eliseuamaro
/
gnu-social
forked from GNUsocial/gnu-social
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16,659 Commits 8 Branches 0 Tags 309 MiB
Commit Graph

922 Commits

Author SHA1 Message Date
Mikael Nordfeldth 3a0136fe1f Replace file_get_contents with HTTPClient in testfeed 2015-01-22 11:30:36 +01:00
Mikael Nordfeldth d492b74e42 holy crap, file_put_contents got args in wrong order 2015-01-18 02:57:08 +01:00
Mikael Nordfeldth 5d9e9aaaf5 Keep the old error message on updateAvatar 2015-01-18 02:48:39 +01:00
Mikael Nordfeldth 010824c4b5 Use HTTPClient to download avatar 
also make updateAvatar public so we can call it from update_ostatus_profile.php
 2015-01-18 02:44:55 +01:00
Mikael Nordfeldth 0499736bb4 Loose_Ostatusprofile::updateAvatar was identical to Ostatus_profile 2015-01-18 02:39:08 +01:00
Mikael Nordfeldth ba9abb3c57 Add nohub config setting to allowed non-PuSH feeds 2015-01-16 01:10:55 +01:00
Mikael Nordfeldth 8594a2ba16 FeedPoller plugin, for hubless feeds 2015-01-15 21:13:13 +01:00
Mikael Nordfeldth 57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth db7154c63b Abort on failure instead of return early success 2015-01-13 13:18:57 +01:00
Mikael Nordfeldth 66044b7782 ensureActivityObjectProfile is more thorough than createAct... 2015-01-12 11:47:21 +01:00
Mikael Nordfeldth 73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth d8f4de450c Support for updated aliases 
will verify unknown aliases against old ones if the new identifies as a
previously recognized URI.

Steps:
1. Check the newly received URI. Who does it say it is?
2. Compare these alleged identities to our local database.
3. If we found any locally stored identities, ask it about its aliases.
4. Do any of the aliases from our known identity match the recently introduced one?

Currently we do _not_ update the ostatus_profile table with the new URI.
 2015-01-10 02:07:39 +01:00
Mikael Nordfeldth d32fef6039 Merge commit 'refs/merge-requests/28' of https://gitorious.org/social/mainline into merge-requests/28 2015-01-08 16:48:42 +01:00
Joshua Judson Rosen f246dd4645 OStatusPlugin: fix ensureProfile catch-22 in onCheckActivityAuthorship() 
Use profile URL (not URI), like elsewhere.

Profile::getUri() doesn't actually do anything useful, here--
it does nothing unless a plugin (like OStatus) is already
able to resolve the Profile into a backend object (e.g.: an Ostatus_profile).

If we might not already have an Ostatus_profile for a given Profile,
then we need to use $profile->getUrl() and fetch the data from that URL.
 2014-12-30 23:56:33 -05:00
Mikael Nordfeldth d3a8896b2a Merge commit 'refs/merge-requests/26' of https://gitorious.org/social/mainline into merge-requests/26 2014-12-09 13:45:15 +01:00
Joshua Judson Rosen f71eeaee5a OStatus/scripts/update-profile-data.php: print updated fullnames 
Now that we can actually update them again.
 2014-12-08 22:06:29 -05:00
Mikael Nordfeldth 812d1eead9 Stronger typing in Ostatus_profile 2014-12-08 19:52:00 +01:00
Mikael Nordfeldth 72d1c3c73e fetch conversation URI in processPost, not processShare 2014-11-27 16:51:21 +01:00
Mikael Nordfeldth bdb4a41696 Use remote conversation URI info to stitch convos together 
If we know the URI sent from the remote party, and we don't know the
notice it is replying to, we might still be able to put it in the same
conversation thread!
 2014-11-27 14:06:10 +01:00
Mikael Nordfeldth 8056097478 Try to lookup the profile if we don't know it yet 2014-11-24 23:50:42 +01:00
Mikael Nordfeldth 720c2c9ff2 Ostatus_profile->checkAuthorship returns Profile 
not Ostatus_profile
 2014-11-24 23:40:06 +01:00
Mikael Nordfeldth 3bf1478f97 Bad parameter count for checkAuthorship 
At the same time we change this to call ActivityUtils::checkAuthorship
instead to let the retrieval/verification go through event handling.

