Commit Graph

19566 Commits

Author SHA1 Message Date
Mikael Nordfeldth
aaef11077d Default of Magicsig keypair toString should be secure
Prevent crappy coders from leaking private keys.
2014-06-03 12:51:52 +02:00
Mikael Nordfeldth
629cbedee2 Dangerous non-dynamic profile fetching in Notice
For a Notice object with multiple results, ->getProfile() would ALWAYS
return the first profile in the list. For example our "popular notices"
stream ended up believing all notices were made by the same profile.
2014-06-03 12:22:07 +02:00
Mikael Nordfeldth
c99d4eddb1 Moved Poll CSS into the plugin directory 2014-06-03 11:38:40 +02:00
Mikael Nordfeldth
9a19588ac9 Moved QnA CSS into the plugin directory 2014-06-03 11:36:32 +02:00
Mikael Nordfeldth
e6dcb0c40e Moved Event CSS into the plugin directory 2014-06-03 11:34:39 +02:00
Mikael Nordfeldth
70cb488106 ActivityObject::fromProfile used some non-included class definitions 2014-06-03 03:18:13 +02:00
Mikael Nordfeldth
9a1109bd14 Revert "There were referenced in ActivityObject not autoloaded"
This reverts commit 6e35544a67.
2014-06-03 03:16:18 +02:00
Mikael Nordfeldth
a7531ca5c7 Moved Bookmark CSS into the plugin directory 2014-06-03 03:08:14 +02:00
Mikael Nordfeldth
1431bbd884 No need to pre-resize avatars 2014-06-03 01:52:42 +02:00
Mikael Nordfeldth
6e35544a67 There were referenced in ActivityObject not autoloaded 2014-06-03 01:33:48 +02:00
Mikael Nordfeldth
0bc122ff58 Magicsig::generate is now static
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
2014-06-02 21:50:40 +02:00
Mikael Nordfeldth
537dff7987 Salmon posts can only be made for local users. More typing!
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
2014-06-02 19:46:42 +02:00
Mikael Nordfeldth
2cd25039af Quick-return is more comprehensible than long if statements 2014-06-02 19:37:06 +02:00
Mikael Nordfeldth
f7479e3f57 Prepare for WebFinger magicsig data for remote profiles 2014-06-02 19:33:09 +02:00
Mikael Nordfeldth
78805d113a MagicEnvelope discoverKeyPair now returns string
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
2014-06-02 18:31:48 +02:00
Mikael Nordfeldth
d44588f98b Only use a Profile in MagicEnvelope keypair retrieval
So we _know_ there is a profile for the submitter we're about to verify.
2014-06-02 16:12:26 +02:00
Mikael Nordfeldth
56194b3cd9 Magicsig importKeys finetuning and getHash() use 2014-06-02 16:11:15 +02:00
Mikael Nordfeldth
dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth
00b2bddc7c Clarify it's not base64, but base64url, encoding in Magicsig 2014-06-02 14:51:15 +02:00
Mikael Nordfeldth
993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
c1dc13bef0 Magicsig warning message would fail to get bits 2014-06-02 13:35:29 +02:00
Mikael Nordfeldth
db443e9374 File::processNew now static and always throws exception on failure 2014-06-02 02:11:23 +02:00
Mikael Nordfeldth
d6f52f5939 File::processNew can return -1 which was not true for empty()
Also, File->getEnclosure() now throws exception if not enough metadata.
2014-06-02 01:46:09 +02:00
Mikael Nordfeldth
d596513e39 Stronger typing for NoticeListItem and so 2014-06-02 00:20:27 +02:00
Mikael Nordfeldth
49188e826c ArrayWrapper no longer returned from multiGetClass
multiGetClass uses FIND_IN_SET for ordering, which is pretty MariaDB specific.
2014-06-02 00:15:17 +02:00
Mikael Nordfeldth
3ef8322b03 There could be unresolvable FeedSub entries 2014-06-01 16:07:08 +02:00
Mikael Nordfeldth
2f97d5d206 Stronger typing in Widget class (HTMLOutputter) 2014-06-01 13:09:47 +02:00
chimo
8be96a7ebe Catches GeoCookie JSON parsing error 2014-05-31 18:11:04 -04:00
Mikael Nordfeldth
75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth
411f3b86a4 Use locally cached Salmon keys for profiles
Please note that we're not yet actually caching them ourselves.
2014-05-31 12:51:51 +02:00
Mikael Nordfeldth
0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth
120e5c685a Template engine is a good idea, but not in that implementation 2014-05-31 00:37:58 +02:00
Mikael Nordfeldth
cc5aff5de3 StatusNet::delPlugin($name) added to disable plugins
Instead of setting some weird $config['plugins']['disable-Blah'] yourself.
The class name, StatusNet, will probably change in the future to GNU social.
No global function added, as it exists for addPlugin().
2014-05-31 00:27:23 +02:00
Mikael Nordfeldth
62e8081863 Maybe the least necessary plugin: PoweredByStatusNet 2014-05-31 00:04:02 +02:00
Mikael Nordfeldth
61116ea991 Subscription class listing retrieval fixed
The incorrect variable was tried to be 0 causing offset limits that
are more than 1 to be treated identically (like the raw $ids value).
2014-05-30 23:37:00 +02:00
Mikael Nordfeldth
eb7f964598 Modernising subscribers/subscriptions to use $this->scoped/target
They extend GalleryAction from ProfileAction, where $this->target is set.
2014-05-28 17:00:34 +02:00
Mikael Nordfeldth
9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth
03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth
41773d3f67 MagicEnvelope object orientation (no passing arrays)
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
2014-05-27 12:01:12 +02:00
Mikael Nordfeldth
14251d26ad Make MagicEnvelope self-reference
Also, a stricer typing for DOMDocument in fromDom parsing function.
2014-05-27 10:18:36 +02:00
Mikael Nordfeldth
54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth
7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth
49fa34e234 Make Profile::fromUri use UnknownUriException 2014-05-26 15:05:14 +02:00
Mikael Nordfeldth
89e817e5b0 UnknownUriException added for better error handling 2014-05-26 14:59:45 +02:00
Mikael Nordfeldth
e83b2e147a NoProfileException collision avoidance fix 2014-05-26 14:39:03 +02:00
Mikael Nordfeldth
ba10da27da Should not normalize Salmon author URIs.
It's normalized in Discovery->lookup later anyway.
2014-05-26 14:20:42 +02:00
Mikael Nordfeldth
8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth
fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth
3c322abafc There's no guarantee we have an Ostatus_profile for Feedsub 2014-05-19 18:34:44 +02:00