Merge develop into 201820_-_fix_mod_redir
This commit is contained in:
commit
22816c49a1
2
boot.php
2
boot.php
|
@ -41,7 +41,7 @@ define('FRIENDICA_PLATFORM', 'Friendica');
|
|||
define('FRIENDICA_CODENAME', 'The Tazmans Flax-lily');
|
||||
define('FRIENDICA_VERSION', '2018.08-dev');
|
||||
define('DFRN_PROTOCOL_VERSION', '2.23');
|
||||
define('DB_UPDATE_VERSION', 1268);
|
||||
define('DB_UPDATE_VERSION', 1269);
|
||||
define('NEW_UPDATE_ROUTINE_VERSION', 1170);
|
||||
|
||||
/**
|
||||
|
|
15
database.sql
15
database.sql
|
@ -1,6 +1,6 @@
|
|||
-- ------------------------------------------
|
||||
-- Friendica 2018.08-dev (The Tazmans Flax-lily)
|
||||
-- DB_UPDATE_VERSION 1268
|
||||
-- DB_UPDATE_VERSION 1269
|
||||
-- ------------------------------------------
|
||||
|
||||
|
||||
|
@ -1084,6 +1084,19 @@ CREATE TABLE IF NOT EXISTS `user-item` (
|
|||
PRIMARY KEY(`uid`,`iid`)
|
||||
) DEFAULT COLLATE utf8mb4_general_ci COMMENT='User specific item data';
|
||||
|
||||
--
|
||||
-- TABLE openwebauth-token
|
||||
--
|
||||
CREATE TABLE IF NOT EXISTS `openwebauth-token` (
|
||||
`id` int(10) NOT NULL auto_increment COMMENT 'sequential ID',
|
||||
`uid` int(10) unsigned NOT NULL DEFAULT 0 COMMENT 'User id',
|
||||
`type` varchar(32) DEFAULT '' COMMENT 'Verify type',
|
||||
`token` varchar(255) DEFAULT '' COMMENT 'A generated token',
|
||||
`meta` varchar(255) DEFAULT '' COMMENT '',
|
||||
`created` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT 'datetime of creation',
|
||||
PRIMARY KEY(`id`)
|
||||
) DEFAULT COLLATE utf8mb4_general_ci COMMENT='Store OpenWebAuth token to verify contacts';
|
||||
|
||||
--
|
||||
-- TABLE worker-ipc
|
||||
--
|
||||
|
|
|
@ -357,6 +357,12 @@ Hook data:
|
|||
'item' => item array (input)
|
||||
'html' => converted item body (input/output)
|
||||
|
||||
### 'magic_auth_success'
|
||||
Called when a magic-auth was successful.
|
||||
Hook data:
|
||||
'visitor' => array with the contact record of the visitor
|
||||
'url' => the query string
|
||||
|
||||
Current JavaScript hooks
|
||||
-------------
|
||||
|
||||
|
@ -557,6 +563,7 @@ Here is a complete list of all hook callbacks with file locations (as of 01-Apr-
|
|||
Addon::callHooks('profile_sidebar', $arr);
|
||||
Addon::callHooks('profile_tabs', $arr);
|
||||
Addon::callHooks('zrl_init', $arr);
|
||||
Addon::callHooks('magic_auth_success', $arr);
|
||||
|
||||
### src/Model/Event.php
|
||||
|
||||
|
|
|
@ -37,6 +37,7 @@ Example: To set the automatic database cleanup process add this line to your .ht
|
|||
* **db_loglimit_index** - Number of index rows needed to be logged for indexes on the watchlist
|
||||
* **db_loglimit_index_high** - Number of index rows to be logged anyway (for any index)
|
||||
* **db_log_index_blacklist** - Blacklist of indexes that shouldn't be watched
|
||||
* **dbclean_expire_conversation** (Integer) - When DBClean is enabled, any entry in the conversation table will be deleted after this many days. These data are normally needed only for debugging purposes and they are safe to delete. Default 90.
|
||||
* **diaspora_test** (Boolean) - For development only. Disables the message transfer.
|
||||
* **disable_email_validation** (Boolean) - Disables the check if a mail address is in a valid format and can be resolved via DNS.
|
||||
* **disable_url_validation** (Boolean) - Disables the DNS lookup of an URL.
|
||||
|
|
|
@ -1547,7 +1547,7 @@ function api_search($type)
|
|||
$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$data['status'] = api_format_items(dba::inArray($statuses), $user_info);
|
||||
$data['status'] = api_format_items(Item::inArray($statuses), $user_info);
|
||||
|
||||
return api_format_data("statuses", $type, $data);
|
||||
}
|
||||
|
@ -1614,7 +1614,7 @@ function api_statuses_home_timeline($type)
|
|||
$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$items = dba::inArray($statuses);
|
||||
$items = Item::inArray($statuses);
|
||||
|
||||
$ret = api_format_items($items, $user_info, false, $type);
|
||||
|
||||
|
@ -1691,7 +1691,7 @@ function api_statuses_public_timeline($type)
|
|||
$params = ['order' => ['iid' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectThreadForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params);
|
||||
|
||||
$r = dba::inArray($statuses);
|
||||
$r = Item::inArray($statuses);
|
||||
} else {
|
||||
$condition = ["`verb` = ? AND `id` > ? AND NOT `private` AND `wall` AND NOT `user`.`hidewall` AND `item`.`origin`",
|
||||
ACTIVITY_POST, $since_id];
|
||||
|
@ -1708,7 +1708,7 @@ function api_statuses_public_timeline($type)
|
|||
$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$r = dba::inArray($statuses);
|
||||
$r = Item::inArray($statuses);
|
||||
}
|
||||
|
||||
$ret = api_format_items($r, $user_info, false, $type);
|
||||
|
@ -1767,7 +1767,7 @@ function api_statuses_networkpublic_timeline($type)
|
|||
$params = ['order' => ['iid' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectThreadForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params);
|
||||
|
||||
$ret = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
|
||||
$data = ['status' => $ret];
|
||||
switch ($type) {
|
||||
|
@ -1843,7 +1843,7 @@ function api_statuses_show($type)
|
|||
throw new BadRequestException("There is no status with this id.");
|
||||
}
|
||||
|
||||
$ret = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
|
||||
if ($conversation) {
|
||||
$data = ['status' => $ret];
|
||||
|
@ -1923,7 +1923,7 @@ function api_conversation_show($type)
|
|||
throw new BadRequestException("There is no status with id $id.");
|
||||
}
|
||||
|
||||
$ret = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
|
||||
$data = ['status' => $ret];
|
||||
return api_format_data("statuses", $type, $data);
|
||||
|
@ -2089,7 +2089,7 @@ function api_statuses_mentions($type)
|
|||
$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$ret = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
|
||||
$data = ['status' => $ret];
|
||||
switch ($type) {
|
||||
|
@ -2169,7 +2169,7 @@ function api_statuses_user_timeline($type)
|
|||
$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$ret = api_format_items(dba::inArray($statuses), $user_info, true, $type);
|
||||
$ret = api_format_items(Item::inArray($statuses), $user_info, true, $type);
|
||||
|
||||
$data = ['status' => $ret];
|
||||
switch ($type) {
|
||||
|
@ -2311,7 +2311,7 @@ function api_favorites($type)
|
|||
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$ret = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$ret = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
}
|
||||
|
||||
$data = ['status' => $ret];
|
||||
|
@ -2728,7 +2728,7 @@ function api_format_items_activities(&$item, $type = "json")
|
|||
$condition = ['uid' => $item['uid'], 'thr-parent' => $item['uri']];
|
||||
$ret = Item::selectForUser($item['uid'], ['author-id', 'verb'], $condition);
|
||||
|
||||
while ($item = dba::fetch($ret)) {
|
||||
while ($item = Item::fetch($ret)) {
|
||||
// not used as result should be structured like other user data
|
||||
//builtin_activity_puller($i, $activities);
|
||||
|
||||
|
@ -3117,7 +3117,7 @@ function api_lists_statuses($type)
|
|||
$params = ['order' => ['id' => true], 'limit' => [$start, $count]];
|
||||
$statuses = Item::selectForUser(api_user(), [], $condition, $params);
|
||||
|
||||
$items = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$items = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
|
||||
$data = ['status' => $items];
|
||||
switch ($type) {
|
||||
|
@ -4636,7 +4636,7 @@ function prepare_photo_data($type, $scale, $photo_id)
|
|||
$statuses = Item::selectForUser(api_user(), [], $condition);
|
||||
|
||||
// prepare output of comments
|
||||
