Mikael Nordfeldth
0590f2975e
Merge branch 'utf8mb4' into nightly
...
Conflicts because of urlhash fixes:
classes/File.php
classes/File_redirection.php
classes/File_thumbnail.php
2015-02-19 20:50:40 +01:00
Mikael Nordfeldth
45dc76de26
File and File_redirection adhoc storage methods updated for urlhash
2015-02-19 19:05:24 +01:00
Mikael Nordfeldth
0deaf6c50c
use common_purify to purify HTML, one function to rule them all
2015-02-18 00:14:28 +01:00
Mikael Nordfeldth
9aa59c7f62
forgot primary key column to updateWithKeys in SalmonAction
2015-02-17 21:31:35 +01:00
Mikael Nordfeldth
59763ceecb
SalmonAction now updates remote URI if it was stale.
...
After doublechecking two identities so that they match (like one that was
previously http:// but now is https://) we update the URI in our database
to match.
This has to be verified so it's not easy to fool our script and thus make
us replace legitimate URIs with fake ones. I believe the callback method
is safe, but I'm not sure how well it handles HTTP MITM attacks etc.
2015-02-17 17:35:45 +01:00
Mikael Nordfeldth
2f86cd8602
utf8mb4 conversion on database with index adjusts
2015-02-12 18:18:55 +01:00
Mikael Nordfeldth
39dce9e348
Merge commit 'refs/merge-requests/36' of https://gitorious.org/social/mainline into merge-requests/36
2015-02-08 23:11:47 +01:00
Chimo
11053431d6
Populate 'created' property on ostatus_source
...
The 'created' column in ostatus_source SQL table has NOT NULL restriction.
INSERTs fail when running MySQL/MariaDB in strict mode if this is not
populated.
2015-02-08 13:41:29 -05:00
Mikael Nordfeldth
1bda6fb9be
General code quality improvement for easier understanding
...
Also made sure we only match local group IDs in recognizedFeed for PushhubAction
2015-02-08 11:47:15 +01:00
Mikael Nordfeldth
4b77f88a17
Merge commit 'refs/merge-requests/34' of https://gitorious.org/social/mainline into merge-requests/34
2015-02-08 11:21:36 +01:00
Chimo
56c0cd621a
Remove NOT NULL restriction on FeedSub last_update
...
Fixes an issue where INSERTs fail if MySQL/MariaDB runs in "strict
mode".
2015-02-07 11:08:03 -05:00
Chimo
937adf05c9
Remove NOT NULL restriction on HubSub 'lease'
...
This fixes an issue where INSERTs in HubSub fail if MySQL/MariaDB is
running in "strict mode" since the default lease time in
PushHubAction::subunsub is null.
Permanent subscriptions have been removed in PuSH v0.4, but they are
being kept here for backward-compatibility with previous GS/SN versions.
2015-02-07 10:46:13 -05:00
Mikael Nordfeldth
f141565104
Allow delete-inactive for gcfeeds
...
Garbage collecting should also allow to clean up leftover database entries.
2015-02-04 16:49:03 +01:00
Mikael Nordfeldth
7666ac34f9
Revert "Notices for faves are already sent as they are notices now."
...
This reverts commit 636d5141e9
.
We want the salmon notifyActivity call
2015-02-03 17:50:21 +01:00
Mikael Nordfeldth
636d5141e9
Notices for faves are already sent as they are notices now.
2015-02-03 16:44:13 +01:00
Mikael Nordfeldth
acec8b8cf2
Default value false for $force on Ostatus updateAvatar
2015-01-27 14:14:24 +01:00
Mikael Nordfeldth
cc996f58db
Test in Ostatus_profile if avatar is an image before writing to filesystem
...
This clears one FIXME...
We also fix HTTPClient::quickGet() (and a related call in OStatus testfeed.php).
2015-01-27 14:00:39 +01:00
Mikael Nordfeldth
cdd3c52633
Handle groups better in Ostatus_profile->updateAvatar
2015-01-27 13:38:11 +01:00
Mikael Nordfeldth
482f61ac15
OStatusSub should use inherent attributes
...
No need to make several common_current_user calls and then getProfile
directly after that, since we have stuff like $this->scoped.
