diff --git a/include/dfrn.php b/include/dfrn.php index 67cef59d95..9cbf05ece2 100644 --- a/include/dfrn.php +++ b/include/dfrn.php @@ -3,7 +3,8 @@ * @file include/dfrn.php * @brief The implementation of the dfrn protocol * - * https://github.com/friendica/friendica/wiki/Protocol + * @see https://github.com/friendica/friendica/wiki/Protocol and + * https://github.com/friendica/friendica/blob/master/spec/dfrn2.pdf */ require_once("include/Contact.php"); diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 51cd59c62f..5aea4eede9 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -1,17 +1,21 @@ argv[1]; } - /** + /* * * Main entry point. Scenario 1. Our user received a friend request notification (perhaps * from another site) and clicked 'Approve'. @@ -87,7 +91,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { $activity = ((x($_POST,'activity')) ? intval($_POST['activity']) : 0 ); } - /** + /* * * Ensure that dfrn_id has precedence when we go to find the contact record. * We only want to search based on contact id if there is no dfrn_id, @@ -103,7 +107,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { logger('Confirming follower with contact_id: ' . $cid); - /** + /* * * The other person will have been issued an ID when they first requested friendship. * Locate their record. At this time, their record will have both pending and blocked set to 1. @@ -139,7 +143,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { if($network === NETWORK_DFRN) { - /** + /* * * Generate a key pair for all further communications with this person. * We have a keypair for every contact, and a site key for unknown people. @@ -166,7 +170,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { $params = array(); - /** + /* * * Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our * site private key (person on the other end can decrypt it with our site public key). @@ -212,7 +216,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { logger('Confirm: posting data to ' . $dfrn_confirm . ': ' . print_r($params,true), LOGGER_DATA); - /** + /* * * POST all this stuff to the other site. * Temporarily raise the network timeout to 120 seconds because the default 60 @@ -506,7 +510,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) { //NOTREACHED } - /** + /* * * * End of Scenario 1. [Local confirmation of remote friend request]. diff --git a/mod/dfrn_notify.php b/mod/dfrn_notify.php index 780fb456f5..6f6fc41c12 100644 --- a/mod/dfrn_notify.php +++ b/mod/dfrn_notify.php @@ -1,5 +1,10 @@ + + + + + + + + +Friendica - Contact confirmation + + + + +bob@example.com + + + + +karen@karenhompage.com + + +notifications.php + + +notifications_content() +----------------------------------------- +- This is the page where Karen see Bobs friendship request +- the submit form redirects to Karens local dfrn_confirm page +($dfrn_id, $contact_id, $intro_id are submitted) + + +dfrn_confirm.php + + +dfrn_confirm_post() +SCENARIO 1 ( no $_POST['source_url'] available) +-------------------------------------------------------------------------------- +- contact data come either form $handsfree (if autoconfirm) or +from $_POST +- get all data about Karen form the user table +[Note: Bob have been issued an ID (contact issue-id) when he first +requested the friendship. Locate Bobs contact record. At this +time, his record will have both pending and blocked set to 1. +There won't be any dfrn_id if this is a network follower, so use +the contact_id instead] +- search for Bob in the contact table by contact_id, dfrn_id and +issued-id not empty (for the uid -> Karens user id) +- if network = dfrn + -> create a new keypair (prvkey & pubkey) and update the +contact +[Note: Generate a key pair for all further communications with +this person. We have a keypair for every contact, and a site key +for unknown people. This provides a means to carry on +relationships with other people any single key is compromised. It +is a robust key. We're much more worried about key leakage +than anybody cracking it.] + -> update Bobs contact record (in the contact table) with the +generated prvkey + -> encrypting the dfrn_id with Karens prvkey (Bob can decrypt it +on the other and with Karens site-pubkey) and add it to the +transmit params. + -> encrypting Karens profile url with Bobs site-pubkey (Bob +can decrypt it with his own private key) and add it to the +transmit params. + -> add the above generated public key to params which +getting transmitted (if $aes_allow -> encrypt the the public key) + -> add duplex state and page-flags to the params + -> send params to Bobs dfrn_confirm page ($res = +post_url($dfrn_confirm,$params); + + +dfrn_confirm_post() +SCENARIO 2 ( $_POST['source_url'] is available) +------------------------------------------------------------------------ +- get all data about Bob from the user table (prvkey and uid form +Bob ) +- decrypt the transmitted source_url (profile url) with Bobs +prvkey +- get data of Karen from contact table by her source_url (and by +her user id) +- decrypt the dfrn_id sent by Karen with Karens site-pubkey +(taken from contact table) +- if possible decrpyt the pubkey sent by Karen with