Commit Graph

3902 Commits

Author SHA1 Message Date
Mikael Nordfeldth
2ea5f00666 Success debugging was too much noise 2014-05-05 18:59:44 +02:00
Mikael Nordfeldth
960baae1d1 More debugging in Magicsig class verify method 2014-05-05 17:48:21 +02:00
Joshua Judson Rosen
7440dc2145 Prevent spurious refusals of legitimate notices posted to users via Salmon.
Make the logic match the intent described in the comments.

The intent is clearly "accept notices whenever (A or B or C)", but
the logic implemented was more like "not ((not A) or (not B) or (not C))",
which is a basical boolean algebra fail (each of those ORs need to
become ANDs for double-negation to work).

The practical implication was that, for example, writing a reply
to someone else's notice and including an @-reference to _another_
user on another site to bring them into the discussion would
fail to deliver the notice to the new user because their server
would basically say `oh no, you can't message this user
from someone else's thread' because an earlier check for
the `A' or `C' parts of `(A or B or C)' prevents `B' from
being checked.

cf.: <http://status.hackerposse.com/notice/55846>, which was
refused by the nhcrossing.com server because it didn't know
about <http://sn.jonkman.ca/notice/93724>, even though it would
have passed the later `notice contains a reference to a local user'
check if not for an exception being prematurely thrown.

The whole idea of reporting `which specific check FAILED'
in an `if ANY SUCCEEDS' analysis is just bogus, so nix all of
the distinct ClientExceptions--a single `ALL FAILED' exception
is the only one that makes sense.
2014-05-05 13:35:38 +02:00
Joshua Judson Rosen
4fd3f43ad2 Autocomplete: don't match non-subscribed group-names.
There's no point, since we can't post/link to them anyway.
2014-05-05 13:32:18 +02:00
Mikael Nordfeldth
27ed6b7db0 getConversationUrl introduced for linking to conversations 2014-05-01 15:25:19 +02:00
Mikael Nordfeldth
caeb6e583c We're not interested in Disqus support. 2014-05-01 02:15:10 +02:00
Mikael Nordfeldth
b77a09fdee Notice URIs are not necessarily URLs.
Let's use getUrl() for URL retrieval. May throw exceptions, but
only if it's a Notice that cannot be linked like that anyway.
2014-04-30 20:44:23 +02:00
Mikael Nordfeldth
1acffa9c7a wtf is Echo? bah, let's get rid of this crap 2014-04-30 20:35:06 +02:00
Mikael Nordfeldth
7d191f8062 s/bestUrl/getUrl/ for notices and microapp objects 2014-04-29 19:46:58 +02:00
Mikael Nordfeldth
c1d2f2516a VideoThumbnails failure detection improved. 2014-04-29 19:45:42 +02:00
Mikael Nordfeldth
c8d613b916 Minifying javascripts is evil. Let's not do it.
The microformats stuff was unused
2014-04-28 18:57:11 +02:00
Mikael Nordfeldth
b0cae37b0f Datetime representation aligned for microformats2
Read more at http://microformats.org/

Also, tooltip text on time representation for humans has been improved.
Unfortunately no standardised representation (like "RFC850") had 4-digit years.
2014-04-28 18:54:55 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
030639d02d EmailAuthentication enabled by default
The login field said "Username or email address" already, so...
2014-04-28 12:39:57 +02:00
Mikael Nordfeldth
37ce1f4766 Better fallback on UnsupportedMediaException 2014-04-28 12:12:06 +02:00
Mikael Nordfeldth
d59eb5e184 Dynamically generate thumbnails (see full text)
The File object now stores width and height of files that can
supply this kind of information. Formats which we can not read
natively in PHP do not currently benefit from this. However an
event hook will be introduced later.

The CreateFileImageThumbnail event is renamed to:
CreateFileImageThumbnailSource to clarify that the hooks should not
generate their own thumbnails but only the source image. Also it now
accepts File objects, not MediaFile objects.

The thumbnail generation is documented in the source code. For
developers, call 'getThumbnail' on a File object and hope for the best.

