Commit Graph

63 Commits

Author SHA1 Message Date
Diogo Cordeiro
4d171b27a4 [ActivityPub][NOTE] Do not extract actor from attributedTo
There was no checking of attributedTo, actors and referent object IDs to make
sure they exist in the same domain. Therefore, one could spoof messages from
people by doing attributedTo: whoever-i-want-to-spoof
2020-07-05 15:38:12 +01:00
Diogo Cordeiro
fe4a9a6189 [ActivityPub][Ostatus] Fetch avatars in accordance to the new media system 2020-07-05 15:37:52 +01:00
Alexei Sorokin
9a515b9234 [SCHEMA] Improve timestamp storage
Avoid the use of deprecated MariaDB "zero dates" globally. If they're present
as attribute defaults somewhere, they will be replaced with NULL implicitly.
The existing "zero dates" in MariaDB storage will be left intact and this
should not present any issues.

The "timestamp" type in table definitions now corresponds to DATETIME in
MariaDB with "DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP", which
should be close enough to the original behaviour for compatibility purposes.
It is now the recommended type for "modified" attributes, because of the
update trigger on MariaDB. But there is no such trigger implemented on
PostgreSQL as of this moment.
2020-06-29 01:41:46 +03:00
Alexei Sorokin
b924c180ae [DATABASE] Fix MariaDB schema verification 2020-06-28 20:05:11 +03:00
Diogo Cordeiro
737f3eb553 [ActivityPub][HTTPSignatures] Fix verify 2020-06-28 00:58:16 +01:00
Diogo Cordeiro
6e3954f3bb [ActivityPub][Inbox] Signature verification after Actor update would always fail 2020-06-28 00:49:55 +01:00
Diogo Cordeiro
7869a7c1b0 [ActivityPub][Inbox] With PHP 7.3 we don't need get_all_headers workaround anymore
Furthermore, it was broken on Apache2 because the actual function
doesn't put the resulting array's key in lowercase.
2020-06-27 20:43:43 +01:00
Diogo Cordeiro
1db6943702 [ActivityPub][Inbox] get_all_headers was nginx only 2020-06-26 14:08:47 +01:00
Diogo Cordeiro
e8dff6c4a0 [TESTS] Move AcceptHeader from ActivityPub plugin to Core
Delete temporary ActivityPub tests (they were to be deleted long ago)
2020-06-25 15:50:12 +01:00
Alexei Sorokin
194976135f [DATABASE] Some query improvements
Make common_sql_weight employ standard SQL functions for the timestamp
difference in seconds.
Also replace UTC_TIMESTAMP in the MariaDB-specific part with CURRENT_TIMESTAMP
as it is the only occurence and GNU social sets UTC as a default timezone.

In a delete_orphan_files.php script simplify the main query considerably.

In clean_profiles.php stop using COUNT as if it is ANY, that is unnecessary
punishment for the database. Instead implement the anti-join with a
left outer join.

In Autocomplete and Activitypub_profile use joins instead of a WHERE OR
anti-pattern for the semi-joins.

In lib/ui/galleryaction.php replace a CROSS JOIN with an INNER JOIN.

In actions/sup.php remove a redundant subquery: WHERE is applied before
grouping either way.
2020-06-10 16:52:00 +03:00
Alexei Sorokin
09a772419a [DATABASE] Use "<>" as an SQL non-equality sign in more cases
A follow-up to commit 644b417f6c
2020-06-08 18:31:22 +03:00
susdiv
b8c0fa9fa0 [ActivityPub] Fix Postgres incompatible query in Following and Followed collection 2020-06-05 17:48:21 +00:00
tenma
d7906f113e [ActivityPub] Remove TFN's deprecated Census event 2020-05-09 11:50:26 +01:00
tenma
134b6f6478 [ActivityPub] Add TheFreeNetwork module's support in handling profile insertion
Activitypub_profile:
- Update do_insert to trigger TFN's assistance in inserting the profile

explorer:
- Use the new LRDD's method for grabbing profile aliases
2020-05-09 11:50:25 +01:00
tenma
c6543e1f95 [ActivityPub] Autofix profile URIs through alias discovering
Activitypub_profile:
- Add updateUri method

