From 5e0cc07b0e687cf0d28d57ae80e5024b7e711fbd Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 01:13:23 +0000 Subject: [PATCH 01/30] Fix issue with OAuth request parameters being parsed/stored twice when calling /api/account/verify_credentials.:format --- actions/apiaccountverifycredentials.php | 33 ++++++++++++++----------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/actions/apiaccountverifycredentials.php b/actions/apiaccountverifycredentials.php index 1095d51626..ea61a32059 100644 --- a/actions/apiaccountverifycredentials.php +++ b/actions/apiaccountverifycredentials.php @@ -66,18 +66,21 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction { parent::handle($args); - switch ($this->format) { - case 'xml': - case 'json': - $args['id'] = $this->auth_user->id; - $action_obj = new ApiUserShowAction(); - if ($action_obj->prepare($args)) { - $action_obj->handle($args); - } - break; - default: - header('Content-Type: text/html; charset=utf-8'); - print 'Authorized'; + if (!in_array($this->format, array('xml', 'json'))) { + $this->clientError(_('API method not found.'), $code = 404); + return; + } + + $twitter_user = $this->twitterUserArray($this->auth_user->getProfile(), true); + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); } } @@ -86,14 +89,14 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction * Is this action read only? * * @param array $args other arguments - * + * * @return boolean true * **/ - + function isReadOnly($args) { return true; } - + } From 82f11190734c203ed6b2fd4a07cb9460f25b2183 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 01:24:21 +0000 Subject: [PATCH 02/30] OAuth app name should not be null --- classes/statusnet.ini | 2 +- db/statusnet.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/statusnet.ini b/classes/statusnet.ini index 4ace4407b1..2c09033f67 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -353,7 +353,7 @@ notice_id = K id = 129 owner = 129 consumer_key = 130 -name = 2 +name = 130 description = 2 icon = 130 source_url = 2 diff --git a/db/statusnet.sql b/db/statusnet.sql index 8946f4d7e2..3434648016 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -214,7 +214,7 @@ create table oauth_application ( id integer auto_increment primary key comment 'unique identifier', owner integer not null comment 'owner of the application' references profile (id), consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), - name varchar(255) unique key comment 'name of the application', + name varchar(255) not null unique key comment 'name of the application', description varchar(255) comment 'description of the application', icon varchar(255) not null comment 'application icon', source_url varchar(255) comment 'application homepage - used for source link', From 10dfcde0b2099a169ccd3af0ecfbf2de9da551d6 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 01:38:29 +0000 Subject: [PATCH 03/30] Actually store the timestamp on each nonce --- lib/oauthstore.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/oauthstore.php b/lib/oauthstore.php index b30fb49d57..eabe37f9fa 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -65,7 +65,7 @@ class StatusNetOAuthDataStore extends OAuthDataStore { $n = new Nonce(); $n->consumer_key = $consumer->key; - $n->ts = $timestamp; + $n->ts = common_sql_date($timestamp); $n->nonce = $nonce; if ($n->find(true)) { return true; @@ -362,7 +362,6 @@ class StatusNetOAuthDataStore extends OAuthDataStore array('is_local' => Notice::REMOTE_OMB, 'uri' => $omb_notice->getIdentifierURI())); - } /** From 52397f14741463cd518512e2f024b3ea7e18e136 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 20:31:56 +0100 Subject: [PATCH 04/30] Sentence case for app statistics --- actions/showapplication.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/actions/showapplication.php b/actions/showapplication.php index a6ff425c7c..090e11882e 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -201,7 +201,7 @@ class ShowApplicationAction extends OwnerDesignAction $userCnt = $appUsers->count(); $this->raw(sprintf( - _('created by %1$s - %2$s access by default - %3$d users'), + _('Created by %1$s - %2$s access by default - %3$d users'), $profile->getBestName(), $defaultAccess, $userCnt From 8a0a89196043bc12e1fafea6d4638db5e61a181a Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Mon, 1 Feb 2010 20:32:18 +0100 Subject: [PATCH 05/30] Prevents app statistic text from wrapping around avatar --- theme/base/css/display.css | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/theme/base/css/display.css b/theme/base/css/display.css index 0d6395d057..2240e42afc 100644 --- a/theme/base/css/display.css +++ b/theme/base/css/display.css @@ -632,7 +632,8 @@ margin-bottom:18px; .entity_profile .entity_url, .entity_profile .entity_note, .entity_profile .entity_tags, -.entity_profile .entity_aliases { +.entity_profile .entity_aliases, +.entity_profile .entity_statistics { margin-left:113px; margin-bottom:4px; } From dc183f23cf3bd8e0fbd604ad2af4b12f77837bf2 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 1 Feb 2010 20:58:29 +0000 Subject: [PATCH 06/30] OAuth app names should be unique. --- actions/editapplication.php | 24 ++++++++++++++++++++++++ actions/newapplication.php | 20 ++++++++++++++++++++ classes/statusnet.ini | 3 ++- db/statusnet.sql | 2 +- 4 files changed, 47 insertions(+), 2 deletions(-) diff --git a/actions/editapplication.php b/actions/editapplication.php index 9cc3e3cead..029b622e84 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -179,6 +179,9 @@ class EditApplicationAction extends OwnerDesignAction } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (empty($description)) { $this->showForm(_('Description is required.')); return; @@ -260,5 +263,26 @@ class EditApplicationAction extends OwnerDesignAction common_redirect(common_local_url('oauthappssettings'), 303); } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $newapp = Oauth_application::staticGet('name', $name); + if (!$newapp) { + return false; + } else { + return $newapp->id != $this->app->id; + } + } + } diff --git a/actions/newapplication.php b/actions/newapplication.php index c499fe7c76..ba1cca5c92 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -158,6 +158,9 @@ class NewApplicationAction extends OwnerDesignAction if (empty($name)) { $this->showForm(_('Name is required.')); return; + } else if ($this->nameExists($name)) { + $this->showForm(_('Name already in use. Try another one.')); + return; } elseif (mb_strlen($name) > 255) { $this->showForm(_('Name is too long (max 255 chars).')); return; @@ -273,5 +276,22 @@ class NewApplicationAction extends OwnerDesignAction } + /** + * Does the app name already exist? + * + * Checks the DB to see someone has already registered and app + * with the same name. + * + * @param string $name app name to check + * + * @return boolean true if the name already exists + */ + + function nameExists($name) + { + $app = Oauth_application::staticGet('name', $name); + return ($app !== false); + } + } diff --git a/classes/statusnet.ini b/classes/statusnet.ini index e28424ce2a..a535159e80 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -353,7 +353,7 @@ notice_id = K id = 129 owner = 129 consumer_key = 130 -name = 130 +name = 2 description = 2 icon = 130 source_url = 2 @@ -367,6 +367,7 @@ modified = 384 [oauth_application__keys] id = N +name = U [oauth_application_user] profile_id = 129 diff --git a/db/statusnet.sql b/db/statusnet.sql index 17de4fd0d4..71a6e724ca 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -214,7 +214,7 @@ create table oauth_application ( id integer auto_increment primary key comment 'unique identifier', owner integer not null comment 'owner of the application' references profile (id), consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), - name varchar(255) not null comment 'name of the application', + name varchar(255) unique key comment 'name of the application', description varchar(255) comment 'description of the application', icon varchar(255) not null comment 'application icon', source_url varchar(255) comment 'application homepage - used for source link', From e495ac356c10a6abc0e10c81892830b5e198ef60 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 06:26:03 +0000 Subject: [PATCH 07/30] Allow developers to delete OAuth applications --- actions/deleteapplication.php | 176 ++++++++++++++++++++++++++++++++++ actions/showapplication.php | 19 +++- classes/Consumer.php | 30 ++++++ classes/Oauth_application.php | 17 ++++ lib/router.php | 4 + 5 files changed, 244 insertions(+), 2 deletions(-) create mode 100644 actions/deleteapplication.php diff --git a/actions/deleteapplication.php b/actions/deleteapplication.php new file mode 100644 index 0000000000..17526e1118 --- /dev/null +++ b/actions/deleteapplication.php @@ -0,0 +1,176 @@ +. + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @copyright 2010 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} + +/** + * Delete an OAuth appliction + * + * @category Action + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl.html AGPLv3 + * @link http://status.net/ + */ + +class DeleteapplicationAction extends Action +{ + var $app = null; + + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + */ + + function prepare($args) + { + if (!parent::prepare($args)) { + return false; + } + + if (!common_logged_in()) { + $this->clientError(_('You must be logged in to delete an application.')); + return false; + } + + $id = (int)$this->arg('id'); + $this->app = Oauth_application::staticGet('id', $id); + + if (empty($this->app)) { + $this->clientError(_('Application not found.')); + return false; + } + + $cur = common_current_user(); + + if ($cur->id != $this->app->owner) { + $this->clientError(_('You are not the owner of this application.'), 401); + return false; + } + + return true; + } + + /** + * Handle request + * + * Shows a page with list of favorite notices + * + * @param array $args $_REQUEST args; handled in prepare() + * + * @return void + */ + + function handle($args) + { + if ($_SERVER['REQUEST_METHOD'] == 'POST') { + + // CSRF protection + $token = $this->trimmed('token'); + if (!$token || $token != common_session_token()) { + $this->clientError(_('There was a problem with your session token.')); + return; + } + + if ($this->arg('no')) { + common_redirect(common_local_url('showapplication', + array('id' => $this->app->id)), 303); + } elseif ($this->arg('yes')) { + $this->handlePost(); + common_redirect(common_local_url('oauthappssettings'), 303); + } else { + $this->showPage(); + } + } + } + + function showContent() { + $this->areYouSureForm(); + } + + function title() { + return _('Delete application'); + } + + function showNoticeForm() { + // nop + } + + /** + * Confirm with user. + * + * Shows a confirmation form. + * + * @return void + */ + function areYouSureForm() + { + $id = $this->app->id; + $this->elementStart('form', array('id' => 'deleteapplication-' . $id, + 'method' => 'post', + 'class' => 'form_settings form_entity_block', + 'action' => common_local_url('deleteapplication', + array('id' => $this->app->id)))); + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->element('legend', _('Delete application')); + $this->element('p', null, + _('Are you sure you want to delete this application? '. + 'This will clear all data about the application from the '. + 'database, including all existing user connections.')); + $this->submit('form_action-no', + _('No'), + 'submit form_action-primary', + 'no', + _("Do not delete this application")); + $this->submit('form_action-yes', + _('Yes'), + 'submit form_action-secondary', + 'yes', _('Delete this application')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + } + + /** + * Actually delete the app + * + * @return void + */ + + function handlePost() + { + $this->app->delete(); + } +} + diff --git a/actions/showapplication.php b/actions/showapplication.php index 090e11882e..020d62480a 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -222,18 +222,33 @@ class ShowApplicationAction extends OwnerDesignAction $this->elementStart('li', 'entity_reset_keysecret'); $this->elementStart('form', array( - 'id' => 'forma_reset_key', + 'id' => 'form_reset_key', 'class' => 'form_reset_key', 'method' => 'POST', 'action' => common_local_url('showapplication', array('id' => $this->application->id)))); - $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); $this->submit('reset', _('Reset key & secret')); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementEnd('li'); + + $this->elementStart('li', 'entity_delete'); + $this->elementStart('form', array( + 'id' => 'form_delete_application', + 'class' => 'form_delete_application', + 'method' => 'POST', + 'action' => common_local_url('deleteapplication', + array('id' => $this->application->id)))); + + $this->elementStart('fieldset'); + $this->hidden('token', common_session_token()); + $this->submit('delete', _('Delete')); + $this->elementEnd('fieldset'); + $this->elementEnd('form'); + $this->elementEnd('li'); + $this->elementEnd('ul'); $this->elementEnd('div'); diff --git a/classes/Consumer.php b/classes/Consumer.php index ad64a8491b..ce399f2783 100644 --- a/classes/Consumer.php +++ b/classes/Consumer.php @@ -36,4 +36,34 @@ class Consumer extends Memcached_DataObject return $cons; } + /** + * Delete a Consumer and related tokens and nonces + * + * XXX: Should this happen in an OAuthDataStore instead? + * + */ + function delete() + { + // XXX: Is there any reason NOT to do this kind of cleanup? + + $this->_deleteTokens(); + $this->_deleteNonces(); + + parent::delete(); + } + + function _deleteTokens() + { + $token = new Token(); + $token->consumer_key = $this->consumer_key; + $token->delete(); + } + + function _deleteNonces() + { + $nonce = new Nonce(); + $nonce->consumer_key = $this->consumer_key; + $nonce->delete(); + } + } diff --git a/classes/Oauth_application.php b/classes/Oauth_application.php index a6b5390872..748b642200 100644 --- a/classes/Oauth_application.php +++ b/classes/Oauth_application.php @@ -137,4 +137,21 @@ class Oauth_application extends Memcached_DataObject } } + function delete() + { + $this->_deleteAppUsers(); + + $consumer = $this->getConsumer(); + $consumer->delete(); + + parent::delete(); + } + + function _deleteAppUsers() + { + $oauser = new Oauth_application_user(); + $oauser->application_id = $this->id; + $oauser->delete(); + } + } diff --git a/lib/router.php b/lib/router.php index 4b5b8d0bb8..5981ef5d7a 100644 --- a/lib/router.php +++ b/lib/router.php @@ -152,6 +152,10 @@ class Router array('action' => 'editapplication'), array('id' => '[0-9]+') ); + $m->connect('settings/oauthapps/delete/:id', + array('action' => 'deleteapplication'), + array('id' => '[0-9]+') + ); // search From b31c79cee1565ca9bca5bcaffcbec04ddb312041 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:35:54 +0000 Subject: [PATCH 08/30] Better token revocation --- actions/apioauthauthorize.php | 22 ++++++---------------- actions/oauthconnectionssettings.php | 24 +++++++++++++++--------- db/statusnet.sql | 2 +- lib/apioauthstore.php | 27 +++++++++++++++++++++++++++ 4 files changed, 49 insertions(+), 26 deletions(-) diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 15c3a9dad5..05d925d261 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -99,24 +99,17 