Default thumbnail sizes have increased to be more appealing.
2014-04-21 20:46:11 +02:00
Mikael Nordfeldth
86ddf120d7 Better event name (creating thumbnail _source_) 2014-04-21 12:33:41 +02:00
Mikael Nordfeldth
639cf48cc7 OStatus onStartNoticeSourceLink to use exceptions 2014-04-19 22:18:36 +02:00
Mikael Nordfeldth
37e9366e88 We get profiles directly, there's no user object anymore 2014-04-18 22:18:11 +02:00
Mikael Nordfeldth
5ef6ee4bc5 Better plugin description for VideoThumbnails 2014-04-16 22:12:15 +02:00
Mikael Nordfeldth
06d4cecf7f MediaFile thumbnail event hooks + VideoThumbnails plugin
The exception thrown from MediaFile will be caught and simply result in
no thumbnail at all right now. In the future we might use a catch-all
and have a "cannot generate preview"-icon or something.

VideoThumbnails requires php5-ffmpeg and php5-gd.
2014-04-16 21:48:58 +02:00
Mikael Nordfeldth
a2a2105058 HTML5 required attribute for some input forms 2014-04-06 11:27:41 +02:00
Mikael Nordfeldth
220b51d8be Merge commit 'refs/merge-requests/199' of git://gitorious.org/statusnet/mainline into statusnet-merge-requests/199 2014-03-31 13:09:11 +02:00
Mikael Nordfeldth
cb3d863668 Updated and moved XMPP documentation into plugin. 2014-03-11 00:11:25 +01:00
Mikael Nordfeldth
e9e4190b64 IrcManager does not have serverError, so it must throw ServerException 2014-03-10 00:30:41 +01:00
Mikael Nordfeldth
c00491cd7a Cosmetic changes to common_redirect, clientError, serverError
Since these functions exit (or throw exception) after running, there
is no need to have a 'return' statement or similar afterwards.
2014-03-10 00:25:57 +01:00
Mikael Nordfeldth
acbe94936f common_redirect and clientError exits, so refactor
One Event would never be called, and other stuff were redundant clauses.
2014-03-10 00:24:32 +01:00
Mikael Nordfeldth
8d655bc706 Add support for 'nohub' sub_state in FeedSub
(requires upgrade.php run)
2014-03-09 23:03:54 +01:00
Mikael Nordfeldth
779ce40ac3 Add functions to avoid direct variable access 2014-03-09 13:31:05 +01:00
Mikael Nordfeldth
a1b0d5fa7e FeedSub gets a plugin event handler for sub/unsub 2014-03-09 13:27:28 +01:00
Mikael Nordfeldth
940867e39d RegisterThrottle didn't save the created time 2014-03-07 21:23:49 +01:00
Mikael Nordfeldth
326ad9376e Cosmetic changes to RegisterThrottle 2014-03-07 21:03:38 +01:00
Mikael Nordfeldth
4e8697c96e We don't add to inbox anymore. 2014-03-07 00:05:21 +01:00
Mikael Nordfeldth
c4e1cd1289 Added OpportunisticQM README that has good docs 2014-03-06 14:45:18 +01:00
Mikael Nordfeldth
aff6a66178 Add Attention stuff to TwitterBridge 2014-03-06 14:28:27 +01:00
Mikael Nordfeldth
3be0e44490 Stricter typing + user detection in Realtime 2014-03-06 13:23:08 +01:00
Mikael Nordfeldth
2272cc244d Removed Inbox from core (unused since 4b2a66ed29)
Added the following FIXME:
How should a Twitter user get their Inbox filled with foreign tweets?

Every imported Twitter user has a profile in the Profile table, so we
could setup a Subscription entry for each of those, meaning they get
collected in the InboxNoticeStream... But this would mean a lot of
unnecessary entries and listings that generally just point to the
locked down Twitter service.

Let's figure out a good relation so we can connect any profile to any
imported foreign notice, so it shows up in the "all" feed.
2014-03-06 04:46:29 +01:00
Mikael Nordfeldth
4b2a66ed29 New mechanism for "all" feed (InboxNoticeStream)
Also cleaned up and made typing stricter for the stream, so only
profiles can be submitted. This reasonably also means we can create
"inbox" or "all" streams for foreign profiles as well using the same
stream handler (but of course only for messages we already know about).

To avoid looking up posts for a long time in a large notice database,
the lookback period for the inbox is no longer than the profile creation
date. (this matches the behaviour of Inbox)

Inbox class can probably be removed now.
2014-03-06 04:18:54 +01:00
Mikael Nordfeldth
c0f65f6ea7 Merge branch 'master' into FeedPoller 2014-03-06 01:15:19 +01:00
Mikael Nordfeldth
e571e64e9e Make ostatussub conform to coding standards a bit 2014-03-05 13:44:45 +01:00
Mikael Nordfeldth
dc0ae2785d SubMirror now works again against old PuSH
There was a problem with (specifically at least) PuSHpress for
Wordpress. A previous attempt to perform a DB transaction backfired
because the remote side could connect to the callback before our
commit had gone through.