explorer:
- Add grab_aliases method
- Update grab_local_user's online course to grab and test aliases
2020-05-09 11:50:25 +01:00
Diogo Cordeiro
f4558e3c41 [ActivityPub] Fix profile url handling 2020-03-28 03:16:24 +00:00
Diogo Cordeiro
073a181778 [ActivityPub] Fix undefined tag index 'type' in Activitypub_notice 2020-02-14 17:25:26 +00:00
Diogo Cordeiro
dc211c9c44 [ActivityPub][Postman] Fix not sending notices to self 2019-12-11 01:30:25 +00:00
Diogo Cordeiro
3e2b7cddc8 [ActivityPub][RSA] Revision, increase type scrictness and improve docs 2019-12-10 23:51:40 +00:00
Diogo Cordeiro
80ba2b3ccc [ActivityPub] Properly handle Actor URIs by using events correctly
This should fix nulls on explorer lookups inputed by postman after generate_followers/getSubscribers, that I think were caused by calling common_profile_uri that, curiously, only handles local profiles
2019-12-10 23:50:56 +00:00
Diogo Cordeiro
51b5b1c08c [ActivityPub][RSA] Fix types of generate_keys 2019-11-16 15:32:49 +00:00
Diogo Cordeiro
e0b17fc97d [REALTIME] Reviewed both the superclass and its dist plugins 2019-11-03 15:37:49 +00:00
Diogo Cordeiro
d921f3dadb [ActivityPub] New URI system 2019-11-10 17:47:51 +00:00
tenma
3634af3fdc [TheFreeNetwork] First code: Module class and census event 2019-11-03 00:43:21 +00:00
tenma
a0d30b6872 [ActivityPub] Fix some small known problems
ActivityPubPlugin:
- Rework onProfileDeleteRelated to account for the tables _rsa and _pending_follow_requests
- Update onEndShowAccountProfileBlock to stop creating the ap_profile if it doesn't exist (we'll handle this in a different manner)

Activitypub_profile:
- Remove unnecessary code from from_profile method and add return type information

Explorer:
- Update travel_collection to call itself instead of _lookup, that was wrong
2019-11-03 00:43:21 +00:00
tenma
bddc1c0f9d [ActivityPub] Fix successive "Cannot use object of type stdClass as array" errors in the postman 2019-11-01 02:23:39 +00:00
tenma
2ae93dbec6 [ActivityPub] Revert usage of bitwise-operator & in the inbox_handler class. 2019-10-17 20:25:00 +01:00
Diogo Cordeiro
b434bead2c [ActivityPub] The protocol allows content to be null, GNU social doesn't, we'll reject silentiously
Reported by kaniini
2019-10-11 19:09:12 +01:00
Diogo Cordeiro
6284b155b8 [ActivityPub] attributedTo itself is not required, if not present then it should be inferred from the actor
Reported by kaniini
2019-10-11 17:51:20 +01:00
Diogo Cordeiro
b12c2d17d5 [ActivityPub] Fix security issue concerning remote profile deletes
Reported by kaniini
2019-10-11 17:41:43 +01:00
Diogo Cordeiro
5fb1e26a4c [ActivityPub] Inbox Handler: Remove old guzzle import
Improve exception information in doc blocks
2019-10-11 17:18:50 +01:00
Diogo Cordeiro
6423750250 [ActivityPub] Slightly increase robustness on exception handling
Also ported Activitypub_rsa to PHP7
Minor indentation fixes
2019-10-11 17:08:41 +01:00
Diogo Cordeiro
d9b5ef1cee [ActivityPub] Consistent headers in explorer requests
Minor indentation fixes
2019-10-11 16:00:14 +01:00
Alexei Sorokin
ad91ef66bd [SCRIPTS] Set PUBLICDIR in plugin scripts as well 2019-09-18 17:15:00 +03:00
Diogo Cordeiro
3ea580b537 [ActivityPub] Add missing parenthesis in class instantiation
Fixed some issues related to thrown exceptions in the doblocks; also boolean -> bool
2019-09-13 18:58:41 +01:00
Alexei Sorokin
87b0b493eb [ActivityPub] Fix an unhandled error in onStartGetProfileFromURI 2019-09-13 20:55:23 +03:00
Diogo Cordeiro
4eb4a2de00 [ActivityPub] Fix some bugs with onStartNoticeSearch
Refactored Activitypub_profile::ensure_web_finger to Activitypub_profile::ensure_webfinger
Do not throw exceptions in the handling of this event because we don't
want to stop the regular search just because we were unable to find
ActivityPub actors or notes.
2019-09-13 18:10:20 +01:00
Alexei Sorokin
95c7344557 [DATABASE] Various table schema related fixes 2019-09-11 12:07:54 +03:00
tenma
19409cb999 [ActivityPub] Add support fox search-box profile/notice grabbing
NoticeSearchAction:
- Add new event before finding query matches