the prvkey of +Bob (taken from user table) -> if this is not possible use the raw +pubkey +- search if the dfrn_id is already present in the contact table (if it +is prensent it is a duplicate) +- update dfrn-id and pubkey for Karens contact entry in the +contact table + + + -> set the relation for the contact + + +- update the relationship of the contact Karen +-> if duplex delete the issued-id +-> set pending to 0 + + +send a notification + + +delete the intro of Bob + + +Note: this chart respects only dfrn +contacts and focuses on key exchange +(for other areas it might be very +incomplete) + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/spec/dfrn2_contact_request.png b/spec/dfrn2_contact_request.png new file mode 100644 index 0000000000..5d1df9f2b5 Binary files /dev/null and b/spec/dfrn2_contact_request.png differ diff --git a/spec/dfrn2_contact_request.svg b/spec/dfrn2_contact_request.svg new file mode 100644 index 0000000000..5f76067f18 --- /dev/null +++ b/spec/dfrn2_contact_request.svg @@ -0,0 +1,218 @@ + + + + + + + + + +Friendica - Contact request + + + + +karenn@karenhompage.com + + + + +bob@example.com + + + dfrn_request.php +- +https://karenhompage/dfrn_request/karin + + +dfrn_request_post - SCENARIO 1 +---------------------------------------------- +- Cleanup old introductions that remain blocked + Cleanup +any old email intros - which will have a greater lifetime +- probe_url Bobs posted dfrn_url and get the network with +webfinger_dfrn +- try to select all contact data of Bob (contact table) by the +url ($_POST['dfrn_url] and profile uid ($a->profile['uid']) +where self = 0 to look if this contact is already there (if +issued-id or rel is already available return here because it +seems that we are already connected) +- create a issued-id with $issued_id = random_string(); +- if we already found a contact record above update the +issued-id with the one we have created +- otherwise if Bob is not already in the contact table scrape +Bobs profile and create a new contact with this data (e.g. +the scraped issued-id / profiles pubkey becomes contacts +site-pubkey) in the contact table +- select this created contact from contact table and create +an intro in the intro table (blocked = 1) + + +$_POST['dfrn_url'] is transmited and is Bobs profile url + + +redirect to Bobs request page +goaway($parms['dfrn-request'] . "?dfrn_url=$dfrn_url" + . '&dfrn_version=' . +DFRN_PROTOCOL_VERSION + . '&confirm_key=' . $hash + . (($aes_allow) ? "&aes_allow=1" : "") + ); +http://example.com/dfrn_request/bob?dfrn_url=6874747 +03a2f2f6b6172656e686f6d65706167652e636f6d2f70726f66 +696c652f6b6172656e&aes_allow=1&confirm_key=”ABC123” + + +dfrn_request.php + + +http://example.com/dfrn_request/bob? +dfrn_url= +687474703a2f2f6b6172656e686f6d65706167652e +636f6d2f70726f66696c652f6b6172656e&aes_allow=1& +confirm_key=”ABC123” +dfrn_request_content() +------------------------------------------ +- copy the posted parameters (dfrn_url, key and so on) +to $_POST + dfrn_request_post() - SCENARIO 2 +($_POST['localconfirm'] == 1) +----------------------------------------------------------------------- +- if(local_user() && ($a->user['nickname'] == $a- +>argv[1]) && (x($_POST,'dfrn_url'))) +-> +- $confirm_key comes from $_POST +- get data for contact Karen (contact table) by +$dfrn_url (contacts url and nurl) -> if contact Karen +does already have a dfrn-id Bob seems already +connected with Karen (abort here) +- if this contact (Karen) isn't available in the contact +tabel, scrape Karens profile page to pick up the dfrn +links, key, fn, and photo +- create a contact for Karen in the contact table with +the scraped data (Karens pubkey becomes the contact +site-pubkey) +- fetch_url($dfrn_request . '?confirm_key=' . +$confirm_key); +- fetch_url(http://karenhomepage.com/dfrn_request? +confirm_key=”ABC123”) + + +dfrn_request.php + + +http://karenhomepage.com/dfrn_request?confirm_key=”ABC123” +dfrn_request_content() - +(elseif((x($_GET,'confirm_key')) && strlen($_GET['confirm_key'])) ) +---------------------------------------------------------------------------------------------- +- select the intro by confirm_key (intro table) -> get contact id +- use the intro contact id to get the contact in the contact table +- build a notification package ( notification(array.....) ) +- update intro in intro table (blocked = 0) + + +Bob stays on his Friendica server +- goaway($forwardurl); + + +Note: this chart respects only dfrn +contacts and focuses on key exchange +(for other areas it might be very +incomplete) + + +dfrn_request_content() +------------------------------------ +- the page for the on Katrins server where Bob do a connection +request +- the form transmit on submit Bobs profile url as dfrn_url + + + + + + + + + + +bob wants to make a request and is directed from karens profile page to karens dfrn-request page + + + + + + + + + + + + + + + + + + + + + + + + + + +redirict to bobs dfrn_request page + + + + + + + + + + + + + + + + + + + + +http://karenhomepage.com/dfrn_request?confirm_key=”ABC123” + + + + + + + + + + + + + + + + + + + + + + + + + + + + +Bob fills request form and presses submit +