I take full responsibility for introducing the bug in the first place :)
2014-03-03 00:01:13 +01:00
Mikael Nordfeldth
83f50d25c0 Cosmetic changes to SubMirror actions 2014-03-02 23:06:21 +01:00
Mikael Nordfeldth
6f427d7e43 Remove Twitter from SubMirror
Twitter removed Atom feeds in API v1.1, so there is no way to mirror
a feed without screen-scraping or registering a dev account with them.
2014-03-02 22:58:23 +01:00
Mikael Nordfeldth
8ef29b70d1 GNU social naming, not StatusNet 2014-03-02 22:53:48 +01:00
Mikael Nordfeldth
8b04bcb310 Prepare for >1024 RSA keys for Salmon signatures 2014-03-02 11:47:38 +01:00
Mikael Nordfeldth
5c505d8539 Conversation ID now gets set from initial notice.
This will work without much extra effort because there will always be
more notices (higher value) than conversations (so no collisions).

But please run upgrade.php to avoid having an autoincrement id on
conversation table.

Installations using code after 2014-03-01 will have identical
conversation IDs to the initial (conversation root) notice IDs. This
will not affect older installations, which will have very different
values.
2014-03-01 17:12:40 +01:00
Mikael Nordfeldth
fc047bd6e6 Minor code cleanup with group related actions (thanks brw12)
Originated from brw12 who noticed an incorrect variable name used in
an error message in actions/apigroupjoin.php:109
2014-03-01 12:01:17 +01:00
Mikael Nordfeldth
9a03ec98e7 Don't forget to strip 'Plugin'. (_MrB_ rocks, MMN-o sucks.)
Paths are like "plugins/Realtime/...", not "plugins/RealtimePlugin/...".
2014-03-01 11:07:58 +01:00
Mikael Nordfeldth
d6ca90bb21 Partly revert 97830b0701 (thanks _MrB_)
require_once lines were required since _plugins_ don't __autoload

Also, Realtime would load the wrong URL for css/js since $this->name()
returns get_class($this) instead of the calling class' __CLASS__.
2014-02-27 23:30:35 +01:00
Mikael Nordfeldth
1e37f374b3 Making us less dependant on javascript trust
Many of the microapps are pretty javascript dependant, but at least
we should allow users to get to the new notice field without allowing
javascript to run in the browser. :)
2014-02-24 02:05:31 +01:00
Mikael Nordfeldth
97830b0701 Preparing plugins for no-minify-in-core-policy
also making the file structure better with js and css folders for Realtime and LinkPreview
2014-02-24 01:01:34 +01:00
Mikael Nordfeldth
698a7adb83 mentions from OStatus lookup were missing a 'type' attribute in common_linkify_mention 2014-02-23 21:49:55 +01:00
Mikael Nordfeldth
834ecd0f80 Autocomplete now matches remote profiles as well. 2014-02-23 20:12:01 +01:00
Jean Baptiste Favre
711f938892 Fiw TwitterBridge after SSL enforcement (https://dev.twitter.com/discussions/24239) 2014-01-26 22:27:16 +01:00
Mikael Nordfeldth
b81d7c425d better comment for PuSH <0.4 hack 2014-01-01 19:47:41 +01:00
Mikael Nordfeldth
e51f41c069 better comment for PuSH <0.4 hack 2014-01-01 19:43:31 +01:00
Mikael Nordfeldth
b09b968f96 Twitter search server has changed domain name (thanks mrvdb) 2013-12-04 13:43:04 +01:00
Mikael Nordfeldth
710eac403c Cronish jobs by the minute. These run very often!
Minutely will NOT necessarily run by the minute, because it depends on
site visitors. Busy sites will be able to do this, but sites where the
visitors (or search engine stuff or api calls) are more than a minute
apart, the interval will be much larger.
2013-11-20 23:26:41 +01:00
Mikael Nordfeldth
9400795a5f Cron split into Cronish and OpportunisticQM
/main/cron changed to /main/runqueue

