Commit Graph

215 Commits

Author SHA1 Message Date
Mikael Nordfeldth
7ccd36849e Merge branch 'master' of git.gnu.io:gnu/gnu-social into nightly
Conflicts:
	plugins/OStatus/OStatusPlugin.php

master vs. nightly thing
2015-11-05 16:16:02 +01:00
Stephen Paul Weber
4b31bc3fd2 Enqueue renewals
Better for request times, etc
2015-10-21 01:50:03 +00:00
Mikael Nordfeldth
af1b0915f4 Magic signature discovery and envelope changes 2015-10-04 17:26:35 +02:00
Mikael Nordfeldth
6afa091dca Change some Salmon events and similar
Use Profile instead of User and (if we know it) send along the target
profile, so a Diaspora plugin can encrypt to the receiver.
2015-10-04 17:26:23 +02:00
Mikael Nordfeldth
2970333adb Set otherwise undiscovered salmonuri on OStatus script update-profile.php 2015-10-04 17:21:56 +02:00
Mikael Nordfeldth
57f26a97fb var_export without true 2015-10-04 16:40:21 +02:00
Mikael Nordfeldth
684b9419a0 Add an event to get plugin discovery hints from XRD 2015-10-04 14:46:45 +02:00
Mikael Nordfeldth
2aed59a02a Diaspora plugin is almost there (for remote salmon slaps at least) 2015-10-04 12:06:48 +02:00
Mikael Nordfeldth
9b461db4da Send the entire XMLStringer object in MagicEnvelope events. 2015-10-04 09:59:01 +02:00
Mikael Nordfeldth
184293c634 Break out MagicEnvelope->toXML() functionality to allow for plugin flexibility 2015-10-04 00:17:07 +02:00
Mikael Nordfeldth
30a4393afa Move around some code related to Magic_envelope and signing 2015-10-03 23:35:46 +02:00
Mikael Nordfeldth
c5a5eaf288 Do we update feeduri and salmonuri for Ostatus_profile now?
When changing from HTTP to HTTPS, following up on commit
59763ceecb
where http to https Ostatus_profile URI changing was first introduced.
2015-07-11 19:46:01 +02:00
Mikael Nordfeldth
24b1e26406 MagicEnvelope called DOMDocument::loadXML statically
but apparently we shouldn't do this, despite recommended on https://secure.php.net/manual/en/domdocument.loadxml.php
2015-07-10 23:24:50 +02:00
Mikael Nordfeldth
6478034e92 Diaspora-compatible Salmon slap receival
We're not all the way there yet, there is something which seems to bugger
up profile discovery from their end.
2015-06-06 17:14:38 +02:00
Mikael Nordfeldth
faf14197cd Diaspora doesn't understand our Salmon POST, so send again 2015-06-06 16:57:29 +02:00
Mikael Nordfeldth
4de125dd84 Moved FeedSubException parent class to own file 2015-06-06 16:02:25 +02:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
9aa59c7f62 forgot primary key column to updateWithKeys in SalmonAction 2015-02-17 21:31:35 +01:00
Mikael Nordfeldth
59763ceecb SalmonAction now updates remote URI if it was stale.
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.

This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
2015-02-17 17:35:45 +01:00
Mikael Nordfeldth
aeaee388bf Store remote magicsig public keys locally 2015-01-24 13:06:09 +01:00
Mikael Nordfeldth
975ce6d83e Documentation update (clarifying need for php5-gmp in comment) 2015-01-24 12:22:29 +01:00
Mikael Nordfeldth
57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
66044b7782 ensureActivityObjectProfile is more thorough than createAct... 2015-01-12 11:47:21 +01:00
Mikael Nordfeldth
73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
d8f4de450c Support for updated aliases
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.

Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?

Currently we do _not_ update the ostatus_profile table with the new URI.
2015-01-10 02:07:39 +01:00
Mikael Nordfeldth
c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
c74dc15173 DiscoveryHints gets microformats2 parsing abilities 2014-06-24 01:27:03 +02:00
Mikael Nordfeldth
55418685c4 DiscoveryHints now properly returns hcard url 2014-06-23 20:51:37 +02:00
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys)
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
78805d113a MagicEnvelope discoverKeyPair now returns string
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b Only use a Profile in MagicEnvelope keypair retrieval
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4 Use locally cached Salmon keys for profiles
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays)
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad Make MagicEnvelope self-reference
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
ba10da27da Should not normalize Salmon author URIs.
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00