rozzin (Joshua Judson Rosen) found this error. Thanks.
 2014-11-24 12:49:20 +01:00
Joshua Judson Rosen 4b875e0fd0 Fix OStatus groups by making Ostatus_profile::localProfile() work for groups 
We need to look up a feed profile for HandleFeedEntryWithProfile events,
regardless of whether they're an OStatus user, group, or something else;
this is the least hairy way of doing that--the alternative being
to keep spreading the same logic all over the calling code.

Theoretically, this change might allow OStatusGroups to be recorded
as the authors of activities if they pass through any authorless
activities; but that's why we have checkAuthorship().
 2014-11-24 12:30:37 +01:00
Joshua Judson Rosen d2e1a8c706 Ostatus_profile::checkAuthorship(): throw ServerException when bogus non-authorship is detected 
Similarly to what ActivityUtils::checkAuthorship does; try to ensure
that activities from ambiguous OStatus feeds (groups and peopletags)
that require explicit authorship don't get in without explicit authors.
 2014-11-24 12:29:41 +01:00
Mikael Nordfeldth 496acdc7d9 normalizing acct: URI just to be sure 2014-11-16 18:29:05 +01:00
Mikael Nordfeldth faae9d069a We're using URLMapper, not Net_URL_Mapper 2014-11-07 15:24:05 +01:00
Mikael Nordfeldth 29ac42addd Diaspora public key published in WebFinger 2014-11-06 21:05:31 +01:00
Mikael Nordfeldth 57b5e2483d A little bit more debugging. 2014-10-25 14:23:15 +02:00
Mikael Nordfeldth 2d0c7c2c99 ensureWebfinger was never complete in StatusNet. Worked a bit on it. 2014-07-27 23:08:02 +02:00
Mikael Nordfeldth ae62b91940 Unifying HTML stripping functions to common_strip_html 2014-07-14 13:52:23 +02:00
Mikael Nordfeldth fffacaa27c FavorAction now uses Notice::saveActivity 2014-07-06 01:37:03 +02:00
Mikael Nordfeldth eda69cabaf Remove Ostatus_profile when releted Profile is deleted 2014-07-04 11:45:42 +02:00
Mikael Nordfeldth 4b40d6bb2a TagprofileAction fiddled with, now doesn't require OStatus override 
But it still doesn't quite work properly, so a lot of work is necessary for this.
 2014-07-03 14:02:21 +02:00
Mikael Nordfeldth b63f6e949c Converted all ActivityObject::fromProfile to $profile->asActivityObject 2014-07-03 10:51:36 +02:00
Mikael Nordfeldth c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth 9f4bcbad8a checkAuthorship events, Ostatus_profile rewrite to handle it 
Lost dependency of OStatus plugin for lib/microappplugin.php, whoo!

also noting which plugins should be upgraded to new saveActivity support.