The key-required functionality is not throughly tested yet.
2013-11-20 21:20:42 +01:00
Mikael Nordfeldth
b6f5f58f1a Attention structure has changed recently 2013-11-19 13:38:38 +01:00
Mikael Nordfeldth
3dcce8d987 Don't miss integer 0 values from find() 2013-11-19 13:30:14 +01:00
Mikael Nordfeldth
dfd83bd898 GTalk shouldn't be trusted to comply with XMPP nowadays 2013-11-19 13:21:38 +01:00
Mikael Nordfeldth
729c6eef36 Inbox class a bit more consistent in argument order and type 2013-11-09 01:18:44 +01:00
Mikael Nordfeldth
700dce386a WebFingerResource for profiles now WebFingerResource_Profile 2013-11-09 00:49:00 +01:00
Mikael Nordfeldth
1223c17568 Remote StatusNet sites would throw 400 if no hub.verify_token 2013-11-06 12:46:59 +01:00
Mikael Nordfeldth
ab4113168f PuSH 0.4: No outgoing 'sync' verifications. Feed renewal script. No auto-renewal.
Among other things (such as permanent subscriptions), Pubsubhubbub 0.4
removed the "sync" verification method. This means that any incoming
PuSH subscription requests that follow the 0.4 spec won't really
_require_that we handle it as a background process, but if we were to
try direct verification of the subscription - and fail - there's no way
we could  pick up the ball again. So _essentially_ we require background
processing with retries.

This means we must implement something like the "poorman cron" or
similar, so background processing can be handled
on-demand/on-site-visit. This is how Friendica, Drupal etc. handles it
and is necessary for environments where we can't run separate queue
daemons.

When the poorman-cron-ish thing is implemented, auto-renewal will work
for all users.

PuSH 0.4 spec:
    https://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html
More on PuSH 0.4 release (incl. breaking changes):
    https://groups.google.com/forum/#!msg/pubsubhubbub/7RPlYMds4RI/2mIHQTdV3aoJ
2013-11-02 20:02:28 +01:00
Mikael Nordfeldth
db889922ac We don't do local_push_bypass 2013-11-02 17:42:32 +01:00
Mikael Nordfeldth
6ef1967cec Notice metadata for WebFinger. Not sure if implemented properly.
This is more of a proof of concept and will likely not stay in exactly
this form. We should reasonably deliver the entire notice upon webfinger
querying.
2013-11-01 17:37:18 +01:00
Mikael Nordfeldth
7ddd561837 Salmon only has one "rel" value now, so start deprecating 2013-11-01 17:00:12 +01:00
Mikael Nordfeldth
6bc11b63e3 What was that NewMenu plugin doing there anyway? 2013-11-01 13:57:31 +01:00
Mikael Nordfeldth
f110fc5c9a Using GNUSOCIAL_VERSION instead of STATUSNET_VERSION 2013-11-01 13:51:41 +01:00
Mikael Nordfeldth
255943d78f User agents and generators changed to GNU social 2013-11-01 13:46:05 +01:00
Mikael Nordfeldth
ca66860a4f Better typing and minor fixes to OStatus related stuff 2013-11-01 13:20:45 +01:00
Mikael Nordfeldth
be62f44ef4 OStatus remote address example now more generic 2013-10-30 15:04:54 +01:00
Mikael Nordfeldth
f75ddaa8aa Getting a profile from URI would throw exceptions on remote URL lookup failures 2013-10-30 14:43:40 +01:00
Mikael Nordfeldth
5efff58213 Use schemaDef when checking database structure 2013-10-30 14:17:54 +01:00
Mikael Nordfeldth
603d2d3891 Minor Ostatus_profile class reference fixes 2013-10-30 14:14:02 +01:00
Mikael Nordfeldth
09ef1fff69 NoticeListItem attentions showed double for User_group
...because they each have their own Profile now! Whiie!
2013-10-30 12:56:17 +01:00
Mikael Nordfeldth
e45edd6ae2 Use addPlugin! (esp. XMPP folks should do this)
If you're using XMPP by setting $config['xmpp'][*] then you should do:

    addPlugin('Xmpp', $config['xmpp']);

because setting it directly in $config[''] won't do anything.

Also, default resource for XMPP is now 'gnusocial'. If you want something
more random, set it in your addPlugin config array.
2013-10-30 12:28:39 +01:00
Mikael Nordfeldth
9b6633698c Group discovery from text functions polished
Also removed the entirely unused saveGroups function.

