Commit Graph

2981 Commits

Author SHA1 Message Date
Zach Copley
4041a59282 Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth,
even if one is not required.  I think I finally got this right.
2010-02-05 03:18:44 +00:00
Zach Copley
5417124884 Linkify notice source when posting from registered OAuth apps 2010-02-05 03:18:44 +00:00
Zach Copley
b31c79cee1 Better token revocation 2010-02-05 03:18:43 +00:00
Zach Copley
e495ac356c Allow developers to delete OAuth applications 2010-02-05 03:18:43 +00:00
Zach Copley
f654449357 Actually store the timestamp on each nonce 2010-02-05 02:10:08 +00:00
Zach Copley
8d320d7cc2 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-02-05 02:08:37 +00:00
Zach Copley
10dfcde0b2 Actually store the timestamp on each nonce 2010-02-05 01:38:29 +00:00
Brion Vibber
c59eee72a8 Merge branch 'testing' of gitorious.org:statusnet/mainline into 0.9.x 2010-02-04 12:23:56 -08:00
Brion Vibber
a020e23086 Merge branch 'master' of gitorious.org:statusnet/mainline into testing 2010-02-04 11:56:07 -08:00
Brion Vibber
5a1cbdc6f1 Add time-based cutoffs for public tag cloud, favorited lists to speed up those queries.
Defaulting to only looking at last 90 days of activity, can be adjusted up or down.

$config['tag']['cutoff'] = 86400 * 90;
$config['popular']['cutoff'] = 86400 * 90;

Per-user and per-group tag clouds do not use the cutoff (and it doesn't help with indexing on them).
2010-02-04 11:06:01 -08:00
Zach Copley
2085b506d4 Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth,
even if one is not required.  I think I finally got this right.
2010-02-02 23:17:28 +00:00
Zach Copley
387374fd7b Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth,
even if one is not required.  I think I finally got this right.
2010-02-02 23:16:44 +00:00
Brion Vibber
f4c81fa1e1 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-02-02 09:57:50 -08:00
Zach Copley
dae28d98d1 Linkify notice source when posting from registered OAuth apps 2010-02-02 08:51:01 +00:00
Zach Copley
8191273078 Better token revocation 2010-02-02 08:50:33 +00:00
Zach Copley
f0875ceea1 Allow developers to delete OAuth applications 2010-02-02 08:50:18 +00:00
Zach Copley
5e90f744a6 Linkify notice source when posting from registered OAuth apps 2010-02-02 08:47:14 +00:00
Zach Copley
f1094185e4 Better token revocation 2010-02-02 07:35:54 +00:00
Zach Copley
38bebb4c0d Allow developers to delete OAuth applications 2010-02-02 06:26:03 +00:00
Evan Prodromou
f964357de9 readme and version for beta5 2010-02-01 13:44:06 -05:00
Brion Vibber
c14ac57b19 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into 0.9.x 2010-02-01 10:30:45 -08:00
Brion Vibber
fba4153346 Don't enqueue into plugin or SMS queues when disabled (breaks unqueuehandler if SMS queue isn't attached) 2010-02-01 10:16:19 -08:00
Evan Prodromou
779204b194 Merge branch 'testing' into 0.9.x
Conflicts:
	actions/apioauthauthorize.php
2010-01-31 15:27:58 -05:00
Evan Prodromou
81087e45c5 move schema.type.php to typeschema.php like other files 2010-01-31 15:25:59 -05:00
Evan Prodromou
ebf4e497f6 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-01-31 15:20:57 -05:00
Evan Prodromou
30268cff78 Add Really Simple Discovery (RSD) support
Anil Dash suggested that all implementers of the Twitter API include
support for the remedial RSD format. This commit adds an RSD action
that returns the API root and additional API data to help client
developers discover and use our Twitter-compatible API.

