gnu-social/plugins/WebFinger/WebFingerPlugin.php
2019-08-24 01:59:33 +01:00

235 lines
9.7 KiB
PHP

<?php
/*
* GNU Social - a federating social network
* Copyright (C) 2013, Free Software Foundation, Inc.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
* Implements WebFinger for GNU Social, as well as support for the
* '.well-known/host-meta' resource.
*
* Depends on: LRDD plugin
*
* @package GNUsocial
* @author Mikael Nordfeldth <mmn@hethane.se>
*/
if (!defined('GNUSOCIAL')) { exit(1); }
class WebFingerPlugin extends Plugin
{
const PLUGIN_VERSION = '2.0.0';
const OAUTH_ACCESS_TOKEN_REL = 'http://apinamespace.org/oauth/access_token';
const OAUTH_REQUEST_TOKEN_REL = 'http://apinamespace.org/oauth/request_token';
const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';
public function onRouterInitialized(URLMapper $m)
{
$m->connect('.well-known/host-meta', ['action' => 'hostmeta']);
$m->connect('.well-known/host-meta.:format',
['action' => 'hostmeta'],
['format' => '(xml|json)']);
// the resource GET parameter can be anywhere, so don't mention it here
$m->connect('.well-known/webfinger', ['action' => 'webfinger']);
$m->connect('.well-known/webfinger.:format',
['action' => 'webfinger'],
['format' => '(xml|json)']);
$m->connect('main/ownerxrd', ['action' => 'ownerxrd']);
return true;
}
public function onLoginAction($action, &$login)
{
switch ($action) {
case 'hostmeta':
case 'webfinger':
$login = true;
return false;
}
return true;
}
public function onStartGetProfileAcctUri(Profile $profile, &$acct)
{
$wfr = new WebFingerResource_Profile($profile);
try {
$acct = $wfr->reconstructAcct();
} catch (Exception $e) {
return true;
}
return false;
}
public function onEndGetWebFingerResource($resource, WebFingerResource &$target=null, array $args=array())
{
$profile = null;
if (Discovery::isAcct($resource)) {
$parts = explode('@', substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
if (count($parts) == 2) {
list($nick, $domain) = $parts;
if ($domain !== common_config('site', 'server')) {
throw new Exception(_('Remote profiles not supported via WebFinger yet.'));
}
$nick = common_canonical_nickname($nick);
$user = User::getKV('nickname', $nick);
if (!($user instanceof User)) {
throw new NoSuchUserException(array('nickname'=>$nick));
}
$profile = $user->getProfile();
}
} elseif (!common_valid_http_url($resource)) {
// If it's not a URL, we can't do our http<->https legacy fix thingie anyway,
// so just try the User URI lookup!
try {
$user = User::getByUri($resource);
$profile = $user->getProfile();
} catch (NoResultException $e) {
// not a User, maybe a Notice? we'll try that further down...
}
} else {
// this means $resource is a common_valid_http_url (or https)
// First build up a set of alternative resource URLs that we can use.
$alt_urls = [$resource => true];
if (strtolower(parse_url($resource, PHP_URL_SCHEME)) === 'https'
&& common_config('fix', 'legacy_http')) {
$alt_urls[preg_replace('/^https:/i', 'http:', $resource, 1)] = true;
}
if (common_config('fix', 'fancyurls')) {
foreach (array_keys($alt_urls) as $url) {
try { // if it's a /index.php/ url
// common_fake_local_fancy_url can throw an exception
$alt_url = common_fake_local_fancy_url($url);
} catch (Exception $e) { // let's try to create a fake local /index.php/ url
// this too if it can't do anything about the URL
$alt_url = common_fake_local_nonfancy_url($url);
}
$alt_urls[$alt_url] = true;
}
}
common_debug(__METHOD__.': Generated these alternative URLs for various federation fixes: '._ve(array_keys($alt_urls)));
try {
common_debug(__METHOD__.': Finding User URI for WebFinger lookup on resource=='._ve($resource));
$user = new User();
$user->whereAddIn('uri', array_keys($alt_urls), $user->columnType('uri'));
$user->limit(1);
if ($user->find(true)) {
$profile = $user->getProfile();
}
unset($user);
} catch (Exception $e) {
// Most likely a UserNoProfileException, if it ever happens
// and then we need to do some debugging and perhaps fixes.
