Commit Graph

256 Commits

Author SHA1 Message Date
Mikael Nordfeldth
184293c634 Break out MagicEnvelope->toXML() functionality to allow for plugin flexibility 2015-10-04 00:17:07 +02:00
Mikael Nordfeldth
30a4393afa Move around some code related to Magic_envelope and signing 2015-10-03 23:35:46 +02:00
Mikael Nordfeldth
c5a5eaf288 Do we update feeduri and salmonuri for Ostatus_profile now?
When changing from HTTP to HTTPS, following up on commit
59763ceecb
where http to https Ostatus_profile URI changing was first introduced.
2015-07-11 19:46:01 +02:00
Mikael Nordfeldth
24b1e26406 MagicEnvelope called DOMDocument::loadXML statically
but apparently we shouldn't do this, despite recommended on https://secure.php.net/manual/en/domdocument.loadxml.php
2015-07-10 23:24:50 +02:00
Mikael Nordfeldth
6478034e92 Diaspora-compatible Salmon slap receival
We're not all the way there yet, there is something which seems to bugger
up profile discovery from their end.
2015-06-06 17:14:38 +02:00
Mikael Nordfeldth
faf14197cd Diaspora doesn't understand our Salmon POST, so send again 2015-06-06 16:57:29 +02:00
Mikael Nordfeldth
4de125dd84 Moved FeedSubException parent class to own file 2015-06-06 16:02:25 +02:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
9aa59c7f62 forgot primary key column to updateWithKeys in SalmonAction 2015-02-17 21:31:35 +01:00
Mikael Nordfeldth
59763ceecb SalmonAction now updates remote URI if it was stale.
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.

This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
2015-02-17 17:35:45 +01:00
Mikael Nordfeldth
aeaee388bf Store remote magicsig public keys locally 2015-01-24 13:06:09 +01:00
Mikael Nordfeldth
975ce6d83e Documentation update (clarifying need for php5-gmp in comment) 2015-01-24 12:22:29 +01:00
Mikael Nordfeldth
57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
66044b7782 ensureActivityObjectProfile is more thorough than createAct... 2015-01-12 11:47:21 +01:00
Mikael Nordfeldth
73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
d8f4de450c Support for updated aliases
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.

Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?

Currently we do _not_ update the ostatus_profile table with the new URI.
2015-01-10 02:07:39 +01:00
Mikael Nordfeldth
c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
c74dc15173 DiscoveryHints gets microformats2 parsing abilities 2014-06-24 01:27:03 +02:00
Mikael Nordfeldth
55418685c4 DiscoveryHints now properly returns hcard url 2014-06-23 20:51:37 +02:00
Mikael Nordfeldth
d350a20e1f Less verbose debugging (also don't log private keys)
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
78805d113a MagicEnvelope discoverKeyPair now returns string
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b Only use a Profile in MagicEnvelope keypair retrieval
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4 Use locally cached Salmon keys for profiles
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays)
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad Make MagicEnvelope self-reference
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
ba10da27da Should not normalize Salmon author URIs.
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00
Mikael Nordfeldth
fc3125cf28 More modern coding, stuff related to subscriptions
Also trying to use the newly implemented AlreadyFulfilledException
2014-05-05 23:58:05 +02:00
Mikael Nordfeldth
cdefeda659 More debugging for Salmon activities 2014-05-05 19:10:44 +02:00
Mikael Nordfeldth
bbada781b7 Stronger typing and function access control in OStatus 2014-05-05 19:06:22 +02:00
Mikael Nordfeldth
700dce386a WebFingerResource for profiles now WebFingerResource_Profile 2013-11-09 00:49:00 +01:00
Mikael Nordfeldth
7ddd561837 Salmon only has one "rel" value now, so start deprecating 2013-11-01 17:00:12 +01:00
Mikael Nordfeldth
ca66860a4f Better typing and minor fixes to OStatus related stuff 2013-11-01 13:20:45 +01:00
Mikael Nordfeldth
e868ebfe77 WebFingerResource introduced, instead of strict Profile object
This is the beginning of getting notice URI info via WebFinger

*XrdActionLinks is renamed *WebFingerProfileLinks, check EVENTS.txt
in WebFinger plugin for new events.
2013-10-20 15:48:14 +02:00
Mikael Nordfeldth
a7e748479c Fixed regression in OStatus sub from WebFinger/XML_XRD update
XML_XRD::getAll requires arguments (at least relation). If one really
want all links, just get the 'links' array. It's public!