http://dashes.com/anil/2009/12/the-twitter-api-is-finished.html
http://tales.phrasewise.com/rfc/rsd
2010-01-31 15:16:59 -05:00
Evan Prodromou
dc62246443 Add a robots.txt URL to the site root
Adds a robots.txt file to the site root. Defaults defined by
'robotstxt' section of config. New events StartRobotsTxt and
EndRobotsTxt to let plugins add information. Probably not
useful if path is not /, but won't hurt anything, either.
2010-01-31 10:12:26 -05:00
Evan Prodromou
4ae31f3476 on exceptions, stomp logs the error and reenqueues 2010-01-30 13:15:17 -05:00
Brenda Wallace
22a6e46b45 removed describeTable from base class, and fixed it up in pgsql 2010-01-30 21:22:30 +13:00
Brenda Wallace
870c83c17d getTableDef() mostly working in postgres 2010-01-30 21:12:06 +13:00
Brenda Wallace
e765a9657b move the schema DDL sql off into seperate files for each db we support 2010-01-30 18:45:10 +13:00
Craig Andrews
61d4709eb8 Pass username and nickname to autoregister so auth plugins can set the nickname correct when creating a new user.
Continues fixing what Eric Helgeson pointed out in 01eb4e8f00
2010-01-29 20:43:16 -05:00
Eric Helgeson
01eb4e8f00 autoRegister() expects a username existing in ldap, not the suggested_nickname 2010-01-29 17:58:15 -05:00
Evan Prodromou
a7b2a08c42 for single-user mode, retrieve either site owner or defined nickname 2010-01-29 15:15:52 -05:00
Brion Vibber
4d3808a815 Fix more fatal errors in queue edge cases 2010-01-28 23:08:36 -08:00
Brion Vibber
e5eca9bd2c Don't attempt to resend XMPP messages that can't be broadcast due to the profile being deleted. 2010-01-28 22:51:07 -08:00
Brion Vibber
990b0f7995 Merge branch 'master' of git@gitorious.org:statusnet/mainline 2010-01-28 22:29:26 -08:00
Brion Vibber
ccb678ad15 Wrap each bit of distrib queue handler's saving operation in a try/catch; log exceptions but let everything else continue. 2010-01-28 22:26:58 -08:00
Zach Copley
5868511716 Move sessions settings to its own panel 2010-01-28 22:06:01 -08:00
Zach Copley
440ee00b1e Move sessions settings to its own panel 2010-01-28 22:04:14 -08:00
Zach Copley
d70be6d2ad Adjust API authentication to also check for OAuth protocol params in the
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
2010-01-29 01:54:26 +00:00
Zach Copley
292ac40cae Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-01-29 01:53:11 +00:00
Zach Copley
48a1a5a2dc Adjust API authentication to also check for OAuth protocol params in the
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
2010-01-29 01:49:38 +00:00
Brion Vibber
155a5d446f Manual failover for stomp queues.
If an array of multiple servers is put in $config['queue']['stomp_server'], enqueues will pick a random server to send to (failing over automatically if any are down).
Queue handling daemons connect all servers so they get events no matter where they were delivered.
In case of disconnection, daemons should now handle it gracefully and attempt to reconnect every 60 seconds or so, automatically resubscribing to all queues once it's back up.

Can put to 'native' failover for reads as well by disabling $config['stomp']['manual_failover'] = false; but this is untested and may explode in addition to requiring that your ActiveMQ cluster actually be set up to handle its own data distribution.

