Commit Graph

877 Commits

Author SHA1 Message Date
Mikael Nordfeldth
7beec74f0c Differentiate on group and user for WebFinger data 2015-01-26 12:18:35 +01:00
Mikael Nordfeldth
aeaee388bf Store remote magicsig public keys locally 2015-01-24 13:06:09 +01:00
Mikael Nordfeldth
2d0155a50f Added Magicsig onProfileDeleteRelated 2015-01-24 12:47:39 +01:00
Mikael Nordfeldth
975ce6d83e Documentation update (clarifying need for php5-gmp in comment) 2015-01-24 12:22:29 +01:00
Mikael Nordfeldth
cce808b27c const'ifying bits and sigalg
Also we should move away from 1024 bit keys as soon as we can.
2015-01-24 12:18:55 +01:00
Mikael Nordfeldth
3a0136fe1f Replace file_get_contents with HTTPClient in testfeed 2015-01-22 11:30:36 +01:00
Mikael Nordfeldth
d492b74e42 holy crap, file_put_contents got args in wrong order 2015-01-18 02:57:08 +01:00
Mikael Nordfeldth
5d9e9aaaf5 Keep the old error message on updateAvatar 2015-01-18 02:48:39 +01:00
Mikael Nordfeldth
010824c4b5 Use HTTPClient to download avatar
also make updateAvatar public so we can call it from update_ostatus_profile.php
2015-01-18 02:44:55 +01:00
Mikael Nordfeldth
0499736bb4 Loose_Ostatusprofile::updateAvatar was identical to Ostatus_profile 2015-01-18 02:39:08 +01:00
Mikael Nordfeldth
ba9abb3c57 Add nohub config setting to allowed non-PuSH feeds 2015-01-16 01:10:55 +01:00
Mikael Nordfeldth
8594a2ba16 FeedPoller plugin, for hubless feeds 2015-01-15 21:13:13 +01:00
Mikael Nordfeldth
57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
db7154c63b Abort on failure instead of return early success 2015-01-13 13:18:57 +01:00
Mikael Nordfeldth
66044b7782 ensureActivityObjectProfile is more thorough than createAct... 2015-01-12 11:47:21 +01:00
Mikael Nordfeldth
73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
d8f4de450c Support for updated aliases
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.

Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?

Currently we do _not_ update the ostatus_profile table with the new URI.
2015-01-10 02:07:39 +01:00
Mikael Nordfeldth
d32fef6039 Merge commit 'refs/merge-requests/28' of https://gitorious.org/social/mainline into merge-requests/28 2015-01-08 16:48:42 +01:00
Joshua Judson Rosen
f246dd4645 OStatusPlugin: fix ensureProfile catch-22 in onCheckActivityAuthorship()
Use profile URL (not URI), like elsewhere.

Profile::getUri() doesn't actually do anything useful, here--
it does nothing unless a plugin (like OStatus) is already
able to resolve the Profile into a backend object (e.g.: an Ostatus_profile).

If we might not already have an Ostatus_profile for a given Profile,
then we need to use $profile->getUrl() and fetch the data from that URL.
2014-12-30 23:56:33 -05:00
Mikael Nordfeldth
d3a8896b2a Merge commit 'refs/merge-requests/26' of https://gitorious.org/social/mainline into merge-requests/26 2014-12-09 13:45:15 +01:00
Joshua Judson Rosen
f71eeaee5a OStatus/scripts/update-profile-data.php: print updated fullnames
Now that we can actually update them again.
2014-12-08 22:06:29 -05:00
Mikael Nordfeldth
812d1eead9 Stronger typing in Ostatus_profile 2014-12-08 19:52:00 +01:00
Mikael Nordfeldth
72d1c3c73e fetch conversation URI in processPost, not processShare 2014-11-27 16:51:21 +01:00
Mikael Nordfeldth
bdb4a41696 Use remote conversation URI info to stitch convos together
If we know the URI sent from the remote party, and we don't know the
notice it is replying to, we might still be able to put it in the same
conversation thread!
2014-11-27 14:06:10 +01:00
Mikael Nordfeldth
8056097478 Try to lookup the profile if we don't know it yet 2014-11-24 23:50:42 +01:00
Mikael Nordfeldth
720c2c9ff2 Ostatus_profile->checkAuthorship returns Profile
not Ostatus_profile
2014-11-24 23:40:06 +01:00
Mikael Nordfeldth
3bf1478f97 Bad parameter count for checkAuthorship
At the same time we change this to call ActivityUtils::checkAuthorship
instead to let the retrieval/verification go through event handling.