$commentData = api_format_items(dba::inArray($statuses), $user_info, false, $type);
|
||||
$commentData = api_format_items(Item::inArray($statuses), $user_info, false, $type);
|
||||
$comments = [];
|
||||
if ($type == "xml") {
|
||||
$k = 0;
|
||||
|
|
|
@ -779,7 +779,7 @@ function conversation_add_children($parents, $block_authors, $order, $uid) {
|
|||
}
|
||||
$thread_items = Item::selectForUser(local_user(), [], $condition, $params);
|
||||
|
||||
$comments = dba::inArray($thread_items);
|
||||
$comments = Item::inArray($thread_items);
|
||||
|
||||
if (count($comments) != 0) {
|
||||
$items = array_merge($items, $comments);
|
||||
|
|
|
@ -427,7 +427,12 @@ class dba {
|
|||
}
|
||||
|
||||
foreach ($args AS $param => $value) {
|
||||
$stmt->bindParam($param, $args[$param]);
|
||||
if (is_int($args[$param])) {
|
||||
$data_type = PDO::PARAM_INT;
|
||||
} else {
|
||||
$data_type = PDO::PARAM_STR;
|
||||
}
|
||||
$stmt->bindParam($param, $args[$param], $data_type);
|
||||
}
|
||||
|
||||
if (!$stmt->execute()) {
|
||||
|
|
|
@ -1859,20 +1859,17 @@ function file_tag_update_pconfig($uid, $file_old, $file_new, $type = 'file') {
|
|||
return true;
|
||||
}
|
||||
|
||||
function file_tag_save_file($uid, $item, $file)
|
||||
function file_tag_save_file($uid, $item_id, $file)
|
||||
{
|
||||
if (!intval($uid)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$r = q("SELECT `file` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($item),
|
||||
intval($uid)
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
if (!stristr($r[0]['file'],'[' . file_tag_encode($file) . ']')) {
|
||||
$fields = ['file' => $r[0]['file'] . '[' . file_tag_encode($file) . ']'];
|
||||
Item::update($fields, ['id' => $item]);
|
||||
$item = Item::selectFirst(['file'], ['id' => $item_id, 'uid' => $uid]);
|
||||
if (DBM::is_result($item)) {
|
||||
if (!stristr($item['file'],'[' . file_tag_encode($file) . ']')) {
|
||||
$fields = ['file' => $item['file'] . '[' . file_tag_encode($file) . ']'];
|
||||
Item::update($fields, ['id' => $item_id]);
|
||||
}
|
||||
$saved = PConfig::get($uid, 'system', 'filetags');
|
||||
if (!strlen($saved) || !stristr($saved, '[' . file_tag_encode($file) . ']')) {
|
||||
|
@ -1883,7 +1880,7 @@ function file_tag_save_file($uid, $item, $file)
|
|||
return true;
|
||||
}
|
||||
|
||||
function file_tag_unsave_file($uid, $item, $file, $cat = false)
|
||||
function file_tag_unsave_file($uid, $item_id, $file, $cat = false)
|
||||
{
|
||||
if (!intval($uid)) {
|
||||
return false;
|
||||
|
@ -1897,16 +1894,13 @@ function file_tag_unsave_file($uid, $item, $file, $cat = false)
|
|||
$termtype = TERM_FILE;
|
||||
}
|
||||
|
||||
$r = q("SELECT `file` FROM `item` WHERE `id` = %d AND `uid` = %d LIMIT 1",
|
||||
intval($item),
|
||||
intval($uid)
|
||||
);
|
||||
if (! DBM::is_result($r)) {
|
||||
$item = Item::selectFirst(['file'], ['id' => $item_id, 'uid' => $uid]);
|
||||
if (!DBM::is_result($item)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$fields = ['file' => str_replace($pattern,'',$r[0]['file'])];
|
||||
Item::update($fields, ['id' => $item]);
|
||||
$fields = ['file' => str_replace($pattern,'',$item['file'])];
|
||||
Item::update($fields, ['id' => $item_id]);
|
||||
|
||||
$r = q("SELECT `oid` FROM `term` WHERE `term` = '%s' AND `otype` = %d AND `type` = %d AND `uid` = %d",
|
||||
dbesc($file),
|
||||
|
@ -1970,6 +1964,7 @@ function is_a_date_arg($s) {
|
|||
*/
|
||||
function deindent($text, $chr = "[\t ]", $count = NULL) {
|
||||
$lines = explode("\n", $text);
|
||||
|
||||
if (is_null($count)) {
|
||||
$m = [];
|
||||
$k = 0;
|
||||
|
|
18
index.php
18
index.php
|
@ -122,13 +122,16 @@ if ((x($_SESSION, 'language')) && ($_SESSION['language'] !== $lang)) {
|
|||
}
|
||||
|
||||
if ((x($_GET,'zrl')) && $a->mode == App::MODE_NORMAL) {
|
||||
$a->query_string = Profile::stripZrls($a->query_string);
|
||||
if (!local_user()) {
|
||||
// Only continue when the given profile link seems valid
|
||||
// Valid profile links contain a path with "/profile/" and no query parameters
|
||||
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "")
|
||||
&& strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")
|
||||
) {
|
||||
if ((parse_url($_GET['zrl'], PHP_URL_QUERY) == "") &&
|
||||
strstr(parse_url($_GET['zrl'], PHP_URL_PATH), "/profile/")) {
|
||||
if ($_SESSION["visitor_home"] != $_GET["zrl"]) {
|
||||
$_SESSION['my_url'] = $_GET['zrl'];
|
||||
$a->query_string = preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is', '', $a->query_string);
|
||||
$_SESSION['authenticated'] = 0;
|
||||
}
|
||||
Profile::zrlInit($a);
|
||||
} else {
|
||||
// Someone came with an invalid parameter, maybe as a DDoS attempt
|
||||
|
@ -139,6 +142,13 @@ if ((x($_GET, 'zrl')) && $a->mode == App::MODE_NORMAL) {
|
|||
killme();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ((x($_GET,'owt')) && $a->mode == App::MODE_NORMAL) {
|
||||
$token = $_GET['owt'];
|
||||
$a->query_string = Profile::stripQueryParam($a->query_string, 'owt');
|
||||
Profile::openWebAuthInit($token);
|
||||
}
|
||||
|
||||
/**
|
||||
* For Mozilla auth manager - still needs sorting, and this might conflict with LRDD header.
|
||||
|
|
|
@ -141,6 +141,7 @@ function message_content(App $a)
|
|||
'$cancel' => L10n::t('Cancel'),
|
||||
]);
|
||||
}
|
||||
|
||||
// Now check how the user responded to the confirmation query
|
||||
if ($_REQUEST['canceled']) {
|
||||
goaway($_SESSION['return_url']);
|
||||
|
@ -151,6 +152,7 @@ function message_content(App $a)
|
|||
if (dba::delete('mail', ['id' => $a->argv[2], 'uid' => local_user()])) {
|
||||
info(L10n::t('Message deleted.') . EOL);
|
||||
}
|
||||
|
||||
//goaway(System::baseUrl(true) . '/message' );
|
||||
goaway($_SESSION['return_url']);
|
||||
} else {
|
||||
|
|
|
@ -1231,6 +1231,7 @@ function photos_content(App $a)
|
|||
*/
|
||||
if (!Config::get('system', 'no_count', false)) {
|
||||
$order_field = defaults($_GET, 'order', '');
|
||||
|
||||
if ($order_field === 'posted') {
|
||||
$order = 'ASC';
|
||||
} else {
|
||||
|
|
|
@ -211,8 +211,13 @@ function search_content(App $a) {
|
|||
}
|
||||
dba::close($terms);
|
||||
|
||||
$items = Item::selectForUser(local_user(), [], ['id' => array_reverse($itemids)]);
|
||||
if (!empty($itemids)) {
|
||||
$params = ['order' => ['id' => true]];
|
||||
$items = Item::selectForUser(local_user(), [], ['id' => $itemids], $params);
|
||||
$r = dba::inArray($items);
|
||||
} else {
|
||||
$r = [];
|
||||
}
|
||||
} else {
|
||||
logger("Start fulltext search for '".$search."'", LOGGER_DEBUG);
|
||||
|
||||
|
@ -250,4 +255,3 @@ function search_content(App $a) {
|
|||
|
||||
return $o;
|
||||
}
|
||||
|
||||
|
|
|
@ -21,22 +21,19 @@ function starred_init(App $a) {
|
|||
killme();
|
||||
}
|
||||
|
||||
$r = q("SELECT `starred` FROM `item` WHERE `uid` = %d AND `id` = %d LIMIT 1",
|
||||
intval(local_user()),
|
||||
intval($message_id)
|
||||
);
|
||||
if (! DBM::is_result($r)) {
|
||||
$item = Item::selectForUser(local_user(), ['starred'], ['uid' => local_user(), 'id' => $message_id]);
|
||||
if (!DBM::is_result($item)) {
|
||||
killme();
|
||||
}
|
||||
|
||||
if (! intval($r[0]['starred'])) {
|
||||
if (!intval($item['starred'])) {
|
||||
$starred = 1;
|
||||
}
|
||||
|
||||
Item::update(['starred' => $starred], ['id' => $message_id]);
|
||||
|
||||
// See if we've been passed a return path to redirect to
|
||||
$return_path = ((x($_REQUEST,'return')) ? $_REQUEST['return'] : '');
|
||||
$return_path = (x($_REQUEST,'return') ? $_REQUEST['return'] : '');
|
||||
if ($return_path) {
|
||||
$rand = '_=' . time();
|
||||
if (strpos($return_path, '?')) {
|
||||
|
|
|
@ -175,23 +175,19 @@ EOT;
|
|||
}
|
||||
|
||||
// if the original post is on this site, update it.