Favorite plugin won't work with the new system just yet, it doesn't have
the necessary functions to extract activity objects, but that's coming
in the next (few) commits.
 2014-07-02 11:38:45 +02:00
Mikael Nordfeldth acb07ef52f Added saveActivity method to Notice class 
saveActivity will accept an Activity which gets parsed and saved through
plugins. So when an ActivityHandlerPlugin (such as Favorite will be soon)
gets a feed to save, this will be the function called instead of saveNew.
 2014-07-02 11:38:37 +02:00
Mikael Nordfeldth d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth c74dc15173 DiscoveryHints gets microformats2 parsing abilities 2014-06-24 01:27:03 +02:00
Mikael Nordfeldth 55418685c4 DiscoveryHints now properly returns hcard url 2014-06-23 20:51:37 +02:00
Mikael Nordfeldth d350a20e1f Less verbose debugging (also don't log private keys) 
Magicsig private keys were logged. That's probably not a good thing.
MagicEnvelope full XML entries no longer spam the log either.
 2014-06-03 12:53:04 +02:00
Mikael Nordfeldth aaef11077d Default of Magicsig keypair toString should be secure 
Prevent crappy coders from leaking private keys.
 2014-06-03 12:51:52 +02:00
Mikael Nordfeldth 0bc122ff58 Magicsig::generate is now static 
This also fixes a problem with "initial salmon slap", which was a
problem for newly registered accounts which would have their first
salmon slap fail to distribute since there was a problem with Magicsig
keys. Apparently we have to re-read them with importKeys so the
Crypt_RSA objects publicKey and privateKey match later instances of them.

I think it may have been that generate() doesn't specify a signatureMode,
but I leave experimentation of that to the future.
 2014-06-02 21:50:40 +02:00
Mikael Nordfeldth 537dff7987 Salmon posts can only be made for local users. More typing! 
Since we of course don't have the remote party's private keys anyway.