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else { - // XXX: make better error messages - if (empty($this->oauth_token)) { - - common_debug("No request token found."); - - $this->clientError(_('Bad request.')); + $this->clientError(_('No oauth_token parameter provided.')); return; } if (empty($this->app)) { - common_debug('No app for that token.'); - $this->clientError(_('Bad request.')); + $this->clientError(_('Invalid token.')); return; } $name = $this->app->name; - common_debug("Requesting auth for app: " . $name); $this->showForm(); } @@ -124,8 +117,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function handlePost() { - common_debug("handlePost()"); - // check session token for CSRF protection. $token = $this->trimmed('token'); @@ -210,13 +201,9 @@ class ApiOauthAuthorizeAction extends ApiOauthAction if (!empty($this->callback)) { - // XXX: Need better way to build this redirect url. - $target_url = $this->getCallback($this->callback, array('oauth_token' => $this->oauth_token)); - common_debug("Doing callback to $target_url"); - common_redirect($target_url, 303); } else { common_debug("callback was empty!"); @@ -236,9 +223,12 @@ class ApiOauthAuthorizeAction extends ApiOauthAction } else if ($this->arg('deny')) { + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($this->oauth_token, 0); + $this->elementStart('p'); - $this->raw(sprintf(_("The request token %s has been denied."), + $this->raw(sprintf(_("The request token %s has been denied and revoked."), $this->oauth_token)); $this->elementEnd('p'); diff --git a/actions/oauthconnectionssettings.php b/actions/oauthconnectionssettings.php index c2e8d441b0..b1467f0d04 100644 --- a/actions/oauthconnectionssettings.php +++ b/actions/oauthconnectionssettings.php @@ -33,6 +33,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { require_once INSTALLDIR . '/lib/connectsettingsaction.php'; require_once INSTALLDIR . '/lib/applicationlist.php'; +require_once INSTALLDIR . '/lib/apioauthstore.php'; /** * Show connected OAuth applications @@ -71,11 +72,6 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return _('Connected applications'); } - function isReadOnly($args) - { - return true; - } - /** * Instructions for use * @@ -153,6 +149,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction } } + /** + * Revoke access to an authorized OAuth application + * + * @param int $appId the ID of the application + * + */ + function revokeAccess($appId) { $cur = common_current_user(); @@ -164,6 +167,8 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } + // XXX: Transaction here? + $appUser = Oauth_application_user::getByKeys($cur, $app); if (empty($appUser)) { @@ -171,12 +176,13 @@ class OauthconnectionssettingsAction extends ConnectSettingsAction return false; } - $orig = clone($appUser); - $appUser->access_type = 0; // No access - $result = $appUser->update(); + $datastore = new ApiStatusNetOAuthDataStore(); + $datastore->revoke_token($appUser->token, 1); + + $result = $appUser->delete(); if (!$result) { - common_log_db_error($orig, 'UPDATE', __FILE__); + common_log_db_error($orig, 'DELETE', __FILE__); $this->clientError(_('Unable to revoke access for app: ' . $app->id)); return false; } diff --git a/db/statusnet.sql b/db/statusnet.sql index 71a6e724ca..8946f4d7e2 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -230,7 +230,7 @@ create table oauth_application ( create table oauth_application_user ( profile_id integer not null comment 'user of the application' references profile (id), application_id integer not null comment 'id of the application' references oauth_application (id), - access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write, bit 3 = revoked', + access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write', token varchar(255) comment 'request or access token', created datetime not null comment 'date this record was created', modified timestamp comment 'date this record was modified', diff --git a/lib/apioauthstore.php b/lib/apioauthstore.php index 32110d0575..1bb11cbca5 100644 --- a/lib/apioauthstore.php +++ b/lib/apioauthstore.php @@ -159,5 +159,32 @@ class ApiStatusNetOAuthDataStore extends StatusNetOAuthDataStore } } + /** + * Revoke specified access token + * + * Revokes the token specified by $token_key. + * Throws exceptions in case of error. + * + * @param string $token_key the token to be revoked + * @param int $type type of token (0 = req, 1 = access) + * + * @access public + * + * @return void + */ + + public function revoke_token($token_key, $type = 0) { + $rt = new Token(); + $rt->tok = $token_key; + $rt->type = $type; + $rt->state = 0; + if (!$rt->find(true)) { + throw new Exception('Tried to revoke unknown token'); + } + if (!$rt->delete()) { + throw new Exception('Failed to delete revoked token'); + } + } + } From e9ecd8062a5d8223b7c0914255a24288c317d2a1 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 07:59:28 +0000 Subject: [PATCH 09/30] Suppress notice input box on OAuth authorization page --- actions/apioauthauthorize.php | 36 +++++++++++++++++++++++++++++------ 1 file changed, 30 insertions(+), 6 deletions(-) diff --git a/actions/apioauthauthorize.php b/actions/apioauthauthorize.php index 05d925d261..2caa8d20b3 100644 --- a/actions/apioauthauthorize.php +++ b/actions/apioauthauthorize.php @@ -67,8 +67,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction { parent::prepare($args); - common_debug("apioauthauthorize"); - $this->nickname = $this->trimmed('nickname'); $this->password = $this->arg('password'); $this->oauth_token = $this->arg('oauth_token'); @@ -193,8 +191,6 @@ class ApiOauthAuthorizeAction extends ApiOauthAction // A callback specified in the app setup overrides whatever // is passed in with the request. - common_debug("Req token is authorized - doing callback"); - if (!empty($this->app->callback_url)) { $this->callback = $this->app->callback_url; } @@ -295,12 +291,15 @@ class ApiOauthAuthorizeAction extends ApiOauthAction $msg = _('The application %1$s by ' . '%2$s would like the ability ' . - 'to %3$s your account data.'); + 'to %3$s your %4$s account data. ' . + 'You should only give access to your %4$s account ' . + 'to third parties you trust.'); $this->raw(sprintf($msg, $this->app->name, $this->app->organization, - $access)); + $access, + common_config('site', 'name'))); $this->elementEnd('p'); $this->elementEnd('li'); $this->elementEnd('ul'); @@ -362,6 +361,31 @@ class ApiOauthAuthorizeAction extends ApiOauthAction function showLocalNav() { + // NOP + } + + /** + * Show site notice. + * + * @return nothing + */ + + function showSiteNotice() + { + // NOP + } + + /** + * Show notice form. + * + * Show the form for posting a new notice + * + * @return nothing + */ + + function showNoticeForm() + { + // NOP } } From 54171248847e0c535697c6b1e8ff0e89f42f0087 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 08:47:14 +0000 Subject: [PATCH 10/30] Linkify notice source when posting from registered OAuth apps --- lib/api.php | 19 ++++++++++++++++++- lib/noticelist.php | 20 ++++++++++++++++++-- 2 files changed, 36 insertions(+), 3 deletions(-) diff --git a/lib/api.php b/lib/api.php index 10a2fae28c..f819752167 100644 --- a/lib/api.php +++ b/lib/api.php @@ -1249,10 +1249,27 @@ class ApiAction extends Action case 'api': break; default: + + $name = null; + $url = null; + $ns = Notice_source::staticGet($source); + if ($ns) { - $source_name = '' . $ns->name . ''; + $name = $ns->name; + $url = $ns->url; + } else { + $app = Oauth_application::staticGet('name', $source); + if ($app) { + $name = $app->name; + $url = $app->source_url; + } } + + if (!empty($name) && !empty($url)) { + $source_name = '' . $name . ''; + } + break; } return $source_name; diff --git a/lib/noticelist.php b/lib/noticelist.php index 85c169716a..a4a0f2651a 100644 --- a/lib/noticelist.php +++ b/lib/noticelist.php @@ -486,12 +486,28 @@ class NoticeListItem extends Widget $this->out->element('span', 'device', $source_name); break; default: + + $name = null; + $url = null; + $ns = Notice_source::staticGet($this->notice->source); + if ($ns) { + $name = $ns->name; + $url = $ns->url; + } else { + $app = Oauth_application::staticGet('name', $this->notice->source); + if ($app) { + $name = $app->name; + $url = $app->source_url; + } + } + + if (!empty($name) && !empty($url)) { $this->out->elementStart('span', 'device'); - $this->out->element('a', array('href' => $ns->url, + $this->out->element('a', array('href' => $url, 'rel' => 'external'), - $ns->name); + $name); $this->out->elementEnd('span'); } else { $this->out->element('span', 'device', $source_name); From 4041a59282c5ebb751e3763b5489be2bfef7f74a Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Tue, 2 Feb 2010 23:16:44 +0000 Subject: [PATCH 11/30] Always check for an OAuth request. This allows OAuth clients to set an auth user, similar to how they can set one via http basic auth, even if one is not required. I think I finally got this right. --- lib/apiauth.php | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/lib/apiauth.php b/lib/apiauth.php index 99500404f9..25e2196cf2 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -55,6 +55,7 @@ class ApiAuthAction extends ApiAction { var $auth_user_nickname = null; var $auth_user_password = null; + var $oauth_source = null; /** * Take arguments for running, looks for an OAuth request, @@ -73,20 +74,18 @@ class ApiAuthAction extends ApiAction // NOTE: $this->auth_user has to get set in prepare(), not handle(), // because subclasses do stuff with it in their prepares. - if ($this->requiresAuth()) { + $oauthReq = $this->getOAuthRequest(); - $oauthReq = $this->getOAuthRequest(); - - if (!$oauthReq) { + if (!$oauthReq) { + if ($this->requiresAuth()) { $this->checkBasicAuthUser(true); } else { - $this->checkOAuthRequest($oauthReq); + // Check to see if a basic auth user is there even + // if one's not required + $this->checkBasicAuthUser(false); } } else { - - // Check to see if a basic auth user is there even - // if one's not required - $this->checkBasicAuthUser(false); + $this->checkOAuthRequest($oauthReq); } // Reject API calls with the wrong access level @@ -108,7 +107,6 @@ class ApiAuthAction extends ApiAction * This is to avoid doign any unnecessary DB lookups. * * @return mixed the OAuthRequest or false - * */ function getOAuthRequest() @@ -137,7 +135,6 @@ class ApiAuthAction extends ApiAction * @param OAuthRequest $request the OAuth Request * * @return nothing - * */ function checkOAuthRequest($request) From 7931875bbbfb127c0fa2f49331c137f0c6f1824a Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Wed, 3 Feb 2010 01:43:59 +0000 Subject: [PATCH 12/30] Confirm dialog for reset OAuth consumer key and secret button --- actions/editapplication.php | 2 +- actions/newapplication.php | 2 +- actions/showapplication.php | 54 +++++++++++++++++++++++++++++++++---- 3 files changed, 51 insertions(+), 7 deletions(-) diff --git a/actions/editapplication.php b/actions/editapplication.php index 029b622e84..ca5dba1e49 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -266,7 +266,7 @@ class EditApplicationAction extends OwnerDesignAction /** * Does the app name already exist? * - * Checks the DB to see someone has already registered and app + * Checks the DB to see someone has already registered an app * with the same name. * * @param string $name app name to check diff --git a/actions/newapplication.php b/actions/newapplication.php index ba1cca5c92..c0c5207979 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -279,7 +279,7 @@ class NewApplicationAction extends OwnerDesignAction /** * Does the app name already exist? * - * Checks the DB to see someone has already registered and app + * Checks the DB to see someone has already registered an app * with the same name. * * @param string $name app name to check diff --git a/actions/showapplication.php b/actions/showapplication.php index 020d62480a..fa44844816 100644 --- a/actions/showapplication.php +++ b/actions/showapplication.php @@ -149,7 +149,6 @@ class ShowApplicationAction extends OwnerDesignAction function showContent() { - $cur = common_current_user(); $consumer = $this->application->getConsumer(); @@ -229,7 +228,13 @@ class ShowApplicationAction extends OwnerDesignAction array('id' => $this->application->id)))); $this->elementStart('fieldset'); $this->hidden('token', common_session_token()); - $this->submit('reset', _('Reset key & secret')); + + $this->element('input', array('type' => 'submit', + 'id' => 'reset', + 'name' => 'reset', + 'class' => 'submit', + 'value' => _('Reset key & secret'), + 'onClick' => 'return confirmReset()')); $this->elementEnd('fieldset'); $this->elementEnd('form'); $this->elementEnd('li'); @@ -291,14 +296,53 @@ class ShowApplicationAction extends OwnerDesignAction $this->elementEnd('p'); } + /** + * Add a confirm script for Consumer key/secret reset + * + * @return void + */ + + function showScripts() + { + parent::showScripts(); + + $msg = _('Are you sure you want to reset your consumer key and secret?'); + + $js = 'function confirmReset() { '; + $js .= ' var agree = confirm("' . $msg . '"); '; + $js .= ' return agree;'; + $js .= '}'; + + $this->inlineScript($js); + } + + /** + * Reset an application's Consumer key and secret + * + * XXX: Should this be moved to its own page with a confirm? + * + */ + function resetKey() { $this->application->query('BEGIN'); + $oauser = new Oauth_application_user(); + $oauser->application_id = $this->application->id; + $result = $oauser->delete(); + + if ($result === false) { + common_log_db_error($oauser, 'DELETE', __FILE__); + $this->success = false; + $this->msg = ('Unable to reset consumer key and secret.'); + $this->showPage(); + return; + } + $consumer = $this->application->getConsumer(); $result = $consumer->delete(); - if (!$result) { + if ($result === false) { common_log_db_error($consumer, 'DELETE', __FILE__); $this->success = false; $this->msg = ('Unable to reset consumer key and secret.'); @@ -310,7 +354,7 @@ class ShowApplicationAction extends OwnerDesignAction $result = $consumer->insert(); - if (!$result) { + if (empty($result)) { common_log_db_error($consumer, 'INSERT', __FILE__); $this->application->query('ROLLBACK'); $this->success = false; @@ -323,7 +367,7 @@ class ShowApplicationAction extends OwnerDesignAction $this->application->consumer_key = $consumer->consumer_key; $result = $this->application->update($orig); - if (!