|
||||
|
||||
$r = q("SELECT `tag`,`id`,`uid` FROM `item` WHERE `origin`=1 AND `uri`='%s' LIMIT 1",
|
||||
dbesc($item['uri'])
|
||||
);
|
||||
|
||||
if (DBM::is_result($r)) {
|
||||
$original_item = Item::selectFirst(['tag', 'id', 'uid'], ['origin' => true, 'uri' => $item['uri']]);
|
||||
if (DBM::is_result($original_item)) {
|
||||
$x = q("SELECT `blocktags` FROM `user` WHERE `uid`=%d LIMIT 1",
|
||||
intval($r[0]['uid'])
|
||||
intval($original_item['uid'])
|
||||
);
|
||||
$t = q("SELECT COUNT(`tid`) AS `tcount` FROM `term` WHERE `oid`=%d AND `term`='%s'",
|
||||
intval($r[0]['id']),
|
||||
intval($original_item['id']),
|
||||
dbesc($term)
|
||||
);
|
||||
|
||||
if (DBM::is_result($x) && !$x[0]['blocktags'] && $t[0]['tcount'] == 0){
|
||||
q("INSERT INTO term (`oid`, `otype`, `type`, `term`, `url`, `uid`) VALUE (%d, %d, %d, '%s', '%s', %d)",
|
||||
intval($r[0]['id']),
|
||||
intval($original_item['id']),
|
||||
$term_objtype,
|
||||
TERM_HASHTAG,
|
||||
dbesc($term),
|
||||
|
|
10
mod/xrd.php
10
mod/xrd.php
|
@ -67,7 +67,8 @@ function xrd_json($a, $uri, $alias, $profile_url, $r)
|
|||
|
||||
$json = ['subject' => $uri,
|
||||
'aliases' => [$alias, $profile_url],
|
||||
'links' => [['rel' => NAMESPACE_DFRN, 'href' => $profile_url],
|
||||
'links' => [
|
||||
['rel' => NAMESPACE_DFRN, 'href' => $profile_url],
|
||||
['rel' => NAMESPACE_FEED, 'type' => 'application/atom+xml', 'href' => System::baseUrl().'/dfrn_poll/'.$r['nickname']],
|
||||
['rel' => 'http://webfinger.net/rel/profile-page', 'type' => 'text/html', 'href' => $profile_url],
|
||||
['rel' => 'http://microformats.org/profile/hcard', 'type' => 'text/html', 'href' => System::baseUrl().'/hcard/'.$r['nickname']],
|
||||
|
@ -78,8 +79,10 @@ function xrd_json($a, $uri, $alias, $profile_url, $r)
|
|||
['rel' => 'http://salmon-protocol.org/ns/salmon-replies', 'href' => System::baseUrl().'/salmon/'.$r['nickname']],
|
||||
['rel' => 'http://salmon-protocol.org/ns/salmon-mention', 'href' => System::baseUrl().'/salmon/'.$r['nickname'].'/mention'],
|
||||
['rel' => 'http://ostatus.org/schema/1.0/subscribe', 'template' => System::baseUrl().'/follow?url={uri}'],
|
||||
['rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key]
|
||||
]];
|
||||
['rel' => 'magic-public-key', 'href' => 'data:application/magic-public-key,'.$salmon_key],
|
||||
['rel' => 'http://purl.org/openwebauth/v1', 'type' => 'application/x-dfrn+json', 'href' => System::baseUrl().'/owa']
|
||||
]
|
||||
];
|
||||
echo json_encode($json);
|
||||
killme();
|
||||
}
|
||||
|
@ -106,6 +109,7 @@ function xrd_xml($a, $uri, $alias, $profile_url, $r)
|
|||
'$salmon' => System::baseUrl() . '/salmon/' . $r['nickname'],
|
||||
'$salmen' => System::baseUrl() . '/salmon/' . $r['nickname'] . '/mention',
|
||||
'$subscribe' => System::baseUrl() . '/follow?url={uri}',
|
||||
'$openwebauth' => System::baseUrl() . '/owa',
|
||||
'$modexp' => 'data:application/magic-public-key,' . $salmon_key]
|
||||
);
|
||||
|
||||
|
|
|
@ -87,7 +87,6 @@ server {
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
# make sure webfinger and other well known services aren't blocked
|
||||
# by denying dot files and rewrite request to the front controller
|
||||
location ^~ /.well-known/ {
|
||||
|
|
|
@ -163,17 +163,17 @@ EOT;
|
|||
}
|
||||
|
||||
/**
|
||||
* @brief Encodes content to json
|
||||
* @brief Encodes content to json.
|
||||
*
|
||||
* This function encodes an array to json format
|
||||
* and adds an application/json HTTP header to the output.
|
||||
* After finishing the process is getting killed.
|
||||
*
|
||||
* @param array $x The input content
|
||||
* @param array $x The input content.
|
||||
* @param string $content_type Type of the input (Default: 'application/json').
|
||||
*/
|
||||
public static function jsonExit($x)
|
||||
{
|
||||
header("content-type: application/json");
|
||||
public static function jsonExit($x, $content_type = 'application/json') {
|
||||
header("Content-type: $content_type");
|
||||
echo json_encode($x);
|
||||
killme();
|
||||
}
|
||||
|
|
|
@ -1818,6 +1818,20 @@ class DBStructure
|
|||
"PRIMARY" => ["uid", "iid"],
|
||||
]
|
||||
];
|
||||
$database["openwebauth-token"] = [
|
||||
"comment" => "Store OpenWebAuth token to verify contacts",
|
||||
"fields" => [
|
||||
"id" => ["type" => "int(10)", "not null" => "1", "extra" => "auto_increment", "primary" => "1", "comment" => "sequential ID"],
|
||||
"uid" => ["type" => "int(10) unsigned", "not null" => "1", "default" => "0", "relation" => ["user" => "uid"], "comment" => "User id"],
|
||||
"type" => ["type" => "varchar(32)", "not_null", "default" => "", "comment" => "Verify type"],
|
||||
"token" => ["type" => "varchar(255)", "not_null" => "1", "default" => "", "comment" => "A generated token"],
|
||||
"meta" => ["type" => "varchar(255)", "not_null" => "1", "default" => "", "comment" => ""],
|
||||
"created" => ["type" => "datetime", "not null" => "1", "default" => NULL_DATE, "comment" => "datetime of creation"],
|
||||
],
|
||||
"indexes" => [
|
||||
"PRIMARY" => ["id"],
|
||||
]
|
||||
];
|
||||
$database["worker-ipc"] = [
|
||||
"comment" => "Inter process communication between the frontend and the worker",
|
||||
"fields" => [
|
||||
|
|
|
@ -56,6 +56,40 @@ class Item extends BaseObject
|
|||
'author-id', 'author-link', 'owner-link', 'contact-uid',
|
||||
'signed_text', 'signature', 'signer'];
|
||||
|
||||
/**
|
||||
* @brief Fetch a single item row
|
||||
*
|
||||
* @param mixed $stmt statement object
|
||||
* @return array current row
|
||||
*/
|
||||
public static function fetch($stmt)
|
||||
{
|
||||
$row = dba::fetch($stmt);
|
||||
|
||||
return $row;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief Fills an array with data from an item query
|
||||
*
|
||||
* @param object $stmt statement object
|
||||
* @return array Data array
|
||||
*/
|
||||
public static function inArray($stmt, $do_close = true) {
|
||||
if (is_bool($stmt)) {
|
||||
return $stmt;
|
||||
}
|
||||
|
||||
$data = [];
|
||||
while ($row = self::fetch($stmt)) {
|
||||
$data[] = $row;
|
||||
}
|
||||
if ($do_close) {
|
||||
dba::close($stmt);
|
||||
}
|
||||
return $data;
|
||||
}
|
||||
|
||||
/**
|
||||
* Retrieve a single record from the item table for a given user and returns it in an associative array
|
||||
*
|
||||
|
@ -118,7 +152,7 @@ class Item extends BaseObject
|
|||
if (is_bool($result)) {
|
||||
return $result;
|
||||
} else {
|
||||
$row = dba::fetch($result);
|
||||
$row = self::fetch($result);
|
||||
dba::close($result);
|
||||
return $row;
|
||||
}
|
||||
|
@ -225,7 +259,7 @@ class Item extends BaseObject
|
|||
if (is_bool($result)) {
|
||||
return $result;
|
||||
} else {
|
||||
$row = dba::fetch($result);
|
||||
$row = self::fetch($result);
|
||||
dba::close($result);
|
||||
return $row;
|
||||
}
|
||||
|
|
73
src/Model/OpenWebAuthToken.php
Normal file
73
src/Model/OpenWebAuthToken.php
Normal file
|
@ -0,0 +1,73 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @file src/Model/OpenWebAuthToken.php
|
||||
*/
|
||||
namespace Friendica\Model;
|
||||
|
||||
use Friendica\Database\DBM;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use dba;
|
||||
|
||||
/**
|
||||
* Methods to deal with entries of the 'openwebauth-token' table.
|
||||
*/
|
||||
class OpenWebAuthToken
|
||||
{
|
||||
/**
|
||||
* Create an entry in the 'openwebauth-token' table.
|
||||
*
|
||||
* @param string $type Verify type.
|
||||
* @param int $uid The user ID.
|
||||
* @param string $token
|
||||
* @param string $meta
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public static function create($type, $uid, $token, $meta)
|
||||
{
|
||||
$fields = [
|
||||
"type" => $type,
|
||||
"uid" => $uid,
|
||||
"token" => $token,
|
||||
"meta" => $meta,
|
||||
"created" => DateTimeFormat::utcNow()
|
||||
];
|
||||
return dba::insert("openwebauth-token", $fields);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the "meta" field of an entry in the openwebauth-token table.
|
||||
*
|
||||
* @param string $type Verify type.
|
||||
* @param int $uid The user ID.
|
||||
* @param string $token
|
||||
*
|
||||
* @return string|boolean The meta enry or false if not found.
|
||||
*/
|
||||
public static function getMeta($type, $uid, $token)
|
||||
{
|
||||
$condition = ["type" => $type, "uid" => $uid, "token" => $token];
|
||||
|
||||
$entry = dba::selectFirst("openwebauth-token", ["id", "meta"], $condition);
|
||||
if (DBM::is_result($entry)) {
|
||||
dba::delete("openwebauth-token", ["id" => $entry["id"]]);
|
||||
|
||||
return $entry["meta"];
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* Purge entries of a verify-type older than interval.
|
||||
*
|
||||
* @param string $type Verify type.
|
||||
* @param string $interval SQL compatible time interval
|
||||
*/
|
||||
public static function purge($type, $interval)
|
||||
{
|
||||
$condition = ["`type` = ? AND `created` < ?", $type, DateTimeFormat::utcNow() . " - INTERVAL " . $interval];
|
||||
dba::delete("openwebauth-token", $condition);
|
||||
}
|
||||
|
||||
}
|
|
@ -17,6 +17,7 @@ use Friendica\Core\System;
|
|||
use Friendica\Core\Worker;
|
||||
use Friendica\Database\DBM;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\OpenWebAuthToken;
|
||||
use Friendica\Protocol\Diaspora;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use Friendica\Util\Network;
|
||||
|
@ -978,11 +979,24 @@ class Profile
|
|||
return null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Process the 'zrl' parameter and initiate the remote authentication.
|
||||
*
|
||||
* This method checks if the visitor has a public contact entry and
|
||||
* redirects the visitor to his/her instance to start the magic auth (Authentication)
|
||||
* process.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/channel.php
|
||||
*
|
||||
* @param App $a Application instance.