Additionally, can choose which queues to mark as persistent by setting $config['stomp']['persistent'] to an array of queue names.
2010-01-28 16:49:32 -08:00
Brion Vibber
d00ce38549 Merge commit 'origin/master' into testing 2010-01-28 13:35:09 -08:00
Zach Copley
d773ed8193 Remove redundant session token field from form (was already being added by base class). 2010-01-28 18:36:30 +00:00
Zach Copley
8cdb319533 Remove redundant session token field from form (was already being added by base class). 2010-01-28 18:34:25 +00:00
Brion Vibber
a868a523a5 Can now set $config['queue']['stomp_persistent'] = false; to explicitly disable persistence when we queue items 2010-01-28 09:52:35 -08:00
Sarven Capadisli
588f5ec36b Removed unused variable assignment for avatar URL and added missing fn 2010-01-28 15:08:18 +01:00
Sarven Capadisli
dcce323d18 Removed unused variable assignment for avatar URL and added missing fn 2010-01-28 15:05:23 +01:00
Brion Vibber
78fe76b058 dropping the setcookie() call from common_ensure_session() since we're pretty sure it's unnecessary 2010-01-27 23:16:06 -08:00
Brion Vibber
65c4cff01c append '/' on cookie path for now (may still need some refactoring) 2010-01-27 23:14:49 -08:00
Evan Prodromou
5bf4928db8 Merge branch 'master' of git@gitorious.org:statusnet/mainline 2010-01-28 01:25:08 -05:00
Evan Prodromou
1ba8045a9b set session cookie correctly 2010-01-28 01:24:00 -05:00
Brion Vibber
7347381183 Fix for Mapstraction plugin's zoomed map links
Move definition of NICKNAME_FMT above plugin initialization but below loading of Validate package.
A merge error when refactoring setup lead to this not being defined yet when plugins were initialized, causing the router setup in MapstractionPlugin which tried to use this constant to fail.
Result was bogus links and if you hit the URL directly the action would be "unrecognized".
2010-01-27 21:42:13 -08:00
Brion Vibber
427ac3a3a6 debug log line for control channel sub 2010-01-27 20:51:04 -08:00
Evan Prodromou
ee4ea3f3e1 increment software beta version 2010-01-27 21:59:38 -05:00
Brion Vibber
3abfb454a3 Adds an emergency switch so we can run inbox distribution at save time (bypassing 'distrib' queue)
Set $config['queue']['inboxes'] = false to do so
2010-01-27 18:39:17 -08:00
Zach Copley
f296f04abd Remove debugging statement 2010-01-28 01:24:40 +00:00
Zach Copley
324590c46e Some adjustments to the way API auth works after merging testing and 0.9.x 2010-01-28 00:45:06 +00:00
Zach Copley
dac2231aaa Some adjustments to the way API auth works after merging testing and 0.9.x 2010-01-28 00:41:44 +00:00
Zach Copley
78079f34e2 Merge branch 'testing' into -1.9.x
* testing: (130 commits)
  HTTP auth provided is evaluated even if it's not required
  Rename rc3to09.sql to rc3torc4.sql to avoid confusion if we add a last-minute change after this!
  Add new oauth tables and modifications to 'consumer' table for rc4
  Centred leaderboard ad
  camelcase the uap param names
  move leaderboard to after the header
  Moved rectangle ad into aside and leaderboard to the right in header.
  Aligning wide skyscraper to the right instead of left
  CSS ids and classes fixed in UAPPlugin
  wrong height for rectangle in BlankAd
  Add the moved BlankAdPlugin
  make BlankAd dir and change to use a 1x1 image
  move BlankAdPlugin to its own dir
  Add BlankAdPlugin to test ad layout in different themes
  make uapplugin an abstract class
  move UAP plugin to core
  Lowercased switch cases in UAP Plugin
  Plugin for Universal Ad Package. Outputs four most widely used ad types.
  Add persistent:true property to Stomp messages so ActiveMQ doesn't decide to discard them even though persistence is enabled on the broker. :) (Thanks Aric!)
  quick fix: use common_path() on realtime update JS so it works with the new JS path code (will pull from main server for now)
  ...

Conflicts:
	actions/apioauthaccesstoken.php
	actions/apioauthauthorize.php
	actions/apioauthrequesttoken.php
	actions/editapplication.php
	actions/newapplication.php
	lib/apiauth.php
	lib/queuemanager.php
	lib/router.php
2010-01-27 14:27:22 -08:00
Michele
b0a325f7d0 HTTP auth provided is evaluated even if it's not required 2010-01-27 14:06:27 -08:00
Evan Prodromou
f650b40706 Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing 2010-01-27 16:37:43 -05:00
Evan Prodromou
760be76fc0 camelcase the uap param names 2010-01-27 16:34:18 -05:00
Evan Prodromou
ea123800e9 move leaderboard to after the header 2010-01-27 16:34:18 -05:00
Sarven Capadisli
1c875a5395 Moved rectangle ad into aside and leaderboard to the right in header.
Intention for this layout was to reduce whitespace in header area
2010-01-27 16:34:18 -05:00
Evan Prodromou
e9feafc3ca CSS ids and classes fixed in UAPPlugin 2010-01-27 16:34:17 -05:00
Evan Prodromou
7c54591472 make uapplugin an abstract class 2010-01-27 16:34:17 -05:00
Evan Prodromou
1758ed453b move UAP plugin to core 2010-01-27 16:34:17 -05:00
Brion Vibber
c51539804a Add persistent:true property to Stomp messages so ActiveMQ doesn't decide to discard them even though persistence is enabled on the broker. :) (Thanks Aric!) 2010-01-27 09:24:59 -08:00
Evan Prodromou
c52951cef5 Optionally set a separate Javascript server and path
We have about 10-12 JavaScript pages per Web page. They usually
are based on the same server as the Web pages, but since they're
static files, it makes sense to offload them to a lite server that
handles static files well.