Now avoiding multiGet and using listFind in Profile->getGroups()
so we don't have to deal with ArrayWrapper.
2013-10-29 13:40:14 +01:00
Mikael Nordfeldth
f8b49e69d0 Protected function prepare with array $args defaulting to array() 2013-10-29 10:26:46 +01:00
Mikael Nordfeldth
2dfa0bfcee function delete in dataobjects now don't break strict syntax 2013-10-29 10:20:57 +01:00
Mikael Nordfeldth
23a6b4595f Reworked the ActivityContext->attention structure
Removing Evan's obscure attentionType solution and directly using the attention array
2013-10-28 22:21:14 +01:00
Mikael Nordfeldth
3ba6374b9d Memcached_DataObject extensions got their update functions more consistent 2013-10-28 19:36:05 +01:00
Mikael Nordfeldth
fa91bc7132 Some getStaticProperty calls to PEAR globalized 2013-10-28 19:03:09 +01:00
Mikael Nordfeldth
fd0a16ba04 acct uri should be caseinsensitive (so let's do our reconstruction in lowercase) 2013-10-28 18:28:53 +01:00
Mikael Nordfeldth
74429835a1 Event handler StartGetProfileAcctUri for WebFinger 2013-10-28 18:26:00 +01:00
Mikael Nordfeldth
fcba540a14 Removed legacy OMB. Use OStatus for remote profiles. 2013-10-28 16:22:09 +01:00
Mikael Nordfeldth
362b6ad2fc ForceGroup and some qvitter API stuff still used staticGet 2013-10-25 13:20:53 +02:00
Mikael Nordfeldth
a38ed0057a Moved jbfavre's Twitter card support to Twitter plugin
It was causing problems with an undefined TWITTER_SERVICE constant.
2013-10-22 20:35:03 +02:00
Mikael Nordfeldth
38da5ec7f7 Ostatus_profile->processShare now backwards compatible against federating StatusNet nodes
StatusNet was improperly defining the id (URI) of the shared object as a
TagURI, while it should've really been the object's URI of course.
2013-10-21 23:25:47 +02:00
Mikael Nordfeldth
ba46c3d360 SHARE activities would not be imported from federated instances for local notices
"[...] posts _local_ users (like you) make won't get data about "repeated by"
from federated users"

This was because the ActivityObject would processShare where the shared object
has a _local_ 'actor' URI. Ostatus_profile would complain this meant that a
"Local user cannot be referenced as remote.".

So we see if the shared activity object's id (URI) is in our Notice table, so
we don't have to processActivity - and can skip ensureActivityObjectProfile.
2013-10-21 23:25:43 +02:00
Mikael Nordfeldth
3cab5b36c1 Replace common_good_random with common_random_hexstr 2013-10-21 13:20:30 +02:00
Mikael Nordfeldth
7233869298 Generate better salt for crypt() 2013-10-21 13:16:03 +02:00
Mikael Nordfeldth
df5aa6f93a Exception wasn't thrown. How does PHP handle daisychained calls, really? 2013-10-21 09:09:32 +02:00
Florian Schmaus
c70a519555 plugins/Xmpp/README fixed typos 2013-10-20 21:05:09 +02:00
Florian Schmaus
b7d45e176b Improved plugins/Xmpp/README
Added the relevant section in INSTALL about queues and daemons to get
the plugin runnig.

Made resource required, as otherwise XMPPHP will send invalid from JIDs
in it's stanzas. For example when my configuration didn't had the
resource part, outbound stanzas looked like this:

<message
	from="gnusocial@example.de/"
	to="flow@example.de"
	type='chat'>
	<body>
	User &quot;flow&quot; on GNU Social has said that your
	XMPP/Jabber/GTalk screenname belongs to them.
	…
	</body>
</message>

Note the '/' at the end of the from attribute, without an actual
XMPP resource. But according to RFC6122 2.1 "every allowable portion of
a JID MUST NOT be zero bytes in length". Causing a jid-malformed
response from the server.

Also, it's nice to know that debug=true will print out all sent and
received stanzas, which helped me to debug the problem.

Furthermore I add a note that if the XMPP services uses DNS SRV records,
'host' has to be configured (in cases where service host != xmpp domain).
2013-10-20 21:05:04 +02:00
Mikael Nordfeldth
a8804010c4 Profile creation always failed because we didn't COMMIT 2013-10-20 17:22:44 +02:00
Mikael Nordfeldth
2729c622ff Minor function definitions so they match Action parent 2013-10-20 17:21:56 +02:00
Mikael Nordfeldth
e868ebfe77 WebFingerResource introduced, instead of strict Profile object
This is the beginning of getting notice URI info via WebFinger

*XrdActionLinks is renamed *WebFingerProfileLinks, check EVENTS.txt
in WebFinger plugin for new events.
2013-10-20 15:48:14 +02:00