|
||||
*/
|
||||
public static function zrlInit(App $a)
|
||||
{
|
||||
$my_url = self::getMyURL();
|
||||
$my_url = Network::isUrlValid($my_url);
|
||||
|
||||
if ($my_url) {
|
||||
if (!local_user()) {
|
||||
// Is it a DDoS attempt?
|
||||
// The check fetches the cached value from gprobe to reduce the load for this system
|
||||
$urlparts = parse_url($my_url);
|
||||
|
@ -996,7 +1010,95 @@ class Profile
|
|||
Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
|
||||
$arr = ['zrl' => $my_url, 'url' => $a->cmd];
|
||||
Addon::callHooks('zrl_init', $arr);
|
||||
|
||||
// Try to find the public contact entry of the visitor.
|
||||
$cid = Contact::getIdForURL($my_url);
|
||||
if (!$cid) {
|
||||
logger('No contact record found for ' . $my_url, LOGGER_DEBUG);
|
||||
return;
|
||||
}
|
||||
|
||||
$contact = dba::selectFirst('contact',['id', 'url'], ['id' => $cid]);
|
||||
|
||||
if (DBM::is_result($contact) && remote_user() && remote_user() == $contact['id']) {
|
||||
// The visitor is already authenticated.
|
||||
return;
|
||||
}
|
||||
|
||||
logger('Not authenticated. Invoking reverse magic-auth for ' . $my_url, LOGGER_DEBUG);
|
||||
|
||||
// Try to avoid recursion - but send them home to do a proper magic auth.
|
||||
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
|
||||
// The other instance needs to know where to redirect.
|
||||
$dest = urlencode(System::baseUrl() . '/' . $query);
|
||||
|
||||
// We need to extract the basebath from the profile url
|
||||
// to redirect the visitors '/magic' module.
|
||||
// Note: We should have the basepath of a contact also in the contact table.
|
||||
$urlarr = explode('/profile/', $contact['url']);
|
||||
$basepath = $urlarr[0];
|
||||
|
||||
if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
|
||||
goaway($basepath . '/magic' . '?f=&owa=1&dest=' . $dest);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* OpenWebAuth authentication.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/zid.php
|
||||
*
|
||||
* @param string $token
|
||||
*/
|
||||
public static function openWebAuthInit($token)
|
||||
{
|
||||
$a = get_app();
|
||||
|
||||
// Clean old OpenWebAuthToken entries.
|
||||
OpenWebAuthToken::purge('owt', '3 MINUTE');
|
||||
|
||||
// Check if the token we got is the same one
|
||||
// we have stored in the database.
|
||||
$visitor_handle = OpenWebAuthToken::getMeta('owt', 0, $token);
|
||||
|
||||
if($visitor_handle === false) {
|
||||
return;
|
||||
}
|
||||
|
||||
// Try to find the public contact entry of the visitor.
|
||||
$cid = Contact::getIdForURL($visitor_handle);
|
||||
if(!$cid) {
|
||||
logger('owt: unable to finger ' . $visitor_handle, LOGGER_DEBUG);
|
||||
return;
|
||||
}
|
||||
|
||||
$visitor = dba::selectFirst('contact', [], ['id' => $cid]);
|
||||
|
||||
// Authenticate the visitor.
|
||||
$_SESSION['authenticated'] = 1;
|
||||
$_SESSION['visitor_id'] = $visitor['id'];
|
||||
$_SESSION['visitor_handle'] = $visitor['addr'];
|
||||
$_SESSION['visitor_home'] = $visitor['url'];
|
||||
|
||||
$arr = [
|
||||
'visitor' => $visitor,
|
||||
'url' => $a->query_string
|
||||
];
|
||||
/**
|
||||
* @hooks magic_auth_success
|
||||
* Called when a magic-auth was successful.
|
||||
* * \e array \b visitor
|
||||
* * \e string \b url
|
||||
*/
|
||||
Addon::callHooks('magic_auth_success', $arr);
|
||||
|
||||
$a->contact = $arr['visitor'];
|
||||
|
||||
info(L10n::t('OpenWebAuth: %1$s welcomes %2$s', $a->get_hostname(), $visitor['name']));
|
||||
|
||||
logger('OpenWebAuth: auth success from ' . $visitor['addr'], LOGGER_DEBUG);
|
||||
}
|
||||
|
||||
public static function zrl($s, $force = false)
|
||||
|
@ -1042,4 +1144,26 @@ class Profile
|
|||
|
||||
return $uid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Stip zrl parameter from a string.
|
||||
*
|
||||
* @param string $s The input string.
|
||||
* @return string The zrl.
|
||||
*/
|
||||
public static function stripZrls($s)
|
||||
{
|
||||
return preg_replace('/[\?&]zrl=(.*?)([\?&]|$)/is', '', $s);
|
||||
}
|
||||
|
||||
/**
|
||||
* Stip query parameter from a string.
|
||||
*
|
||||
* @param string $s The input string.
|
||||
* @return string The query parameter.
|
||||
*/
|
||||
public static function stripQueryParam($s, $param)
|
||||
{
|
||||
return preg_replace('/[\?&]' . $param . '=(.*?)(&|$)/ism', '$2', $s);
|
||||
}
|
||||
}
|
||||
|
|
121
src/Module/Magic.php
Normal file
121
src/Module/Magic.php
Normal file
|
@ -0,0 +1,121 @@
|
|||
<?php
|
||||
/**
|
||||
* @file src/Module/Magic.php
|
||||
*/
|
||||
namespace Friendica\Module;
|
||||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Util\HTTPSignature;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
use dba;
|
||||
|
||||
/**
|
||||
* Magic Auth (remote authentication) module.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Module/Magic.php
|
||||
*/
|
||||
class Magic extends BaseModule
|
||||
{
|
||||
public static function init()
|
||||
{
|
||||
$a = self::getApp();
|
||||
$ret = ['success' => false, 'url' => '', 'message' => ''];
|
||||
logger('magic mdule: invoked', LOGGER_DEBUG);
|
||||
|
||||
logger('args: ' . print_r($_REQUEST, true), LOGGER_DATA);
|
||||
|
||||
$addr = ((x($_REQUEST, 'addr')) ? $_REQUEST['addr'] : '');
|
||||
$dest = ((x($_REQUEST, 'dest')) ? $_REQUEST['dest'] : '');
|
||||
$test = ((x($_REQUEST, 'test')) ? intval($_REQUEST['test']) : 0);
|
||||
$owa = ((x($_REQUEST, 'owa')) ? intval($_REQUEST['owa']) : 0);
|
||||
|
||||
// NOTE: I guess $dest isn't just the profile url (could be also
|
||||
// other profile pages e.g. photo). We need to find a solution
|
||||
// to be able to redirct to other pages than the contact profile.
|
||||
$cid = Contact::getIdForURL($dest);
|
||||
|
||||
if (!$cid && !empty($addr)) {
|
||||
$cid = Contact::getIdForURL($addr);
|
||||
}
|
||||
|
||||
if (!$cid) {
|
||||
logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG);
|
||||
goaway($dest);
|
||||
}
|
||||
|
||||
$contact = dba::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]);
|
||||
|
||||
// Redirect if the contact is already authenticated on this site.
|
||||
if (array_key_exists('id', $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->get_baseurl())) !== false) {
|
||||
if($test) {
|
||||
$ret['success'] = true;
|
||||
$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
|
||||
return $ret;
|
||||
}
|
||||
|
||||
logger('Contact is already authenticated', LOGGER_DEBUG);
|
||||
goaway($dest);
|
||||
}
|
||||
|
||||
if (local_user()) {
|
||||
$user = $a->user;
|
||||
|
||||
// OpenWebAuth
|
||||
if ($owa) {
|
||||
// Extract the basepath
|
||||
// NOTE: we need another solution because this does only work
|
||||
// for friendica contacts :-/ . We should have the basepath
|
||||
// of a contact also in the contact table.
|
||||
$exp = explode('/profile/', $contact['url']);
|
||||
$basepath = $exp[0];
|
||||
|
||||
$headers = [];
|
||||
$headers['Accept'] = 'application/x-dfrn+json';
|
||||
$headers['X-Open-Web-Auth'] = random_string();
|
||||
|
||||
// Create a header that is signed with the local users private key.
|
||||
$headers = HTTPSignature::createSig(
|
||||
'',
|
||||
$headers,
|
||||
$user['prvkey'],
|
||||
'acct:' . $user['nickname'] . '@' . $a->get_hostname() . ($a->path ? '/' . $a->path : ''),
|
||||
false,
|
||||
true,
|
||||
'sha512'
|
||||
);
|
||||
|
||||
// Try to get an authentication token from the other instance.
|
||||
$x = Network::curl($basepath . '/owa', false, $redirects, ['headers' => $headers]);
|
||||
|
||||
if ($x['success']) {
|
||||
$j = json_decode($x['body'], true);
|
||||
|
||||
if ($j['success']) {
|
||||
$token = '';
|
||||
if ($j['encrypted_token']) {
|
||||
// The token is encrypted. If the local user is really the one the other instance
|
||||
// thinks he/she is, the token can be decrypted with the local users public key.
|
||||
openssl_private_decrypt(base64url_decode($j['encrypted_token']), $token, $user['prvkey']);
|
||||
} else {
|
||||
$token = $j['token'];
|
||||
}
|
||||
$x = strpbrk($dest, '?&');
|
||||
$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token);
|
||||
|
||||
goaway($dest . $args);
|
||||
}
|
||||
}
|
||||
goaway($dest);
|
||||
}
|
||||
}
|
||||
|
||||
if($test) {
|
||||
$ret['message'] = 'Not authenticated or invalid arguments' . EOL;
|
||||
return $ret;
|
||||
}
|
||||
|
||||
goaway($dest);
|
||||
}
|
||||
}
|
91
src/Module/Owa.php
Normal file
91
src/Module/Owa.php
Normal file
|
@ -0,0 +1,91 @@
|
|||
<?php
|
||||
/**
|
||||
* @file src/Module/Owa.php
|
||||
*/
|
||||
namespace Friendica\Module;
|
||||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Database\DBM;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\OpenWebAuthToken;
|
||||
use Friendica\Util\HTTPSignature;
|
||||
|
||||
use dba;
|
||||
|
||||
/**
|
||||
* @brief OpenWebAuth verifier and token generator
|
||||
*
|
||||
* See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
|
||||
* Requests to this endpoint should be signed using HTTP Signatures
|
||||
* using the 'Authorization: Signature' authentication method
|
||||
* If the signature verifies a token is returned.
