Commit Graph

198 Commits

Author SHA1 Message Date
Mikael Nordfeldth
bb76af4f65 Test URLs against blacklist also on PuSH subscriptions. 2017-04-26 22:41:59 +02:00
Mikael Nordfeldth
e98bceec10 Import backlog on new subscription.
Danger is when importing a new feed that may be maliciously crafted
to contain a zillion entries.
2017-04-21 09:31:27 +02:00
Mikael Nordfeldth
e87115d462 Less frightening interface on remote subscription
Instead of an error message in a red box about being unable to find the
profile, you get the title "Remote subscription" and no error message.
2017-04-19 11:41:34 +02:00
Mikael Nordfeldth
548e59fc99 Empty resource would throw exception
The "+ Remote" link on your profile page broke because of exception.
2017-04-19 11:37:43 +02:00
Mikael Nordfeldth
35b0a9e3ae Handle normalized acct: URIs in ostatussub
Mastodon sent the proper acct: URI and not just 'user@domain' when
using the remote subscribe functionality.
2017-04-16 11:01:16 +02:00
Chimo
9de79f0a36 Update prepare() method on Action subclasses.
Fixes handle()-related strict warnings such as "Strict Standards:
Declaration of AdminPanelAction::prepare() should be compatible with
Action::prepare(array $args = Array)

Ref. #190
2016-06-01 02:26:44 +00:00
Mikael Nordfeldth
922b65d231 More debugging in Salmon since we get situations which can't find inReplyToID 2016-04-01 23:10:34 +02:00
Mikael Nordfeldth
e6f07d8554 Use in_array instead. Now we get third party responses to contextually interesting threads
I think this solves much of the "third party conversation" issues, assuming involved parties
are using modern GNU social instances.
2016-02-24 00:19:27 +01:00
Mikael Nordfeldth
31c9b2c1d8 Check the notice context for users in UsersalmonAction 2016-02-23 23:56:43 +01:00
Mikael Nordfeldth
0eb5122817 Check that the user is in the context of a salmon slap 2016-02-23 23:42:41 +01:00
Mikael Nordfeldth
494746e665 Minor PuSH comment and debug stuff 2016-01-13 19:25:39 +01:00
Mikael Nordfeldth
f24cdf4a80 Much more logging in PushHubAction (OStatus) 2016-01-11 19:54:05 +01:00
Mikael Nordfeldth
ab93bb009c XSS vulnerability when remote-subscribing
->raw was used on non-filtered strings for some reasons, changed
to ->text.
2016-01-05 12:15:50 +01:00
Mikael Nordfeldth
b76461fc78 syntax error 2015-12-27 01:42:03 +01:00
Mikael Nordfeldth
0ac71c2b7b Duplicate URI means we have it already, I assume 2015-12-27 01:40:00 +01:00
mmn
0baa9debbc Merge branch 'direct-feed-sub' into 'master'
If we are given a direct URL to a feed, use that



See merge request !54
2015-12-14 21:09:56 +00:00
Mikael Nordfeldth
844670f88d Ooops, copypasted something into the wrong place. 2015-11-08 23:24:20 +01:00
Mikael Nordfeldth
65184782aa OStatus usage of static Validate::* calls fixed 2015-11-08 10:33:41 +01:00
Stephen Paul Weber
e58c529c53 If we are given a direct URL to a feed, use that 2015-10-28 00:54:20 +00:00
Mikael Nordfeldth
8fac7a9f6c StatusNet class renamed GNUsocial
also added backward compatible StatusNet class for the two calls I know
third party plugins use, isHTTPS and getActivePlugins
2015-02-27 12:44:15 +01:00
Mikael Nordfeldth
1bda6fb9be General code quality improvement for easier understanding
Also made sure we only match local group IDs in recognizedFeed for PushhubAction
2015-02-08 11:47:15 +01:00
Mikael Nordfeldth
482f61ac15 OStatusSub should use inherent attributes
No need to make several common_current_user calls and then getProfile
directly after that, since we have stuff like $this->scoped.
2015-01-27 13:23:49 +01:00
Mikael Nordfeldth
57d8eb8a53 Ensuring unknown profiles in salmon slaps work again 2015-01-13 13:43:35 +01:00
Mikael Nordfeldth
73669ed308 ensureProfile already done and stored in $this->oprofile 2015-01-12 02:01:26 +01:00
Mikael Nordfeldth
c44146d6f8 Favorites are now being stored from activities 2014-07-02 18:38:19 +02:00
Mikael Nordfeldth
d0da552722 SalmonAction and extensions simplified 2014-06-28 20:33:09 +02:00
Mikael Nordfeldth
d534ea7bd6 Try the whole Salmon action for AlreadyFulfilledException
If we have already fulfilled the action, we don't have to send an error back.
2014-06-02 13:57:30 +02:00
Mikael Nordfeldth
0dad11bb85 Inform and make use of NoProfileException in OStatus actions
This is because Ostatus_profile->localProfile() throws NoProfileException
instead of returning null for profiles which don't exist in Profile table.
2014-05-19 18:07:57 +02:00
Mikael Nordfeldth
63c20e59aa UsersalmonAction cleanup 2014-05-19 18:07:14 +02:00
Mikael Nordfeldth
7977361193 Too many bird wings ({), sorry Erkan :) 2014-05-07 09:52:50 +02:00
Mikael Nordfeldth
b59beb50e6 misplaced dollar sign, also URLs != attention URIs 2014-05-07 09:20:57 +02:00
Mikael Nordfeldth
8b12e41351 User object didn't have getNickname() function
We're just jumping on to the Profile->getNickname() function.
2014-05-06 16:08:36 +02:00
Mikael Nordfeldth
fc3125cf28 More modern coding, stuff related to subscriptions
Also trying to use the newly implemented AlreadyFulfilledException
2014-05-05 23:58:05 +02:00
Mikael Nordfeldth
805958cc23 UsersalmonAction updated to stronger typing standards 2014-05-05 19:38:01 +02:00
Mikael Nordfeldth
595d231d9a GroupsalmonAction updated to stronger typing standards 2014-05-05 19:25:39 +02:00
Mikael Nordfeldth
bbada781b7 Stronger typing and function access control in OStatus 2014-05-05 19:06:22 +02:00
Joshua Judson Rosen
7440dc2145 Prevent spurious refusals of legitimate notices posted to users via Salmon.
Make the logic match the intent described in the comments.

