Commit Graph

38 Commits

Author SHA1 Message Date
Diogo Cordeiro
64108aa51d [ActivityPub][NOTE] Do not extract actor from attributedTo
There was no checking of attributedTo, actors and referent object IDs to make
sure they exist in the same domain. Therefore, one could spoof messages from
people by doing attributedTo: whoever-i-want-to-spoof
2021-07-16 19:44:37 +01:00
Diogo Cordeiro
9f4c4edb02 [ActivityPub][Ostatus] Fetch avatars in accordance to the new media system 2021-07-16 19:44:37 +01:00
Diogo Cordeiro
32a7cd6458 [ActivityPub][HTTPSignatures] Fix verify 2021-07-16 19:44:37 +01:00
tenma
9fcccd8b5a [ActivityPub] Add TheFreeNetwork module's support in handling profile insertion
Activitypub_profile:
- Update do_insert to trigger TFN's assistance in inserting the profile

explorer:
- Use the new LRDD's method for grabbing profile aliases
2021-07-16 19:44:36 +01:00
tenma
a17c010bb9 [ActivityPub] Autofix profile URIs through alias discovering
Activitypub_profile:
- Add updateUri method

explorer:
- Add grab_aliases method
- Update grab_local_user's online course to grab and test aliases
2021-07-16 19:44:36 +01:00
Diogo Cordeiro
6598b89db0 [ActivityPub] Fix profile url handling 2021-07-16 19:44:36 +01:00
Diogo Cordeiro
4a90f281ed [ActivityPub] Fix undefined tag index 'type' in Activitypub_notice 2021-07-16 19:44:36 +01:00
Diogo Cordeiro
351e356bb4 [ActivityPub][Postman] Fix not sending notices to self 2021-07-16 19:44:36 +01:00
Diogo Cordeiro
e7778bd5d7 [ActivityPub][RSA] Revision, increase type scrictness and improve docs 2021-07-16 19:44:36 +01:00
Diogo Cordeiro
73af7be061 [ActivityPub] Properly handle Actor URIs by using events correctly
This should fix nulls on explorer lookups inputed by postman after generate_followers/getSubscribers, that I think were caused by calling common_profile_uri that, curiously, only handles local profiles
2021-07-16 19:44:36 +01:00
Diogo Cordeiro
fd68965255 [ActivityPub] New URI system 2021-07-16 19:44:35 +01:00
tenma
6a37c21ead [ActivityPub] Fix some small known problems
ActivityPubPlugin:
- Rework onProfileDeleteRelated to account for the tables _rsa and _pending_follow_requests
- Update onEndShowAccountProfileBlock to stop creating the ap_profile if it doesn't exist (we'll handle this in a different manner)

Activitypub_profile:
- Remove unnecessary code from from_profile method and add return type information

Explorer:
- Update travel_collection to call itself instead of _lookup, that was wrong
2021-07-16 19:44:35 +01:00
tenma
234ba7705f [ActivityPub] Fix successive "Cannot use object of type stdClass as array" errors in the postman 2021-07-16 19:44:35 +01:00
tenma
4901126519 [ActivityPub] Revert usage of bitwise-operator & in the inbox_handler class. 2021-07-16 19:44:35 +01:00
Diogo Cordeiro
9088e58a64 [ActivityPub] The protocol allows content to be null, GNU social doesn't, we'll reject silentiously
Reported by kaniini
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
4133874e59 [ActivityPub] attributedTo itself is not required, if not present then it should be inferred from the actor
Reported by kaniini
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
b7ce5b91a4 [ActivityPub] Fix security issue concerning remote profile deletes
Reported by kaniini
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
48eee0e018 [ActivityPub] Inbox Handler: Remove old guzzle import
Improve exception information in doc blocks
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
174733edc8 [ActivityPub] Slightly increase robustness on exception handling
Also ported Activitypub_rsa to PHP7
Minor indentation fixes
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
c93049d0da [ActivityPub] Consistent headers in explorer requests
Minor indentation fixes
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
344db5dcdf [ActivityPub] Add missing parenthesis in class instantiation
Fixed some issues related to thrown exceptions in the doblocks; also boolean -> bool
2021-07-16 19:44:35 +01:00
Diogo Cordeiro
d0e3f9c823 [ActivityPub] Fix some bugs with onStartNoticeSearch
Refactored Activitypub_profile::ensure_web_finger to Activitypub_profile::ensure_webfinger
Do not throw exceptions in the handling of this event because we don't
want to stop the regular search just because we were unable to find
ActivityPub actors or notes.
2021-07-16 19:44:35 +01:00
tenma
fe2168c5ae [ActivityPub] Add support fox search-box profile/notice grabbing
NoticeSearchAction:
- Add new event before finding query matches

ActivityPubPlugin:
- Subscribe new searchNotice event
- Bump minor version number

Activitypub_explorer:
- Update lookup to make remote-grabbing optional
2021-07-16 19:44:34 +01:00
tenma
3392939004 [ActivityPub] Handle DELETE-Person activity
ActivityPubPlugin:
- update grab_notice_from_url to make online grab optional
- subscribe events of user and profile deletion
- bump minor version number

Activitypub_inbox_handler:
- separate handle_delete for delete-note and delete-person

Activitypub_postman:
- add delete-person logic

Activitypub_delete:
- update validation method to check for the "Person" type
- update to_array method to target the activity
2021-07-16 19:44:34 +01:00
tenma
13d7c3debe [AP] Prevent postman to include the actor's followers for every sent activity 2021-07-16 19:44:34 +01:00
tenma
738f9cb89c [AP] Support Private Messaging
ActivityPubPlugin:
- Subscribe DirectMessage events

Activitypub_inbox_handler:
- Update handle_create_note to create private messages

Activitypub_postman:
- Add create_direct_note for sending private messages

Activitypub_create:
- Update create_to_array to support the 'directMessage' attribute
- Add isPrivateNote to verify private activities

Activitypub_notice:
- Update create_note to support the 'directMessage' attribute
- Remove isPrivateNote

lib/models:
- Add Activitypub_message, the model in charge of private notes
2021-07-16 19:44:34 +01:00
tenma
83f179989e [AP] Handle unlisted/followers-only notices
Note that this commit isn't intended to add support for sending such notes
in GS. Instead, we handle the reception, storage and direct reply to this
type of notices, in AP.