|
||||
*
|
||||
* This token may be exchanged for an authenticated cookie.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Module/Owa.php
|
||||
*/
|
||||
class Owa extends BaseModule
|
||||
{
|
||||
public static function init()
|
||||
{
|
||||
|
||||
$ret = [ 'success' => false ];
|
||||
|
||||
foreach (['REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION'] as $head) {
|
||||
if (array_key_exists($head, $_SERVER) && substr(trim($_SERVER[$head]), 0, 9) === 'Signature') {
|
||||
if ($head !== 'HTTP_AUTHORIZATION') {
|
||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
|
||||
continue;
|
||||
}
|
||||
|
||||
$sigblock = HTTPSignature::parseSigheader($_SERVER[$head]);
|
||||
if ($sigblock) {
|
||||
$keyId = $sigblock['keyId'];
|
||||
|
||||
if ($keyId) {
|
||||
// Try to find the public contact entry of the handle.
|
||||
$handle = str_replace('acct:', '', $keyId);
|
||||
|
||||
$cid = Contact::getIdForURL($handle);
|
||||
$fields = ['id', 'url', 'addr', 'pubkey'];
|
||||
$condition = ['id' => $cid];
|
||||
|
||||
$contact = dba::selectFirst('contact', $fields, $condition);
|
||||
|
||||
if (DBM::is_result($contact)) {
|
||||
// Try to verify the signed header with the public key of the contact record
|
||||
// we have found.
|
||||
$verified = HTTPSignature::verify('', $contact['pubkey']);
|
||||
|
||||
if ($verified && $verified['header_signed'] && $verified['header_valid']) {
|
||||
logger('OWA header: ' . print_r($verified, true), LOGGER_DATA);
|
||||
logger('OWA success: ' . $contact['addr'], LOGGER_DATA);
|
||||
|
||||
$ret['success'] = true;
|
||||
$token = random_string(32);
|
||||
|
||||
// Store the generated token in the databe.
|
||||
OpenWebAuthToken::create('owt', 0, $token, $contact['addr']);
|
||||
|
||||
$result = '';
|
||||
|
||||
// Encrypt the token with the public contacts publik key.
|
||||
// Only the specific public contact will be able to encrypt it.
|
||||
// At a later time, we will compare weather the token we're getting
|
||||
// is really the same token we have stored in the database.
|
||||
openssl_public_encrypt($token, $result, $contact['pubkey']);
|
||||
$ret['encrypted_token'] = base64url_encode($result);
|
||||
} else {
|
||||
logger('OWA fail: ' . $contact['id'] . ' ' . $contact['addr'] . ' ' . $contact['url'], LOGGER_DEBUG);
|
||||
}
|
||||
} else {
|
||||
logger('Contact not found: ' . $handle, LOGGER_DEBUG);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
System::jsonExit($ret, 'application/x-dfrn+json');
|
||||
}
|
||||
}
|
|
@ -246,7 +246,7 @@ class DFRN
|
|||
|
||||
if (!empty($ids)) {
|
||||
$ret = Item::select(Item::DELIVER_FIELDLIST, ['id' => $ids]);
|
||||
$items = dba::inArray($ret);
|
||||
$items = Item::inArray($ret);
|
||||
} else {
|
||||
$items = [];
|
||||
}
|
||||
|
@ -330,7 +330,7 @@ class DFRN
|
|||
}
|
||||
|
||||
$ret = Item::select(Item::DELIVER_FIELDLIST, $condition);
|
||||
$items = dba::inArray($ret);
|
||||
$items = Item::inArray($ret);
|
||||
if (!DBM::is_result($items)) {
|
||||
killme();
|
||||
}
|
||||
|
@ -938,10 +938,10 @@ class DFRN
|
|||
|
||||
if (($item['parent'] != $item['id']) || ($item['parent-uri'] !== $item['uri']) || (($item['thr-parent'] !== '') && ($item['thr-parent'] !== $item['uri']))) {
|
||||
$parent_item = (($item['thr-parent']) ? $item['thr-parent'] : $item['parent-uri']);
|
||||
$parent = q("SELECT `guid`,`plink` FROM `item` WHERE `uri` = '%s' AND `uid` = %d", dbesc($parent_item), intval($item['uid']));
|
||||
$parent = Item::selectFirst(['guid', 'plink'], ['uri' => $parent_item, 'uid' => $item['uid']]);
|
||||
$attributes = ["ref" => $parent_item, "type" => "text/html",
|
||||
"href" => $parent[0]['plink'],
|
||||
"dfrn:diaspora_guid" => $parent[0]['guid']];
|
||||
"href" => $parent['plink'],
|
||||
"dfrn:diaspora_guid" => $parent['guid']];
|
||||
XML::addElement($doc, $entry, "thr:in-reply-to", "", $attributes);
|
||||
}
|
||||
|
||||
|
@ -2080,9 +2080,7 @@ class DFRN
|
|||
'confirm' => $relocate["confirm"], 'notify' => $relocate["notify"],
|
||||
'poll' => $relocate["poll"], 'site-pubkey' => $relocate["sitepubkey"]];
|
||||
$condition = ["(`id` = ?) OR (`nurl` = ?)", $importer["id"], normalise_link($old["url"])];
|
||||
dba::update('contact', $fields, $condition);
|
||||
|
||||
// @TODO No dba:update here?
|
||||
dba::update('contact', $fields, $condition);
|
||||
|
||||
Contact::updateAvatar($relocate["avatar"], $importer["importer_uid"], $importer["id"], true);
|
||||
|
@ -2163,13 +2161,8 @@ class DFRN
|
|||
|
||||
$is_a_remote_action = false;
|
||||
|
||||
$r = q(
|
||||
"SELECT `item`.`parent-uri` FROM `item`
|
||||
WHERE `item`.`uri` = '%s'
|
||||
LIMIT 1",
|
||||
dbesc($item["parent-uri"])
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$parent = Item::selectFirst(['parent-uri'], ['uri' => $item["parent-uri"]]);
|
||||
if (DBM::is_result($parent)) {
|
||||
$r = q(
|
||||
"SELECT `item`.`forum_mode`, `item`.`wall` FROM `item`
|
||||
INNER JOIN `contact` ON `contact`.`id` = `item`.`contact-id`
|
||||
|
@ -2177,9 +2170,9 @@ class DFRN
|
|||
AND `item`.`uid` = %d
|
||||
$sql_extra
|
||||
LIMIT 1",
|
||||
dbesc($r[0]["parent-uri"]),
|
||||
dbesc($r[0]["parent-uri"]),
|
||||
dbesc($r[0]["parent-uri"]),
|
||||
dbesc($parent["parent-uri"]),
|
||||
dbesc($parent["parent-uri"]),
|
||||
dbesc($parent["parent-uri"]),
|
||||
intval($importer["importer_uid"])
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
|
@ -2320,25 +2313,15 @@ class DFRN
|
|||
$item["gravity"] = GRAVITY_LIKE;
|
||||
// only one like or dislike per person
|
||||
// splitted into two queries for performance issues
|
||||
$r = q(
|
||||
"SELECT `id` FROM `item` WHERE `uid` = %d AND `author-id` = %d AND `verb` = '%s' AND `parent-uri` = '%s' AND NOT `deleted` LIMIT 1",
|
||||
intval($item["uid"]),
|
||||
intval($item["author-id"]),
|
||||
dbesc($item["verb"]),
|
||||
dbesc($item["parent-uri"])
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$condition = ['uid' => $item["uid"], 'author-id' => $item["author-id"],
|
||||
'verb' => $item["verb"], 'parent-uri' => $item["parent-uri"]];
|
||||
if (dba::exists('item', $condition)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$r = q(
|
||||
"SELECT `id` FROM `item` WHERE `uid` = %d AND `author-id` = %d AND `verb` = '%s' AND `thr-parent` = '%s' AND NOT `deleted` LIMIT 1",
|
||||
intval($item["uid"]),
|
||||
intval($item["author-id"]),
|
||||
dbesc($item["verb"]),
|
||||
dbesc($item["parent-uri"])
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$condition = ['uid' => $item["uid"], 'author-id' => $item["author-id"],
|
||||
'verb' => $item["verb"], 'thr-parent' => $item["parent-uri"]];
|
||||
if (dba::exists('item', $condition)) {
|
||||
return false;
|
||||
}
|
||||
} else {
|
||||
|
@ -2350,22 +2333,17 @@ class DFRN
|
|||
$xt = XML::parseString($item["target"], false);
|
||||
|
||||
if ($xt->type == ACTIVITY_OBJ_NOTE) {
|
||||
$r = q(
|
||||
"SELECT `id`, `tag` FROM `item` WHERE `uri` = '%s' AND `uid` = %d LIMIT 1",
|
||||
dbesc($xt->id),
|
||||
intval($importer["importer_uid"])
|
||||
);
|
||||
|
||||
if (!DBM::is_result($r)) {
|
||||
$item_tag = Item::selectFirst(['id', 'tag'], ['uri' => $xt->id, 'uid' => $importer["importer_uid"]]);
|
||||
if (!DBM::is_result($item_tag)) {
|
||||
logger("Query failed to execute, no result returned in " . __FUNCTION__);
|
||||
return false;
|
||||
}
|
||||
|
||||
// extract tag, if not duplicate, add to parent item
|
||||
if ($xo->content) {
|
||||
if (!stristr($r[0]["tag"], trim($xo->content))) {
|
||||
$tag = $r[0]["tag"] . (strlen($r[0]["tag"]) ? ',' : '') . '#[url=' . $xo->id . ']'. $xo->content . '[/url]';
|
||||
Item::update(['tag' => $tag], ['id' => $r[0]["id"]]);
|
||||
if (!stristr($item_tag["tag"], trim($xo->content))) {
|
||||
$tag = $item_tag["tag"] . (strlen($item_tag["tag"]) ? ',' : '') . '#[url=' . $xo->id . ']'. $xo->content . '[/url]';
|
||||
Item::update(['tag' => $tag], ['id' => $item_tag["id"]]);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -2218,7 +2218,7 @@ class Diaspora
|
|||
|
||||
// Send all existing comments and likes to the requesting server
|
||||
$comments = Item::select(['id', 'verb', 'self'], ['parent' => $item['id']]);
|
||||
while ($comment = dba::fetch($comments)) {
|
||||
while ($comment = Item::fetch($comments)) {
|
||||
if ($comment['id'] == $comment['parent']) {
|
||||
continue;
|
||||
}
|
||||
|
@ -2771,7 +2771,7 @@ class Diaspora
|
|||
return false;
|
||||
}
|
||||
|
||||
while ($item = dba::fetch($r)) {
|
||||
while ($item = Item::fetch($r)) {
|
||||
// Fetch the parent item
|
||||
$parent = Item::selectFirst(['author-link'], ['id' => $item["parent"]]);
|
||||
|
||||
|
|
|
@ -2152,7 +2152,7 @@ class OStatus
|
|||
$ret = Item::select([], $condition, $params);
|
||||
}
|
||||
|
||||
$items = dba::inArray($ret);
|
||||
$items = Item::inArray($ret);
|
||||
|
||||
$doc = new DOMDocument('1.0', 'utf-8');
|
||||
$doc->formatOutput = true;
|
||||
|
|
|
@ -4,6 +4,7 @@
|
|||
*/
|
||||
namespace Friendica\Util;
|
||||
|
||||
use Friendica\Core\Addon;
|
||||
use Friendica\Core\Config;
|
||||
use ASN_BASE;
|
||||
use ASNValue;
|
||||
|
@ -246,4 +247,232 @@ class Crypto
|
|||
|
||||
return $response;
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt a string with 'aes-256-cbc' cipher method.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $key The key used for encryption.
