45:01 +02:00
Brion Vibber
c95bff7744 Merge branch 'master' into testing 2010-04-14 15:58:42 +02:00
Brion Vibber
efcdfabc12 Ticket #2205: pass geo locations over Twitter bridge (will only be used if enabled on the Twitter side) 2010-04-14 15:45:00 +02:00
Brion Vibber
756dd15515 i18n cleanup: fix bad string breakdown in license agreement checkbox on registration form.
Note that much of that form is duplicated several times for Twitter, Facebook, and OpenID registrations -- these need to be refactored to avoid having multiple out-of-sync copies of code and messages.
2010-04-09 10:12:23 -07:00
Brion Vibber
db497e80e8 Initial version of everplay's RTL direction detector plugin, sets initial direction correctly for primarily RTL notices within an LTR site layout. 2010-04-09 09:24:10 -07:00
Brion Vibber
ee438cf198 Merge branch 'master' of git@gitorious.org:statusnet/mainline into testing 2010-04-08 10:16:55 -07:00
Brion Vibber
ecd31384ed Fix for error during handling of HTTP error response case in Geonames lookups 2010-04-08 10:11:52 -07:00
Brion Vibber
8a02cad424 drop onStartShowHeadElements handler from MobileProfile; just duplicated the original code path, and after removing the bogus notice-spewing code it was running those things twice. 2010-04-08 10:09:56 -07:00
Brion Vibber
d352e5f5c4 Handle attempt to subscribe a local user via their remote webfinger reference more gracefully.
The ensure* family of functions will now return an OStatusShadowException in this case, which gives us a pleasant error message instead of a giant exception backtrace when you do 'sub somebody@this.local.server'.

Can be extended later to allow actually using the local profile, since we could figure it out.
2010-04-06 16:35:24 -07:00
Brion Vibber
878461d50d Handle attempt to subscribe a local user via their remote webfinger reference more gracefully.
The ensure* family of functions will now return an OStatusShadowException in this case, which gives us a pleasant error message instead of a giant exception backtrace when you do 'sub somebody@this.local.server'.

Can be extended later to allow actually using the local profile, since we could figure it out.
2010-04-06 23:32:04 +00:00
Brion Vibber
4bb75d1c8e Merge branch 'master' of git@gitorious.org:statusnet/mainline into testing 2010-04-06 15:19:10 -07:00
Brion Vibber
cda03ff328 Set a default 2-second timeout on Geonames web service lookups. After a failure, further lookups in the same process will be skipped for the next 60 seconds (also configurable).
Makes a Geonames outage much less disruptive to site operations.
2010-04-06 15:14:28 -07:00
Brion Vibber
3da8989242 Merge branch 'master' into testing 2010-04-06 14:36:21 -07:00
Brion Vibber
7c3b320a7a Allow Meteor plugin to be configurable via configuration database or file.
As there's no admin control panel yet, this is mainly meant for batch administration and using setconfig.php
2010-04-06 14:07:46 -07:00
Brion Vibber
3172b50fc7 Add a User-Agent fragment blacklist to MobileProfile: sticking iPad on the regular theme, which works better on its larger screen (was tripped on 'mobile' in the UA though we had no explicit check for 'ipad' previously) 2010-04-06 12:21:42 -07:00
Brion Vibber
edea825c70 Comment out unreachable code spewing notices due to use of undefined variables in MobileProfile.
This needs some cleanup...
2010-04-06 12:13:54 -07:00
Brion Vibber