This commit lets you set a separate Javascript server and path for the
default Javascript code in StatusNet.

Squashed commit of the following:

commit 139d1622fdafe5ad00c820224416d9021efc3234
Author: Evan Prodromou <evan@status.net>
Date:   Wed Jan 27 11:30:24 2010 -0500

    modules that call htmloutputter::script() don't prescribe js/ path

commit c6ca3174af73efed55eaed5ff1e2a3bdc77d2d87
Author: Evan Prodromou <evan@status.net>
Date:   Wed Jan 27 11:28:07 2010 -0500

    configurable server and path for javascript files
2010-01-27 11:37:22 -05:00
Zach Copley
923b7de3c6 - Check for read-only vs. read-write access to protected API resources (OAuth)
- Some cleanup
2010-01-27 08:41:26 +00:00
Siebrand Mazeland
4202ffff91 Make more complete sentence. 2010-01-27 00:57:47 +00:00
Zach Copley
aad42427cc New access admin panel for site registration settings 2010-01-26 15:56:19 -08:00
Brion Vibber
58be61b641 Control channel for queue daemons to request graceful shutdown, restart, or update to listen to a newly added or reconfigured site.
queuectl.php --update -s<site>
  queuectl.php --stop
  queuectl.php --restart

Default control channel is /topic/statusnet-control. For external utilities to send a site update ping direct to the queue server, connect via Stomp and send a message formatted thus:

  update:<nickname>

(Nickname here, *not* server hostname! The rest of the queues will be updated to use nicknames later.)

Note that all currently-connected queue daemons will get these notifications, including both queuedaemon.php and xmppdaemon.php. (XMPP will ignore site update requests for sites that it's not handling.)

Limitations:
* only implemented for stomp queue manager so far
* --update may not yet handle a changed server name properly
* --restart won't reload PHP code files that were already loaded at startup. Still need to stop and restart the daemons from 'outside' when updating code base.
2010-01-26 11:49:49 -08:00
Evan Prodromou
655573c213 Single-user mode
New configuration options to define a single-user mode. This hides
most of the "community" pages, like the public timeline and groups.
The main user's timeline becomes the main page, and most other URLs
are changed.

Switching back and forth between 1-user and multi-user mode is
probably hazardous.

Squashed commit of the following:

commit d814aa5c92d14a27a12baba7893f3f8bf63f1d08
Author: Evan Prodromou <evan@status.net>
Date:   Tue Jan 26 00:17:27 2010 -0500

    don't show inbox and outbox in single-user mode

commit 47f19b9523a7015d4c6e460b73ea32c839e00aa1
Author: Evan Prodromou <evan@status.net>
Date:   Tue Jan 26 00:15:22 2010 -0500

    show correct URL for logo in single-user mode

commit 552010cffc33eadbc512ec5a67619dbc2015239a
Author: Evan Prodromou <evan@status.net>
Date:   Tue Jan 26 00:15:06 2010 -0500

    make singleuser its own config section

commit 786ab260a3ca172e57b555c75ca10946d8f258a1
Author: Evan Prodromou <evan@status.net>
Date:   Tue Jan 26 00:05:19 2010 -0500

    make single-user mode work

commit 5b21d7309b3a8dd5a4e0f29aea76f7897f1818b1
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 23:45:55 2010 -0500

    add single-user mode
2010-01-26 00:21:05 -05:00
Evan Prodromou
663e4e02a1 Merge branch 'master' into testing
Conflicts:
	lib/queuemanager.php
2010-01-25 18:13:09 -05:00
Evan Prodromou
b6aa1511eb Merge branch 'master' into 0.9.x 2010-01-25 18:10:59 -05:00
Evan Prodromou
e26a843caf Offload inbox updates to a queue handler to speed up posting online
Moved much of the writing that happens when posting a notice to a new
queuehandler, distribqueuehandler. This updates tags, groups, replies
and inboxes at queue time (or at Web time, if queues are disabled).