|
||||
* @param string $iv A non-NULL Initialization Vector.
|
||||
*
|
||||
* @return string|boolean Encrypted string or false on failure.
|
||||
*/
|
||||
private static function encryptAES256CBC($data, $key, $iv)
|
||||
{
|
||||
return openssl_encrypt($data, 'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt a string with 'aes-256-cbc' cipher method.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $key The key used for decryption.
|
||||
* @param string $iv A non-NULL Initialization Vector.
|
||||
*
|
||||
* @return string|boolean Decrypted string or false on failure.
|
||||
*/
|
||||
private static function decryptAES256CBC($data, $key, $iv)
|
||||
{
|
||||
return openssl_decrypt($data, 'aes-256-cbc', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Encrypt a string with 'aes-256-ctr' cipher method.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $key The key used for encryption.
|
||||
* @param string $iv A non-NULL Initialization Vector.
|
||||
*
|
||||
* @return string|boolean Encrypted string or false on failure.
|
||||
*/
|
||||
private static function encryptAES256CTR($data, $key, $iv)
|
||||
{
|
||||
$key = substr($key, 0, 32);
|
||||
$iv = substr($iv, 0, 16);
|
||||
return openssl_encrypt($data, 'aes-256-ctr', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
|
||||
}
|
||||
|
||||
/**
|
||||
* Decrypt a string with 'aes-256-ctr' cipher method.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $key The key used for decryption.
|
||||
* @param string $iv A non-NULL Initialization Vector.
|
||||
*
|
||||
* @return string|boolean Decrypted string or false on failure.
|
||||
*/
|
||||
private static function decryptAES256CTR($data, $key, $iv)
|
||||
{
|
||||
$key = substr($key, 0, 32);
|
||||
$iv = substr($iv, 0, 16);
|
||||
return openssl_decrypt($data, 'aes-256-ctr', str_pad($key, 32, "\0"), OPENSSL_RAW_DATA, str_pad($iv, 16, "\0"));
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $pubkey The public key.
|
||||
* @param string $alg The algorithm used for encryption.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function encapsulate($data, $pubkey, $alg = 'aes256cbc')
|
||||
{
|
||||
if ($alg === 'aes256cbc') {
|
||||
return self::encapsulateAes($data, $pubkey);
|
||||
}
|
||||
return self::encapsulateOther($data, $pubkey, $alg);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param type $data
|
||||
* @param type $pubkey The public key.
|
||||
* @param type $alg The algorithm used for encryption.
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
private static function encapsulateOther($data, $pubkey, $alg)
|
||||
{
|
||||
if (!$pubkey) {
|
||||
logger('no key. data: '.$data);
|
||||
}
|
||||
$fn = 'encrypt' . strtoupper($alg);
|
||||
if (method_exists(__CLASS__, $fn)) {
|
||||
$result = ['encrypted' => true];
|
||||
$key = random_bytes(256);
|
||||
$iv = random_bytes(256);
|
||||
$result['data'] = base64url_encode(self::$fn($data, $key, $iv), true);
|
||||
|
||||
// log the offending call so we can track it down
|
||||
if (!openssl_public_encrypt($key, $k, $pubkey)) {
|
||||
$x = debug_backtrace();
|
||||
logger('RSA failed. ' . print_r($x[0], true));
|
||||
}
|
||||
|
||||
$result['alg'] = $alg;
|
||||
$result['key'] = base64url_encode($k, true);
|
||||
openssl_public_encrypt($iv, $i, $pubkey);
|
||||
$result['iv'] = base64url_encode($i, true);
|
||||
|
||||
return $result;
|
||||
} else {
|
||||
$x = ['data' => $data, 'pubkey' => $pubkey, 'alg' => $alg, 'result' => $data];
|
||||
Addon::callHooks('other_encapsulate', $x);
|
||||
|
||||
return $x['result'];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $pubkey
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
private static function encapsulateAes($data, $pubkey)
|
||||
{
|
||||
if (!$pubkey) {
|
||||
logger('aes_encapsulate: no key. data: ' . $data);
|
||||
}
|
||||
|
||||
$key = random_bytes(32);
|
||||
$iv = random_bytes(16);
|
||||
$result = ['encrypted' => true];
|
||||
$result['data'] = base64url_encode(self::encryptAES256CBC($data, $key, $iv), true);
|
||||
|
||||
// log the offending call so we can track it down
|
||||
if (!openssl_public_encrypt($key, $k, $pubkey)) {
|
||||
$x = debug_backtrace();
|
||||
logger('aes_encapsulate: RSA failed. ' . print_r($x[0], true));
|
||||
}
|
||||
|
||||
$result['alg'] = 'aes256cbc';
|
||||
$result['key'] = base64url_encode($k, true);
|
||||
openssl_public_encrypt($iv, $i, $pubkey);
|
||||
$result['iv'] = base64url_encode($i, true);
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $prvkey The private key used for decryption.
|
||||
*
|
||||
* @return string|boolean The decrypted string or false on failure.
|
||||
*/
|
||||
public static function unencapsulate($data, $prvkey)
|
||||
{
|
||||
if (!$data) {
|
||||
return;
|
||||
}
|
||||
|
||||
$alg = ((array_key_exists('alg', $data)) ? $data['alg'] : 'aes256cbc');
|
||||
if ($alg === 'aes256cbc') {
|
||||
return self::encapsulateAes($data, $prvkey);
|
||||
}
|
||||
return self::encapsulateOther($data, $prvkey, $alg);
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param string $data
|
||||
* @param string $prvkey The private key used for decryption.
|
||||
* @param string $alg
|
||||
*
|
||||
* @return string|boolean The decrypted string or false on failure.
|
||||
*/
|
||||
private static function unencapsulateOther($data, $prvkey, $alg)
|
||||
{
|
||||
$fn = 'decrypt' . strtoupper($alg);
|
||||
|
||||
if (method_exists(__CLASS__, $fn)) {
|
||||
openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey);
|
||||
openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey);
|
||||
|
||||
return self::$fn(base64url_decode($data['data']), $k, $i);
|
||||
} else {
|
||||
$x = ['data' => $data, 'prvkey' => $prvkey, 'alg' => $alg, 'result' => $data];
|
||||
Addon::callHooks('other_unencapsulate', $x);
|
||||
|
||||
return $x['result'];
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/include/crypto.php
|
||||
*
|
||||
* @param array $data
|
||||
* @param string $prvkey The private key used for decryption.
|
||||
*
|
||||
* @return string|boolean The decrypted string or false on failure.