The intent is clearly "accept notices whenever (A or B or C)", but
the logic implemented was more like "not ((not A) or (not B) or (not C))",
which is a basical boolean algebra fail (each of those ORs need to
become ANDs for double-negation to work).

The practical implication was that, for example, writing a reply
to someone else's notice and including an @-reference to _another_
user on another site to bring them into the discussion would
fail to deliver the notice to the new user because their server
would basically say `oh no, you can't message this user
from someone else's thread' because an earlier check for
the `A' or `C' parts of `(A or B or C)' prevents `B' from
being checked.

cf.: <http://status.hackerposse.com/notice/55846>, which was
refused by the nhcrossing.com server because it didn't know
about <http://sn.jonkman.ca/notice/93724>, even though it would
have passed the later `notice contains a reference to a local user'
check if not for an exception being prematurely thrown.

The whole idea of reporting `which specific check FAILED'
in an `if ANY SUCCEEDS' analysis is just bogus, so nix all of
the distinct ClientExceptions--a single `ALL FAILED' exception
is the only one that makes sense.
2014-05-05 13:35:38 +02:00
Mikael Nordfeldth
5fd6053220 Code cleanup and enabling User object's etc. getUri() 2014-04-28 14:08:42 +02:00
Mikael Nordfeldth
c00491cd7a Cosmetic changes to common_redirect, clientError, serverError
Since these functions exit (or throw exception) after running, there
is no need to have a 'return' statement or similar afterwards.
2014-03-10 00:25:57 +01:00
Mikael Nordfeldth
e571e64e9e Make ostatussub conform to coding standards a bit 2014-03-05 13:44:45 +01:00
Mikael Nordfeldth
dc0ae2785d SubMirror now works again against old PuSH
There was a problem with (specifically at least) PuSHpress for
Wordpress. A previous attempt to perform a DB transaction backfired
because the remote side could connect to the callback before our
commit had gone through.

I take full responsibility for introducing the bug in the first place :)
2014-03-03 00:01:13 +01:00
Mikael Nordfeldth
fc047bd6e6 Minor code cleanup with group related actions (thanks brw12)
Originated from brw12 who noticed an incorrect variable name used in
an error message in actions/apigroupjoin.php:109
2014-03-01 12:01:17 +01:00
Mikael Nordfeldth
ab4113168f PuSH 0.4: No outgoing 'sync' verifications. Feed renewal script. No auto-renewal.
Among other things (such as permanent subscriptions), Pubsubhubbub 0.4
removed the "sync" verification method. This means that any incoming
PuSH subscription requests that follow the 0.4 spec won't really
_require_that we handle it as a background process, but if we were to
try direct verification of the subscription - and fail - there's no way
we could  pick up the ball again. So _essentially_ we require background
processing with retries.

This means we must implement something like the "poorman cron" or
similar, so background processing can be handled
on-demand/on-site-visit. This is how Friendica, Drupal etc. handles it
and is necessary for environments where we can't run separate queue
daemons.

When the poorman-cron-ish thing is implemented, auto-renewal will work
for all users.

PuSH 0.4 spec:
    https://pubsubhubbub.googlecode.com/git/pubsubhubbub-core-0.4.html
More on PuSH 0.4 release (incl. breaking changes):
    https://groups.google.com/forum/#!msg/pubsubhubbub/7RPlYMds4RI/2mIHQTdV3aoJ
2013-11-02 20:02:28 +01:00
Mikael Nordfeldth
be62f44ef4 OStatus remote address example now more generic 2013-10-30 15:04:54 +01:00
Mikael Nordfeldth
f8b49e69d0 Protected function prepare with array $args defaulting to array() 2013-10-29 10:26:46 +01:00
Mikael Nordfeldth
23a6b4595f Reworked the ActivityContext->attention structure
Removing Evan's obscure attentionType solution and directly using the attention array
2013-10-28 22:21:14 +01:00
Mikael Nordfeldth
2729c622ff Minor function definitions so they match Action parent 2013-10-20 17:21:56 +02:00
Mikael Nordfeldth
cd6fa512ac Twitter Import + avatar fixes (cleaning up + fixing)
...there was also a typo in OstatussubAction ($avatarUrl not defined)
2013-10-03 15:28:51 +02:00
Mikael Nordfeldth
b0dfc70a54 Properly unlink all old avatars when deleting/uploading a new
We're also now using $config['image']['jpegquality'] to determine the
quality setting for resized images.

To set Avatar max size, adjust $config['avatar']['maxsize']

The getAvatar call now throws exceptions too. Related changes applied.
Now let's move Profile->avatarUrl to the Avatar class!
2013-10-01 17:00:10 +02:00
Mikael Nordfeldth
a7e748479c Fixed regression in OStatus sub from WebFinger/XML_XRD update
XML_XRD::getAll requires arguments (at least relation). If one really
want all links, just get the 'links' array. It's public!

Also, not all XML_XRD_Element_Link were migrated from the previous
array style.
2013-09-30 23:33:28 +02:00