$result) { + if ($result === false) { common_log_db_error($application, 'UPDATE', __FILE__); $this->application->query('ROLLBACK'); $this->success = false; From 586d8e8524236c2682287f6a3b45fb572b3e3181 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 3 Feb 2010 18:13:21 +0100 Subject: [PATCH 13/30] Added right margin for notice text. Helps Conversation notices look better. --- theme/base/css/display.css | 1 + 1 file changed, 1 insertion(+) diff --git a/theme/base/css/display.css b/theme/base/css/display.css index 2240e42afc..ed8853e57e 100644 --- a/theme/base/css/display.css +++ b/theme/base/css/display.css @@ -1024,6 +1024,7 @@ float:none; } #content .notice .entry-title { margin-left:59px; +margin-right:7px; } .vcard .url { From af9f23c2d9db2966284e5146026ec05d4bb37367 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Thu, 4 Feb 2010 01:53:08 +0000 Subject: [PATCH 14/30] - Fix cache handling in TwitterStatusFetcher - Other stability fixes --- .../daemons/twitterstatusfetcher.php | 53 ++++++++++++++++--- 1 file changed, 45 insertions(+), 8 deletions(-) diff --git a/plugins/TwitterBridge/daemons/twitterstatusfetcher.php b/plugins/TwitterBridge/daemons/twitterstatusfetcher.php index 36732ce46a..bff657eb68 100755 --- a/plugins/TwitterBridge/daemons/twitterstatusfetcher.php +++ b/plugins/TwitterBridge/daemons/twitterstatusfetcher.php @@ -2,7 +2,7 @@ is_local = Notice::GATEWAY; if (Event::handle('StartNoticeSave', array(&$notice))) { - $id = $notice->insert(); + $notice->insert(); Event::handle('EndNoticeSave', array($notice)); } @@ -270,17 +270,41 @@ class TwitterStatusFetcher extends ParallelizingDaemon Inbox::insertNotice($flink->user_id, $notice->id); - $notice->blowCaches(); + $notice->blowOnInsert(); return $notice; } + /** + * Look up a Profile by profileurl field. Profile::staticGet() was + * not working consistently. + * + * @param string $url the profile url + * + * @return mixed the first profile with that url, or null + */ + + function getProfileByUrl($nickname, $profileurl) + { + $profile = new Profile(); + $profile->nickname = $nickname; + $profile->profileurl = $profileurl; + $profile->limit(1); + + if ($profile->find()) { + $profile->fetch(); + return $profile; + } + + return null; + } + function ensureProfile($user) { // check to see if there's already a profile for this user $profileurl = 'http://twitter.com/' . $user->screen_name; - $profile = Profile::staticGet('profileurl', $profileurl); + $profile = $this->getProfileByUrl($user->screen_name, $profileurl); if (!empty($profile)) { common_debug($this->name() . @@ -292,6 +316,7 @@ class TwitterStatusFetcher extends ParallelizingDaemon return $profile->id; } else { + common_debug($this->name() . ' - Adding profile and remote profile ' . "for Twitter user: $profileurl."); @@ -306,7 +331,11 @@ class TwitterStatusFetcher extends ParallelizingDaemon $profile->profileurl = $profileurl; $profile->created = common_sql_now(); - $id = $profile->insert(); + try { + $id = $profile->insert(); + } catch(Exception $e) { + common_log(LOG_WARNING, $this->name . ' Couldn\'t insert profile - ' . $e->getMessage()); + } if (empty($id)) { common_log_db_error($profile, 'INSERT', __FILE__); @@ -326,7 +355,11 @@ class TwitterStatusFetcher extends ParallelizingDaemon $remote_pro->uri = $profileurl; $remote_pro->created = common_sql_now(); - $rid = $remote_pro->insert(); + try { + $rid = $remote_pro->insert(); + } catch (Exception $e) { + common_log(LOG_WARNING, $this->name() . ' Couldn\'t save remote profile - ' . $e->getMessage()); + } if (empty($rid)) { common_log_db_error($profile, 'INSERT', __FILE__); @@ -446,7 +479,7 @@ class TwitterStatusFetcher extends ParallelizingDaemon if ($this->fetchAvatar($url, $filename)) { $this->newAvatar($id, $size, $mediatype, $filename); } else { - common_log(LOG_WARNING, $this->id() . + common_log(LOG_WARNING, $id() . " - Problem fetching Avatar: $url"); } } @@ -507,7 +540,11 @@ class TwitterStatusFetcher extends ParallelizingDaemon $avatar->created = common_sql_now(); - $id = $avatar->insert(); + try { + $id = $avatar->insert(); + } catch (Exception $e) { + common_log(LOG_WARNING, $this->name() . ' Couldn\'t insert avatar - ' . $e->getMessage()); + } if (empty($id)) { common_log_db_error($avatar, 'INSERT', __FILE__); From 4379027432b4d35b60649624466a4c0e2abb5271 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 01:13:23 +0000 Subject: [PATCH 15/30] Fix issue with OAuth request parameters being parsed/stored twice when calling /api/account/verify_credentials.:format --- actions/apiaccountverifycredentials.php | 33 ++++++++++++++----------- 1 file changed, 18 insertions(+), 15 deletions(-) diff --git a/actions/apiaccountverifycredentials.php b/actions/apiaccountverifycredentials.php index 1095d51626..ea61a32059 100644 --- a/actions/apiaccountverifycredentials.php +++ b/actions/apiaccountverifycredentials.php @@ -66,18 +66,21 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction { parent::handle($args); - switch ($this->format) { - case 'xml': - case 'json': - $args['id'] = $this->auth_user->id; - $action_obj = new ApiUserShowAction(); - if ($action_obj->prepare($args)) { - $action_obj->handle($args); - } - break; - default: - header('Content-Type: text/html; charset=utf-8'); - print 'Authorized'; + if (!in_array($this->format, array('xml', 'json'))) { + $this->clientError(_('API method not found.'), $code = 404); + return; + } + + $twitter_user = $this->twitterUserArray($this->auth_user->getProfile(), true); + + if ($this->format == 'xml') { + $this->initDocument('xml'); + $this->showTwitterXmlUser($twitter_user); + $this->endDocument('xml'); + } elseif ($this->format == 'json') { + $this->initDocument('json'); + $this->showJsonObjects($twitter_user); + $this->endDocument('json'); } } @@ -86,14 +89,14 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction * Is this action read only? * * @param array $args other arguments - * + * * @return boolean true * **/ - + function isReadOnly($args) { return true; } - + } From 208eec6511b13635b5feb8f100078f401cb0ce20 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 01:24:21 +0000 Subject: [PATCH 16/30] OAuth app name should not be null --- classes/statusnet.ini | 2 +- db/statusnet.sql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/classes/statusnet.ini b/classes/statusnet.ini index a535159e80..5f8da7cf51 100644 --- a/classes/statusnet.ini +++ b/classes/statusnet.ini @@ -353,7 +353,7 @@ notice_id = K id = 129 owner = 129 consumer_key = 130 -name = 2 +name = 130 description = 2 icon = 130 source_url = 2 diff --git a/db/statusnet.sql b/db/statusnet.sql index 8946f4d7e2..3434648016 100644 --- a/db/statusnet.sql +++ b/db/statusnet.sql @@ -214,7 +214,7 @@ create table oauth_application ( id integer auto_increment primary key comment 'unique identifier', owner integer not null comment 'owner of the application' references profile (id), consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), - name varchar(255) unique key comment 'name of the application', + name varchar(255) not null unique key comment 'name of the application', description varchar(255) comment 'description of the application', icon varchar(255) not null comment 'application icon', source_url varchar(255) comment 'application homepage - used for source link', From 857494c9c61d872b7decf69de226bba6cd250d99 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 01:38:29 +0000 Subject: [PATCH 17/30] Actually store the timestamp on each nonce --- lib/oauthstore.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/lib/oauthstore.php b/lib/oauthstore.php index b30fb49d57..eabe37f9fa 100644 --- a/lib/oauthstore.php +++ b/lib/oauthstore.php @@ -65,7 +65,7 @@ class StatusNetOAuthDataStore extends OAuthDataStore { $n = new Nonce(); $n->consumer_key = $consumer->key; - $n->ts = $timestamp; + $n->ts = common_sql_date($timestamp); $n->nonce = $nonce; if ($n->find(true)) { return true; @@ -362,7 +362,6 @@ class StatusNetOAuthDataStore extends OAuthDataStore array('is_local' => Notice::REMOTE_OMB, 'uri' => $omb_notice->getIdentifierURI())); - } /** From 875e1a70ce231b6b07765210328656abb353ad5b Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Fri, 5 Feb 2010 09:47:56 -0800 Subject: [PATCH 18/30] Don't spew warnings on usage of MEMCACHE_COMPRESSED constant when memcache PHP extension is not present. Switched to a locally-defined Cache::COMPRESSED, translating that to MEMCACHE_COMPRESSED in the plugin. --- classes/Memcached_DataObject.php | 2 +- lib/cache.php | 4 +++- plugins/MemcachePlugin.php | 18 ++++++++++++++++-- 3 files changed, 20 insertions(+), 4 deletions(-) diff --git a/classes/Memcached_DataObject.php b/classes/Memcached_DataObject.php index ab65c30ce2..dfd06b57e5 100644 --- a/classes/Memcached_DataObject.php +++ b/classes/Memcached_DataObject.php @@ -363,7 +363,7 @@ class Memcached_DataObject extends DB_DataObject $cached[] = clone($inst); } $inst->free(); - $c->set($ckey, $cached, MEMCACHE_COMPRESSED, $expiry); + $c->set($ckey, $cached, Cache::COMPRESSED, $expiry); return new ArrayWrapper($cached); } diff --git a/lib/cache.php b/lib/cache.php index 635c96ad4c..df6fc36493 100644 --- a/lib/cache.php +++ b/lib/cache.php @@ -47,6 +47,8 @@ class Cache var $_items = array(); static $_inst = null; + const COMPRESSED = 1; + /** * Singleton constructor * @@ -133,7 +135,7 @@ class Cache * * @param string $key The key to use for lookups * @param string $value The value to store - * @param integer $flag Flags to use, mostly ignored + * @param integer $flag Flags to use, may include Cache::COMPRESSED * @param integer $expiry Expiry value, mostly ignored * * @return boolean success flag diff --git a/plugins/MemcachePlugin.php b/plugins/MemcachePlugin.php index 2bc4b892bd..c5e74fb416 100644 --- a/plugins/MemcachePlugin.php +++ b/plugins/MemcachePlugin.php @@ -102,7 +102,7 @@ class MemcachePlugin extends Plugin * * @param string &$key in; Key to use for lookups * @param mixed &$value in; Value to associate - * @param integer &$flag in; Flag (passed through to Memcache) + * @param integer &$flag in; Flag empty or Cache::COMPRESSED * @param integer &$expiry in; Expiry (passed through to Memcache) * @param boolean &$success out; Whether the set was successful * @@ -115,7 +115,7 @@ class MemcachePlugin extends Plugin if ($expiry === null) { $expiry = $this->defaultExpiry; } - $success = $this->_conn->set($key, $value, $flag, $expiry); + $success = $this->_conn->set($key, $value, $this->flag(intval($flag)), $expiry); Event::handle('EndCacheSet', array($key, $value, $flag, $expiry)); return false; @@ -197,6 +197,20 @@ class MemcachePlugin extends Plugin } } + /** + * Translate general flags to Memcached-specific flags + * @param int $flag + * @return int + */ + protected function flag($flag) + { + $out = 0; + if ($flag & Cache::COMPRESSED == Cache::COMPRESSED) { + $out |= MEMCACHE_COMPRESSED; + } + return $out; + } + function onPluginVersion(&$versions) { $versions[] = array('name' => 'Memcache', From 558934d1ddc1c1163c6a142bfe1c4232496b25d6 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 21:39:29 -0800 Subject: [PATCH 19/30] Store Twitter screen_name, not name, for foreign_user.nickname when saving Twitter user. --- plugins/TwitterBridge/twitterauthorization.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/TwitterBridge/twitterauthorization.php b/plugins/TwitterBridge/twitterauthorization.php index b2657ff61f..dbef438a4b 100644 --- a/plugins/TwitterBridge/twitterauthorization.php +++ b/plugins/TwitterBridge/twitterauthorization.php @@ -219,7 +219,7 @@ class TwitterauthorizationAction extends Action $user = common_current_user(); $this->saveForeignLink($user->id, $twitter_user->id, $atok); - save_twitter_user($twitter_user->id, $twitter_user->name); + save_twitter_user($twitter_user->id, $twitter_user->screen_name); } else { From 70abea3ac4034cbbfc68cdc8288fc7e2d1cea17c Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Sat, 6 Feb 2010 06:46:00 +0000 Subject: [PATCH 20/30] Delete old Twitter user record when user changes screen name instead of updating. Simpler. --- plugins/TwitterBridge/twitter.php | 54 +++++-------------------------- 1 file changed, 8 insertions(+), 46 deletions(-) diff --git a/plugins/TwitterBridge/twitter.php b/plugins/TwitterBridge/twitter.php index 33dfb788bf..de30d9ebf1 100644 --- a/plugins/TwitterBridge/twitter.php +++ b/plugins/TwitterBridge/twitter.php @@ -26,38 +26,6 @@ define('TWITTER_SERVICE', 1); // Twitter is foreign_service ID 1 require_once INSTALLDIR . '/plugins/TwitterBridge/twitterbasicauthclient.php'; require_once INSTALLDIR . '/plugins/TwitterBridge/twitteroauthclient.php'; -function updateTwitter_user($twitter_id, $screen_name) -{ - $uri = 'http://twitter.com/' . $screen_name; - $fuser = new Foreign_user(); - - $fuser->query('BEGIN'); - - // Dropping down to SQL because regular DB_DataObject udpate stuff doesn't seem - // to work so good with tables that have multiple column primary keys - - // Any time we update the uri for a forein user we have to make sure there - // are no dupe entries first -- unique constraint on the uri column - - $qry = 'UPDATE foreign_user set uri = \'\' WHERE uri = '; - $qry .= '\'' . $uri . '\'' . ' AND service = ' . TWITTER_SERVICE; - - $fuser->query($qry); - - // Update the user - - $qry = 'UPDATE foreign_user SET nickname = '; - $qry .= '\'' . $screen_name . '\'' . ', uri = \'' . $uri . '\' '; - $qry .= 'WHERE id = ' . $twitter_id . ' AND service = ' . TWITTER_SERVICE; - - $fuser->query('COMMIT'); - - $fuser->free(); - unset($fuser); - - return true; -} - function add_twitter_user($twitter_id, $screen_name) { @@ -105,7 +73,6 @@ function add_twitter_user($twitter_id, $screen_name) // Creates or Updates a Twitter user function save_twitter_user($twitter_id, $screen_name) { - // Check to see whether the Twitter user is already in the system, // and update its screen name and uri if so. @@ -115,25 +82,20 @@ function save_twitter_user($twitter_id, $screen_name) $result = true; - // Only update if Twitter screen name has changed + // Delete old record if Twitter user changed screen name if ($fuser->nickname != $screen_name) { - $result = updateTwitter_user($twitter_id, $screen_name); - - common_debug('Twitter bridge - Updated nickname (and URI) for Twitter user ' . - "$fuser->id to $screen_name, was $fuser->nickname"); + $oldname = $fuser->nickname; + $fuser->delete(); + common_log(LOG_INFO, sprintf('Twitter bridge - Updated nickname (and URI) ' . + 'for Twitter user %1$d - %2$s, was %3$s.', + $fuser->id, + $screen_name, + $oldname)); } - return $result; - - } else { return add_twitter_user($twitter_id, $screen_name); } - - $fuser->free(); - unset($fuser); - - return true; } function is_twitter_bound($notice, $flink) { From 5fdcd88176010a72b6a157170784a8aad7bf4131 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 6 Feb 2010 11:36:59 +0100 Subject: [PATCH 21/30] Moderator can make users admins of a group --- actions/groupmembers.php | 4 +++- actions/makeadmin.php | 3 ++- classes/Profile.php | 1 + lib/right.php | 1 + 4 files changed, 7 insertions(+), 2 deletions(-) diff --git a/actions/groupmembers.php b/actions/groupmembers.php index 0f47c268dd..f16e972a41 100644 --- a/actions/groupmembers.php +++ b/actions/groupmembers.php @@ -192,7 +192,9 @@ class GroupMemberListItem extends ProfileListItem { $user = common_current_user(); - if (!empty($user) && $user->id != $this->profile->id && $user->isAdmin($this->group) && + if (!empty($user) && + $user->id != $this->profile->id && + ($user->isAdmin($this->group) || $user->hasRight(Right::MAKEGROUPADMIN)) && !$this->profile->isAdmin($this->group)) { $this->out->elementStart('li', 'entity_make_admin'); $maf = new MakeAdminForm($this->out, $this->profile, $this->group, diff --git a/actions/makeadmin.php b/actions/makeadmin.php index 9ad7d6e7c8..f19348648d 100644 --- a/actions/makeadmin.php +++ b/actions/makeadmin.php @@ -87,7 +87,8 @@ class MakeadminAction extends Action return false; } $user = common_current_user(); - if (!$user->isAdmin($this->group)) { + if (!$user->isAdmin($this->group) && + !