Mikael Nordfeldth
aaef11077d
Default of Magicsig keypair toString should be secure
...
Prevent crappy coders from leaking private keys.
2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
629cbedee2
Dangerous non-dynamic profile fetching in Notice
...
For a Notice object with multiple results, ->getProfile() would ALWAYS
return the first profile in the list. For example our "popular notices"
stream ended up believing all notices were made by the same profile.
2014-06-03 12:22:07 +02:00
Mikael Nordfeldth
c99d4eddb1
Moved Poll CSS into the plugin directory
2014-06-03 11:38:40 +02:00
Mikael Nordfeldth
9a19588ac9
Moved QnA CSS into the plugin directory
2014-06-03 11:36:32 +02:00
Mikael Nordfeldth
e6dcb0c40e
Moved Event CSS into the plugin directory
2014-06-03 11:34:39 +02:00
Mikael Nordfeldth
70cb488106
ActivityObject::fromProfile used some non-included class definitions
2014-06-03 03:18:13 +02:00
Mikael Nordfeldth
9a1109bd14
Revert "There were referenced in ActivityObject not autoloaded"
...
This reverts commit 6e35544a67
.
2014-06-03 03:16:18 +02:00
Mikael Nordfeldth
a7531ca5c7
Moved Bookmark CSS into the plugin directory
2014-06-03 03:08:14 +02:00
Mikael Nordfeldth
1431bbd884
No need to pre-resize avatars
2014-06-03 01:52:42 +02:00
Mikael Nordfeldth
6e35544a67
There were referenced in ActivityObject not autoloaded
2014-06-03 01:33:48 +02:00
Mikael Nordfeldth
0bc122ff58
Magicsig::generate is now static
...
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.
I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987
Salmon posts can only be made for local users. More typing!
...
Since we of course don't have the remote party's private keys anyway.
I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
2cd25039af
Quick-return is more comprehensible than long if statements
2014-06-02 19:37:06 +02:00
Mikael Nordfeldth
f7479e3f57
Prepare for WebFinger magicsig data for remote profiles
2014-06-02 19:33:09 +02:00
Mikael Nordfeldth
78805d113a
MagicEnvelope discoverKeyPair now returns string
...
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b
Only use a Profile in MagicEnvelope keypair retrieval
...
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
56194b3cd9
Magicsig importKeys finetuning and getHash() use
2014-06-02 16:11:15 +02:00
Mikael Nordfeldth
dc52a8ff43
Don't ensureProfile before we verify signature
2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
00b2bddc7c
Clarify it's not base64, but base64url, encoding in Magicsig
2014-06-02 14:51:15 +02:00
Mikael Nordfeldth
993ad00333
Improve debugging for Salmon slaps
2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6
Try the whole Salmon action for AlreadyFulfilledException
...
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
c1dc13bef0
Magicsig warning message would fail to get bits
2014-06-02 13:35:29 +02:00
Mikael Nordfeldth
db443e9374
File::processNew now static and always throws exception on failure
2014-06-02 02:11:23 +02:00
Mikael Nordfeldth
d6f52f5939
File::processNew can return -1 which was not true for empty()
...
Also, File->getEnclosure() now throws exception if not enough metadata.
2014-06-02 01:46:09 +02:00
Mikael Nordfeldth
d596513e39
Stronger typing for NoticeListItem and so
2014-06-02 00:20:27 +02:00
Mikael Nordfeldth
49188e826c
ArrayWrapper no longer returned from multiGetClass
...
multiGetClass uses FIND_IN_SET for ordering, which is pretty MariaDB specific.
2014-06-02 00:15:17 +02:00
Mikael Nordfeldth
3ef8322b03
There could be unresolvable FeedSub entries
2014-06-01 16:07:08 +02:00
Mikael Nordfeldth
2f97d5d206
Stronger typing in Widget class (HTMLOutputter)
2014-06-01 13:09:47 +02:00
chimo
8be96a7ebe
Catches GeoCookie JSON parsing error
2014-05-31 18:11:04 -04:00
Mikael Nordfeldth
75711ae06a
Magicsig is made a bit less cumbersome
2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4
Use locally cached Salmon keys for profiles
...
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad
Last objectification of MagicEnvelope. Smarter SalmonAction
2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
120e5c685a
Template engine is a good idea, but not in that implementation
2014-05-31 00:37:58 +02:00
Mikael Nordfeldth
cc5aff5de3
StatusNet::delPlugin($name) added to disable plugins
...
Instead of setting some weird $config['plugins']['disable-Blah'] yourself.
The class name, StatusNet, will probably change in the future to GNU social.
No global function added, as it exists for addPlugin().
2014-05-31 00:27:23 +02:00
Mikael Nordfeldth
62e8081863
Maybe the least necessary plugin: PoweredByStatusNet
2014-05-31 00:04:02 +02:00
Mikael Nordfeldth
61116ea991
Subscription class listing retrieval fixed
...
The incorrect variable was tried to be 0 causing offset limits that
are more than 1 to be treated identically (like the raw $ids value).
2014-05-30 23:37:00 +02:00
Mikael Nordfeldth
eb7f964598
Modernising subscribers/subscriptions to use $this->scoped/target
...
They extend GalleryAction from ProfileAction, where $this->target is set.
2014-05-28 17:00:34 +02:00
Mikael Nordfeldth
9e6599b9fb
Salmon log message tidying up
2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f
Bad variable names (fixes last commit)
2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67
MagicEnvelope object orientation (no passing arrays)
...
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad
Make MagicEnvelope self-reference
...
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc
Removed MagicEnvelopeCompat, legacy from SN <0.9.7
2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473
Minor changes in Salmon lib for Magicsig retrieval.
2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
49fa34e234
Make Profile::fromUri use UnknownUriException
2014-05-26 15:05:14 +02:00
Mikael Nordfeldth
89e817e5b0
UnknownUriException added for better error handling
2014-05-26 14:59:45 +02:00
Mikael Nordfeldth
e83b2e147a
NoProfileException collision avoidance fix
2014-05-26 14:39:03 +02:00
Mikael Nordfeldth
ba10da27da
Should not normalize Salmon author URIs.
...
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7
getAuthorUri is a more appropriate function name
2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a
checkAuthor not used anywhere
2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
3c322abafc
There's no guarantee we have an Ostatus_profile for Feedsub
2014-05-19 18:34:44 +02:00