I made some small fixes in Magicsig class too, removing unnecessary code.
 2014-06-02 19:46:42 +02:00
Mikael Nordfeldth 2cd25039af Quick-return is more comprehensible than long if statements 2014-06-02 19:37:06 +02:00
Mikael Nordfeldth f7479e3f57 Prepare for WebFinger magicsig data for remote profiles 2014-06-02 19:33:09 +02:00
Mikael Nordfeldth 78805d113a MagicEnvelope discoverKeyPair now returns string 
getKeyPair fills in missing data so it's a complete Magicsig.
We may use insert() here in the future so the Magicsig is cached locally.
 2014-06-02 18:31:48 +02:00
Mikael Nordfeldth d44588f98b Only use a Profile in MagicEnvelope keypair retrieval 
So we _know_ there is a profile for the submitter we're about to verify.
 2014-06-02 16:12:26 +02:00
Mikael Nordfeldth 56194b3cd9 Magicsig importKeys finetuning and getHash() use 2014-06-02 16:11:15 +02:00
Mikael Nordfeldth dc52a8ff43 Don't ensureProfile before we verify signature 2014-06-02 16:10:26 +02:00
Mikael Nordfeldth 00b2bddc7c Clarify it's not base64, but base64url, encoding in Magicsig 2014-06-02 14:51:15 +02:00
Mikael Nordfeldth 993ad00333 Improve debugging for Salmon slaps 2014-06-02 14:20:58 +02:00
Mikael Nordfeldth d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException 
If we have already fulfilled the action, we don't have to send an error back.
 2014-06-02 13:57:30 +02:00
Mikael Nordfeldth c1dc13bef0 Magicsig warning message would fail to get bits 2014-06-02 13:35:29 +02:00
Mikael Nordfeldth 3ef8322b03 There could be unresolvable FeedSub entries 2014-06-01 16:07:08 +02:00
Mikael Nordfeldth 75711ae06a Magicsig is made a bit less cumbersome 2014-05-31 13:41:49 +02:00
Mikael Nordfeldth 411f3b86a4 Use locally cached Salmon keys for profiles 
Please note that we're not yet actually caching them ourselves.
 2014-05-31 12:51:51 +02:00
Mikael Nordfeldth 0c2134f9ad Last objectification of MagicEnvelope. Smarter SalmonAction 2014-05-31 12:00:46 +02:00
Mikael Nordfeldth 9e6599b9fb Salmon log message tidying up 2014-05-28 14:07:47 +02:00
Mikael Nordfeldth 03fc02c26f Bad variable names (fixes last commit) 2014-05-27 13:02:26 +02:00
Mikael Nordfeldth 41773d3f67 MagicEnvelope object orientation (no passing arrays) 
MagicEnvelope now uses object properties instead of passing arrays
around everywhere.
 2014-05-27 12:01:12 +02:00
Mikael Nordfeldth 14251d26ad Make MagicEnvelope self-reference 
Also, a stricer typing for DOMDocument in fromDom parsing function.
 2014-05-27 10:18:36 +02:00
Mikael Nordfeldth 54ae0ed3cc Removed MagicEnvelopeCompat, legacy from SN <0.9.7 2014-05-26 23:54:22 +02:00
Mikael Nordfeldth 7c7426b473 Minor changes in Salmon lib for Magicsig retrieval. 2014-05-26 20:06:45 +02:00
Mikael Nordfeldth ba10da27da Should not normalize Salmon author URIs. 
It's normalized in Discovery->lookup later anyway.
 2014-05-26 14:20:42 +02:00
Mikael Nordfeldth 8c348c96e7 getAuthorUri is a more appropriate function name 2014-05-26 14:14:54 +02:00
Mikael Nordfeldth fac102a50a checkAuthor not used anywhere 2014-05-26 14:13:35 +02:00
Mikael Nordfeldth 3c322abafc There's no guarantee we have an Ostatus_profile for Feedsub 2014-05-19 18:34:44 +02:00
Mikael Nordfeldth 0dad11bb85 Inform and make use of NoProfileException in OStatus actions 
This is because Ostatus_profile->localProfile() throws NoProfileException
instead of returning null for profiles which don't exist in Profile table.
 2014-05-19 18:07:57 +02:00
Mikael Nordfeldth 63c20e59aa UsersalmonAction cleanup 2014-05-19 18:07:14 +02:00
Mikael Nordfeldth 228dc1f851 Ostatus_profile throws NoProfileException from localProfile() 
Some implementations of the exception handling is included here,
the actions come in a later commit.
 2014-05-19 17:59:36 +02:00
Mikael Nordfeldth d2c749c7de NoUriException added and implemented in FeedSub class 
This is a specific exception for objects which require URI but lack it,
first implemented in FeedSub to allow for identification of bad entries.
 2014-05-19 17:30:04 +02:00
Mikael Nordfeldth 1207f4f06f isLocal() for User_group 2014-05-19 14:46:54 +02:00
Mikael Nordfeldth 7977361193 Too many bird wings ({), sorry Erkan :) 2014-05-07 09:52:50 +02:00
Mikael Nordfeldth b59beb50e6 misplaced dollar sign, also URLs != attention URIs 2014-05-07 09:20:57 +02:00
Mikael Nordfeldth c01138c16b Forgot 'new' before the Exception class 2014-05-07 00:06:04 +02:00
Mikael Nordfeldth 074b2b621c Garbage collection script didn't loop through anything 2014-05-06 16:18:47 +02:00
Mikael Nordfeldth 8b12e41351 User object didn't have getNickname() function 
We're just jumping on to the Profile->getNickname() function.
 2014-05-06 16:08:36 +02:00
Mikael Nordfeldth 869ca2d20b Missed a $user->id to $profile->id translation 2014-05-06 15:43:06 +02:00
Mikael Nordfeldth c279a33feb More Exceptions for FeedSub doSubscribe and related functions 
Now also garbageCollect will now throw exceptions of failures of all kinds
and only reply true/false on entirely successful runs of sub/unsub.
 2014-05-06 15:40:57 +02:00
Mikael Nordfeldth 0fa00d5106 Type testing instead of just empty() in OStatusPlugin 2014-05-06 14:36:52 +02:00
Mikael Nordfeldth 1a0171ef61 MagicEnvelope class now throws exception on XRD fail 2014-05-06 13:11:29 +02:00
Mikael Nordfeldth fc3125cf28 More modern coding, stuff related to subscriptions 
Also trying to use the newly implemented AlreadyFulfilledException
 2014-05-05 23:58:05 +02:00
Mikael Nordfeldth 805958cc23 UsersalmonAction updated to stronger typing standards 2014-05-05 19:38:01 +02:00
Mikael Nordfeldth 595d231d9a GroupsalmonAction updated to stronger typing standards 2014-05-05 19:25:39 +02:00
Mikael Nordfeldth cdefeda659 More debugging for Salmon activities 2014-05-05 19:10:44 +02:00
Mikael Nordfeldth bbada781b7 Stronger typing and function access control in OStatus 2014-05-05 19:06:22 +02:00
Mikael Nordfeldth 2ea5f00666 Success debugging was too much noise 2014-05-05 18:59:44 +02:00
Mikael Nordfeldth 960baae1d1 More debugging in Magicsig class verify method 2014-05-05 17:48:21 +02:00
Joshua Judson Rosen 7440dc2145 Prevent spurious refusals of legitimate notices posted to users via Salmon. 
Make the logic match the intent described in the comments.