|
||||
*/
|
||||
private static function unencapsulateAes($data, $prvkey)
|
||||
{
|
||||
openssl_private_decrypt(base64url_decode($data['key']), $k, $prvkey);
|
||||
openssl_private_decrypt(base64url_decode($data['iv']), $i, $prvkey);
|
||||
|
||||
return self::decryptAES256CBC(base64url_decode($data['data']), $k, $i);
|
||||
}
|
||||
}
|
||||
|
|
48
src/Util/HTTPHeaders.php
Normal file
48
src/Util/HTTPHeaders.php
Normal file
|
@ -0,0 +1,48 @@
|
|||
<?php
|
||||
/**
|
||||
* @file src/Util/HTTPHeaders.php
|
||||
*/
|
||||
namespace Friendica\Util;
|
||||
|
||||
/**
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Web/HTTPHeaders.php
|
||||
*/
|
||||
class HTTPHeaders
|
||||
{
|
||||
private $in_progress = [];
|
||||
private $parsed = [];
|
||||
|
||||
function __construct($headers)
|
||||
{
|
||||
$lines = explode("\n", str_replace("\r", '', $headers));
|
||||
|
||||
if ($lines) {
|
||||
foreach ($lines as $line) {
|
||||
if (preg_match('/^\s+/', $line, $matches) && trim($line)) {
|
||||
if (!empty($this->in_progress['k'])) {
|
||||
$this->in_progress['v'] .= ' ' . ltrim($line);
|
||||
continue;
|
||||
}
|
||||
} else {
|
||||
if (!empty($this->in_progress['k'])) {
|
||||
$this->parsed[] = [$this->in_progress['k'] => $this->in_progress['v']];
|
||||
$this->in_progress = [];
|
||||
}
|
||||
|
||||
$this->in_progress['k'] = strtolower(substr($line, 0, strpos($line, ':')));
|
||||
$this->in_progress['v'] = ltrim(substr($line, strpos($line, ':') + 1));
|
||||
}
|
||||
}
|
||||
|
||||
if (!empty($this->in_progress['k'])) {
|
||||
$this->parsed[$this->in_progress['k']] = $this->in_progress['v'];
|
||||
$this->in_progress = [];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function fetch()
|
||||
{
|
||||
return $this->parsed;
|
||||
}
|
||||
}
|
409
src/Util/HTTPSignature.php
Normal file
409
src/Util/HTTPSignature.php
Normal file
|
@ -0,0 +1,409 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* @file src/Util/HTTPSignature.php
|
||||
*/
|
||||
namespace Friendica\Util;
|
||||
|
||||
use Friendica\Core\Config;
|
||||
use Friendica\Database\DBM;
|
||||
use Friendica\Util\Crypto;
|
||||
use Friendica\Util\HTTPHeaders;
|
||||
use dba;
|
||||
|
||||
/**
|
||||
* @brief Implements HTTP Signatures per draft-cavage-http-signatures-07.
|
||||
*
|
||||
* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Web/HTTPSig.php
|
||||
*
|
||||
* @see https://tools.ietf.org/html/draft-cavage-http-signatures-07
|
||||
*/
|
||||
|
||||
class HTTPSignature
|
||||
{
|
||||
/**
|
||||
* @brief RFC5843
|
||||
*
|
||||
* Disabled until Friendica's ActivityPub implementation
|
||||
* is ready.
|
||||
*
|
||||
* @see https://tools.ietf.org/html/rfc5843
|
||||
*
|
||||
* @param string $body The value to create the digest for
|
||||
* @param boolean $set (optional, default true)
|
||||
* If set send a Digest HTTP header
|
||||
*
|
||||
* @return string The generated digest of $body
|
||||
*/
|
||||
// public static function generateDigest($body, $set = true)
|
||||
// {
|
||||
// $digest = base64_encode(hash('sha256', $body, true));
|
||||
//
|
||||
// if($set) {
|
||||
// header('Digest: SHA-256=' . $digest);
|
||||
// }
|
||||
// return $digest;
|
||||
// }
|
||||
|
||||
// See draft-cavage-http-signatures-08
|
||||
public static function verify($data, $key = '')
|
||||
{
|
||||
$body = $data;
|
||||
$headers = null;
|
||||
$spoofable = false;
|
||||
$result = [
|
||||
'signer' => '',
|
||||
'header_signed' => false,
|
||||
'header_valid' => false,
|
||||
'content_signed' => false,
|
||||
'content_valid' => false
|
||||
];
|
||||
|
||||
// Decide if $data arrived via controller submission or curl.
|
||||
if (is_array($data) && $data['header']) {
|
||||
if (!$data['success']) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
$h = new HTTPHeaders($data['header']);
|
||||
$headers = $h->fetch();
|
||||
$body = $data['body'];
|
||||
} else {
|
||||
$headers = [];
|
||||
$headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']).' '.$_SERVER['REQUEST_URI'];
|
||||
|
||||
foreach ($_SERVER as $k => $v) {
|
||||
if (strpos($k, 'HTTP_') === 0) {
|
||||
$field = str_replace('_', '-', strtolower(substr($k, 5)));
|
||||
$headers[$field] = $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$sig_block = null;
|
||||
|
||||
if (array_key_exists('signature', $headers)) {
|
||||
$sig_block = self::parseSigheader($headers['signature']);
|
||||
} elseif (array_key_exists('authorization', $headers)) {
|
||||
$sig_block = self::parseSigheader($headers['authorization']);
|
||||
}
|
||||
|
||||
if (!$sig_block) {
|
||||
logger('no signature provided.');
|
||||
return $result;
|
||||
}
|
||||
|
||||
// Warning: This log statement includes binary data
|
||||
// logger('sig_block: ' . print_r($sig_block,true), LOGGER_DATA);
|
||||
|
||||
$result['header_signed'] = true;
|
||||
|
||||
$signed_headers = $sig_block['headers'];
|
||||
if (!$signed_headers) {
|
||||
$signed_headers = ['date'];
|
||||
}
|
||||
|
||||
$signed_data = '';
|
||||
foreach ($signed_headers as $h) {
|
||||
if (array_key_exists($h, $headers)) {
|
||||
$signed_data .= $h . ': ' . $headers[$h] . "\n";
|
||||
}
|
||||
if (strpos($h, '.')) {
|
||||
$spoofable = true;
|
||||
}
|
||||
}
|
||||
|
||||
$signed_data = rtrim($signed_data, "\n");
|
||||
|
||||
$algorithm = null;
|
||||
if ($sig_block['algorithm'] === 'rsa-sha256') {
|
||||
$algorithm = 'sha256';
|
||||
}
|
||||
if ($sig_block['algorithm'] === 'rsa-sha512') {
|
||||
$algorithm = 'sha512';
|
||||
}
|
||||
|
||||
if ($key && function_exists($key)) {
|
||||
$result['signer'] = $sig_block['keyId'];
|
||||
$key = $key($sig_block['keyId']);
|
||||
}
|
||||
|
||||
// We don't use Activity Pub at the moment.
|
||||
// if (!$key) {
|
||||
// $result['signer'] = $sig_block['keyId'];
|
||||
// $key = self::getActivitypubKey($sig_block['keyId']);
|
||||
// }
|
||||
|
||||
if (!$key) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
$x = Crypto::rsaVerify($signed_data, $sig_block['signature'], $key, $algorithm);
|
||||
|
||||
logger('verified: ' . $x, LOGGER_DEBUG);
|
||||
|
||||
if (!$x) {
|
||||
return $result;
|
||||
}
|
||||
|
||||
if (!$spoofable) {
|
||||
$result['header_valid'] = true;
|
||||
}
|
||||
|
||||
if (in_array('digest', $signed_headers)) {
|
||||
$result['content_signed'] = true;
|
||||
$digest = explode('=', $headers['digest']);
|
||||
|
||||
if ($digest[0] === 'SHA-256') {
|
||||
$hashalg = 'sha256';
|
||||
}
|
||||
if ($digest[0] === 'SHA-512') {
|
||||
$hashalg = 'sha512';
|
||||
}
|
||||
|
||||
// The explode operation will have stripped the '=' padding, so compare against unpadded base64.
|
||||
if (rtrim(base64_encode(hash($hashalg, $body, true)), '=') === $digest[1]) {
|
||||
$result['content_valid'] = true;
|
||||
}
|
||||
}
|
||||
|
||||
logger('Content_Valid: ' . $result['content_valid']);
|
||||
|
||||
return $result;
|
||||
}
|
||||
|
||||
/**
|
||||
* Fetch the public key for Activity Pub contact.
|
||||
*
|
||||
* @param string|int The identifier (contact addr or contact ID).
|
||||
* @return string|boolean The public key or false on failure.
|
||||
*/
|
||||
private static function getActivitypubKey($id)
|
||||
{
|
||||
if (strpos($id, 'acct:') === 0) {
|
||||
$contact = dba::selectFirst('contact', ['pubkey'], ['uid' => 0, 'addr' => str_replace('acct:', '', $id)]);
|
||||
} else {
|
||||
$contact = dba::selectFirst('contact', ['pubkey'], ['id' => $id, 'network' => 'activitypub']);
|
||||
}
|
||||
|
||||
if (DBM::is_result($contact)) {
|
||||
return $contact['pubkey'];
|
||||
}
|
||||
|
||||
if(function_exists('as_fetch')) {
|
||||
$r = as_fetch($id);
|
||||
}
|
||||
|
||||
if ($r) {
|
||||
$j = json_decode($r, true);
|
||||
|
||||
if (array_key_exists('publicKey', $j) && array_key_exists('publicKeyPem', $j['publicKey'])) {
|
||||
if ((array_key_exists('id', $j['publicKey']) && $j['publicKey']['id'] !== $id) && $j['id'] !== $id) {
|
||||
return false;
|
||||
}
|
||||
|
||||
return $j['publicKey']['publicKeyPem'];
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*
|
||||
* @param string $request
|
||||
* @param array $head
|
||||
* @param string $prvkey
|
||||
* @param string $keyid (optional, default 'Key')
|
||||
* @param boolean $send_headers (optional, default false)
|
||||
* If set send a HTTP header
|
||||
* @param boolean $auth (optional, default false)
|
||||
* @param string $alg (optional, default 'sha256')
|
||||
* @param string $crypt_key (optional, default null)
|
||||
* @param string $crypt_algo (optional, default 'aes256ctr')
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public static function createSig($request, $head, $prvkey, $keyid = 'Key', $send_headers = false, $auth = false, $alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr')
|
||||
{
|
||||
$return_headers = [];
|
||||
|
||||
if ($alg === 'sha256') {
|
||||
$algorithm = 'rsa-sha256';
|
||||
}
|
||||
|
||||
if ($alg === 'sha512') {
|
||||
$algorithm = 'rsa-sha512';
|
||||
}
|
||||
|
||||
$x = self::sign($request, $head, $prvkey, $alg);
|
||||
|
||||
$headerval = 'keyId="' . $keyid . '",algorithm="' . $algorithm
|
||||
. '",headers="' . $x['headers'] . '",signature="' . $x['signature'] . '"';
|
||||
|
||||
if ($crypt_key) {
|
||||
$x = Crypto::encapsulate($headerval, $crypt_key, $crypt_algo);
|
||||
$headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"';
|
||||
}
|
||||
|
||||
if ($auth) {
|
||||
$sighead = 'Authorization: Signature ' . $headerval;
|
||||
} else {
|
||||
$sighead = 'Signature: ' . $headerval;
|
||||
}
|
||||
|
||||
if ($head) {
|
||||
foreach ($head as $k => $v) {
|
||||
if ($send_headers) {
|
||||
// This is for ActivityPub implementation.