Also, not all XML_XRD_Element_Link were migrated from the previous
array style.
2013-09-30 23:33:28 +02:00
Mikael Nordfeldth
a0e107f17f Implemented WebFinger and replaced our XRD with PEAR XML_XRD
New plugins:
* LRDD
    LRDD implements client-side RFC6415 and RFC7033 resource descriptor
    discovery procedures. I.e. LRDD, host-meta and WebFinger stuff.

    OStatus and OpenID now depend on the LRDD plugin (XML_XRD).

* WebFinger
    This plugin implements the server-side of RFC6415 and RFC7033. Note:
    WebFinger technically doesn't handle XRD, but we serve both that and
    JRD (JSON Resource Descriptor), depending on Accept header and one
    ugly hack to check for old StatusNet installations.

    WebFinger depends on LRDD.

We might make this even prettier by using Net_WebFinger, but it is not
currently RFC7033 compliant (no /.well-known/webfinger resource GETs).

Disabling the WebFinger plugin would effectively render your site non-
federated (which might be desired on a private site).

Disabling the LRDD plugin would make your site unable to do modern web
URI lookups (making life just a little bit harder).
2013-09-30 22:04:52 +02:00
Joshua Judson Rosen
44f7ad612a Correctly distribute notices from remote posters through local groups to remote group-members via OStatus.
Allow the OStatus queue-handler to handle all posts,
and give it the smarts required to make correct decisions
about whether it should or shouldn't relay notices
over OStatus.
cf. http://status.net/open-source/issues/3540

Conflicts (staticGet => getKV):

	plugins/OStatus/lib/ostatusqueuehandler.php
2013-09-29 23:19:11 +02:00
Mikael Nordfeldth
de55d8f83b plugins onAutoload now only overloads if necessary (extlibs etc.)
lib/plugin.php now has a parent onAutoload function that finds most common
files that are used in plugins (actions, dataobjects, forms, libs etc.) if
they are put in the standardised directories ('actions', 'classes', 'forms',
'lib' and perhaps some others in the future).
2013-08-28 16:10:30 +02:00
Mikael Nordfeldth
0bbcfa7bdf IMPORTANT - fixed HubSub to properly fetch primary keys
In commit e95f77d34c HubSub lost the
'staticGet' function in a consolidation into the Managed_DataObject class.
This was done carelessly by me as HubSub::staticGet was actually taking
two arguments, none of which was a key and merging them in HubSub::hashkey()
(staticGet was renamed getKV 2a4dc77a63).

NOTE: This complements commit 7e4718a4eb which
fixed a similar issue for the Magicsig class.
2013-08-21 11:25:08 +02:00
Mikael Nordfeldth
2a4dc77a63 The overloaded DB_DataObject function staticGet is now called getKV
I used this hacky sed-command (run it from your GNU Social root, or change the first grep's path to where it actually lies) to do a rough fix on all ::staticGet calls and rename them to ::getKV

   sed -i -s -e '/DataObject::staticGet/I!s/::staticGet/::getKV/Ig' $(grep -R ::staticGet `pwd`/* | grep -v -e '^extlib' | grep -v DataObject:: |grep -v "function staticGet"|cut -d: -f1 |sort |uniq)

If you're applying this, remember to change the Managed_DataObject and Memcached_DataObject function definitions of staticGet to getKV!