ActivityPubPlugin:
- Subscribe the event StartNoticeSave to hack answering non-public notes

Activitypub_create:
- Add 'directMessage' attribute to the Create activity, defaulting to false for now
- Update validation method: validate 'directMessage' and add debug

Activitypub_notice:
- Handle incoming unlisted/followers-only notes
- Add support for unlisted-replies
- Add method to verify private (direct) notices

inbox_handler:
- Add handler for CREATE Note
- Prepare logic for private-messaging
- Overall refactor: Class members were continuously being passed as function arguments without need

SharePlugin:
- Stop showing the announce button in non public posts
2021-07-16 19:44:34 +01:00
tenma
0d9606ffbf [AP] Properly target public notices
ActivityPubPlugin:
- Use TO as principal audience, CC as secondary
- Update note validation
2021-07-16 19:44:34 +01:00
Diogo Cordeiro
3cac110148 [ActivityPub] Move models from 'classes' to 'lib/models' 2021-07-16 19:44:33 +01:00
tenma
b4b5d3e009 [ActivityPub] Fix handling of Delete Activity
inbox_handler:
- Call stronger validation method for Delete Activity objects
- Take into account mixed object in handle_delete

Activitypub_delete:
- Add validation method for Delete Activity objects
2021-07-16 19:44:33 +01:00
tenma
130c839adf [ActivityPub] Use queues for notice distribution
ActivityPubPlugin:
- Change event-based notice distribution to queues logic

ActivityPub/lib:
- Add queue handler class activitypubqueuehandler.php

Misc:
- Add documentation for the (Start/End)InitializeQueueManager events
2021-07-16 19:44:33 +01:00
tenma
20d101e1f2 [ActivityPub] Ensuring federation with other software
ActivityPubPlugin:
- Prevent sending a Delete for an Announce

Activitypub_announce:
- Update announce_to_array to add id, to and cc information to the retrieved object

Activitypub_follow:
- Add id to the arguments of follow_to_array, useful for Accept-Follow activities

Activitypub_notice:
- Fix notice validation, url isn't a MUST

Activitypub_inbox_handler:
- Make handle_follow use the received activity id for the later Accept-Follow

Activitypub_postman:
- Fix call to the updated announce_to_array
- Fix successive unnecessary calls to ActivityPubPlugin::actor_uri()
2021-07-16 19:44:33 +01:00
brunoccast
9de1c34bc0 [ActivityPub] Ensuring notice deletion
ActivityPubPlugin:
- Minor onDeleteOwnNotice rewrite

Activitypub_inbox_handler:
- Add deletion check to incoming notice

Activitypub_postman:
- Call the correct getUrl function
2021-07-16 19:44:33 +01:00
brunoccast
87423a0191 [ActivityPub] Ensuring Notice Favor/Disfavor
ActivityPubPlugin:
- Minor re-write of favor/disfavor event handlers

Activitypub_postman:
like/undo-like:
- fix proper getUrl() call
misc:
- make all activities accumulate errors (may be needed later) and log some information about it
2021-07-16 19:44:33 +01:00
brunoccast
233bdf57ac [ActivityPub] Ensuring notice distribution
ActivityPubPlugin:
- Fix of accepted activity verbs to include SHARES
- Add attention profiles to delivery when announcing

Activitypub_notice:
- New local function to retrieve original URL
- Removal of unnecessary 'Atom*' attributes
- Small fix to the ensuring of actor profile

Activitypub_profile:
- New local function to fetch AP profiles from a collection

Activitypub_postman:
- Fix url passed in the announce activity
2021-07-16 19:44:33 +01:00
brunoccast
25390bf96f [ActivityPub] Caching of Following/Followers interactions and collections
Follow interaction:
- Fixed mini-bug where the subscriber profile was being used as the subscribed
- Updated cache subscription-related values in both instances
- Tested and working with local GS instances

Unfollow interaction:
- Updated cache subscription-related values in both instances
- Tested and working with local GS instances

Followers/Following collections:
- Now returning ActivityPub profiles only
- Stored collections in cache

Misc:
- Fix bug concerning the retrieval of public/private-key after in-function generation
2021-07-16 19:44:33 +01:00
brunoccast
90cb222af5 [ActivityPub] Routes
ActivityPubPlugin:
- Update routes to properly use URLMapper
- Minor updates
2021-07-16 19:44:33 +01:00
Diogo Cordeiro
2f1ddd8280 [CORE] Add ActivityPub plugin
This is not the same as the one in https://notabug.org/diogo/gnu-social-activitypub-plugin
Differences to the first "release"
-> Doesn't use guzzle nor has any composer dependencies
-> Supports HTTP Signatures
-> Has basic l10n/i18n
-> Some minor bug fixes
2021-07-16 19:44:33 +01:00