Commit Graph

367 Commits

Author SHA1 Message Date
Alexei Sorokin
7d7dbe627b [AuthCrypt] Password storage and comparison improvements
Password hashes are now stored in a TEXT attribute, not limited to 199 symbols.
That limitation makes no sense as password hashes are not the kind of
information to be indexed.

Actually replace crypt() with password_verify() for password checking, current
code left password_verify() unused.

Only update passwords when they use a different algorithm from the current
default. Previously "overwrite" meant rehashing every login.

Replace the "argon" boolean option with "algorithm" and "algorithm_options" for
better configurability.
The default remains whichever is default for PHP's password_hash.
2021-07-16 19:44:37 +01:00
Alexei Sorokin
26115482ef [SCHEMA] Improve timestamp storage
Avoid the use of deprecated MariaDB "zero dates" globally. If they're present
as attribute defaults somewhere, they will be replaced with NULL implicitly.
The existing "zero dates" in MariaDB storage will be left intact and this
should not present any issues.

The "timestamp" type in table definitions now corresponds to DATETIME in
MariaDB with "DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP", which
should be close enough to the original behaviour for compatibility purposes.
It is now the recommended type for "modified" attributes, because of the
update trigger on MariaDB. But there is no such trigger implemented on
PostgreSQL as of this moment.
2021-07-16 19:44:37 +01:00
Alexei Sorokin
9ac632ca2d [DATABASE] Start transactions with START TRANSACTION
"BEGIN" is non-standard and unnecessary.
2021-07-16 19:44:36 +01:00
Alexei Sorokin
53af27a303 [NodeInfo][DATABASE] Adjust indices of the "notice" and "user" tables
On big databases these queries from the Nodeinfo plugin choked up:

SELECT profile_id FROM notice
  WHERE notice.created >= (CURRENT_DATE - INTERVAL '180' DAY)
  AND notice.is_local = 1;
SELECT id FROM "user"
  WHERE "user".created >= (CURRENT_DATE - INTERVAL '180' DAY);
2021-07-16 19:44:36 +01:00
Alexei Sorokin
3f17a0efea [DATABASE] Introduce a bool type in schema
PostgreSQL has a clear distinction between integers and booleans, so it makes
sense to draw a clear line.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
9d87c37ac1 [DATABASE] Consistently use the "LIMIT $limit OFFSET $offset" syntax
The "LIMIT $offset, $limit" syntax is only supported by MySQL and MariaDB.
2021-07-16 19:44:35 +01:00
Alexei Sorokin
d26aac77b3 [DATABASE] Always quote identifiers
The code used to operate under the assumption that MariaDB doesn't support
quoting identifiers. Not only is that not exactly true, but MariaDB has
reserved keywords that cannot be used as table or column names unquoted.
2021-07-16 19:44:35 +01:00
Miguel Dantas
ab3e8ce21d [LIB_REFACTOR] Fix requires 2021-07-16 19:44:34 +01:00
Diogo Cordeiro
f67a93eddc [CORE] Bump Database requirement to MariaDB 10.3+ 2019-08-03 17:47:23 +01:00
Nym Coy
1f866fcaed ActivityGenerationTests.php fails but doesn't crash anymore.
Fixed an error where a profile id was reused after another profile was
deleted, and the new profile still had the deleted role.

Fixed ActivityGenerationTests::testNoticeInfoRepeated() which was passing
User instead of Profile, throwing errors.

tests/ActivityGenerationTests.php now passes.

CommandInterpreterTest now passes.

Moved JidValidateTest to XmppValidateTest, since Jabber functionality has
moved to the XmppPlugin. Tests work but don't pass, but they are at least
skipped if XmppPlugin is not active.

LocationTest passes, but the tests are not very good. Lots of nulls.

MediaFileTest passes.

NicknameTest passes. Nickname::normalize() now throws an error if the
nickname is too long with underscores.

UserFeedParseTest passes.

URLDetectionTest passes if $config['linkify']['(bare_ipv4|bare_ipv6|
bare_domains)'] are false. Untested otherwise.

Fixed Nickname::isBlacklisted() so it does not throw an error if
$config['nickname]['blacklist'] not set.
2016-08-14 11:55:49 +05:30
Mikael Nordfeldth
f93f02f424 Managed_DataObject now has getByUri() 2016-06-25 11:59:06 +02:00
Mikael Nordfeldth
6ec72b2978 Move mail_confirm_address out of mail.php 2016-03-06 17:27:40 +01:00
Mikael Nordfeldth
97d8e4571f Fix a regression in 1f76c1e4 that stopped sending email confirmation on registration 2016-03-02 14:35:08 +01:00
Mikael Nordfeldth
7ec69e4215 User->hasBlocked typing 2016-03-02 00:04:31 +01:00
Mikael Nordfeldth
63c087a255 Consistent behaviour for ScopingNoticeStream $scoped
We don't guess the current profile anymore if the value of the profile === -1