The intent is clearly "accept notices whenever (A or B or C)", but
the logic implemented was more like "not ((not A) or (not B) or (not C))",
which is a basical boolean algebra fail (each of those ORs need to
become ANDs for double-negation to work).

The practical implication was that, for example, writing a reply
to someone else's notice and including an @-reference to _another_
user on another site to bring them into the discussion would
fail to deliver the notice to the new user because their server
would basically say `oh no, you can't message this user
from someone else's thread' because an earlier check for
the `A' or `C' parts of `(A or B or C)' prevents `B' from
being checked.

cf.: <http://status.hackerposse.com/notice/55846>, which was
refused by the nhcrossing.com server because it didn't know
about <http://sn.jonkman.ca/notice/93724>, even though it would
have passed the later `notice contains a reference to a local user'
check if not for an exception being prematurely thrown.

The whole idea of reporting `which specific check FAILED'
in an `if ANY SUCCEEDS' analysis is just bogus, so nix all of
the distinct ClientExceptions--a single `ALL FAILED' exception
is the only one that makes sense.
 2014-05-05 13:35:38 +02:00
Mikael Nordfeldth b77a09fdee Notice URIs are not necessarily URLs. 
Let's use getUrl() for URL retrieval. May throw exceptions, but
only if it's a Notice that cannot be linked like that anyway.
 2014-04-30 20:44:23 +02:00
Mikael Nordfeldth 5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth 639cf48cc7 OStatus onStartNoticeSourceLink to use exceptions 2014-04-19 22:18:36 +02:00
Mikael Nordfeldth c00491cd7a Cosmetic changes to common_redirect, clientError, serverError 
Since these functions exit (or throw exception) after running, there
is no need to have a 'return' statement or similar afterwards.
 2014-03-10 00:25:57 +01:00
Mikael Nordfeldth 8d655bc706 Add support for 'nohub' sub_state in FeedSub 
(requires upgrade.php run)
 2014-03-09 23:03:54 +01:00
Mikael Nordfeldth 779ce40ac3 Add functions to avoid direct variable access 2014-03-09 13:31:05 +01:00
Mikael Nordfeldth a1b0d5fa7e FeedSub gets a plugin event handler for sub/unsub 2014-03-09 13:27:28 +01:00
Mikael Nordfeldth e571e64e9e Make ostatussub conform to coding standards a bit 2014-03-05 13:44:45 +01:00
Mikael Nordfeldth dc0ae2785d SubMirror now works again against old PuSH 
There was a problem with (specifically at least) PuSHpress for
Wordpress. A previous attempt to perform a DB transaction backfired
because the remote side could connect to the callback before our
commit had gone through.

I take full responsibility for introducing the bug in the first place :)
 2014-03-03 00:01:13 +01:00
Mikael Nordfeldth 8b04bcb310 Prepare for >1024 RSA keys for Salmon signatures 2014-03-02 11:47:38 +01:00