From 440ab9039178bfc58c55316eb9ba2e19551bd12b Mon Sep 17 00:00:00 2001
From: Brion Vibber <brion@pobox.com>
Date: Tue, 16 Feb 2010 22:03:24 +0000
Subject: [PATCH] OStatus: fix up some recent regressions in subscription
 setup; fix state checks and verification token, and avatar save on setup.
 Needs updates for new atom code next...

---
 plugins/OStatus/actions/pushhub.php         |  6 +-
 plugins/OStatus/classes/Ostatus_profile.php | 83 ++++++++++++++++-----
 plugins/OStatus/lib/feedmunger.php          |  9 ++-
 3 files changed, 73 insertions(+), 25 deletions(-)

diff --git a/plugins/OStatus/actions/pushhub.php b/plugins/OStatus/actions/pushhub.php
index 901c18f702..13ec09d528 100644
--- a/plugins/OStatus/actions/pushhub.php
+++ b/plugins/OStatus/actions/pushhub.php
@@ -44,7 +44,7 @@ class PushHubAction extends Action
         // PHP converts '.'s in incoming var names to '_'s.
         // It also merges multiple values, which'll break hub.verify and hub.topic for publishing
         // @fixme handle multiple args
-        $arg = str_replace('.', '_', $arg);
+        $arg = str_replace('hub.', 'hub_', $arg);
         return parent::arg($arg, $def);
     }
 
@@ -96,7 +96,11 @@ class PushHubAction extends Action
         $sub = new HubSub();
         $sub->topic = $feed;
         $sub->callback = $callback;
+        $sub->verify_token = $this->arg('hub.verify_token', null);
         $sub->secret = $this->arg('hub.secret', null);
+        if (strlen($sub->secret) > 200) {
+            throw new ClientException("hub.secret must be no longer than 200 chars", 400);
+        }
         $sub->setLease(intval($this->arg('hub.lease_seconds')));
 