common_log(LOG_ERR, get_class($e).': '._ve($e->getMessage()));
throw $e;
}
try {
common_debug(__METHOD__.': Finding User_group URI for WebFinger lookup on resource=='._ve($resource));
$group = new User_group();
$group->whereAddIn('uri', array_keys($alt_urls), $group->columnType('uri'));
$group->limit(1);
if ($group->find(true)) {
$profile = $group->getProfile();
}
unset($group);
} catch (Exception $e) {
common_log(LOG_ERR, get_class($e).': '._ve($e->getMessage()));
throw $e;
}
// User URI did not match, so let's try our alt_urls as Profile URL values
if (!$profile instanceof Profile) {
common_debug(__METHOD__.': Finding Profile URLs for WebFinger lookup on resource=='._ve($resource));
// if our rewrite hack didn't work, try to get something by profile URL
$profile = new Profile();
$profile->whereAddIn('profileurl', array_keys($alt_urls), $profile->columnType('profileurl'));
$profile->limit(1);
if (!$profile->find(true) || !$profile->isLocal()) {
// * Either we didn't find the profile, then we want to make
// the $profile variable null for clarity.
// * Or we did find it but for a possibly malicious remote
// user who might've set their profile URL to a Notice URL
// which would've caused a sort of DoS unless we continue
// our search here by discarding the remote profile.
$profile = null;
}
}
}
if ($profile instanceof Profile) {
common_debug(__METHOD__.': Found Profile with ID=='._ve($profile->getID()).' for resource=='._ve($resource));
$target = new WebFingerResource_Profile($profile);
return false; // We got our target, stop handler execution
}
$notice = Notice::getKV('uri', $resource);
if ($notice instanceof Notice) {
$target = new WebFingerResource_Notice($notice);
return false;
}
return true;
}
public function onStartHostMetaLinks(array &$links)
{
foreach (Discovery::supportedMimeTypes() as $type) {
$links[] = new XML_XRD_Element_Link(Discovery::LRDD_REL,
common_local_url('webfinger') . '?resource={uri}',
$type,
true); // isTemplate
}
// OAuth connections
$links[] = new XML_XRD_Element_link(self::OAUTH_ACCESS_TOKEN_REL, common_local_url('ApiOAuthAccessToken'));
$links[] = new XML_XRD_Element_link(self::OAUTH_REQUEST_TOKEN_REL, common_local_url('ApiOAuthRequestToken'));
$links[] = new XML_XRD_Element_link(self::OAUTH_AUTHORIZE_REL, common_local_url('ApiOAuthAuthorize'));
}
/**
* Add a link header for LRDD Discovery
*/
public function onStartShowHTML($action)
{
if ($action instanceof ShowstreamAction) {
$resource = $action->getTarget()->getUri();
$url = common_local_url('webfinger') . '?resource='.urlencode($resource);
foreach (array(Discovery::JRD_MIMETYPE, Discovery::XRD_MIMETYPE) as $type) {
header('Link: <'.$url.'>; rel="'. Discovery::LRDD_REL.'"; type="'.$type.'"', false);
}
}
}
public function onPluginVersion(array &$versions): bool
{
$versions[] = array('name' => 'WebFinger',
'version' => self::PLUGIN_VERSION,
'author' => 'Mikael Nordfeldth',
'homepage' => 'http://www.gnu.org/software/social/',
// TRANS: Plugin description.
'rawdescription' => _m('Adds WebFinger lookup to GNU Social'));
return true;
}
}