|
||||
// Since the Activity Pub implementation isn't
|
||||
// ready at the moment, we comment it out.
|
||||
// header($k . ': ' . $v);
|
||||
} else {
|
||||
$return_headers[] = $k . ': ' . $v;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($send_headers) {
|
||||
// This is for ActivityPub implementation.
|
||||
// Since the Activity Pub implementation isn't
|
||||
// ready at the moment, we comment it out.
|
||||
// header($sighead);
|
||||
} else {
|
||||
$return_headers[] = $sighead;
|
||||
}
|
||||
|
||||
return $return_headers;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*
|
||||
* @param string $request
|
||||
* @param array $head
|
||||
* @param string $prvkey
|
||||
* @param string $alg (optional) default 'sha256'
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
private static function sign($request, $head, $prvkey, $alg = 'sha256')
|
||||
{
|
||||
$ret = [];
|
||||
$headers = '';
|
||||
$fields = '';
|
||||
|
||||
if ($request) {
|
||||
$headers = '(request-target)' . ': ' . trim($request) . "\n";
|
||||
$fields = '(request-target)';
|
||||
}
|
||||
|
||||
if ($head) {
|
||||
foreach ($head as $k => $v) {
|
||||
$headers .= strtolower($k) . ': ' . trim($v) . "\n";
|
||||
if ($fields) {
|
||||
$fields .= ' ';
|
||||
}
|
||||
$fields .= strtolower($k);
|
||||
}
|
||||
// strip the trailing linefeed
|
||||
$headers = rtrim($headers, "\n");
|
||||
}
|
||||
|
||||
$sig = base64_encode(Crypto::rsaSign($headers, $prvkey, $alg));
|
||||
|
||||
$ret['headers'] = $fields;
|
||||
$ret['signature'] = $sig;
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*
|
||||
* @param string $header
|
||||
* @return array associate array with
|
||||
* - \e string \b keyID
|
||||
* - \e string \b algorithm
|
||||
* - \e array \b headers
|
||||
* - \e string \b signature
|
||||
*/
|
||||
public static function parseSigheader($header)
|
||||
{
|
||||
$ret = [];
|
||||
$matches = [];
|
||||
|
||||
// if the header is encrypted, decrypt with (default) site private key and continue
|
||||
if (preg_match('/iv="(.*?)"/ism', $header, $matches)) {
|
||||
$header = self::decryptSigheader($header);
|
||||
}
|
||||
|
||||
if (preg_match('/keyId="(.*?)"/ism', $header, $matches)) {
|
||||
$ret['keyId'] = $matches[1];
|
||||
}
|
||||
|
||||
if (preg_match('/algorithm="(.*?)"/ism', $header, $matches)) {
|
||||
$ret['algorithm'] = $matches[1];
|
||||
}
|
||||
|
||||
if (preg_match('/headers="(.*?)"/ism', $header, $matches)) {
|
||||
$ret['headers'] = explode(' ', $matches[1]);
|
||||
}
|
||||
|
||||
if (preg_match('/signature="(.*?)"/ism', $header, $matches)) {
|
||||
$ret['signature'] = base64_decode(preg_replace('/\s+/', '', $matches[1]));
|
||||
}
|
||||
|
||||
if (($ret['signature']) && ($ret['algorithm']) && (!$ret['headers'])) {
|
||||
$ret['headers'] = ['date'];
|
||||
}
|
||||
|
||||
return $ret;
|
||||
}
|
||||
|
||||
/**
|
||||
* @brief
|
||||
*
|
||||
* @param string $header
|
||||
* @param string $prvkey (optional), if not set use site private key
|
||||
*
|
||||
* @return array|string associative array, empty string if failue
|
||||
* - \e string \b iv
|
||||
* - \e string \b key
|
||||
* - \e string \b alg
|
||||
* - \e string \b data
|
||||
*/
|
||||
private static function decryptSigheader($header, $prvkey = null)
|
||||
{
|
||||
$iv = $key = $alg = $data = null;
|
||||
|
||||
if (!$prvkey) {
|
||||
$prvkey = Config::get('system', 'prvkey');
|
||||
}
|
||||
|
||||
$matches = [];
|
||||
|
||||
if (preg_match('/iv="(.*?)"/ism', $header, $matches)) {
|
||||
$iv = $matches[1];
|
||||
}
|
||||
|
||||
if (preg_match('/key="(.*?)"/ism', $header, $matches)) {
|
||||
$key = $matches[1];
|
||||
}
|
||||
|
||||
if (preg_match('/alg="(.*?)"/ism', $header, $matches)) {
|
||||
$alg = $matches[1];
|
||||
}
|
||||
|
||||
if (preg_match('/data="(.*?)"/ism', $header, $matches)) {
|
||||
$data = $matches[1];
|
||||
}
|
||||
|
||||
if ($iv && $key && $alg && $data) {
|
||||
return Crypto::unencapsulate(['iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data], $prvkey);
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
}
|
|
@ -323,11 +323,12 @@ class DBClean {
|
|||
Config::set('system', 'dbclean-last-id-9', $last_id);
|
||||
} elseif ($stage == 10) {
|
||||
$last_id = Config::get('system', 'dbclean-last-id-10', 0);
|
||||
$days = intval(Config::get('system', 'dbclean_expire_conversation', 90));
|
||||
|
||||
logger("Deleting old conversations. Last created: ".$last_id);
|
||||
$r = dba::p("SELECT `received`, `item-uri` FROM `conversation`
|
||||
WHERE `received` < UTC_TIMESTAMP() - INTERVAL 90 DAY
|
||||
ORDER BY `received` LIMIT ".intval($limit));
|
||||
WHERE `received` < UTC_TIMESTAMP() - INTERVAL ? DAY
|
||||
ORDER BY `received` LIMIT ".intval($limit), $days);
|
||||
$count = dba::num_rows($r);
|
||||
if ($count > 0) {
|
||||
logger("found old conversations: ".$count);
|
||||
|
|
|
@ -64,7 +64,7 @@ class Delivery extends BaseObject
|
|||
$itemdata = Item::select([], $condition, $params);
|
||||
|
||||
$items = [];
|
||||
while ($item = dba::fetch($itemdata)) {
|
||||
while ($item = Item::fetch($itemdata)) {
|
||||
if ($item['id'] == $parent_id) {
|
||||
$parent = $item;
|
||||
}
|
||||
|
|
|
@ -124,7 +124,7 @@ class Notifier {
|
|||
return;
|
||||
}
|
||||
|
||||
$items = dba::inArray($ret);
|
||||
$items = Item::inArray($ret);
|
||||
|
||||
// avoid race condition with deleting entries
|
||||
if ($items[0]['deleted']) {
|
||||
|
|
|
@ -438,12 +438,10 @@ class OnePoll
|
|||
$refs_arr[$x] = "'" . Email::msgid2iri(str_replace(['<', '>', ' '],['', '', ''],dbesc($refs_arr[$x]))) . "'";
|
||||
}
|
||||
}
|
||||
$qstr = implode(',', $refs_arr);
|
||||
$r = q("SELECT `parent-uri` FROM `item` USE INDEX (`uid_uri`) WHERE `uri` IN ($qstr) AND `uid` = %d LIMIT 1",
|
||||
intval($importer_uid)
|
||||
);
|
||||
if (DBM::is_result($r)) {
|
||||
$datarray['parent-uri'] = $r[0]['parent-uri']; // Set the parent as the top-level item
|
||||
$condition = ['uri' => $refs_arr, 'uid' => $importer_uid];
|
||||
$parent = Item::selectFirst(['parent-uri'], $condition);
|
||||
if (DBM::is_result($parent)) {
|
||||
$datarray['parent-uri'] = $parent['parent-uri']; // Set the parent as the top-level item
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -472,12 +470,11 @@ class OnePoll
|
|||
|
||||
// If it seems to be a reply but a header couldn't be found take the last message with matching subject
|
||||
if (empty($datarray['parent-uri']) && $reply) {
|
||||
$r = q("SELECT `parent-uri` FROM `item` WHERE `title` = \"%s\" AND `uid` = %d AND `network` = '%s' ORDER BY `created` DESC LIMIT 1",
|
||||
dbesc(protect_sprintf($datarray['title'])),
|
||||
intval($importer_uid),
|
||||
dbesc(NETWORK_MAIL));
|
||||
if (DBM::is_result($r)) {
|
||||
$datarray['parent-uri'] = $r[0]['parent-uri'];
|
||||
$condition = ['title' => $datarray['title'], 'uid' => importer_uid, 'network' => NETWORK_MAIL];
|
||||
$params = ['order' => ['created' => true]];
|
||||
$parent = Item::selectFirst(['parent-uri'], $condition, $params);
|
||||
if (DBM::is_result($parent)) {
|
||||
$datarray['parent-uri'] = $parent['parent-uri'];
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ class TagUpdate
|
|||
|
||||
dba::close($messages);
|
||||
|
||||
$messages = dba::p("SELECT `guid` FROM `item` WHERE `uid` = 0");
|
||||
$messages = dba::select('item', ['guid'], ['uid' => 0]);
|
||||
|
||||
logger('fetched messages: ' . dba::num_rows($messages));
|
||||
while ($message = dba::fetch(messages)) {
|
||||
|
|
|
@ -33,4 +33,7 @@
|
|||
template="{{$subscribe}}" />
|
||||
<Link rel="magic-public-key"
|
||||
href="{{$modexp}}" />
|
||||
<Link rel="http://purl.org/openwebauth/v1"
|
||||
type="application/x-dfrn+json"
|
||||
href="{{$openwebauth}}" />
|
||||
</XRD>
|
||||
|
|
Loading…
Reference in a new issue