getAliases for Profile and Notice

Also move fancyurlfix into site-wide $config['fix']['fancyurls']

TODO: getByUri should make use of this directly I guess?

classes/Managed_DataObject.php

@@ -412,6 +412,55 @@ abstract class Managed_DataObject extends Memcached_DataObject
         return intval($this->id);
     }
 
+    /**
+     * WARNING: Only use this on Profile and Notice. We should probably do
+     * this with traits/"implements" or whatever, but that's over the top
+     * right now, I'm just throwing this in here to avoid code duplication
+     * in Profile and Notice classes.
+     */
+    public function getAliases()
+    {
+        $aliases = array();
+        $aliases[$this->getUri()] = $this->getID();
+
+        try {
+            $aliases[$this->getUrl()] = $this->getID();
+        } catch (InvalidUrlException $e) {
+            // getUrl failed because no valid URL could be returned, just ignore it
+        }
+
+        if (common_config('fix', 'fancyurls')) {
+            /**
+             * Here we add some hacky hotfixes for remote lookups that have been taught the
+             * (at least now) wrong URI but it's still obviously the same user. Such as:
+             * - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1
+             * - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1
+             * - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1
+             * - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1
+             */
+            foreach ($aliases as $alias=>$id) {
+                try {
+                    // get a "fancy url" version of the alias, even without index.php/
+                    $alt_url = common_fake_local_fancy_url($alias);
+                    // store this as well so remote sites can be sure we really are the same profile
+                    $aliases[$alt_url] = $id;
+                } catch (Exception $e) {
+                    // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
+                }
+
+                try {
+                    // get a non-"fancy url" version of the alias, i.e. add index.php/
+                    $alt_url = common_fake_local_nonfancy_url($alias);
+                    // store this as well so remote sites can be sure we really are the same profile
+                    $aliases[$alt_url] = $id;
+                } catch (Exception $e) {
+                    // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
+                }
+            }
+        }
+        return $aliases;
+    }
+
     // 'update' won't write key columns, so we have to do it ourselves.
     // This also automatically calls "update" _before_ it sets the keys.
     // FIXME: This only works with single-column primary keys so far! Beware!

lib/default.php

@@ -81,6 +81,9 @@ $default =
               'log_queries' => false, // true to log all DB queries
               'log_slow_queries' => 0, // if set, log queries taking over N seconds
               'mysql_foreign_keys' => false), // if set, enables experimental foreign key support on MySQL
+        'fix' =>
+        array('fancyurls' => true,   // makes sure aliases in WebFinger etc. are not f'd by index.php/ URLs
+              ),
         'syslog' =>
         array('appname' => 'statusnet', # for syslog
               'priority' => 'debug', # XXX: currently ignored

plugins/WebFinger/WebFingerPlugin.php

@@ -36,12 +36,10 @@ class WebFingerPlugin extends Plugin
     const OAUTH_AUTHORIZE_REL       = 'http://apinamespace.org/oauth/authorize';
 
     public $http_alias = false;
-    public $fancyurlfix = true; // adds + interprets some extra aliases related to 'index.php/' URLs
 
     public function initialize()
     {
         common_config_set('webfinger', 'http_alias', $this->http_alias);
-        common_config_set('webfinger', 'fancyurlfix', $this->fancyurlfix);
     }
 
     public function onRouterInitialized($m)
@@ -106,7 +104,7 @@ class WebFingerPlugin extends Plugin
                 $user = User::getByUri($resource);
                 $profile = $user->getProfile();
             } catch (NoResultException $e) {
-                if (common_config('webfinger', 'fancyurlfix')) {
+                if (common_config('fix', 'fancyurls')) {
                     try {
                         try {   // if it's a /index.php/ url
                             // common_fake_local_fancy_url can throw an exception

plugins/WebFinger/lib/webfingerresource.php

@@ -31,49 +31,18 @@ abstract class WebFingerResource
 
     public function getAliases()
     {
-        $aliases = array();
+        $aliases = $this->object->getAliases();
 
-        // Add the URI as an identity, this is _not_ necessarily an HTTP url
-        $uri = $this->object->getUri();
-        $aliases[$uri] = true;
-        if (common_config('webfinger', 'http_alias')
-                && strtolower(parse_url($uri, PHP_URL_SCHEME)) === 'https') {
-            $aliases[preg_replace('/^https:/', 'http:', $uri, 1)] = true;
-        }
-
-        try {
-            $aliases[$this->object->getUrl()] = true;
-        } catch (InvalidUrlException $e) {
-            // getUrl failed because no valid URL could be returned, just ignore it
-        }
-
-        if (common_config('webfinger', 'fancyurlfix')) {
-            /**
-             * Here we add some hacky hotfixes for remote lookups that have been taught the
-             * (at least now) wrong URI but it's still obviously the same user. Such as:
-             * - https://site.example/user/1 even if the client requests https://site.example/index.php/user/1
-             * - https://site.example/user/1 even if the client requests https://site.example//index.php/user/1
-             * - https://site.example/index.php/user/1 even if the client requests https://site.example/user/1
-             * - https://site.example/index.php/user/1 even if the client requests https://site.example///index.php/user/1
-             */
-            foreach(array_keys($aliases) as $alias) {
-                try {
-                    // get a "fancy url" version of the alias, even without index.php/
-                    $alt_url = common_fake_local_fancy_url($alias);
-                    // store this as well so remote sites can be sure we really are the same profile
-                    $aliases[$alt_url] = true;
-                } catch (Exception $e) {
-                    // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
-                }
-    
-                try {
-                    // get a non-"fancy url" version of the alias, i.e. add index.php/
-                    $alt_url = common_fake_local_nonfancy_url($alias);
-                    // store this as well so remote sites can be sure we really are the same profile
-                    $aliases[$alt_url] = true;
-                } catch (Exception $e) {
-                    // Apparently we couldn't rewrite that, the $alias was as the function wanted it to be
+        // Some sites have changed from http to https and still want
+        // (because remote sites look for it) verify that they are still
+        // the same identity as they were on HTTP. Should NOT be used if
+        // you've run HTTPS all the time!
+        if (common_config('webfinger', 'http_alias')) {
+            foreach ($aliases as $alias=>$id) {
+                if (!strtolower(parse_url($alias, PHP_URL_SCHEME)) === 'https') {
+                    continue;
                 }
+                $aliases[preg_replace('/^https:/', 'http:', $alias, 1)] = $id;
             }
         }