$user->hasRight(Right::MAKEGROUPADMIN)) { $this->clientError(_('Only an admin can make another user an admin.'), 401); return false; } diff --git a/classes/Profile.php b/classes/Profile.php index 1076fb2cb3..feabc25087 100644 --- a/classes/Profile.php +++ b/classes/Profile.php @@ -716,6 +716,7 @@ class Profile extends Memcached_DataObject switch ($right) { case Right::DELETEOTHERSNOTICE: + case Right::MAKEGROUPADMIN: case Right::SANDBOXUSER: case Right::SILENCEUSER: case Right::DELETEUSER: diff --git a/lib/right.php b/lib/right.php index 5e66eae0ed..4e9c5a918d 100644 --- a/lib/right.php +++ b/lib/right.php @@ -57,5 +57,6 @@ class Right const EMAILONREPLY = 'emailonreply'; const EMAILONSUBSCRIBE = 'emailonsubscribe'; const EMAILONFAVE = 'emailonfave'; + const MAKEGROUPADMIN = 'makegroupadmin'; } From dc09453a77f33c4dfdff306321ce93cf5fbd2d57 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 8 Feb 2010 11:06:03 -0800 Subject: [PATCH 22/30] First steps on converting FeedSub into the pub/sub basis for OStatus communications: * renamed FeedSub plugin to OStatus * now setting avatar on subscriptions * general fixes for subscription * integrated PuSH hub to handle only user timelines on canonical ID url; sends updates directly * set $config['feedsub']['nohub'] = true to test w/ foreign feeds that don't have hubs (won't actually receive updates though) * a few bits of code documentation * HMAC support for verified distributions (safest if sub setup is on HTTPS) And a couple core changes: * minimizing HTML output for exceptions in API requests to aid in debugging * fix for rel=self link in apitimelineuser when id given This does not not yet include any of the individual subscription management (Salmon notifications for sub/unsub, etc) nor a nice UI for user subscriptions. Needs some further cleanup to treat posts as status updates instead of link references. --- actions/apitimelineuser.php | 5 +- lib/api.php | 1 + lib/error.php | 10 +- lib/httpclient.php | 5 +- lib/mysqlschema.php | 1 + lib/statusnet.php | 13 +- plugins/FeedSub/feedinfo.sql | 14 - .../OStatusPlugin.php} | 48 +++- plugins/{FeedSub => OStatus}/README | 0 .../actions/feedsubcallback.php | 9 +- .../actions/feedsubsettings.php | 7 +- plugins/OStatus/actions/hub.php | 176 ++++++++++++ .../classes/Feedinfo.php} | 105 ++++++- plugins/OStatus/classes/HubSub.php | 272 ++++++++++++++++++ plugins/{FeedSub => OStatus}/extlib/README | 0 .../extlib/XML/Feed/Parser.php | 0 .../extlib/XML/Feed/Parser/Atom.php | 0 .../extlib/XML/Feed/Parser/AtomElement.php | 0 .../extlib/XML/Feed/Parser/Exception.php | 0 .../extlib/XML/Feed/Parser/RSS09.php | 0 .../extlib/XML/Feed/Parser/RSS09Element.php | 0 .../extlib/XML/Feed/Parser/RSS1.php | 0 .../extlib/XML/Feed/Parser/RSS11.php | 0 .../extlib/XML/Feed/Parser/RSS11Element.php | 0 .../extlib/XML/Feed/Parser/RSS1Element.php | 0 .../extlib/XML/Feed/Parser/RSS2.php | 0 .../extlib/XML/Feed/Parser/RSS2Element.php | 0 .../extlib/XML/Feed/Parser/Type.php | 0 .../XML/Feed/samples/atom10-entryonly.xml | 0 .../XML/Feed/samples/atom10-example1.xml | 0 .../XML/Feed/samples/atom10-example2.xml | 0 .../extlib/XML/Feed/samples/delicious.feed | 0 .../extlib/XML/Feed/samples/flickr.feed | 0 .../extlib/XML/Feed/samples/grwifi-atom.xml | 0 .../extlib/XML/Feed/samples/hoder.xml | 0 .../XML/Feed/samples/illformed_atom10.xml | 0 .../XML/Feed/samples/rss091-complete.xml | 0 .../XML/Feed/samples/rss091-international.xml | 0 .../extlib/XML/Feed/samples/rss091-simple.xml | 0 .../extlib/XML/Feed/samples/rss092-sample.xml | 0 .../XML/Feed/samples/rss10-example1.xml | 0 .../XML/Feed/samples/rss10-example2.xml | 0 .../extlib/XML/Feed/samples/rss2sample.xml | 0 .../extlib/XML/Feed/samples/sixapart-jp.xml | 0 .../extlib/XML/Feed/samples/technorati.feed | 0 .../extlib/XML/Feed/schemas/atom.rnc | 0 .../extlib/XML/Feed/schemas/rss10.rnc | 0 .../extlib/XML/Feed/schemas/rss11.rnc | 0 .../extlib/xml-feed-parser-bug-16416.patch | 0 .../images/24px-Feed-icon.svg.png | Bin .../images/48px-Feed-icon.svg.png | Bin .../images/96px-Feed-icon.svg.png | Bin plugins/{FeedSub => OStatus}/images/README | 0 .../lib}/feeddiscovery.php | 14 +- .../{FeedSub => OStatus/lib}/feedmunger.php | 38 ++- .../OStatus/lib/hubdistribqueuehandler.php | 87 ++++++ plugins/OStatus/lib/huboutqueuehandler.php | 52 ++++ plugins/OStatus/lib/hubverifyqueuehandler.php | 53 ++++ .../FeedSub.po => OStatus/locale/OStatus.po} | 0 .../locale/fr/LC_MESSAGES/OStatus.po} | 0 .../tests/FeedDiscoveryTest.php | 0 .../tests/FeedMungerTest.php | 0 .../tests/gettext-speedtest.php | 0 63 files changed, 866 insertions(+), 44 deletions(-) delete mode 100644 plugins/FeedSub/feedinfo.sql rename plugins/{FeedSub/FeedSubPlugin.php => OStatus/OStatusPlugin.php} (69%) rename plugins/{FeedSub => OStatus}/README (100%) rename plugins/{FeedSub => OStatus}/actions/feedsubcallback.php (94%) rename plugins/{FeedSub => OStatus}/actions/feedsubsettings.php (97%) create mode 100644 plugins/OStatus/actions/hub.php rename plugins/{FeedSub/feedinfo.php => OStatus/classes/Feedinfo.php} (67%) create mode 100644 plugins/OStatus/classes/HubSub.php rename plugins/{FeedSub => OStatus}/extlib/README (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/Atom.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/AtomElement.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/Exception.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS09.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS09Element.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS1.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS11.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS11Element.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS1Element.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS2.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/RSS2Element.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/Parser/Type.php (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/atom10-entryonly.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/atom10-example1.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/atom10-example2.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/delicious.feed (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/flickr.feed (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/grwifi-atom.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/hoder.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/illformed_atom10.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss091-complete.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss091-international.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss091-simple.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss092-sample.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss10-example1.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss10-example2.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/rss2sample.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/sixapart-jp.xml (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/samples/technorati.feed (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/schemas/atom.rnc (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/schemas/rss10.rnc (100%) rename plugins/{FeedSub => OStatus}/extlib/XML/Feed/schemas/rss11.rnc (100%) rename plugins/{FeedSub => OStatus}/extlib/xml-feed-parser-bug-16416.patch (100%) rename plugins/{FeedSub => OStatus}/images/24px-Feed-icon.svg.png (100%) rename plugins/{FeedSub => OStatus}/images/48px-Feed-icon.svg.png (100%) rename plugins/{FeedSub => OStatus}/images/96px-Feed-icon.svg.png (100%) rename plugins/{FeedSub => OStatus}/images/README (100%) rename plugins/{FeedSub => OStatus/lib}/feeddiscovery.php (94%) rename plugins/{FeedSub => OStatus/lib}/feedmunger.php (87%) create mode 100644 plugins/OStatus/lib/hubdistribqueuehandler.php create mode 100644 plugins/OStatus/lib/huboutqueuehandler.php create mode 100644 plugins/OStatus/lib/hubverifyqueuehandler.php rename plugins/{FeedSub/locale/FeedSub.po => OStatus/locale/OStatus.po} (100%) rename plugins/{FeedSub/locale/fr/LC_MESSAGES/FeedSub.po => OStatus/locale/fr/LC_MESSAGES/OStatus.po} (100%) rename plugins/{FeedSub => OStatus}/tests/FeedDiscoveryTest.php (100%) rename plugins/{FeedSub => OStatus}/tests/FeedMungerTest.php (100%) rename plugins/{FeedSub => OStatus}/tests/gettext-speedtest.php (100%) diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index 830b16941d..ed9104905d 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -145,10 +145,11 @@ class ApiTimelineUserAction extends ApiBareAuthAction ); break; case 'atom': - if (isset($apidata['api_arg'])) { + $id = $this->arg('id'); + if ($id) { $selfuri = common_root_url() . 'api/statuses/user_timeline/' . - $apidata['api_arg'] . '.atom'; + rawurlencode($id) . '.atom'; } else { $selfuri = common_root_url() . 'api/statuses/user_timeline.atom'; diff --git a/lib/api.php b/lib/api.php index f819752167..fd07bbbbe0 100644 --- a/lib/api.php +++ b/lib/api.php @@ -77,6 +77,7 @@ class ApiAction extends Action function prepare($args) { + StatusNet::setApi(true); // reduce exception reports to aid in debugging parent::prepare($args); $this->format = $this->arg('format'); diff --git a/lib/error.php b/lib/error.php index 87a4d913b4..a6a29119f7 100644 --- a/lib/error.php +++ b/lib/error.php @@ -56,6 +56,7 @@ class ErrorAction extends Action $this->code = $code; $this->message = $message; + $this->minimal = StatusNet::isApi(); // XXX: hack alert: usually we aren't going to // call this page directly, but because it's @@ -102,7 +103,14 @@ class ErrorAction extends Action function showPage() { - parent::showPage(); + if ($this->minimal) { + // Even more minimal -- we're in a machine API + // and don't want to flood the output. + $this->extraHeaders(); + $this->showContent(); + } else { + parent::showPage(); + } // We don't want to have any more output after this exit(); diff --git a/lib/httpclient.php b/lib/httpclient.php index 3f82620761..4c3af8d7dd 100644 --- a/lib/httpclient.php +++ b/lib/httpclient.php @@ -81,12 +81,13 @@ class HTTPResponse extends HTTP_Request2_Response } /** - * Check if the response is OK, generally a 200 status code. + * Check if the response is OK, generally a 200 or other 2xx status code. * @return bool */ function isOk() { - return ($this->getStatus() == 200); + $status = $this->getStatus(); + return ($status >= 200 && $status < 300); } } diff --git a/lib/mysqlschema.php b/lib/mysqlschema.php index 1f7c3d0926..485096ac42 100644 --- a/lib/mysqlschema.php +++ b/lib/mysqlschema.php @@ -213,6 +213,7 @@ class MysqlSchema extends Schema $sql .= "); "; + common_log(LOG_INFO, $sql); $res = $this->conn->query($sql); if (PEAR::isError($res)) { diff --git a/lib/statusnet.php b/lib/statusnet.php index 29e9030267..4f82fdaa6c 100644 --- a/lib/statusnet.php +++ b/lib/statusnet.php @@ -30,6 +30,7 @@ global $config, $_server, $_path; class StatusNet { protected static $have_config; + protected static $is_api; /** * Configure and instantiate a plugin into the current configuration. @@ -63,7 +64,7 @@ class StatusNet } } if (!class_exists($pluginclass)) { - throw new ServerException(500, "Plugin $name not found."); + throw new ServerException("Plugin $name not found.", 500); } } @@ -147,6 +148,16 @@ class StatusNet return self::$have_config; } + public function isApi() + { + return self::$is_api; + } + + public function setApi($mode) + { + self::$is_api = $mode; + } + /** * Build default configuration array * @return array diff --git a/plugins/FeedSub/feedinfo.sql b/plugins/FeedSub/feedinfo.sql deleted file mode 100644 index e9b53d26eb..0000000000 --- a/plugins/FeedSub/feedinfo.sql +++ /dev/null @@ -1,14 +0,0 @@ -CREATE TABLE `feedinfo` ( - `id` int(11) NOT NULL auto_increment, - `profile_id` int(11) NOT NULL, - `feeduri` varchar(255) NOT NULL, - `homeuri` varchar(255) NOT NULL, - `huburi` varchar(255) NOT NULL, - `verify_token` varchar(32) default NULL, - `sub_start` datetime default NULL, - `sub_end` datetime default NULL, - `created` datetime NOT NULL, - `lastupdate` datetime NOT NULL, - PRIMARY KEY (`id`), - UNIQUE KEY `feedinfo_feeduri_idx` (`feeduri`) -) ENGINE=InnoDB AUTO_INCREMENT=1 DEFAULT CHARSET=utf8; diff --git a/plugins/FeedSub/FeedSubPlugin.php b/plugins/OStatus/OStatusPlugin.php similarity index 69% rename from plugins/FeedSub/FeedSubPlugin.php rename to plugins/OStatus/OStatusPlugin.php index e49e2a648a..9419121121 100644 --- a/plugins/FeedSub/FeedSubPlugin.php +++ b/plugins/OStatus/OStatusPlugin.php @@ -43,7 +43,7 @@ class FeedSubException extends Exception { } -class FeedSubPlugin extends Plugin +class OStatusPlugin extends Plugin { /** * Hook for RouterInitialized event. @@ -53,6 +53,8 @@ class FeedSubPlugin extends Plugin */ function onRouterInitialized($m) { + $m->connect('push/hub', array('action' => 'hub')); + $m->connect('feedsub/callback/:feed', array('action' => 'feedsubcallback'), array('feed' => '[0-9]+')); @@ -61,6 +63,46 @@ class FeedSubPlugin extends Plugin return true; } + /** + * Set up queue handlers for outgoing hub pushes + * @param QueueManager $qm + * @return boolean hook return + */ + function onEndInitializeQueueManager(QueueManager $qm) + { + $qm->connect('hubverify', 'HubVerifyQueueHandler'); + $qm->connect('hubdistrib', 'HubDistribQueueHandler'); + $qm->connect('hubout', 'HubOutQueueHandler'); + return true; + } + + /** + * Put saved notices into the queue for pubsub distribution. + */ + function onStartEnqueueNotice($notice, &$transports) + { + $transports[] = 'hubdistrib'; + return true; + } + + /** + * Set up a PuSH hub link to our internal link for canonical timeline + * Atom feeds for users. + */ + function onStartApiAtom(Action $action) + { + if ($action instanceof ApiTimelineUserAction) { + $id = $action->arg('id'); + if (strval(intval($id)) === strval($id)) { + // Canonical form of id in URL? + // Updates will be handled for our internal PuSH hub. + $action->element('link', array('rel' => 'hub', + 'href' => common_local_url('hub'))); + } + } + return true; + } + /** * Add the feed settings page to the Connect Settings menu * @@ -92,7 +134,8 @@ class FeedSubPlugin extends Plugin { $base = dirname(__FILE__); $lower = strtolower($cls); - $files = array("$base/$lower.php"); + $files = array("$base/classes/$cls.php", + "$base/lib/$lower.php"); if (substr($lower, -6) == 'action') { $files[] = "$base/actions/" . substr($lower, 0, -6) . ".php"; } @@ -110,6 +153,7 @@ class FeedSubPlugin extends Plugin // alter table feedinfo change column id id int(11) not null auto_increment; $schema = Schema::get(); $schema->ensureTable('feedinfo', Feedinfo::schemaDef()); + $schema->ensureTable('hubsub', HubSub::schemaDef()); return true; } } diff --git a/plugins/FeedSub/README b/plugins/OStatus/README similarity index 100% rename from plugins/FeedSub/README rename to plugins/OStatus/README diff --git a/plugins/FeedSub/actions/feedsubcallback.php b/plugins/OStatus/actions/feedsubcallback.php similarity index 94% rename from plugins/FeedSub/actions/feedsubcallback.php rename to plugins/OStatus/actions/feedsubcallback.php index 0c4280c1fa..c57ea5b101 100644 --- a/plugins/FeedSub/actions/feedsubcallback.php +++ b/plugins/OStatus/actions/feedsubcallback.php @@ -52,9 +52,14 @@ class FeedSubCallbackAction extends Action if (!