This might of course take some getting used to, or modification fo StatusNet plugins, but the result is that all the static calls (to staticGet) are now properly made without breaking PHP Strict Standards. Standards are there to be followed (and they caused some very bad confusion when used with get_called_class)

Reasonably any plugin or code that tests for the definition of 'GNUSOCIAL' or similar will take this change into consideration.
2013-08-18 13:13:56 +02:00
Evan Prodromou
961607bc5d Ignore non-atom updates links in Webfinger 2012-05-04 12:01:13 -04:00
Evan Prodromou
9f954eddc5 remove unsupported hcard action 2011-09-27 11:43:41 -04:00
Evan Prodromou
dbb7324b25 test for missing profile in ostatus queue handler 2011-09-18 14:36:49 -04:00
Siebrand Mazeland
1fa689e913 tag -> list 2011-08-20 20:30:37 +02:00
Evan Prodromou
da4ba6a5a9 reinstate lost replies code in OStatusQueueHandler 2011-06-29 13:51:19 -04:00
Siebrand Mazeland
4651c9d94a Fix L10n/i18n.
Some remaining people tag -> list.
Favor -> like
Update translator documentation.
Whitespace updates.
2011-04-29 18:59:47 +02:00
Siebrand Mazeland
b83e0fd0e8 Update translator documentation.
i18n fixes (gettext domain).
L10n updates.
Whitespace updates.
Some tabs to spaces.
2011-04-11 00:39:51 +02:00
Shashi Gowda
c335db4bbc OStatus support for people tags 2011-03-07 00:45:34 +05:30
Evan Prodromou
2a59453d4c Merge branch 'testing' into moveaccount 2011-01-17 17:34:03 -05:00
Evan Prodromou
0fa57948f2 move linkheader.php to core 2011-01-16 17:15:26 -05:00
Evan Prodromou
7d1f609bf0 Move discovery library from OStatus plugin to core 2011-01-16 17:15:26 -05:00
Brion Vibber
1d15145993 Salmon signature checks on incoming slaps now check both old and new signature formats. 2011-01-06 00:01:42 +00:00
Brion Vibber
437ac120b0 Outgoing Salmon slaps now use the corrected signature format; if the first hit is rejected with an HTTP error, we try again with the old format.
(This is not 100% ideal; possibly should try to distinguish between server errors and rejections, etc.)
2011-01-05 23:54:16 +00:00
Brion Vibber
946a4ac17b Add test cases for internal change in Salmon signing; fix for the new code.
Updated sig passes Tuomas's verifier, which is a good sign
2011-01-05 23:26:39 +00:00
Brion Vibber
51d1535f15 Added doc comments on Salmon magicsig-related stuff to help in figuring out what's going on 2011-01-05 14:05:59 -08:00
Evan Prodromou
b54ea6767a New event for Salmon including target 2010-12-27 10:51:59 -08:00
Evan Prodromou
0a4911552e Move user xrd action to core and use hooks to extend
Moved the Webfinger user XRD action from the OStatus plugin to core.
Added hooks to add OStatus-specific stuff, but kept general stuff in
the core.
2010-11-26 21:38:38 -05:00
Craig Andrews
3f3b38766f move xrd and hostmeta out of the OStatus plugin and into core
add event for setting up hostmeta, and use them in the OStatus plugin
2010-11-26 21:12:14 -05:00
Evan Prodromou
23ac961624 Show Webfinger, URI and profile page as subject and aliases 2010-10-14 11:06:57 -04:00
Brion Vibber
69b13cb279 Normalize execution guards on OStatus php files; mostly helps cut down on annoying 'class not found' errors when something spiders the dirs. :P 2010-10-08 10:42:59 -07:00
Siebrand Mazeland
5a6f616206 * i18n/L10n update
* translator comments added
* remove superfluous whitespace
2010-09-19 15:17:36 +02:00
Siebrand Mazeland
a9fad9a7ac Add translator hint. 2010-09-12 17:08:49 +02:00
Evan Prodromou
4aac47de03 syntax error in exception string in discovery.php 2010-09-03 01:41:01 -04:00
Siebrand Mazeland
1bfbe9badf * i18n/L10n updates and FIXMEs added
* whitespace fixes
2010-09-03 01:35:04 +02:00
Evan Prodromou
c82b1cda82 send a salmon slap to mentioned person when we reply to a notice 2010-09-01 14:35:43 -04:00
Evan Prodromou
54b93aede6 typo mixing up and in salmonaction 2010-08-16 10:03:38 -07:00
Brion Vibber
f7b2bb09e6 Suppress whinging during HTML parsing in profile page discovery for things that turn out to be XML feeds with funny namespaces. 2010-08-13 12:23:28 -07:00
Brion Vibber
9a53be4669 Initial support for third-party fallback hub such as Superfeedr for feed subscriptions.
If set up, this hub will be used to subscribe to feeds that don't specify a hub of their own.
Assumes that the fallback hub will, in fact, handle polling and updates for any feed we throw at it!
Authentication may be specified for the fallback hub.