Also sets $this->scoped for all ScopingNoticeStream inheritors, which just
like in an Action can be null if we're not scoped in any way (logged in).
2016-03-01 14:51:47 +01:00
Mikael Nordfeldth
d16a883e17 Allow lookup of User->getByUri (throws NoResultException) 2016-02-21 18:47:47 +01:00
Mikael Nordfeldth
1f76c1e4a9 Initial user doesn't need as strict checking on email 2016-01-16 17:23:50 +01:00
Mikael Nordfeldth
29847f172f setPassword now runs validate too 2015-12-30 17:51:57 +01:00
Mikael Nordfeldth
d7a8ee99af Added User->setPassword($password) 2015-12-30 17:44:24 +01:00
Mikael Nordfeldth
6f62adedfc Infinite loop on CLI initiated profile deletion for local users
profile deleting user deleting profile deleting user...
2015-07-18 02:16:52 +02:00
Mikael Nordfeldth
9f82da07f1 ProfilesettingsAction and related stuff modernised 2015-07-17 12:20:11 +02:00
Mikael Nordfeldth
cfaaf3c13c PasswordsettingsAction aligned with FormAction
Also made some changes in the password "munging" function call
common_munge_password to accept a profile instead of user ID (which
was only there because stoneage StatusNet used the ID to generate a
not-very-random salt, but nowadays we primarily use AuthCrypt plugin).
2015-07-17 01:47:43 +02:00
Mikael Nordfeldth
01a4ab30dc Removing MicroID as well as simplifying profileaction
sorry, forgot to commit in between
2015-07-14 16:52:20 +02:00
Mikael Nordfeldth
f8877e015b static definition of User::getByNickname 2015-07-10 12:59:19 +02:00
Mikael Nordfeldth
f9d82a6ac5 Easy comparison of two Profile objects 2015-07-10 12:19:55 +02:00
Mikael Nordfeldth
8cc85f684b Need to supply data to NoSuchUserException 2015-07-10 00:08:09 +02:00
Mikael Nordfeldth
82f9b6908c Fake recovery by email address, to hide registrants on the site 2015-05-30 23:29:58 +02:00
Mikael Nordfeldth
731d283159 Password recovery logic cleaned up 2015-05-30 23:18:17 +02:00
Mikael Nordfeldth
ec4e432d55 Subscription::ensureStart skips AlreadyFulfilledException
Sometimes we just want to accept the user's wrong, but when it comes
to remote APIs etc. we probably want to let the client know it has
done something already (in this case multiple identical subscription
requests - which might indicate to it that it should refresh the sub
lists or something).
2015-03-04 11:38:04 +01:00
Mikael Nordfeldth
bece816ec7 User class throws exception on register failure 2015-03-01 12:36:19 +01:00
Mikael Nordfeldth
ce91f1c0e6 Hide posts from users with private_stream in scoping streams
For example the public timeline would show notices from a user with
private_stream configured. (previously it would only hide _new_ notices
by this user as they would be the only ones with notice scoping set).
2015-02-24 22:59:58 +01:00
Mikael Nordfeldth
0590f2975e Merge branch 'utf8mb4' into nightly
Conflicts because of urlhash fixes:
	classes/File.php
	classes/File_redirection.php
	classes/File_thumbnail.php
2015-02-19 20:50:40 +01:00
Mikael Nordfeldth
901a825b61 Non-functional "retweeted to me" API call modified (but not fixed)
For some reason the "retweeted to me" part of the Twitter API was removed
when Evan made some inbox changes back in the StatusNet days. We might
recover this functionality, but not yet. The proper function calls are
however fixed in this commit.
2015-02-17 16:48:24 +01:00
Mikael Nordfeldth
2f86cd8602 utf8mb4 conversion on database with index adjusts 2015-02-12 18:18:55 +01:00
Mikael Nordfeldth
6b638b8e13 User class also needs getConfigPref 2015-02-03 22:04:29 +01:00
Mikael Nordfeldth
40416c2c69 Don't email users who are sandboxed
If sandboxed or silenced, don't email the user any notifications.
2015-02-03 11:41:20 +01:00
Mikael Nordfeldth
e38d78eba9 updateKeys (for classes with PRI id) now in Managed_DataObject 2015-01-25 11:58:35 +01:00
Mikael Nordfeldth
5653c25641 Add simpler delete preference for Profile and User 2015-01-21 23:00:33 +01:00
Mikael Nordfeldth
305c9f33a7 Registration coding cleanup
Mainly there was an Undefined variable: code in apiaccountregister.php
2015-01-18 13:06:12 +01:00
Mikael Nordfeldth
0a20abf1d8 Email notify-on-fave moved to Profile_prefs (run upgrade.php) 2014-07-13 19:46:40 +02:00
Mikael Nordfeldth
b5fd2a048f Shortcut to Profile_prefs get/set Data in Profile and User 2014-07-13 16:49:35 +02:00
Mikael Nordfeldth
b63f6e949c Converted all ActivityObject::fromProfile to $profile->asActivityObject 2014-07-03 10:51:36 +02:00
Mikael Nordfeldth
7e597ea7cc More Favorite pluginification (favecount, cache, menus(favecount, cache, menus)) 2014-06-28 14:03:30 +02:00
Mikael Nordfeldth
c8c6bf9a1c Simplify functions regarding locally cached profiles etc. 2014-06-06 00:32:07 +02:00
Mikael Nordfeldth
c786892103 Non-dynamic profile fetching in User and User_group 2014-06-06 00:19:54 +02:00
Mikael Nordfeldth
cd3cff451f ConversationTree is now a plugin (not oldschool setting)
Conversation trees works pretty bad with the current layout, javascript
etc. So it's best if we separate it and work on it as a side-project. The
oldschool settings are currently being deprecated (or broken out like this).

I'll wait with removing User preferences for oldschool conversation tree,
since that might be reusable data. But I guess it will go in the near future.
2014-05-12 11:51:11 +02:00
Mikael Nordfeldth
8b12e41351 User object didn't have getNickname() function
We're just jumping on to the Profile->getNickname() function.
2014-05-06 16:08:36 +02:00
Mikael Nordfeldth
34b570352f Fix Direct Message functionality. 2014-04-29 20:37:58 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
79cacdc62f Removing unused "inboxed" flag for User class 2014-03-07 21:37:48 +01:00