rozzin (Joshua Judson Rosen) found this error. Thanks.
2014-11-24 12:49:20 +01:00
Joshua Judson Rosen
4b875e0fd0 Fix OStatus groups by making Ostatus_profile::localProfile() work for groups
We need to look up a feed profile for HandleFeedEntryWithProfile events,
regardless of whether they're an OStatus user, group, or something else;
this is the least hairy way of doing that--the alternative being
to keep spreading the same logic all over the calling code.

Theoretically, this change might allow OStatusGroups to be recorded
as the authors of activities if they pass through any authorless
activities; but that's why we have checkAuthorship().
2014-11-24 12:30:37 +01:00
Joshua Judson Rosen
d2e1a8c706 Ostatus_profile::checkAuthorship(): throw ServerException when bogus non-authorship is detected
Similarly to what ActivityUtils::checkAuthorship does; try to ensure
that activities from ambiguous OStatus feeds (groups and peopletags)
that require explicit authorship don't get in without explicit authors.
2014-11-24 12:29:41 +01:00
Mikael Nordfeldth
496acdc7d9 normalizing acct: URI just to be sure 2014-11-16 18:29:05 +01:00
Mikael Nordfeldth
faae9d069a We're using URLMapper, not Net_URL_Mapper 2014-11-07 15:24:05 +01:00
Mikael Nordfeldth
29ac42addd Diaspora public key published in WebFinger 2014-11-06 21:05:31 +01:00
Mikael Nordfeldth
57b5e2483d A little bit more debugging. 2014-10-25 14:23:15 +02:00
Mikael Nordfeldth
2d0c7c2c99 ensureWebfinger was never complete in StatusNet. Worked a bit on it. 2014-07-27 23:08:02 +02:00
Mikael Nordfeldth
ae62b91940 Unifying HTML stripping functions to common_strip_html 2014-07-14 13:52:23 +02:00
Mikael Nordfeldth
fffacaa27c FavorAction now uses Notice::saveActivity 2014-07-06 01:37:03 +02:00
Mikael Nordfeldth
eda69cabaf Remove Ostatus_profile when releted Profile is deleted 2014-07-04 11:45:42 +02:00
Mikael Nordfeldth
4b40d6bb2a TagprofileAction fiddled with, now doesn't require OStatus override
But it still doesn't quite work properly, so a lot of work is necessary for this.
2014-07-03 14:02:21 +02:00
Mikael Nordfeldth
b63f6e949c Converted all ActivityObject::fromProfile to $profile->asActivityObject 2014-07-03 10:51:36 +02:00
Mikael Nordfeldth
c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
9f4bcbad8a checkAuthorship events, Ostatus_profile rewrite to handle it
Lost dependency of OStatus plugin for lib/microappplugin.php, whoo!

also noting which plugins should be upgraded to new saveActivity support.

Favorite plugin won't work with the new system just yet, it doesn't have
the necessary functions to extract activity objects, but that's coming
in the next (few) commits.
2014-07-02 11:38:45 +02:00
Mikael Nordfeldth
acb07ef52f Added saveActivity method to Notice class
saveActivity will accept an Activity which gets parsed and saved through
plugins. So when an ActivityHandlerPlugin (such as Favorite will be soon)
gets a feed to save, this will be the function called instead of saveNew.
2014-07-02 11:38:37 +02:00
Mikael Nordfeldth
d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
c74dc15173 DiscoveryHints gets microformats2 parsing abilities 2014-06-24 01:27:03 +02:00
Mikael Nordfeldth
55418685c4 DiscoveryHints now properly returns hcard url 2014-06-23 20:51:37 +02:00
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys)
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
aaef11077d Default of Magicsig keypair toString should be secure
Prevent crappy coders from leaking private keys.
2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
2cd25039af Quick-return is more comprehensible than long if statements 2014-06-02 19:37:06 +02:00