2015-01-27 13:23:49 +01:00
Mikael Nordfeldth
cf46de6ca7
Ostatus_profile smarter test if avatar exists
...
If you accidentally deleted a remote user's avatar from filesystem,
it'd take until its URL was updated that you got it back. Now it
happens if the local avatar file doesn't exist.
2015-01-26 17:43:09 +01:00
Mikael Nordfeldth
697a00d8e1
Force updateAvatar if desired
2015-01-26 17:26:51 +01:00
Mikael Nordfeldth
7beec74f0c
Differentiate on group and user for WebFinger data
2015-01-26 12:18:35 +01:00
Mikael Nordfeldth
aeaee388bf
Store remote magicsig public keys locally
2015-01-24 13:06:09 +01:00
Mikael Nordfeldth
2d0155a50f
Added Magicsig onProfileDeleteRelated
2015-01-24 12:47:39 +01:00
Mikael Nordfeldth
975ce6d83e
Documentation update (clarifying need for php5-gmp in comment)
2015-01-24 12:22:29 +01:00
Mikael Nordfeldth
cce808b27c
const'ifying bits and sigalg
...
Also we should move away from 1024 bit keys as soon as we can.
2015-01-24 12:18:55 +01:00
Mikael Nordfeldth
3a0136fe1f
Replace file_get_contents with HTTPClient in testfeed
2015-01-22 11:30:36 +01:00
Mikael Nordfeldth
d492b74e42
holy crap, file_put_contents got args in wrong order
2015-01-18 02:57:08 +01:00
Mikael Nordfeldth
5d9e9aaaf5
Keep the old error message on updateAvatar
2015-01-18 02:48:39 +01:00
Mikael Nordfeldth
010824c4b5
Use HTTPClient to download avatar
...
also make updateAvatar public so we can call it from update_ostatus_profile.php
2015-01-18 02:44:55 +01:00
Mikael Nordfeldth
0499736bb4
Loose_Ostatusprofile::updateAvatar was identical to Ostatus_profile
2015-01-18 02:39:08 +01:00
Mikael Nordfeldth
ba9abb3c57
Add nohub config setting to allowed non-PuSH feeds
2015-01-16 01:10:55 +01:00
Mikael Nordfeldth
8594a2ba16
FeedPoller plugin, for hubless feeds
2015-01-15 21:13:13 +01:00
Mikael Nordfeldth
57d8eb8a53
Ensuring unknown profiles in salmon slaps work again
2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
db7154c63b
Abort on failure instead of return early success
2015-01-13 13:18:57 +01:00
Mikael Nordfeldth
66044b7782
ensureActivityObjectProfile is more thorough than createAct...
2015-01-12 11:47:21 +01:00
Mikael Nordfeldth
73669ed308
ensureProfile already done and stored in $this->oprofile
2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
d8f4de450c
Support for updated aliases
...
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.
Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?
Currently we do _not_ update the ostatus_profile table with the new URI.
2015-01-10 02:07:39 +01:00
Mikael Nordfeldth
d32fef6039
Merge commit 'refs/merge-requests/28' of https://gitorious.org/social/mainline into merge-requests/28
2015-01-08 16:48:42 +01:00
Joshua Judson Rosen
f246dd4645
OStatusPlugin: fix ensureProfile catch-22 in onCheckActivityAuthorship()
...
Use profile URL (not URI), like elsewhere.
Profile::getUri() doesn't actually do anything useful, here--
it does nothing unless a plugin (like OStatus) is already
able to resolve the Profile into a backend object (e.g.: an Ostatus_profile).
If we might not already have an Ostatus_profile for a given Profile,
then we need to use $profile->getUrl() and fetch the data from that URL.
2014-12-30 23:56:33 -05:00
Mikael Nordfeldth
d3a8896b2a
Merge commit 'refs/merge-requests/26' of https://gitorious.org/social/mainline into merge-requests/26
2014-12-09 13:45:15 +01:00
Joshua Judson Rosen
f71eeaee5a
OStatus/scripts/update-profile-data.php: print updated fullnames
...
Now that we can actually update them again.