3ac3bc32fc Some localization cleanup and doc to aid in customization:
* added locale/en/LC_MESSAGES/statusnet.po to make it easier to start customizing English texts
* added notes to locale/README about customizing and how to disable languages you haven't customized
* renamed PO templates from *.po to *.pot to match general conventions and reduce confusion for people trying to find which file they're supposed to edit
2010-04-05 13:19:16 -07:00
Brion Vibber
dbaa93d1aa Clean up and clarify output on fix-shadow.php 2010-04-05 11:21:17 -07:00
Brion Vibber
295b2d02bb Clean up and clarify output on fix-shadow.php 2010-04-05 11:20:35 -07:00
Brion Vibber
f19b95d9b7 Shared cache key option for Geonames plugin, lets multi-instance sites share their cached geoname lookups.
Example:
  unset($config['plugins']['default']['Geonames']);
  addPlugin('Geonames', array('cachePrefix' => 'statusnet:shared'));
2010-03-30 12:20:46 -07:00
Brion Vibber
bfb2ac4910 Shared cache key option for Geonames plugin, lets multi-instance sites share their cached geoname lookups.
Example:
  unset($config['plugins']['default']['Geonames']);
  addPlugin('Geonames', array('cachePrefix' => 'statusnet:shared'));
2010-03-30 12:19:25 -07:00
Zach Copley
804182e0fe Some fixes to make the twitterstatusfetcher behave better in a multi-site configuration 2010-03-30 11:51:56 -07:00
Brion Vibber
6046a6cc6a Include meta charset header in saved HTML file for long OStatus messages; without, DOMDocument::loadHTML assumed Latin-1 instead of UTF-8. 2010-03-29 16:29:57 -07:00
Brion Vibber
990bbea07e Include meta charset header in saved HTML file for long OStatus messages; without, DOMDocument::loadHTML assumed Latin-1 instead of UTF-8. 2010-03-29 16:27:50 -07:00
Brion Vibber
873b832827 Merge branch 'master' into testing
Conflicts:
	plugins/Blacklist/BlacklistPlugin.php
2010-03-29 15:14:25 -07:00
Zach Copley
03f6706468 RSSCloudPlugin's onRouterInitialized() should expect pass by value instead of reference 2010-03-28 17:01:16 -07:00
Brion Vibber
bf468e2a8d Remove debug line that crept into a commit a while back, breaking realtime when Firebug wasn't present 2010-03-28 14:41:31 -07:00
Evan Prodromou
482faf6614 don't try to get to database at initialize time 2010-03-28 15:17:44 -04:00
Zach Copley
8fc390e5cb Some fixes to make the twitterstatusfetcher behave better in a multi-site configuration 2010-03-27 23:36:05 +00:00
Brion Vibber
766cf99f21 Drop debug statements on every regex match from Blacklist plugin; filling the logs a little faster than ops likes. :) 2010-03-26 10:47:12 -07:00
Brion Vibber
c905d7e9a0 Drop debug statements on every regex match from Blacklist plugin; filling the logs a little faster than ops likes. :) 2010-03-26 10:46:36 -07:00
James Walker
3227122ac3 move base64_url_(encode|decode) to static functions in Magicsig 2010-03-26 10:43:41 -07:00
James Walker
c6c4510192 move base64_url_(encode|decode) to static functions in Magicsig 2010-03-26 13:37:46 -04:00
Evan Prodromou
75b2bf2a4e Do ostatus queue first
We do the OStatus queue first, so if we're sending a notice to the
same server twice (e.g., with OMB), our richer and more featureful
notice comes in first.
2010-03-26 08:45:23 -04:00
Brion Vibber
e91bf2b8a9 Tweak to OStatus long message cropping: use original source notice URL for the link in the text version, don't shorten the link for the HTML so we can append params to it in JS.
Conflicts:

	plugins/OStatus/classes/Ostatus_profile.php
2010-03-25 16:08:09 -07:00
Brion Vibber
013647f0ba Add doc comments on saveHTMLFile; drop the extra <div> wrapping the contents to make it easier to extract without getting extra markup. 2010-03-25 23:11:06 +01:00
Evan Prodromou
cbf321eeb3 Merge branch 'master' of git@gitorious.org:statusnet/mainline 2010-03-25 17:24:10 -04:00
Sarven Capadisli
8336e24179 Using &#8230; (hellip) instead of "more" for link text 2010-03-25 22:18:21 +01:00
Brion Vibber
c11064a539 Updated 'more' anchor for attachments to do an XHR GET
Conflicts:

	lib/attachmentlist.php
	plugins/OStatus/classes/Ostatus_profile.php

Merge tried to delete things that it seems it shouldn't, very confusing order. Hope rest of the cherry-picking isn't a problem.
2010-03-25 14:15:54 -07:00
Evan Prodromou
9c63ae6e44 add whitelist and blacklist for openid URLs 2010-03-25 16:58:05 -04:00
Evan Prodromou
7f6fdb528c remove debugging calls 2010-03-25 16:35:22 -04:00
Sarven Capadisli
9ea48298d5 Updated plugin to open external links on a new window that are not
attachments
2010-03-25 21:33:07 +01:00
Evan Prodromou
697222575d Merge branch 'blacklisttable' into testing 2010-03-25 13:51:52 -04:00
Evan Prodromou
920acf8d96 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-03-25 13:50:49 -04:00
Evan Prodromou
6e644f77a4 Store blacklist patterns in their own tables
We were bumping into limits on the config format in the Blacklist
plugin. So, added new tables for nickname and homepage blacklists, and
changed the plugin to use those instead of config file (actually,
still uses config file in addition, for compatibility).
2010-03-25 13:49:12 -04:00
James Walker
9e0b9857f4 Make sure we're requiring the library 2010-03-24 15:26:03 -04:00
James Walker
cfca789b34 Updated Math_Biginteger from upstream - removing safe* workarounds 2010-03-24 15:18:41 -04:00
James Walker
c4273f0ef3 Check for 0.9.0 bad keys from old Crypt_RSA library 2010-03-24 15:15:20 -04:00
James Walker
10410907a0 A bit safer checking in the keypair parsing 2010-03-24 14:27:35 -04:00
Zach Copley
7b1b6045e6 Look for the first object in the Activity 2010-03-24 00:00:55 -07:00
Brion Vibber
fcf86b4fdf Improve legibility of OStatus remote tests output 2010-03-23 18:56:40 -07:00
Brion Vibber
9380eed794 add a general PuSHed post and an @-reply back to a subscribee by name to OStatus remote test cases 2010-03-23 18:44:54 -07:00
Brion Vibber
df8c9090c0 Add basic subscribe/unsubscribe test to OStatus test cases 2010-03-23 14:19:12 -07:00
Brion Vibber
5f32cf32cd Don't spew XML parse warnings to output when checking a remote XRD page 2010-03-23 14:18:45 -07:00
Evan Prodromou
ad608ab9ad prevent password login actions in OpenID-only mode 2010-03-23 12:58:10 -04:00
Evan Prodromou
ff60cb4e66 start making OpenID-only mode work 2010-03-23 12:10:26 -04:00
Evan Prodromou
fcdbf421ab reformat OpenIDPlugin for PHPCS 2010-03-23 11:36:02 -04:00
Zach Copley
5b0b6097e0 Fix reference. Look at the first ActivityObject in the list. 2010-03-22 21:48:21 -07:00
Zach Copley
b8e97ac709 Some initial media parsing
- Activity now returns a list of activity objects
- Processing of photo objects
2010-03-22 18:55:17 -07:00
Brion Vibber
3678e7b89b OStatus remote sending test cases. Doesn't actually run within PHPUnit right now, must be run from command line -- specify base URLs to two StatusNet sites that will be able to communicate with each other.
Current test run includes:
* register accounts (via web form)
* local post
* @-mention using path (@domain/path/to/user)

Subscriptions, webfinger mentions, various paths to subscription and unsubscription, etc to come.
2010-03-22 17:01:50 -07:00
Brion Vibber
27bfd1211d Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached.
Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.
2010-03-22 12:17:45 -07:00
Brion Vibber
3bb639699c Confirm there's actually user and domain portions of acct string before assigning things from output of explode(); avoids notice message when invalid input passed to main/xrd 2010-03-22 11:27:39 -07:00
James Walker
a20880ee1e Fixing HTTP Header LRDD parsing (sites in subdirectories need this) 2010-03-22 13:45:13 -04:00
Evan Prodromou
edee1fc09e ignore unrecognized object types 2010-03-22 08:17:14 -04:00
Brion Vibber
fcb614d0eb Pull <atom:author> info as well as <activity:actor> when we have an old-style ActivityStreams feed. This fixes subscription setup for Cliqset feeds, which currently have a bogus activity:actor/atom:id but a good atom:author/atom:uri 2010-03-21 16:25:12 -07:00
Brion Vibber
b228da628d Accept 'tag' and other non-http id URIs in Ostatus_profile::getActivityObjectProfileURI().
(If there's not a valid ID we fall back to the link, which we do still validate as http/s.)
2010-03-21 15:46:28 -07:00
Brion Vibber
5d3bce49b8 OStatus profile setup cleanup
* drop OStatusPlugin::localProfileFromUrl(), we can just look up on user.uri
* clean up a few edge cases that returned null through Ostatus_profile::ensure* code paths, now throws clear exception when we can't find a feed from the given profile url
* add some doc comments on the ensure* methods
2010-03-21 15:18:37 -07:00
Evan Prodromou
0f1f7ab79b only use Posterous author data if it matches the profile URL 2010-03-21 07:37:58 -05:00
Evan Prodromou
c2afdfbbf5 use Posterous element if available for RssChannel discovery 2010-03-20 17:18:55 -05:00
Evan Prodromou
fb2b45c68a use feedEl for discovery 2010-03-20 09:46:22 -05:00
Evan Prodromou
515acb8513 fall back to summary or title if content not available 2010-03-20 09:30:57 -05:00
Evan Prodromou
25cb917523 Allow PuSH posts without author information
Superfeedr (sp.?) posts entries without author information. We can
assume that this is intended to be by the original author.
Re-structured the checks for entries that come in by PuSH so they can
either have no author or an empty author, but not a different author.
2010-03-20 08:25:56 -05:00
Evan Prodromou
f558508784 handle RSS as well as Atom in Ostatus push hits 2010-03-20 07:23:13 -05:00
Evan Prodromou
c0f6572001 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-03-20 06:44:55 -05:00
Evan Prodromou
51283a1b34 try to make a nickname from the user profile url before using the URI 2010-03-20 06:44:38 -05:00
Brion Vibber
db0cf50f65 Avoid notices for accessing undefined array indices in hcard processing 2010-03-19 15:54:54 -07:00