ActivityPubPlugin:
- Subscribe new searchNotice event
- Bump minor version number

Activitypub_explorer:
- Update lookup to make remote-grabbing optional
2019-09-03 03:26:35 +01:00
tenma
c06182c38f [ActivityPub] Handle DELETE-Person activity
ActivityPubPlugin:
- update grab_notice_from_url to make online grab optional
- subscribe events of user and profile deletion
- bump minor version number

Activitypub_inbox_handler:
- separate handle_delete for delete-note and delete-person

Activitypub_postman:
- add delete-person logic

Activitypub_delete:
- update validation method to check for the "Person" type
- update to_array method to target the activity
2019-09-03 03:26:35 +01:00
tenma
c130739de0 [AP] Fix subscription events
Both StartSubscribe and StartUnsubscribe had a wrong initial if-condition.
Furthermore, this events were calling Activitypub_profile::from_profile()
which is wrong because it creates the Activitypub_profile object when
the goal is only to check if it exists already.
2019-09-03 03:26:35 +01:00
tenma
1a4a1583d5 [AP] Subscribe RemoteFollow plugin events for allowing following with the remote-follow button 2019-09-03 03:26:35 +01:00
tenma
f6fd025be2 [AP] Update version info 2019-09-03 03:26:35 +01:00
tenma
b5897687a6 [AP] Prevent postman to include the actor's followers for every sent activity 2019-09-03 03:26:35 +01:00
tenma
ebeae261de [AP] Support Private Messaging
ActivityPubPlugin:
- Subscribe DirectMessage events

Activitypub_inbox_handler:
- Update handle_create_note to create private messages

Activitypub_postman:
- Add create_direct_note for sending private messages

Activitypub_create:
- Update create_to_array to support the 'directMessage' attribute
- Add isPrivateNote to verify private activities

Activitypub_notice:
- Update create_note to support the 'directMessage' attribute
- Remove isPrivateNote

lib/models:
- Add Activitypub_message, the model in charge of private notes
2019-09-03 03:26:35 +01:00
tenma
9733f3c02c [AP] Fix Follow collections
Activitypub_profile:
- Fix subscription-counter getter functions, invalid profiles were being counted

apActorFollowingAction:
- Small rewrite of generate_following, didn't make sense to not use try-catch block

apActorFollowersAction:
- Small rewrite of generate_followers, didn't make sense to not use try-catch block
2019-09-03 03:26:35 +01:00
tenma
217c8a3933 [AP] Handle unlisted/followers-only notices
Note that this commit isn't intended to add support for sending such notes
in GS. Instead, we handle the reception, storage and direct reply to this
type of notices, in AP.

ActivityPubPlugin:
- Subscribe the event StartNoticeSave to hack answering non-public notes

Activitypub_create:
- Add 'directMessage' attribute to the Create activity, defaulting to false for now
- Update validation method: validate 'directMessage' and add debug

Activitypub_notice:
- Handle incoming unlisted/followers-only notes
- Add support for unlisted-replies
- Add method to verify private (direct) notices

inbox_handler:
- Add handler for CREATE Note
- Prepare logic for private-messaging
- Overall refactor: Class members were continuously being passed as function arguments without need

SharePlugin:
- Stop showing the announce button in non public posts
2019-09-03 03:26:35 +01:00
tenma
7188d81ad4 [AP] Properly target public notices
ActivityPubPlugin:
- Use TO as principal audience, CC as secondary
- Update note validation
2019-09-03 03:26:35 +01:00
Diogo Cordeiro
0c2c3ec862 [CORE] Plugin API now extends a new Module API 2019-08-24 01:59:33 +01:00
Diogo Cordeiro
eccb8a4faf [ActivityPub] Move models from 'classes' to 'lib/models' 2019-08-21 16:46:39 +01:00