         // @fixme check for feeds we don't manage
diff --git a/plugins/OStatus/classes/Ostatus_profile.php b/plugins/OStatus/classes/Ostatus_profile.php
index 9b6ef2f163..243211c31f 100644
--- a/plugins/OStatus/classes/Ostatus_profile.php
+++ b/plugins/OStatus/classes/Ostatus_profile.php
@@ -262,7 +262,7 @@ class Ostatus_profile extends Memcached_DataObject
         $avatar = $munger->getAvatar();
         if ($avatar) {
             try {
-                $this->updateAvatar($avatar);
+                $profile->updateAvatar($avatar);
             } catch (Exception $e) {
                 common_log(LOG_ERR, "Exception setting OStatus avatar: " .
                                     $e->getMessage());
@@ -283,8 +283,10 @@ class Ostatus_profile extends Memcached_DataObject
         // ripped from oauthstore.php (for old OMB client)
         $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar');
         copy($url, $temp_filename);
-        $imagefile = new ImageFile($profile->id, $temp_filename);
-        $filename = Avatar::filename($profile->id,
+        
+        // @fixme should we be using different ids?
+        $imagefile = new ImageFile($this->id, $temp_filename);
+        $filename = Avatar::filename($this->id,
                                      image_type_to_extension($imagefile->type),
                                      null,
                                      common_timestamp());
@@ -376,17 +378,56 @@ class Ostatus_profile extends Memcached_DataObject
      * The hub will later send us a confirmation POST to /main/push/callback.
      *
      * @return bool true on success, false on failure
+     * @throws ServerException if feed state is not valid
      */
     public function subscribe($mode='subscribe')
     {
-        if (common_config('feedsub', 'nohub')) {
-            // Fake it! We're just testing remote feeds w/o hubs.
-            return true;
+        if ($this->sub_state != '') {
+            throw new ServerException("Attempting to start PuSH subscription to feed in state $this->sub_state");
         }
-        // @fixme use the verification token
-        #$token = md5(mt_rand() . ':' . $this->feeduri);
-        #$this->verify_token = $token;
-        #$this->update(); // @fixme
+        if (empty($this->huburi)) {
+            if (common_config('feedsub', 'nohub')) {
+                // Fake it! We're just testing remote feeds w/o hubs.
+                return true;
+            } else {
+                throw new ServerException("Attempting to start PuSH subscription for feed with no hub");
+            }
+        }
+
+        return $this->doSubscribe('subscribe');
+    }
+
+    /**
+     * Send a PuSH unsubscription request to the hub for this feed.
+     * The hub will later send us a confirmation POST to /main/push/callback.
+     *
+     * @return bool true on success, false on failure
+     * @throws ServerException if feed state is not valid
+     */
+    public function unsubscribe() {
+        if ($this->sub_state != 'active') {
+            throw new ServerException("Attempting to end PuSH subscription to feed in state $this->sub_state");
+        }
+        if (empty($this->huburi)) {
+            if (common_config('feedsub', 'nohub')) {
+                // Fake it! We're just testing remote feeds w/o hubs.
+                return true;
+            } else {
+                throw new ServerException("Attempting to end PuSH subscription for feed with no hub");
+            }
+        }
+
+        return $this->doSubscribe('unsubscribe');
+    }
+
+    protected function doSubscribe($mode)
+    {
+        $orig = clone($this);
+        $this->verify_token = md5(mt_rand() . ':' . $this->feeduri);
+        $this->sub_state = $mode;
+        $this->update($orig);
+        unset($orig);
+
         try {
             $callback = common_local_url('pushcallback', array('feed' => $this->id));
             $headers = array('Content-Type: application/x-www-form-urlencoded');
@@ -416,6 +457,13 @@ class Ostatus_profile extends Memcached_DataObject
         } catch (Exception $e) {
             // wtf!
             common_log(LOG_ERR, __METHOD__ . ": error \"{$e->getMessage()}\" hitting hub $this->huburi subscribing to $this->feeduri");
+
+            $orig = clone($this);
+            $this->verify_token = null;
+            $this->sub_state = null;
+            $this->update($orig);
+            unset($orig);
+
             return false;
         }
     }
@@ -460,16 +508,6 @@ class Ostatus_profile extends Memcached_DataObject
         return $this->update($original);
     }
 
-    /**
-     * Send a PuSH unsubscription request to the hub for this feed.
-     * The hub will later send us a confirmation POST to /main/push/callback.
-     *
-     * @return bool true on success, false on failure
-     */
-    public function unsubscribe() {
-        return $this->subscribe('unsubscribe');
-    }
-
     /**
      * Send an Activity Streams notification to the remote Salmon endpoint,
      * if so configured.
@@ -568,6 +606,11 @@ class Ostatus_profile extends Memcached_DataObject
     {
         common_log(LOG_INFO, __METHOD__ . ": packet for \"$this->feeduri\"! $hmac $xml");
 
+        if ($this->sub_state != 'active') {
+            common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH for inactive feed $this->feeduri (in state '$this->sub_state')");
+            return;
+        }
+
         if ($this->secret) {
             if (preg_match('/^sha1=([0-9a-fA-F]{40})$/', $hmac, $matches)) {
                 $their_hmac = strtolower($matches[1]);
diff --git a/plugins/OStatus/lib/feedmunger.php b/plugins/OStatus/lib/feedmunger.php
index c895b6ce24..e8c46de90e 100644
--- a/plugins/OStatus/lib/feedmunger.php
+++ b/plugins/OStatus/lib/feedmunger.php
@@ -258,11 +258,12 @@ class FeedMunger
     {
         // hack hack hack
         // should get profile for this entry's author...
-        $remote = Ostatus_profile::staticGet('feeduri', $this->getSelfLink());
-        if ($feed) {
-            return $feed->profile_id;
+        $feeduri = $this->getSelfLink();
+        $remote = Ostatus_profile::staticGet('feeduri', $feeduri);
+        if ($remote) {
+            return $remote->profile_id;
         } else {
-            throw new Exception("Can't find feed profile");
+            throw new Exception("Can't find feed profile for $feeduri");
         }
     }