$feedinfo) { throw new ServerException('Unknown feed id ' . $feedid, 400); } - + + $hmac = ''; + if (isset($_SERVER['HTTP_X_HUB_SIGNATURE'])) { + $hmac = $_SERVER['HTTP_X_HUB_SIGNATURE']; + } + $post = file_get_contents('php://input'); - $feedinfo->postUpdates($post); + $feedinfo->postUpdates($post, $hmac); } /** diff --git a/plugins/FeedSub/actions/feedsubsettings.php b/plugins/OStatus/actions/feedsubsettings.php similarity index 97% rename from plugins/FeedSub/actions/feedsubsettings.php rename to plugins/OStatus/actions/feedsubsettings.php index 0fba20a393..4d5b7b60f4 100644 --- a/plugins/FeedSub/actions/feedsubsettings.php +++ b/plugins/OStatus/actions/feedsubsettings.php @@ -184,7 +184,7 @@ class FeedSubSettingsAction extends ConnectSettingsAction $this->munger = $discover->feedMunger(); $this->feedinfo = $this->munger->feedInfo(); - if ($this->feedinfo->huburi == '') { + if ($this->feedinfo->huburi == '' && !common_config('feedsub', 'nohub')) { $this->showForm(_m('Feed is not PuSH-enabled; cannot subscribe.')); return false; } @@ -213,7 +213,10 @@ class FeedSubSettingsAction extends ConnectSettingsAction // And subscribe the current user to the local profile $user = common_current_user(); $profile = $this->feedinfo->getProfile(); - + if (!$profile) { + throw new ServerException("Feed profile was not saved properly."); + } + if ($user->isSubscribed($profile)) { $this->showForm(_m('Already subscribed!')); } elseif ($user->subscribeTo($profile)) { diff --git a/plugins/OStatus/actions/hub.php b/plugins/OStatus/actions/hub.php new file mode 100644 index 0000000000..5caf4b48eb --- /dev/null +++ b/plugins/OStatus/actions/hub.php @@ -0,0 +1,176 @@ +. + */ + +/** + * Integrated PuSH hub; lets us only ping them what need it. + * @package Hub + * @maintainer Brion Vibber + */ + +/** + + +Things to consider... +* should we purge incomplete subscriptions that never get a verification pingback? +* when can we send subscription renewal checks? + - at next send time probably ok +* when can we handle trimming of subscriptions? + - at next send time probably ok +* should we keep a fail count? + +*/ + + +class HubAction extends Action +{ + function arg($arg, $def=null) + { + // PHP converts '.'s in incoming var names to '_'s. + // It also merges multiple values, which'll break hub.verify and hub.topic for publishing + // @fixme handle multiple args + $arg = str_replace('.', '_', $arg); + return parent::arg($arg, $def); + } + + function prepare($args) + { + StatusNet::setApi(true); // reduce exception reports to aid in debugging + return parent::prepare($args); + } + + function handle() + { + $mode = $this->trimmed('hub.mode'); + switch ($mode) { + case "subscribe": + $this->subscribe(); + break; + case "unsubscribe": + $this->unsubscribe(); + break; + case "publish": + throw new ServerException("Publishing outside feeds not supported.", 400); + default: + throw new ServerException("Unrecognized mode '$mode'.", 400); + } + } + + /** + * Process a PuSH feed subscription request. + * + * HTTP return codes: + * 202 Accepted - request saved and awaiting verification + * 204 No Content - already subscribed + * 403 Forbidden - rejecting this (not specifically spec'd) + */ + function subscribe() + { + $feed = $this->argUrl('hub.topic'); + $callback = $this->argUrl('hub.callback'); + + common_log(LOG_DEBUG, __METHOD__ . ": checking sub'd to $feed $callback"); + if ($this->getSub($feed, $callback)) { + // Already subscribed; return 204 per spec. + header('HTTP/1.1 204 No Content'); + common_log(LOG_DEBUG, __METHOD__ . ': already subscribed'); + return; + } + + common_log(LOG_DEBUG, __METHOD__ . ': setting up'); + $sub = new HubSub(); + $sub->topic = $feed; + $sub->callback = $callback; + $sub->secret = $this->arg('hub.secret', null); + $sub->setLease(intval($this->arg('hub.lease_seconds'))); + + // @fixme check for feeds we don't manage + // @fixme check the verification mode, might want a return immediately? + + common_log(LOG_DEBUG, __METHOD__ . ': inserting'); + $ok = $sub->insert(); + + if (!$ok) { + throw new ServerException("Failed to save subscription record", 500); + } + + // @fixme check errors ;) + + $data = array('sub' => $sub, 'mode' => 'subscribe'); + $qm = QueueManager::get(); + $qm->enqueue($data, 'hubverify'); + + header('HTTP/1.1 202 Accepted'); + common_log(LOG_DEBUG, __METHOD__ . ': done'); + } + + /** + * Process a PuSH feed unsubscription request. + * + * HTTP return codes: + * 202 Accepted - request saved and awaiting verification + * 204 No Content - already subscribed + * 400 Bad Request - invalid params or rejected feed + */ + function unsubscribe() + { + $feed = $this->argUrl('hub.topic'); + $callback = $this->argUrl('hub.callback'); + $sub = $this->getSub($feed, $callback); + + if ($sub) { + if ($sub->verify('unsubscribe')) { + $sub->delete(); + common_log(LOG_INFO, "PuSH unsubscribed $feed for $callback"); + } else { + throw new ServerException("Failed PuSH unsubscription: verification failed! $feed for $callback"); + } + } else { + throw new ServerException("Failed PuSH unsubscription: not subscribed! $feed for $callback"); + } + } + + /** + * Grab and validate a URL from POST parameters. + * @throws ServerException for malformed or non-http/https URLs + */ + protected function argUrl($arg) + { + $url = $this->arg($arg); + $params = array('domain_check' => false, // otherwise breaks my local tests :P + 'allowed_schemes' => array('http', 'https')); + if (Validate::uri($url, $params)) { + return $url; + } else { + throw new ServerException("Invalid URL passed for $arg: '$url'", 400); + } + } + + /** + * Get HubSub subscription record for a given feed & subscriber. + * + * @param string $feed + * @param string $callback + * @return mixed HubSub or false + */ + protected function getSub($feed, $callback) + { + return HubSub::staticGet($feed, $callback); + } +} + diff --git a/plugins/FeedSub/feedinfo.php b/plugins/OStatus/classes/Feedinfo.php similarity index 67% rename from plugins/FeedSub/feedinfo.php rename to plugins/OStatus/classes/Feedinfo.php index b166bd6e12..f29d08cb03 100644 --- a/plugins/FeedSub/feedinfo.php +++ b/plugins/OStatus/classes/Feedinfo.php @@ -1,8 +1,29 @@ . + */ + +/** + * @package FeedSubPlugin + * @maintainer Brion Vibber + */ /* - -Subscription flow: +PuSH subscription flow: $feedinfo->subscribe() generate random verification token @@ -16,7 +37,6 @@ Subscription flow: feedsub/callback hub sends us updates via POST - ? */ @@ -43,6 +63,7 @@ class Feedinfo extends Memcached_DataObject public $huburi; // PuSH subscription data + public $secret; public $verify_token; public $sub_start; public $sub_end; @@ -72,6 +93,7 @@ class Feedinfo extends Memcached_DataObject 'feeduri' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, 'homeuri' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, 'huburi' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, + 'secret' => DB_DATAOBJECT_STR, 'verify_token' => DB_DATAOBJECT_STR, 'sub_start' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME, 'sub_end' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME, @@ -98,6 +120,8 @@ class Feedinfo extends Memcached_DataObject 255, false), new ColumnDef('verify_token', 'varchar', 32, true), + new ColumnDef('secret', 'varchar', + 64, true), new ColumnDef('sub_start', 'datetime', null, true), new ColumnDef('sub_end', 'datetime', @@ -119,7 +143,7 @@ class Feedinfo extends Memcached_DataObject function keys() { - return array('id' => 'P'); //? + return array_keys($this->keyTypes()); } /** @@ -133,7 +157,12 @@ class Feedinfo extends Memcached_DataObject function keyTypes() { - return $this->keys(); + return array('id' => 'K'); // @fixme we'll need a profile_id key at least + } + + function sequenceKey() + { + return array('id', true, false); } /** @@ -161,6 +190,10 @@ class Feedinfo extends Memcached_DataObject $feedinfo->query('BEGIN'); + // Awful hack! Awful hack! + $feedinfo->verify = common_good_rand(16); + $feedinfo->secret = common_good_rand(32); + try { $profile = $munger->profile(); $result = $profile->insert(); @@ -168,6 +201,21 @@ class Feedinfo extends Memcached_DataObject throw new FeedDBException($profile); } + $avatar = $munger->getAvatar(); + if ($avatar) { + // @fixme this should be better encapsulated + // ripped from oauthstore.php (for old OMB client) + $temp_filename = tempnam(sys_get_temp_dir(), 'listener_avatar'); + copy($avatar, $temp_filename); + $imagefile = new ImageFile($profile->id, $temp_filename); + $filename = Avatar::filename($profile->id, + image_type_to_extension($imagefile->type), + null, + common_timestamp()); + rename($temp_filename, Avatar::path($filename)); + $profile->setOriginal($filename); + } + $feedinfo->profile_id = $profile->id; $result = $feedinfo->insert(); if (empty($result)) { @@ -191,27 +239,38 @@ class Feedinfo extends Memcached_DataObject */ public function subscribe() { + if (common_config('feedsub', 'nohub')) { + // Fake it! We're just testing remote feeds w/o hubs. + return true; + } // @fixme use the verification token #$token = md5(mt_rand() . ':' . $this->feeduri); #$this->verify_token = $token; #$this->update(); // @fixme - try { $callback = common_local_url('feedsubcallback', array('feed' => $this->id)); $headers = array('Content-Type: application/x-www-form-urlencoded'); $post = array('hub.mode' => 'subscribe', 'hub.callback' => $callback, 'hub.verify' => 'async', - //'hub.verify_token' => $token, + 'hub.verify_token' => $this->verify_token, + 'hub.secret' => $this->secret, //'hub.lease_seconds' => 0, 'hub.topic' => $this->feeduri); $client = new HTTPClient(); $response = $client->post($this->huburi, $headers, $post); - if ($response->getStatus() >= 200 && $response->getStatus() < 300) { - common_log(LOG_INFO, __METHOD__ . ': sub req ok'); + $status = $response->getStatus(); + if ($status == 202) { + common_log(LOG_INFO, __METHOD__ . ': sub req ok, awaiting verification callback'); return true; + } else if ($status == 204) { + common_log(LOG_INFO, __METHOD__ . ': sub req ok and verified'); + return true; + } else if ($status >= 200 && $status < 300) { + common_log(LOG_ERR, __METHOD__ . ": sub req returned unexpected HTTP $status: " . $response->getBody()); + return false; } else { - common_log(LOG_INFO, __METHOD__ . ': sub req failed'); + common_log(LOG_ERR, __METHOD__ . ": sub req failed with HTTP $status: " . $response->getBody()); return false; } } catch (Exception $e) { @@ -227,10 +286,29 @@ class Feedinfo extends Memcached_DataObject * coming from a PuSH hub. * * @param string $xml source of Atom or RSS feed + * @param string $hmac X-Hub-Signature header, if present */ - public function postUpdates($xml) + public function postUpdates($xml, $hmac) { - common_log(LOG_INFO, __METHOD__ . ": packet for \"$this->feeduri\"! $xml"); + common_log(LOG_INFO, __METHOD__ . ": packet for \"$this->feeduri\"! $hmac $xml"); + + if ($this->secret) { + if (preg_match('/^sha1=([0-9a-fA-F]{40})$/', $hmac, $matches)) { + $their_hmac = strtolower($matches[1]); + $our_hmac = sha1($xml . $this->secret); + if ($their_hmac !== $our_hmac) { + common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bad SHA-1 HMAC: got $their_hmac, expected $our_hmac"); + return; + } + } else { + common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with bogus HMAC '$hmac'"); + return; + } + } else if ($hmac) { + common_log(LOG_ERR, __METHOD__ . ": ignoring PuSH with unexpected HMAC '$hmac'"); + return; + } + require_once "XML/Feed/Parser.php"; $feed = new XML_Feed_Parser($xml, false, false, true); $munger = new FeedMunger($feed); @@ -246,8 +324,7 @@ class Feedinfo extends Memcached_DataObject // @fixme this could explode horribly for multiple feeds on a blog. sigh $dupe = new Notice(); $dupe->uri = $notice->uri; - $dupe->find(); - if ($dupe->fetch()) { + if ($dupe->find(true)) { common_log(LOG_WARNING, __METHOD__ . ": tried to save dupe notice for entry {$notice->uri} of feed {$this->feeduri}"); continue; } diff --git a/plugins/OStatus/classes/HubSub.php b/plugins/OStatus/classes/HubSub.php new file mode 100644 index 0000000000..1769f6c941 --- /dev/null +++ b/plugins/OStatus/classes/HubSub.php @@ -0,0 +1,272 @@ +. + */ + +/** + * PuSH feed subscription record + * @package Hub + * @author Brion Vibber + */ +class HubSub extends Memcached_DataObject +{ + public $__table = 'hubsub'; + + public $hashkey; // sha1(topic . '|' . $callback); (topic, callback) key is too long for myisam in utf8 + public $topic; + public $callback; + public $secret; + public $verify_token; + public $challenge; + public $lease; + public $sub_start; + public $sub_end; + public $created; + + public /*static*/ function staticGet($topic, $callback) + { + return parent::staticGet(__CLASS__, 'hashkey', self::hashkey($topic, $callback)); + } + + protected static function hashkey($topic, $callback) + { + return sha1($topic . '|' . $callback); + } + + /** + * return table definition for DB_DataObject + * + * DB_DataObject needs to know something about the table to manipulate + * instances. This method provides all the DB_DataObject needs to know. + * + * @return array array of column definitions + */ + + function table() + { + return array('hashkey' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, + 'topic' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, + 'callback' => DB_DATAOBJECT_STR + DB_DATAOBJECT_NOTNULL, + 'secret' => DB_DATAOBJECT_STR, + 'verify_token' => DB_DATAOBJECT_STR, + 'challenge' => DB_DATAOBJECT_STR, + 'lease' => DB_DATAOBJECT_INT, + 'sub_start' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME, + 'sub_end' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME, + 'created' => DB_DATAOBJECT_STR + DB_DATAOBJECT_DATE + DB_DATAOBJECT_TIME + DB_DATAOBJECT_NOTNULL); + } + + static function schemaDef() + { + return array(new ColumnDef('hashkey', 'char', + /*size*/40, + /*nullable*/false, + /*key*/'PRI'), + new ColumnDef('topic', 'varchar', + /*size*/255, + /*nullable*/false, + /*key*/'KEY'), + new ColumnDef('callback', 'varchar', + 255, false), + new ColumnDef('secret', 'text', + null, true), + new ColumnDef('verify_token', 'text', + null, true), + new ColumnDef('challenge', 'varchar', + 32, true), + new ColumnDef('lease', 'int', + null, true), + new ColumnDef('sub_start', 'datetime', + null, true), + new ColumnDef('sub_end', 'datetime', + null, true), + new ColumnDef('created', 'datetime', + null, false)); + } + + function keys() + { + return array_keys($this->keyTypes()); + } + + function sequenceKeys() + { + return array(false, false, false); + } + + /** + * return key definitions for DB_DataObject + * + * DB_DataObject needs to know about keys that the table has; this function + * defines them. + * + * @return array key definitions + */ + + function keyTypes() + { + return array('hashkey' => 'K'); + } + + /** + * Validates a requested lease length, sets length plus + * subscription start & end dates. + * + * Does not save to database -- use before insert() or update(). + * + * @param int $length in seconds + */ + function setLease($length) + { + assert(is_int($length)); + + $min = 86400; + $max = 86400 * 30; + + if ($length == 0) { + // We want to garbage collect dead subscriptions! + $length = $max; + } elseif( $length < $min) { + $length = $min; + } else if ($length > $max) { + $length = $max; + } + + $this->lease = $length; + $this->start_sub = common_sql_now(); + $this->end_sub = common_sql_date(time() + $length); + } + + /** + * Send