Commit Graph

186 Commits

Author SHA1 Message Date
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys)
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
78805d113a MagicEnvelope discoverKeyPair now returns string
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b Only use a Profile in MagicEnvelope keypair retrieval
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4 Use locally cached Salmon keys for profiles
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays)
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad Make MagicEnvelope self-reference
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
ba10da27da Should not normalize Salmon author URIs.
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00
Mikael Nordfeldth
fc3125cf28 More modern coding, stuff related to subscriptions
Also trying to use the newly implemented AlreadyFulfilledException
2014-05-05 23:58:05 +02:00
Mikael Nordfeldth
cdefeda659 More debugging for Salmon activities 2014-05-05 19:10:44 +02:00
Mikael Nordfeldth
bbada781b7 Stronger typing and function access control in OStatus 2014-05-05 19:06:22 +02:00
Mikael Nordfeldth
700dce386a WebFingerResource for profiles now WebFingerResource_Profile 2013-11-09 00:49:00 +01:00
Mikael Nordfeldth
7ddd561837 Salmon only has one "rel" value now, so start deprecating 2013-11-01 17:00:12 +01:00
Mikael Nordfeldth
ca66860a4f Better typing and minor fixes to OStatus related stuff 2013-11-01 13:20:45 +01:00
Mikael Nordfeldth
e868ebfe77 WebFingerResource introduced, instead of strict Profile object
This is the beginning of getting notice URI info via WebFinger

*XrdActionLinks is renamed *WebFingerProfileLinks, check EVENTS.txt
in WebFinger plugin for new events.
2013-10-20 15:48:14 +02:00
Mikael Nordfeldth
a7e748479c Fixed regression in OStatus sub from WebFinger/XML_XRD update
XML_XRD::getAll requires arguments (at least relation). If one really
want all links, just get the 'links' array. It's public!

Also, not all XML_XRD_Element_Link were migrated from the previous
array style.
2013-09-30 23:33:28 +02:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Joshua Judson Rosen
44f7ad612a Correctly distribute notices from remote posters through local groups to remote group-members via OStatus.
Allow the OStatus queue-handler to handle all posts,
and give it the smarts required to make correct decisions
about whether it should or shouldn't relay notices
over OStatus.
cf. http://status.net/open-source/issues/3540

Conflicts (staticGet => getKV):

	plugins/OStatus/lib/ostatusqueuehandler.php
2013-09-29 23:19:11 +02:00
Mikael Nordfeldth
de55d8f83b plugins onAutoload now only overloads if necessary (extlibs etc.)
lib/plugin.php now has a parent onAutoload function that finds most common
files that are used in plugins (actions, dataobjects, forms, libs etc.) if
they are put in the standardised directories ('actions', 'classes', 'forms',
'lib' and perhaps some others in the future).
2013-08-28 16:10:30 +02:00
Mikael Nordfeldth
0bbcfa7bdf IMPORTANT - fixed HubSub to properly fetch primary keys
In commit e95f77d34c HubSub lost the
'staticGet' function in a consolidation into the Managed_DataObject class.
This was done carelessly by me as HubSub::staticGet was actually taking
two arguments, none of which was a key and merging them in HubSub::hashkey()
(staticGet was renamed getKV 2a4dc77a63).

NOTE: This complements commit 7e4718a4eb which
fixed a similar issue for the Magicsig class.
2013-08-21 11:25:08 +02:00
Mikael Nordfeldth
2a4dc77a63 The overloaded DB_DataObject function staticGet is now called getKV
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV

   sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq)

If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV!

This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class)

Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:13:56 +02:00
Evan Prodromou
961607bc5d Ignore non-atom updates links in Webfinger 2012-05-04 12:01:13 -04:00
Evan Prodromou
9f954eddc5 remove unsupported hcard action 2011-09-27 11:43:41 -04:00
Evan Prodromou
dbb7324b25 test for missing profile in ostatus queue handler 2011-09-18 14:36:49 -04:00
Siebrand Mazeland
1fa689e913 tag -> list 2011-08-20 20:30:37 +02:00
Evan Prodromou
da4ba6a5a9 reinstate lost replies code in OStatusQueueHandler 2011-06-29 13:51:19 -04:00
Siebrand Mazeland
4651c9d94a Fix L10n/i18n.
Some remaining people tag -> list.
Favor -> like
Update translator documentation.
Whitespace updates.
2011-04-29 18:59:47 +02:00
Siebrand Mazeland
b83e0fd0e8 Update translator documentation.
i18n fixes (gettext domain).
L10n updates.
Whitespace updates.
Some tabs to spaces.
2011-04-11 00:39:51 +02:00
Shashi Gowda
c335db4bbc OStatus support for people tags 2011-03-07 00:45:34 +05:30
Evan Prodromou
2a59453d4c Merge branch 'testing' into moveaccount 2011-01-17 17:34:03 -05:00
Evan Prodromou
0fa57948f2 move linkheader.php to core 2011-01-16 17:15:26 -05:00
Evan Prodromou
7d1f609bf0 Move discovery library from OStatus plugin to core 2011-01-16 17:15:26 -05:00
Brion Vibber
1d15145993 Salmon signature checks on incoming slaps now check both old and new signature formats. 2011-01-06 00:01:42 +00:00
Brion Vibber
437ac120b0 Outgoing Salmon slaps now use the corrected signature format; if the first hit is rejected with an HTTP error, we try again with the old format.
(This is not 100% ideal; possibly should try to distinguish between server errors and rejections, etc.)
2011-01-05 23:54:16 +00:00
Brion Vibber
946a4ac17b Add test cases for internal change in Salmon signing; fix for the new code.
Updated sig passes Tuomas's verifier, which is a good sign
2011-01-05 23:26:39 +00:00
Brion Vibber
51d1535f15 Added doc comments on Salmon magicsig-related stuff to help in figuring out what's going on 2011-01-05 14:05:59 -08:00
Evan Prodromou
b54ea6767a New event for Salmon including target 2010-12-27 10:51:59 -08:00