2014-12-08 22:06:29 -05:00
Mikael Nordfeldth
812d1eead9
Stronger typing in Ostatus_profile
2014-12-08 19:52:00 +01:00
Mikael Nordfeldth
72d1c3c73e
fetch conversation URI in processPost, not processShare
2014-11-27 16:51:21 +01:00
Mikael Nordfeldth
bdb4a41696
Use remote conversation URI info to stitch convos together
...
If we know the URI sent from the remote party, and we don't know the
notice it is replying to, we might still be able to put it in the same
conversation thread!
2014-11-27 14:06:10 +01:00
Mikael Nordfeldth
8056097478
Try to lookup the profile if we don't know it yet
2014-11-24 23:50:42 +01:00
Mikael Nordfeldth
720c2c9ff2
Ostatus_profile->checkAuthorship returns Profile
...
not Ostatus_profile
2014-11-24 23:40:06 +01:00
Mikael Nordfeldth
3bf1478f97
Bad parameter count for checkAuthorship
...
At the same time we change this to call ActivityUtils::checkAuthorship
instead to let the retrieval/verification go through event handling.
rozzin (Joshua Judson Rosen) found this error. Thanks.
2014-11-24 12:49:20 +01:00
Joshua Judson Rosen
4b875e0fd0
Fix OStatus groups by making Ostatus_profile::localProfile() work for groups
...
We need to look up a feed profile for HandleFeedEntryWithProfile events,
regardless of whether they're an OStatus user, group, or something else;
this is the least hairy way of doing that--the alternative being
to keep spreading the same logic all over the calling code.
Theoretically, this change might allow OStatusGroups to be recorded
as the authors of activities if they pass through any authorless
activities; but that's why we have checkAuthorship().
2014-11-24 12:30:37 +01:00
Joshua Judson Rosen
d2e1a8c706
Ostatus_profile::checkAuthorship(): throw ServerException when bogus non-authorship is detected
...
Similarly to what ActivityUtils::checkAuthorship does; try to ensure
that activities from ambiguous OStatus feeds (groups and peopletags)
that require explicit authorship don't get in without explicit authors.
2014-11-24 12:29:41 +01:00
Mikael Nordfeldth
496acdc7d9
normalizing acct: URI just to be sure
2014-11-16 18:29:05 +01:00
Mikael Nordfeldth
faae9d069a
We're using URLMapper, not Net_URL_Mapper
2014-11-07 15:24:05 +01:00
Mikael Nordfeldth
29ac42addd
Diaspora public key published in WebFinger
2014-11-06 21:05:31 +01:00
Mikael Nordfeldth
57b5e2483d
A little bit more debugging.
2014-10-25 14:23:15 +02:00
Mikael Nordfeldth
2d0c7c2c99
ensureWebfinger was never complete in StatusNet. Worked a bit on it.
2014-07-27 23:08:02 +02:00
Mikael Nordfeldth
ae62b91940
Unifying HTML stripping functions to common_strip_html
2014-07-14 13:52:23 +02:00
Mikael Nordfeldth
fffacaa27c
FavorAction now uses Notice::saveActivity
2014-07-06 01:37:03 +02:00
Mikael Nordfeldth
eda69cabaf
Remove Ostatus_profile when releted Profile is deleted
2014-07-04 11:45:42 +02:00
Mikael Nordfeldth
4b40d6bb2a
TagprofileAction fiddled with, now doesn't require OStatus override
...
But it still doesn't quite work properly, so a lot of work is necessary for this.
2014-07-03 14:02:21 +02:00
Mikael Nordfeldth
b63f6e949c
Converted all ActivityObject::fromProfile to $profile->asActivityObject
2014-07-03 10:51:36 +02:00
Mikael Nordfeldth
c44146d6f8
Favorites are now being stored from activities
2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
9f4bcbad8a
checkAuthorship events, Ostatus_profile rewrite to handle it
...
Lost dependency of OStatus plugin for lib/microappplugin.php, whoo!
also noting which plugins should be upgraded to new saveActivity support.
Favorite plugin won't work with the new system just yet, it doesn't have
the necessary functions to extract activity objects, but that's coming
in the next (few) commits.
2014-07-02 11:38:45 +02:00
Mikael Nordfeldth
acb07ef52f
Added saveActivity method to Notice class
...
saveActivity will accept an Activity which gets parsed and saved through
plugins. So when an ActivityHandlerPlugin (such as Favorite will be soon)
gets a feed to save, this will be the function called instead of saveNew.