Example:

  $config['feedsub']['fallback_hub'] = 'https://superfeedr.com/hubbub';
  $config['feedsub']['hub_user'] = 'abcd';
  $config['feedsub']['hub_pass'] = 'ckcmdkmckdmkcdk';

Also:
* Fix for WordPress-RSS-via-Superfeedr-Atom; if we have <author> info but no ID from a native ActivityStreams actor, don't freak out in the low-level processing code that checks for identity matches.
* enhanced messages for low-level FeedSub exceptions if they make it to outside display
2010-08-10 12:57:40 -07:00
James Walker
c8a706081e strip whitespace from me:data and me:sig (per spec) 2010-08-07 09:48:21 -04:00
James Walker
8120842780 Fix for #2429 - move OStatus XML writing to XMLStringer 2010-08-02 16:42:28 -04:00
James Walker
56294016a7 fix #2478 - ensure all XRD documents get proper content-type headers 2010-08-02 14:47:13 -04:00
James Walker
517c7483d1 move to rel="salmon" (per latest spec) 2010-08-02 13:24:38 -04:00
Brion Vibber
d645b342ac Commit hubprepqueuehandler.php -- fix for OStatus bulk output. 2010-07-12 14:22:36 -07:00
Brion Vibber
41e9dba729 OStatus plugin: Rolling batch queueing for PuSH output to >50 subscribing sites. Keeps latency down for other things enqueued while we work... 2010-06-07 10:03:43 -07:00
Brion Vibber
cbf2e7cfea Avoid PHP notice about undefined array index when no avatar photo available from Google profile 2010-05-21 10:18:13 -07:00
James Walker
1999b836c0 accept either salmon endpoint (until they're unified in the spec) 2010-05-14 16:43:41 -04:00
Brion Vibber
5f5d9518bd Avoid spewing giant debug backtrace into exception in certain OStatus subscription failure cases.
The code pattern 'new XXXException($e)' to chain exceptions doesn't actually work as intended, as exceptions are actually expecting a string message here.
This caused an implicit string conversion from HTTP_Request2_Exception, which is a PEAR_Exception, which defines an absurdly detailed __toString() method including a giant HTML table with a backtrace if you happen to be on a web request.
Simply passing $e->getMessage() instead clears this up, as we'll get the nice short message like 'Couldn't connect to tcp://blahblah:80'
2010-05-04 17:11:43 -07:00
James Walker
c6c4510192 move base64_url_(encode|decode) to static functions in Magicsig 2010-03-26 13:37:46 -04:00
James Walker
cfca789b34 Updated Math_Biginteger from upstream - removing safe* workarounds 2010-03-24 15:18:41 -04:00
James Walker
10410907a0 A bit safer checking in the keypair parsing 2010-03-24 14:27:35 -04:00
Brion Vibber
5f32cf32cd Don't spew XML parse warnings to output when checking a remote XRD page 2010-03-23 14:18:45 -07:00
Brion Vibber
27bfd1211d Math_BigInteger doesn't correctly handle serialization/deserialization for a value of 0, which can end up spewing notices to output and otherwise intefering with Salmon signature setup and verification when using memcached.
Worked around this with a subclass that fixes the wakeup, used for the stored 0 value in the subclassed Crypt_RSA.
2010-03-22 12:17:45 -07:00
James Walker
a20880ee1e Fixing HTTP Header LRDD parsing (sites in subdirectories need this) 2010-03-22 13:45:13 -04:00
Brion Vibber
db0cf50f65 Avoid notices for accessing undefined array indices in hcard processing 2010-03-19 15:54:54 -07:00
Evan Prodromou
5092f98c0d return empty hints if no hcard in the html 2010-03-19 15:28:06 -05:00
Evan Prodromou
1e03968d91 define a 'root' attribute for the channel or feed 2010-03-19 15:23:30 -05:00