a verification ping to subscriber + * @param string $mode 'subscribe' or 'unsubscribe' + */ + function verify($mode) + { + assert($mode == 'subscribe' || $mode == 'unsubscribe'); + + // Is this needed? data object fun... + $clone = clone($this); + $clone->challenge = common_good_rand(16); + $clone->update($this); + $this->challenge = $clone->challenge; + unset($clone); + + $params = array('hub.mode' => $mode, + 'hub.topic' => $this->topic, + 'hub.challenge' => $this->challenge); + if ($mode == 'subscribe') { + $params['hub.lease_seconds'] = $this->lease; + } + if ($this->verify_token) { + $params['hub.verify_token'] = $this->verify_token; + } + $url = $this->callback . '?' . http_build_query($params, '', '&'); // @fixme ugly urls + + try { + $request = new HTTPClient(); + $response = $request->get($url); + $status = $response->getStatus(); + + if ($status >= 200 && $status < 300) { + $fail = false; + } else { + // @fixme how can we schedule a second attempt? + // Or should we? + $fail = "Returned HTTP $status"; + } + } catch (Exception $e) { + $fail = $e->getMessage(); + } + if ($fail) { + // @fixme how can we schedule a second attempt? + // or save a fail count? + // Or should we? + common_log(LOG_ERR, "Failed to verify $mode for $this->topic at $this->callback: $fail"); + return false; + } else { + if ($mode == 'subscribe') { + // Establish or renew the subscription! + // This seems unnecessary... dataobject fun! + $clone = clone($this); + $clone->challenge = null; + $clone->setLease($this->lease); + $clone->update($this); + unset($clone); + + $this->challenge = null; + $this->setLease($this->lease); + common_log(LOG_ERR, "Verified $mode of $this->callback:$this->topic for $this->lease seconds"); + } else if ($mode == 'unsubscribe') { + common_log(LOG_ERR, "Verified $mode of $this->callback:$this->topic"); + $this->delete(); + } + return true; + } + } + + /** + * Insert wrapper; transparently set the hash key from topic and callback columns. + * @return boolean success + */ + function insert() + { + $this->hashkey = self::hashkey($this->topic, $this->callback); + return parent::insert(); + } + + /** + * Send a 'fat ping' to the subscriber's callback endpoint + * containing the given Atom feed chunk. + * + * Determination of which items to send should be done at + * a higher level; don't just shove in a complete feed! + * + * @param string $atom well-formed Atom feed + */ + function push($atom) + { + $headers = array('Content-Type: application/atom+xml'); + if ($this->secret) { + $hmac = sha1($atom . $this->secret); + $headers[] = "X-Hub-Signature: sha1=$hmac"; + } else { + $hmac = '(none)'; + } + common_log(LOG_INFO, "About to push feed to $this->callback for $this->topic, HMAC $hmac"); + try { + $request = new HTTPClient(); + $request->setBody($atom); + $response = $request->post($this->callback, $headers); + + if ($response->isOk()) { + return true; + } + common_log(LOG_ERR, "Error sending PuSH content " . + "to $this->callback for $this->topic: " . + $response->getStatus()); + return false; + + } catch (Exception $e) { + common_log(LOG_ERR, "Error sending PuSH content " . + "to $this->callback for $this->topic: " . + $e->getMessage()); + return false; + } + } +} + diff --git a/plugins/FeedSub/extlib/README b/plugins/OStatus/extlib/README similarity index 100% rename from plugins/FeedSub/extlib/README rename to plugins/OStatus/extlib/README diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser.php b/plugins/OStatus/extlib/XML/Feed/Parser.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser.php rename to plugins/OStatus/extlib/XML/Feed/Parser.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/Atom.php b/plugins/OStatus/extlib/XML/Feed/Parser/Atom.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/Atom.php rename to plugins/OStatus/extlib/XML/Feed/Parser/Atom.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/AtomElement.php b/plugins/OStatus/extlib/XML/Feed/Parser/AtomElement.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/AtomElement.php rename to plugins/OStatus/extlib/XML/Feed/Parser/AtomElement.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/Exception.php b/plugins/OStatus/extlib/XML/Feed/Parser/Exception.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/Exception.php rename to plugins/OStatus/extlib/XML/Feed/Parser/Exception.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS09.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS09.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS09.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS09.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS09Element.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS09Element.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS09Element.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS09Element.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS1.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS1.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS1.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS1.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS11.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS11.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS11.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS11.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS11Element.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS11Element.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS11Element.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS11Element.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS1Element.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS1Element.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS1Element.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS1Element.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS2.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS2.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS2.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS2.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/RSS2Element.php b/plugins/OStatus/extlib/XML/Feed/Parser/RSS2Element.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/RSS2Element.php rename to plugins/OStatus/extlib/XML/Feed/Parser/RSS2Element.php diff --git a/plugins/FeedSub/extlib/XML/Feed/Parser/Type.php b/plugins/OStatus/extlib/XML/Feed/Parser/Type.php similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/Parser/Type.php rename to plugins/OStatus/extlib/XML/Feed/Parser/Type.php diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/atom10-entryonly.xml b/plugins/OStatus/extlib/XML/Feed/samples/atom10-entryonly.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/atom10-entryonly.xml rename to plugins/OStatus/extlib/XML/Feed/samples/atom10-entryonly.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/atom10-example1.xml b/plugins/OStatus/extlib/XML/Feed/samples/atom10-example1.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/atom10-example1.xml rename to plugins/OStatus/extlib/XML/Feed/samples/atom10-example1.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/atom10-example2.xml b/plugins/OStatus/extlib/XML/Feed/samples/atom10-example2.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/atom10-example2.xml rename to plugins/OStatus/extlib/XML/Feed/samples/atom10-example2.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/delicious.feed b/plugins/OStatus/extlib/XML/Feed/samples/delicious.feed similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/delicious.feed rename to plugins/OStatus/extlib/XML/Feed/samples/delicious.feed diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/flickr.feed b/plugins/OStatus/extlib/XML/Feed/samples/flickr.feed similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/flickr.feed rename to plugins/OStatus/extlib/XML/Feed/samples/flickr.feed diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/grwifi-atom.xml b/plugins/OStatus/extlib/XML/Feed/samples/grwifi-atom.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/grwifi-atom.xml rename to plugins/OStatus/extlib/XML/Feed/samples/grwifi-atom.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/hoder.xml b/plugins/OStatus/extlib/XML/Feed/samples/hoder.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/hoder.xml rename to plugins/OStatus/extlib/XML/Feed/samples/hoder.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/illformed_atom10.xml b/plugins/OStatus/extlib/XML/Feed/samples/illformed_atom10.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/illformed_atom10.xml rename to plugins/OStatus/extlib/XML/Feed/samples/illformed_atom10.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss091-complete.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss091-complete.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss091-complete.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss091-complete.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss091-international.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss091-international.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss091-international.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss091-international.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss091-simple.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss091-simple.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss091-simple.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss091-simple.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss092-sample.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss092-sample.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss092-sample.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss092-sample.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss10-example1.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss10-example1.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss10-example1.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss10-example1.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss10-example2.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss10-example2.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss10-example2.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss10-example2.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/rss2sample.xml b/plugins/OStatus/extlib/XML/Feed/samples/rss2sample.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/rss2sample.xml rename to plugins/OStatus/extlib/XML/Feed/samples/rss2sample.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/sixapart-jp.xml b/plugins/OStatus/extlib/XML/Feed/samples/sixapart-jp.xml similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/sixapart-jp.xml rename to plugins/OStatus/extlib/XML/Feed/samples/sixapart-jp.xml diff --git a/plugins/FeedSub/extlib/XML/Feed/samples/technorati.feed b/plugins/OStatus/extlib/XML/Feed/samples/technorati.feed similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/samples/technorati.feed rename to plugins/OStatus/extlib/XML/Feed/samples/technorati.feed diff --git a/plugins/FeedSub/extlib/XML/Feed/schemas/atom.rnc b/plugins/OStatus/extlib/XML/Feed/schemas/atom.rnc similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/schemas/atom.rnc rename to plugins/OStatus/extlib/XML/Feed/schemas/atom.rnc diff --git a/plugins/FeedSub/extlib/XML/Feed/schemas/rss10.rnc b/plugins/OStatus/extlib/XML/Feed/schemas/rss10.rnc similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/schemas/rss10.rnc rename to plugins/OStatus/extlib/XML/Feed/schemas/rss10.rnc diff --git a/plugins/FeedSub/extlib/XML/Feed/schemas/rss11.rnc b/plugins/OStatus/extlib/XML/Feed/schemas/rss11.rnc similarity index 100% rename from plugins/FeedSub/extlib/XML/Feed/schemas/rss11.rnc rename to plugins/OStatus/extlib/XML/Feed/schemas/rss11.rnc diff --git a/plugins/FeedSub/extlib/xml-feed-parser-bug-16416.patch b/plugins/OStatus/extlib/xml-feed-parser-bug-16416.patch similarity index 100% rename from plugins/FeedSub/extlib/xml-feed-parser-bug-16416.patch rename to plugins/OStatus/extlib/xml-feed-parser-bug-16416.patch diff --git a/plugins/FeedSub/images/24px-Feed-icon.svg.png b/plugins/OStatus/images/24px-Feed-icon.svg.png similarity index 100% rename from plugins/FeedSub/images/24px-Feed-icon.svg.png rename to plugins/OStatus/images/24px-Feed-icon.svg.png diff --git a/plugins/FeedSub/images/48px-Feed-icon.svg.png b/plugins/OStatus/images/48px-Feed-icon.svg.png similarity index 100% rename from plugins/FeedSub/images/48px-Feed-icon.svg.png rename to plugins/OStatus/images/48px-Feed-icon.svg.png diff --git a/plugins/FeedSub/images/96px-Feed-icon.svg.png b/plugins/OStatus/images/96px-Feed-icon.svg.png similarity index 100% rename from plugins/FeedSub/images/96px-Feed-icon.svg.png rename to plugins/OStatus/images/96px-Feed-icon.svg.png diff --git a/plugins/FeedSub/images/README b/plugins/OStatus/images/README similarity index 100% rename from plugins/FeedSub/images/README rename to plugins/OStatus/images/README diff --git a/plugins/FeedSub/feeddiscovery.php b/plugins/OStatus/lib/feeddiscovery.php similarity index 94% rename from plugins/FeedSub/feeddiscovery.php rename to plugins/OStatus/lib/feeddiscovery.php index 35edaca33a..9bc7892fb2 100644 --- a/plugins/FeedSub/feeddiscovery.php +++ b/plugins/OStatus/lib/feeddiscovery.php @@ -48,6 +48,18 @@ class FeedSubNoFeedException extends FeedSubException { } +/** + * Given a web page or feed URL, discover the final location of the feed + * and return its current contents. + * + * @example + * $feed = new FeedDiscovery(); + * if ($feed->discoverFromURL($url)) { + * print $feed->uri; + * print $feed->type; + * processFeed($feed->body); + * } + */ class FeedDiscovery { public $uri; @@ -64,7 +76,7 @@ class FeedDiscovery /** * @param string $url - * @param bool $htmlOk + * @param bool $htmlOk pass false here if you don't want to follow web pages. * @return string with validated URL * @throws FeedSubBadURLException * @throws FeedSubBadHtmlException diff --git a/plugins/FeedSub/feedmunger.php b/plugins/OStatus/lib/feedmunger.php similarity index 87% rename from plugins/FeedSub/feedmunger.php rename to plugins/OStatus/lib/feedmunger.php index f3618b8eb0..eeb8d2df39 100644 --- a/plugins/FeedSub/feedmunger.php +++ b/plugins/OStatus/lib/feedmunger.php @@ -30,8 +30,8 @@ class FeedSubPreviewNotice extends Notice function __construct($profile) { - //parent::__construct(); // uhhh? $this->profile = $profile; + $this->profile_id = 0; } function getProfile() @@ -56,14 +56,19 @@ class FeedSubPreviewProfile extends Profile { function getAvatar($width, $height=null) { - return new FeedSubPreviewAvatar($width, $height); + return new FeedSubPreviewAvatar($width, $height, $this->avatar); } } class FeedSubPreviewAvatar extends Avatar { + function __construct($width, $height, $remote) + { + $this->remoteImage = $remote; + } + function displayUrl() { - return common_path('plugins/FeedSub/images/48px-Feed-icon.svg.png'); + return $this->remoteImage; } } @@ -150,6 +155,23 @@ class FeedMunger return $this->getAtomLink($this->feed, array('rel' => 'hub')); } + /** + * Get an appropriate avatar image source URL, if available. + * @return mixed string or false + */ + function getAvatar() + { + $logo = $this->feed->logo; + if ($logo) { + return $logo; + } + $icon = $this->feed->icon; + if ($icon) { + return $icon; + } + return common_path('plugins/OStatus/images/48px-Feed-icon.svg.png'); + } + function profile($preview=false) { if ($preview) { @@ -164,6 +186,10 @@ class FeedMunger $profile->homepage = $this->getAltLink($this->feed); $profile->bio = $this->feed->description; $profile->profileurl = $this->getAltLink($this->feed); + + if ($preview) { + $profile->avatar = $this->getAvatar(); + } // @todo tags from categories // @todo lat/lon/location? @@ -186,6 +212,12 @@ class FeedMunger } $link = $this->getAltLink($entry); + if (empty($link)) { + if (preg_match('!