2014-07-02 11:38:37 +02:00
Mikael Nordfeldth
d0da552722
SalmonAction and extensions simplified
2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
c74dc15173
DiscoveryHints gets microformats2 parsing abilities
2014-06-24 01:27:03 +02:00
Mikael Nordfeldth
55418685c4
DiscoveryHints now properly returns hcard url
2014-06-23 20:51:37 +02:00
Mikael Nordfeldth
d350a20e1f
Less verbose debugging (also don't log private keys)
...
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
2014-06-03 12:53:04 +02:00
Mikael Nordfeldth
aaef11077d
Default of Magicsig keypair toString should be secure
...
Prevent crappy coders from leaking private keys.
2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
0bc122ff58
Magicsig::generate is now static
...
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.
I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987
Salmon posts can only be made for local users. More typing!
...
Since we of course don't have the remote party's private keys anyway.
I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
2cd25039af
Quick-return is more comprehensible than long if statements
2014-06-02 19:37:06 +02:00
Mikael Nordfeldth
f7479e3f57
Prepare for WebFinger magicsig data for remote profiles
2014-06-02 19:33:09 +02:00
Mikael Nordfeldth
78805d113a
MagicEnvelope discoverKeyPair now returns string
...
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b
Only use a Profile in MagicEnvelope keypair retrieval
...
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
56194b3cd9
Magicsig importKeys finetuning and getHash() use
2014-06-02 16:11:15 +02:00
Mikael Nordfeldth
dc52a8ff43
Don't ensureProfile before we verify signature
2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
00b2bddc7c
Clarify it's not base64, but base64url, encoding in Magicsig
2014-06-02 14:51:15 +02:00
Mikael Nordfeldth
993ad00333
Improve debugging for Salmon slaps
2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6
Try the whole Salmon action for AlreadyFulfilledException
...
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
c1dc13bef0
Magicsig warning message would fail to get bits
2014-06-02 13:35:29 +02:00
Mikael Nordfeldth
3ef8322b03
There could be unresolvable FeedSub entries
2014-06-01 16:07:08 +02:00
Mikael Nordfeldth
75711ae06a
Magicsig is made a bit less cumbersome
2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4
Use locally cached Salmon keys for profiles
...
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad
Last objectification of MagicEnvelope. Smarter SalmonAction
2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
9e6599b9fb
Salmon log message tidying up
2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f
Bad variable names (fixes last commit)
2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67
MagicEnvelope object orientation (no passing arrays)
...
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad
Make MagicEnvelope self-reference
...
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc
Removed MagicEnvelopeCompat, legacy from SN <0.9.7
2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473
Minor changes in Salmon lib for Magicsig retrieval.
2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
ba10da27da
Should not normalize Salmon author URIs.
...
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7
getAuthorUri is a more appropriate function name
2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a
checkAuthor not used anywhere
2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
3c322abafc
There's no guarantee we have an Ostatus_profile for Feedsub
2014-05-19 18:34:44 +02:00
Mikael Nordfeldth
0dad11bb85
Inform and make use of NoProfileException in OStatus actions
...
This is because Ostatus_profile->localProfile() throws NoProfileException
instead of returning null for profiles which don't exist in Profile table.
2014-05-19 18:07:57 +02:00
Mikael Nordfeldth
63c20e59aa
UsersalmonAction cleanup
2014-05-19 18:07:14 +02:00
Mikael Nordfeldth
228dc1f851
Ostatus_profile throws NoProfileException from localProfile()
...
Some implementations of the exception handling is included here,
the actions come in a later commit.
2014-05-19 17:59:36 +02:00
Mikael Nordfeldth
d2c749c7de
NoUriException added and implemented in FeedSub class
...
This is a specific exception for objects which require URI but lack it,
first implemented in FeedSub to allow for identification of bad entries.
2014-05-19 17:30:04 +02:00
Mikael Nordfeldth
1207f4f06f
isLocal() for User_group
2014-05-19 14:46:54 +02:00
Mikael Nordfeldth
7977361193
Too many bird wings ({), sorry Erkan :)
2014-05-07 09:52:50 +02:00