To make this work well, I had to break up the monolithic
Notice::blowCaches() and make cache blowing happen closer to where
data is updated.

Squashed commit of the following:

commit 5257626c62750ac4ac1db0ce2b71410c5711cfa3
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 14:56:41 2010 -0500

    slightly better handling of blowing tag memory cache

commit 8a22a3cdf6ec28685da129a0313e7b2a0837c9ef
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 01:42:56 2010 -0500

    change 'distribute' to 'distrib' so not too long for dbqueue

commit 7a063315b0f7fad27cb6fbd2bdd74e253af83e4f
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 01:39:15 2010 -0500

    change handle_notice() to handle() in distributqueuehandler

commit 1a39ccd28b9994137d7bfd21bb4f230546938e77
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 16:05:25 2010 -0500

    error with queuemanager

commit e6b3bb93f305cfd2de71a6340b8aa6fb890049b7
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 01:11:34 2010 -0500

    Blow memcache at different point rather than one big function for Notice class

commit 94d557cdc016187d1d0647ae1794cd94d6fb8ac8
Author: Evan Prodromou <evan@status.net>
Date:   Mon Jan 25 00:48:44 2010 -0500

    Blow memcache at different point rather than one big function for Notice class

commit 1c781dd08c88a35dafc5c01230b4872fd6b95182
Author: Evan Prodromou <evan@status.net>
Date:   Wed Jan 20 08:54:18 2010 -0500

    move broadcasting and distributing to new queuehandler

commit da3e46d26b84e4f028f34a13fd2ee373e4c1b954
Author: Evan Prodromou <evan@status.net>
Date:   Wed Jan 20 08:53:12 2010 -0500

    Move distribution of notices to new distribute queue handler
2010-01-25 18:08:21 -05:00
Brion Vibber
f3beed6889 Fix presence notification on XMPP thread (now foreground, not background) 2010-01-25 13:49:02 -08:00
Brion Vibber
1ab2483296 Fix presence notification on XMPP thread (now foreground, not background) 2010-01-25 13:48:24 -08:00
Zach Copley
4daf76212a - Had to remove checking read vs. read-write in OAuth authenticated methods
- Will now pick up source attr from OAuth app
2010-01-25 00:51:56 +00:00
Zach Copley
8b24b5ac7b Add Start/EndSetApiUser events when setting API user via OAuth 2010-01-24 16:46:37 -08:00
Zach Copley
1f8ddf716d Check for read vs. read-write access on OAuth authenticated API mehtods. 2010-01-24 16:36:06 -08:00
Zach Copley
9e7f47652d Revoke access token UI 2010-01-24 16:36:05 -08:00
Zach Copley
cff2cfd7a7 Fix approval date and label on apps list 2010-01-24 16:36:05 -08:00
Zach Copley
c0eee277d1 Make sure applications are really looked up by consumer key 2010-01-24 16:36:05 -08:00
Zach Copley
e101a6df6b Rework application registration workflow to be more private 2010-01-24 16:36:04 -08:00
Zach Copley
8da5e98cba OAuth 1.0 working now 2010-01-24 16:36:04 -08:00
Sarven Capadisli
8d02a897dc Updated markup for application edit form; image, radios 2010-01-24 16:36:04 -08:00
Sarven Capadisli
a009052036 A little minimization 2010-01-24 16:36:04 -08:00
Sarven Capadisli
276c4a2a23 Added vcard and photo classes 2010-01-24 16:36:04 -08:00
Sarven Capadisli
34cc03c617 Moved application image inside the anchor 2010-01-24 16:36:03 -08:00
Sarven Capadisli
40c6d09c9f Added missing end tag 2010-01-24 16:36:03 -08:00
Zach Copley
8e91e05392 Make API auth handle OAuth requests w/access tokens 2010-01-24 16:36:03 -08:00
Sarven Capadisli
d998c4b1b8 Fixed tabbing 2010-01-24 16:36:03 -08:00
Sarven Capadisli
0b90f7645e Updated class for application list 2010-01-24 16:36:03 -08:00
Sarven Capadisli
4fb9b43aa2 Updated markup for application edit form submits 2010-01-24 16:36:03 -08:00
Zach Copley
c78937537e Better detial in connected OAuth applications list 2010-01-24 16:36:03 -08:00