^https?://!', $entry->id)) { + $link = $entry->id; + common_log(LOG_DEBUG, "No link on entry, using URL from id: $link"); + } + } $notice->uri = $link; $notice->url = $link; $notice->content = $this->noticeFromEntry($entry); diff --git a/plugins/OStatus/lib/hubdistribqueuehandler.php b/plugins/OStatus/lib/hubdistribqueuehandler.php new file mode 100644 index 0000000000..126f1355f9 --- /dev/null +++ b/plugins/OStatus/lib/hubdistribqueuehandler.php @@ -0,0 +1,87 @@ +. + */ + +/** + * Send a PuSH subscription verification from our internal hub. + * Queue up final distribution for + * @package Hub + * @author Brion Vibber + */ +class HubDistribQueueHandler extends QueueHandler +{ + function transport() + { + return 'hubdistrib'; + } + + function handle($notice) + { + assert($notice instanceof Notice); + + // See if there's any PuSH subscriptions, including OStatus clients. + // @fixme handle group subscriptions as well + // http://identi.ca/api/statuses/user_timeline/1.atom + $feed = common_local_url('ApiTimelineUser', + array('id' => $notice->profile_id, + 'format' => 'atom')); + $sub = new HubSub(); + $sub->topic = $feed; + if ($sub->find()) { + common_log(LOG_INFO, "Preparing $sub->N PuSH distribution(s) for $feed"); + $qm = QueueManager::get(); + $atom = $this->userFeedForNotice($notice); + while ($sub->fetch()) { + common_log(LOG_INFO, "Prepping PuSH distribution to $sub->callback for $feed"); + $data = array('sub' => clone($sub), + 'atom' => $atom); + $qm->enqueue($data, 'hubout'); + } + } else { + common_log(LOG_INFO, "No PuSH subscribers for $feed"); + } + } + + /** + * Build a single-item version of the sending user's Atom feed. + * @param Notice $notice + * @return string + */ + function userFeedForNotice($notice) + { + // @fixme this feels VERY hacky... + // should probably be a cleaner way to do it + + ob_start(); + $api = new ApiTimelineUserAction(); + $api->prepare(array('id' => $notice->profile_id, + 'format' => 'atom', + 'max_id' => $notice->id, + 'since_id' => $notice->id - 1)); + $api->showTimeline(); + $feed = ob_get_clean(); + + // ...and override the content-type back to something normal... eww! + // hope there's no other headers that got set while we weren't looking. + header('Content-Type: text/html; charset=utf-8'); + + common_log(LOG_DEBUG, $feed); + return $feed; + } +} + diff --git a/plugins/OStatus/lib/huboutqueuehandler.php b/plugins/OStatus/lib/huboutqueuehandler.php new file mode 100644 index 0000000000..cb44ad2c4e --- /dev/null +++ b/plugins/OStatus/lib/huboutqueuehandler.php @@ -0,0 +1,52 @@ +. + */ + +/** + * Send a raw PuSH atom update from our internal hub. + * @package Hub + * @author Brion Vibber + */ +class HubOutQueueHandler extends QueueHandler +{ + function transport() + { + return 'hubout'; + } + + function handle($data) + { + $sub = $data['sub']; + $atom = $data['atom']; + + assert($sub instanceof HubSub); + assert(is_string($atom)); + + try { + $sub->push($atom); + } catch (Exception $e) { + common_log(LOG_ERR, "Failed PuSH to $sub->callback for $sub->topic: " . + $e->getMessage()); + // @fixme Reschedule a later delivery? + // Currently we have no way to do this other than 'send NOW' + } + + return true; + } +} + diff --git a/plugins/OStatus/lib/hubverifyqueuehandler.php b/plugins/OStatus/lib/hubverifyqueuehandler.php new file mode 100644 index 0000000000..125d13a777 --- /dev/null +++ b/plugins/OStatus/lib/hubverifyqueuehandler.php @@ -0,0 +1,53 @@ +. + */ + +/** + * Send a PuSH subscription verification from our internal hub. + * @package Hub + * @author Brion Vibber + */ +class HubVerifyQueueHandler extends QueueHandler +{ + function transport() + { + return 'hubverify'; + } + + function handle($data) + { + $sub = $data['sub']; + $mode = $data['mode']; + + assert($sub instanceof HubSub); + assert($mode === 'subscribe' || $mode === 'unsubscribe'); + + common_log(LOG_INFO, __METHOD__ . ": $mode $sub->callback $sub->topic"); + try { + $sub->verify($mode); + } catch (Exception $e) { + common_log(LOG_ERR, "Failed PuSH $mode verify to $sub->callback for $sub->topic: " . + $e->getMessage()); + // @fixme schedule retry? + // @fixme just kill it? + } + + return true; + } +} + diff --git a/plugins/FeedSub/locale/FeedSub.po b/plugins/OStatus/locale/OStatus.po similarity index 100% rename from plugins/FeedSub/locale/FeedSub.po rename to plugins/OStatus/locale/OStatus.po diff --git a/plugins/FeedSub/locale/fr/LC_MESSAGES/FeedSub.po b/plugins/OStatus/locale/fr/LC_MESSAGES/OStatus.po similarity index 100% rename from plugins/FeedSub/locale/fr/LC_MESSAGES/FeedSub.po rename to plugins/OStatus/locale/fr/LC_MESSAGES/OStatus.po diff --git a/plugins/FeedSub/tests/FeedDiscoveryTest.php b/plugins/OStatus/tests/FeedDiscoveryTest.php similarity index 100% rename from plugins/FeedSub/tests/FeedDiscoveryTest.php rename to plugins/OStatus/tests/FeedDiscoveryTest.php diff --git a/plugins/FeedSub/tests/FeedMungerTest.php b/plugins/OStatus/tests/FeedMungerTest.php similarity index 100% rename from plugins/FeedSub/tests/FeedMungerTest.php rename to plugins/OStatus/tests/FeedMungerTest.php diff --git a/plugins/FeedSub/tests/gettext-speedtest.php b/plugins/OStatus/tests/gettext-speedtest.php similarity index 100% rename from plugins/FeedSub/tests/gettext-speedtest.php rename to plugins/OStatus/tests/gettext-speedtest.php From 21c0e75a2e52d63eb46de6f5938b00c4c9ba8323 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Fri, 5 Feb 2010 21:39:29 -0800 Subject: [PATCH 23/30] Store Twitter screen_name, not name, for foreign_user.nickname when saving Twitter user. --- plugins/TwitterBridge/twitterauthorization.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/TwitterBridge/twitterauthorization.php b/plugins/TwitterBridge/twitterauthorization.php index b2657ff61f..dbef438a4b 100644 --- a/plugins/TwitterBridge/twitterauthorization.php +++ b/plugins/TwitterBridge/twitterauthorization.php @@ -219,7 +219,7 @@ class TwitterauthorizationAction extends Action $user = common_current_user(); $this->saveForeignLink($user->id, $twitter_user->id, $atok); - save_twitter_user($twitter_user->id, $twitter_user->name); + save_twitter_user($twitter_user->id, $twitter_user->screen_name); } else { From c83d0b5e98fc6e59632a0fa1335b3586996929e2 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Sat, 6 Feb 2010 06:46:00 +0000 Subject: [PATCH 24/30] Delete old Twitter user record when user changes screen name instead of updating. Simpler. --- plugins/TwitterBridge/twitter.php | 54 +++++-------------------------- 1 file changed, 8 insertions(+), 46 deletions(-) diff --git a/plugins/TwitterBridge/twitter.php b/plugins/TwitterBridge/twitter.php index 33dfb788bf..de30d9ebf1 100644 --- a/plugins/TwitterBridge/twitter.php +++ b/plugins/TwitterBridge/twitter.php @@ -26,38 +26,6 @@ define('TWITTER_SERVICE', 1); // Twitter is foreign_service ID 1 require_once INSTALLDIR . '/plugins/TwitterBridge/twitterbasicauthclient.php'; require_once INSTALLDIR . '/plugins/TwitterBridge/twitteroauthclient.php'; -function updateTwitter_user($twitter_id, $screen_name) -{ - $uri = 'http://twitter.com/' . $screen_name; - $fuser = new Foreign_user(); - - $fuser->query('BEGIN'); - - // Dropping down to SQL because regular DB_DataObject udpate stuff doesn't seem - // to work so good with tables that have multiple column primary keys - - // Any time we update the uri for a forein user we have to make sure there - // are no dupe entries first -- unique constraint on the uri column - - $qry = 'UPDATE foreign_user set uri = \'\' WHERE uri = '; - $qry .= '\'' . $uri . '\'' . ' AND service = ' . TWITTER_SERVICE; - - $fuser->query($qry); - - // Update the user - - $qry = 'UPDATE foreign_user SET nickname = '; - $qry .= '\'' . $screen_name . '\'' . ', uri = \'' . $uri . '\' '; - $qry .= 'WHERE id = ' . $twitter_id . ' AND service = ' . TWITTER_SERVICE; - - $fuser->query('COMMIT'); - - $fuser->free(); - unset($fuser); - - return true; -} - function add_twitter_user($twitter_id, $screen_name) { @@ -105,7 +73,6 @@ function add_twitter_user($twitter_id, $screen_name) // Creates or Updates a Twitter user function save_twitter_user($twitter_id, $screen_name) { - // Check to see whether the Twitter user is already in the system, // and update its screen name and uri if so. @@ -115,25 +82,20 @@ function save_twitter_user($twitter_id, $screen_name) $result = true; - // Only update if Twitter screen name has changed + // Delete old record if Twitter user changed screen name if ($fuser->nickname != $screen_name) { - $result = updateTwitter_user($twitter_id, $screen_name); - - common_debug('Twitter bridge - Updated nickname (and URI) for Twitter user ' . - "$fuser->id to $screen_name, was $fuser->nickname"); + $oldname = $fuser->nickname; + $fuser->delete(); + common_log(LOG_INFO, sprintf('Twitter bridge - Updated nickname (and URI) ' . + 'for Twitter user %1$d - %2$s, was %3$s.', + $fuser->id, + $screen_name, + $oldname)); } - return $result; - - } else { return add_twitter_user($twitter_id, $screen_name); } - - $fuser->free(); - unset($fuser); - - return true; } function is_twitter_bound($notice, $flink) { From 9cac8eaae5315f64e024d22119bc627e9bdd6141 Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Mon, 1 Feb 2010 13:44:06 -0500 Subject: [PATCH 25/30] readme and version for beta5 --- README | 80 ++++++++++++++++++++++++++++++++++++++++++++++++-- lib/common.php | 2 +- 2 files changed, 79 insertions(+), 3 deletions(-) diff --git a/README b/README index 4e576dcdd3..9b4147645b 100644 --- a/README +++ b/README @@ -2,8 +2,8 @@ README ------ -StatusNet 0.9.0 ("Stand") Beta 4 -27 Jan 2010 +StatusNet 0.9.0 ("Stand") Beta 5 +1 Feb 2010 This is the README file for StatusNet (formerly Laconica), the Open Source microblogging platform. It includes installation instructions, @@ -78,6 +78,11 @@ New this version ================ This is a major feature release since version 0.8.2, released Nov 1 2009. +It is also a security release since 0.9.0beta4 January 27 2010. Beta +users are strongly encouraged to upgrade to deal with a security alert. + +http://status.net/wiki/Security_alert_0000002 + Notable changes this version: - Records of deleted notices are stored without the notice content. @@ -198,6 +203,77 @@ Notable changes this version: - Major refactoring of queue handlers to manage very large hosting site (like status.net) - SubscriptionThrottle plugin to prevent subscription spamming +- Don't enqueue into plugin or SMS queues when disabled (breaks unqueuehandler if SMS queue isn't attached) +- Improve name validation checks on local File references +- fix local file include vulnerability in doc.php +- Reusing fixed selector name for 'processing' in util.js +- Removed hAtom pattern from registration page. +- restructuring of User::registerNew() lost password munging +- Add a script to clear the cache for a given key +- buggy fetch for site owner +- Added missing concat of in Realtime response +- Updated XHR binded events to work better in jQuery 1.4.1. Using .live() for event delegation instead of jQuery.data() and checking to see if an element was previously binded. +- Updated jQuery Form Plugin from v2.17 to v2.36 +- Updated jQuery JavaScript Library from v1.3.2 to v1.4.1 +- move schema.type.php to typeschema.php like other files +- Add Really Simple Discovery (RSD) support +- Add a robots.txt URL to the site root +- error clearing tags for profiles from memcached +- on exceptions, stomp logs the error and reenqueues +- add lat, lon, location and remove closing tag from geocode.php +- Use passed-in lat long in geocode.php +- better handling of null responses from geonames.org +- Globalized form notice data geo values +- Using jQuery chaining in FormNoticeXHR +- Using form object instead of form_id and find(). Slightly faster and easier to read. +- removed describeTable from base class, and fixed it up in pgsql +- getTableDef() mostly working in postgres +- move the schema DDL sql off into seperate files for each db we support +- plugin to limit number of registered users +- add hooks for user registration +- live fast, die young in bash scripts +- for single-user mode, retrieve either site owner or defined nickname +- method to get the site owner +- define a constant for the 'owner' role of a site +- add simple cache getter/setter static functions to Memcached_DataObject +- Adds notice author's name to @title in Realtime response +- Hides .author from XHR response in showstream +- Hides .author from XHR response in showstream +- Fix more fatal errors in queue edge cases +- Don't attempt to resend XMPP messages that can't be broadcast due to the profile being deleted. +- Wrap each bit of distrib queue handler's saving operation in a try/catch; log exceptions but let everything else continue. +- Log exceptions from queuedaemon.php if they're not already caught +- Move sessions settings to its own panel +- Fixes for status_network db object .ini and tag setter script +- Add a script to set tags for sites +- Adjust API authentication to also check for OAuth protocol params in the HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme. +- Last-chance distribution if enqueueing fails +- Manual failover for stomp queues. +- lost config in index.php made all traffic go to master +- "Revert "move RW setup above user get in index.php so remember_me works"" +- Revert "move RW setup above user get in index.php so remember_me works" +- move RW setup above user get in index.php so remember_me works +- hide most DB_DataObject errors +- always set up database_rw, regardless, so cached sessions work +- update mysqltimestamps on insert and update +- additional debugging data for Sessions +- 'Sign in with Twitter' button img +- Update to biz theme +- Remove redundant session token field from form (was already being added by base class). +- 'Sign in with Twitter' button img +- Can now set $config['queue']['stomp_persistent'] = false; to explicitly disable persistence when we queue items +- Showing processing indicator for form_repeat on submit instead of form +- Removed avatar from repeat of username (matches noticelist) +- Removed unused variable assignment for avatar URL and added missing fn +- Don't preemptively close existing DB connections for web views (needed to keep # of conns from going insane on multi-site queue daemons, so just doing for CLI) May, or may not, help with mystery session problems +- dropping the setcookie() call from common_ensure_session() since we're pretty sure it's unnecessary +- append '/' on cookie path for now (may still need some refactoring) +- set session cookie correctly +- Fix for Mapstraction plugin's zoomed map links +- debug log line for control channel sub +- Move faceboookapp.js to the Facebook plugin +- fix for fix for bad realtime JS load +- default 24-hour expiry on Memcached objects where not specified. Prerequisites ============= diff --git a/lib/common.php b/lib/common.php index b482464aac..b95cd11752 100644 --- a/lib/common.php +++ b/lib/common.php @@ -22,7 +22,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } //exit with 200 response, if this is checking fancy from the installer if (isset($_REQUEST['p']) && $_REQUEST['p'] == 'check-fancy') { exit; } -define('STATUSNET_VERSION', '0.9.0beta4'); +define('STATUSNET_VERSION', '0.9.0beta5'); define('LACONICA_VERSION', STATUSNET_VERSION); // compatibility define('STATUSNET_CODENAME', 'Stand'); From 384387c9b05aefb438f5dbe7e272b1f234ede172 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 8 Feb 2010 14:06:36 -0800 Subject: [PATCH 26/30] OStatus cleanup... * Treat linkless feed posts as status updates; drop the "New post:" prefix and quotes on them. * Use stable user IDs for atom/rss2 feed links instead of unstable nicknames * Pull Atom feed preferentially when subscribing -- can now put the remote user's profile page straight into the feed subscription form and get to the right place. * Clean up naming for push endpoints --- actions/showstream.php | 4 +- classes/Notice.php | 4 ++ lib/util.php | 3 ++ plugins/OStatus/OStatusPlugin.php | 8 ++-- .../{feedsubcallback.php => pushcallback.php} | 2 +- .../OStatus/actions/{hub.php => pushhub.php} | 2 +- plugins/OStatus/classes/Feedinfo.php | 2 +- plugins/OStatus/lib/feeddiscovery.php | 22 ++++++--- plugins/OStatus/lib/feedmunger.php | 47 ++++++++++++------- 9 files changed, 61 insertions(+), 33 deletions(-) rename plugins/OStatus/actions/{feedsubcallback.php => pushcallback.php} (98%) rename plugins/OStatus/actions/{hub.php => pushhub.php} (99%) diff --git a/actions/showstream.php b/actions/showstream.php index 07cc68b765..f9407e35a1 100644 --- a/actions/showstream.php +++ b/actions/showstream.php @@ -131,14 +131,14 @@ class ShowstreamAction extends ProfileAction new Feed(Feed::RSS2, common_local_url('ApiTimelineUser', array( - 'id' => $this->user->nickname, + 'id' => $this->user->id, 'format' => 'rss')), sprintf(_('Notice feed for %s (RSS 2.0)'), $this->user->nickname)), new Feed(Feed::ATOM, common_local_url('ApiTimelineUser', array( - 'id' => $this->user->nickname, + 'id' => $this->user->id, 'format' => 'atom')), sprintf(_('Notice feed for %s (Atom)'), $this->user->nickname)), diff --git a/classes/Notice.php b/classes/Notice.php index f9f3863579..fca1c599ce 100644 --- a/classes/Notice.php +++ b/classes/Notice.php @@ -1176,6 +1176,10 @@ class Notice extends Memcached_DataObject // Figure out who that is. $sender = Profile::staticGet('id', $profile_id); + if (empty($sender)) { + return null; + } + $recipient = common_relative_profile($sender, $nickname, common_sql_now()); if (empty($recipient)) { diff --git a/lib/util.php b/lib/util.php index f0f262dc5e..00c21aeb21 100644 --- a/lib/util.php +++ b/lib/util.php @@ -665,6 +665,9 @@ function common_valid_profile_tag($str) function common_at_link($sender_id, $nickname) { $sender = Profile::staticGet($sender_id); + if (!$sender) { + return $nickname; + } $recipient = common_relative_profile($sender, common_canonical_nickname($nickname)); if ($recipient) { $user = User::staticGet('id', $recipient->id); diff --git a/plugins/OStatus/OStatusPlugin.php b/plugins/OStatus/OStatusPlugin.php index 9419121121..4e8b892c6b 100644 --- a/plugins/OStatus/OStatusPlugin.php +++ b/plugins/OStatus/OStatusPlugin.php @@ -53,10 +53,10 @@ class OStatusPlugin extends Plugin */ function onRouterInitialized($m) { - $m->connect('push/hub', array('action' => 'hub')); + $m->connect('main/push/hub', array('action' => 'pushhub')); - $m->connect('feedsub/callback/:feed', - array('action' => 'feedsubcallback'), + $m->connect('main/push/callback/:feed', + array('action' => 'pushcallback'), array('feed' => '[0-9]+')); $m->connect('settings/feedsub', array('action' => 'feedsubsettings')); @@ -97,7 +97,7 @@ class OStatusPlugin extends Plugin // Canonical form of id in URL? // Updates will be handled for our internal PuSH hub. $action->element('link', array('rel' => 'hub', - 'href' => common_local_url('hub'))); + 'href' => common_local_url('pushhub'))); } } return true; diff --git a/plugins/OStatus/actions/feedsubcallback.php b/plugins/OStatus/actions/pushcallback.php similarity index 98% rename from plugins/OStatus/actions/feedsubcallback.php rename to plugins/OStatus/actions/pushcallback.php index c57ea5b101..a5e02e08f1 100644 --- a/plugins/OStatus/actions/feedsubcallback.php +++ b/plugins/OStatus/actions/pushcallback.php @@ -25,7 +25,7 @@ if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } -class FeedSubCallbackAction extends Action +class PushCallbackAction extends Action { function handle() { diff --git a/plugins/OStatus/actions/hub.php b/plugins/OStatus/actions/pushhub.php similarity index 99% rename from plugins/OStatus/actions/hub.php rename to plugins/OStatus/actions/pushhub.php index 5caf4b48eb..901c18f702 100644 --- a/plugins/OStatus/actions/hub.php +++ b/plugins/OStatus/actions/pushhub.php @@ -37,7 +37,7 @@ Things to consider... */ -class HubAction extends Action +class PushHubAction extends Action { function arg($arg, $def=null) { diff --git a/plugins/OStatus/classes/Feedinfo.php b/plugins/OStatus/classes/Feedinfo.php index f29d08cb03..107faf0125 100644 --- a/plugins/OStatus/classes/Feedinfo.php +++ b/plugins/OStatus/classes/Feedinfo.php @@ -248,7 +248,7 @@ class Feedinfo extends Memcached_DataObject #$this->verify_token = $token; #$this->update(); // @fixme try { - $callback = common_local_url('feedsubcallback', array('feed' => $this->id)); + $callback = common_local_url('pushcallback', array('feed' => $this->id)); $headers = array('Content-Type: application/x-www-form-urlencoded'); $post = array('hub.mode' => 'subscribe', 'hub.callback' => $callback, diff --git a/plugins/OStatus/lib/feeddiscovery.php b/plugins/OStatus/lib/feeddiscovery.php index 9bc7892fb2..39985fc902 100644 --- a/plugins/OStatus/lib/feeddiscovery.php +++ b/plugins/OStatus/lib/feeddiscovery.php @@ -168,7 +168,13 @@ class FeedDiscovery } // Ok... now on to the links! + // Types listed in order of priority -- we'll prefer Atom if available. // @fixme merge with the munger link checks + $feeds = array( + 'application/atom+xml' => false, + 'application/rss+xml' => false, + ); + $nodes = $dom->getElementsByTagName('link'); for ($i = 0; $i < $nodes->length; $i++) { $node = $nodes->item($i); @@ -181,17 +187,21 @@ class FeedDiscovery $type = trim($type->value); $href = trim($href->value); - $feedTypes = array( - 'application/rss+xml', - 'application/atom+xml', - ); - if (trim($rel) == 'alternate' && in_array($type, $feedTypes)) { - return $this->resolveURI($href, $base); + if (trim($rel) == 'alternate' && array_key_exists($type, $feeds) && empty($feeds[$type])) { + // Save the first feed found of each type... + $feeds[$type] = $this->resolveURI($href, $base); } } } } + // Return the highest-priority feed found + foreach ($feeds as $type => $url) { + if ($url) { + return $url; + } + } + return false; } diff --git a/plugins/OStatus/lib/feedmunger.php b/plugins/OStatus/lib/feedmunger.php index eeb8d2df39..9480177025 100644 --- a/plugins/OStatus/lib/feedmunger.php +++ b/plugins/OStatus/lib/feedmunger.php @@ -235,34 +235,45 @@ class FeedMunger */ function noticeFromEntry($entry) { + $max = Notice::maxContent(); + $ellipsis = "\xe2\x80\xa6"; // U+2026 HORIZONTAL ELLIPSIS $title = $entry->title; $link = $entry->link; - + // @todo We can get entries like this: // $cats = $entry->getCategory('category', array(0, true)); // but it feels like an awful hack. If it's accessible cleanly, // try adding #hashtags from the categories/tags on a post. - - // @todo Should we force a language here? - $format = _m('New post: "%1$s" %2$s'); + $title = $entry->title; $link = $this->getAltLink($entry); - $out = sprintf($format, $title, $link); - - // Trim link if needed... - $max = Notice::maxContent(); - if (mb_strlen($out) > $max) { - $link = common_shorten_url($link); + if ($link) { + // Blog post or such... + // @todo Should we force a language here? + $format = _m('New post: "%1$s" %2$s'); $out = sprintf($format, $title, $link); - } - // Trim title if needed... - if (mb_strlen($out) > $max) { - $ellipsis = "\xe2\x80\xa6"; // U+2026 HORIZONTAL ELLIPSIS - $used = mb_strlen($out) - mb_strlen($title); - $available = $max - $used - mb_strlen($ellipsis); - $title = mb_substr($title, 0, $available) . $ellipsis; - $out = sprintf($format, $title, $link); + // Trim link if needed... + if (mb_strlen($out) > $max) { + $link = common_shorten_url($link); + $out = sprintf($format, $title, $link); + } + + // Trim title if needed... + if (mb_strlen($out) > $max) { + $used = mb_strlen($out) - mb_strlen($title); + $available = $max - $used - mb_strlen($ellipsis); + $title = mb_substr($title, 0, $available) . $ellipsis; + $out = sprintf($format, $title, $link); + } + } else { + // No link? Consider a bare status update. + if (mb_strlen($title) > $max) { + $available = $max - mb_strlen($ellipsis); + $out = mb_substr($title, 0, $available) . $ellipsis; + } else { + $out = $title; + } } return $out; From 96ef4435b61570dbbf15d921a42543bfb13786c0 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 8 Feb 2010 15:32:20 -0800 Subject: [PATCH 27/30] Allow scripts/decache.php to blow out cache for objects that don't exist (anymore). May miss keys other than the given or primary key, but should work for a lot of common cases where a bad entry's been removed from DB but lingers in cache. --- scripts/decache.php | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/scripts/decache.php b/scripts/decache.php index 7cabd78ada..094bdb5aa0 100644 --- a/scripts/decache.php +++ b/scripts/decache.php @@ -24,6 +24,8 @@ $helptext = << [] Clears the cache for the object in table with id If is specified, use that instead of 'id' + + ENDOFHELP; require_once INSTALLDIR.'/scripts/commandline.inc'; @@ -43,8 +45,10 @@ if (count($args) > 2) { $object = Memcached_DataObject::staticGet($table, $column, $id); if (!$object) { - print "No such '$table' with $column = '$id'.\n"; - exit(1); + print "No such '$table' with $column = '$id'; it's possible some cache keys won't be cleared properly.\n"; + $class = ucfirst($table); + $object = new $class(); + $object->column = $id; } $result = $object->decache(); From b9b0f0410aa688cc3ee77df1563773527a8d59a9 Mon Sep 17 00:00:00 2001 From: Brion Vibber Date: Mon, 8 Feb 2010 15:46:38 -0800 Subject: [PATCH 28/30] Pull GeoRSS locations over OStatus feeds --- plugins/OStatus/lib/feedmunger.php | 37 +++++++++++++++++++++++++++++- 1 file changed, 36 insertions(+), 1 deletion(-) diff --git a/plugins/OStatus/lib/feedmunger.php b/plugins/OStatus/lib/feedmunger.php index 9480177025..cbaec67750 100644 --- a/plugins/OStatus/lib/feedmunger.php +++ b/plugins/OStatus/lib/feedmunger.php @@ -225,10 +225,45 @@ class FeedMunger $notice->created = common_sql_date($entry->updated); // @fixme $notice->is_local = Notice::GATEWAY; $notice->source = 'feed'; - + + $location = $this->getLocation($entry); + if ($location) { + if ($location->location_id) { + $notice->location_ns = $location->location_ns; + $notice->location_id = $location->location_id; + } + $notice->lat = $location->lat; + $notice->lon = $location->lon; + } + return $notice; } + /** + * @param feed item $entry + * @return mixed Location or false + */ + function getLocation($entry) + { + $dom = $entry->model; + $points = $dom->getElementsByTagNameNS('http://www.georss.org/georss', 'point'); + + for ($i = 0; $i < $points->length; $i++) { + $point = trim($points->item(0)->textContent); + $coords = explode(' ', $point); + if (count($coords) == 2) { + list($lat, $lon) = $coords; + if (is_numeric($lat) && is_numeric($lon)) { + common_log(LOG_INFO, "Looking up location for $lat $lon from georss"); + return Location::fromLatLon($lat, $lon); + } + } + common_log(LOG_ERR, "Ignoring bogus georss:point value $point"); + } + + return false; + } + /** * @param XML_Feed_Type $entry * @return string notice text, within post size limit From 2600ad9643cf4bcca291998379b1668f695f9a88 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Mon, 8 Feb 2010 21:52:05 -0800 Subject: [PATCH 29/30] Better checking for duplicate app names --- actions/editapplication.php | 2 +- actions/newapplication.php | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/actions/editapplication.php b/actions/editapplication.php index ca5dba1e49..64cf0a5745 100644 --- a/actions/editapplication.php +++ b/actions/editapplication.php @@ -277,7 +277,7 @@ class EditApplicationAction extends OwnerDesignAction function nameExists($name) { $newapp = Oauth_application::staticGet('name', $name); - if (!$newapp) { + if (empty($newapp)) { return false; } else { return $newapp->id != $this->app->id; diff --git a/actions/newapplication.php b/actions/newapplication.php index c0c5207979..0f819b3499 100644 --- a/actions/newapplication.php +++ b/actions/newapplication.php @@ -290,7 +290,7 @@ class NewApplicationAction extends OwnerDesignAction function nameExists($name) { $app = Oauth_application::staticGet('name', $name); - return ($app !== false); + return !empty($app); } } From e8428d1d525677fa116236735a43e7b49e8a3fd3 Mon Sep 17 00:00:00 2001 From: Sarven Capadisli Date: Wed, 10 Feb 2010 11:16:27 +0100 Subject: [PATCH 30/30] Refactored repeat confirmation dialog. Also fixes dialog skipping. --- js/util.js | 48 +++++++++++++++++++++++++----------------------- 1 file changed, 25 insertions(+), 23 deletions(-) diff --git a/js/util.js b/js/util.js index c6a9682de2..639049668c 100644 --- a/js/util.js +++ b/js/util.js @@ -356,42 +356,44 @@ var SN = { // StatusNet }, NoticeRepeat: function() { - $('.form_repeat').live('click', function() { - SN.U.FormXHR($(this)); + $('.form_repeat').live('click', function(e) { + e.preventDefault(); + SN.U.NoticeRepeatConfirmation($(this)); return false; }); }, NoticeRepeatConfirmation: function(form) { - function NRC() { - form.closest('.notice-options').addClass('opaque'); - form.addClass('dialogbox'); + var submit_i = form.find('.submit'); - form.append(''); - form.find('button.close').click(function(){ - $(this).remove(); + var submit = submit_i.clone(); + submit + .addClass('submit_dialogbox') + .removeClass('submit'); + form.append(submit); + submit.bind('click', function() { SN.U.FormXHR(form); return false; }); - form.closest('.notice-options').removeClass('opaque'); - form.removeClass('dialogbox'); - form.find('.submit_dialogbox').remove(); - form.find('.submit').show(); + submit_i.hide(); - return false; - }); - }; + form + .addClass('dialogbox') + .append('') + .closest('.notice-options') + .addClass('opaque'); - form.find('.submit').bind('click', function(e) { - e.preventDefault(); + form.find('button.close').click(function(){ + $(this).remove(); - var submit = form.find('.submit').clone(); - submit.addClass('submit_dialogbox'); - submit.removeClass('submit'); - form.append(submit); + form + .removeClass('dialogbox') + .closest('.notice-options') + .removeClass('opaque'); - $(this).hide(); + form.find('.submit_dialogbox').remove(); + form.find('.submit').show(); - NRC(); + return false; }); },