Reworked "remote" cookie handling

This commit is contained in:
Michael 2019-09-25 22:24:17 +00:00
parent d5c37001cd
commit ec66553032
13 changed files with 106 additions and 192 deletions

View file

@ -23,6 +23,7 @@ use Friendica\Core\Config;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Core\Protocol; use Friendica\Core\Protocol;
use Friendica\Core\System; use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Model\Term; use Friendica\Model\Term;
@ -426,14 +427,8 @@ function remote_user($uid = null)
return false; return false;
} }
if (!is_null($uid) && !empty($_SESSION['remote'])) { if (!is_null($uid)) {
/// @todo replace it with this: return Session::getVisitorContactIDForUserID($uid);
// if (!empty($_SESSION['remote'][$uid])) ...
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) {
return $visitor['cid'];
}
}
} elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) { } elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) {
return intval($_SESSION['visitor_id']); return intval($_SESSION['visitor_id']);
} }

View file

@ -362,14 +362,8 @@ function drop_item($id, $return = '')
$contact_id = 0; $contact_id = 0;
// check if logged in user is either the author or owner of this item // check if logged in user is either the author or owner of this item
if (remote_user($item['uid']) == $item['contact-id']) {
if (!empty($_SESSION['remote'])) { $contact_id = $item['contact-id'];
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
$contact_id = $visitor['cid'];
break;
}
}
} }
if ((local_user() == $item['uid']) || $contact_id) { if ((local_user() == $item['uid']) || $contact_id) {

View file

@ -113,13 +113,8 @@ function cal_content(App $a)
$owner_uid = intval($a->data['user']['uid']); $owner_uid = intval($a->data['user']['uid']);
$nick = $a->data['user']['nickname']; $nick = $a->data['user']['nickname'];
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { if (!empty(remote_user($a->profile['profile_uid']))) {
foreach ($_SESSION['remote'] as $v) { $contact_id = remote_user($a->profile['profile_uid']);
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
break;
}
}
} }
$groups = []; $groups = [];

View file

@ -114,7 +114,7 @@ function dfrn_poll_init(App $a)
$_SESSION['remote'] = []; $_SESSION['remote'] = [];
} }
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']]; $_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_home'] = $r[0]['url'];
@ -521,7 +521,8 @@ function dfrn_poll_content(App $a)
$_SESSION['remote'] = []; $_SESSION['remote'] = [];
} }
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']]; $_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id']; $_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url']; $_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_visiting'] = $r[0]['uid']; $_SESSION['visitor_visiting'] = $r[0]['uid'];

View file

@ -348,18 +348,8 @@ function item_post(App $a) {
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) { if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
$self = true; $self = true;
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]); $author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
} elseif (remote_user()) { } elseif (!empty(remote_user($profile_uid))) {
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { $author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]);
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
}
} }
if (DBA::isResult($author)) { if (DBA::isResult($author)) {

View file

@ -154,14 +154,12 @@ function photos_post(App $a)
if (local_user() && (local_user() == $page_owner_uid)) { if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true; $can_post = true;
} elseif ($community_page && remote_user($page_owner_uid)) { } elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid); $contact_id = remote_user($page_owner_uid);
if ($contact_id > 0) { if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) { $can_post = true;
$can_post = true; $visitor = $contact_id;
$visitor = $contact_id;
}
} }
} }
@ -883,50 +881,27 @@ function photos_content(App $a)
if (local_user() && (local_user() == $owner_uid)) { if (local_user() && (local_user() == $owner_uid)) {
$can_post = true; $can_post = true;
} else { } elseif ($community_page && !empty(remote_user($owner_uid))) {
if ($community_page && remote_user()) { $contact_id = remote_user($owner_uid);
if (is_array($_SESSION['remote'])) { $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) { if (DBA::isResult($contact)) {
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); $can_post = true;
$remote_contact = true;
if (DBA::isResult($contact)) { $visitor = $contact_id;
$can_post = true;
$remote_contact = true;
$visitor = $contact_id;
}
}
} }
} }
$groups = []; $groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access // perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) { if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = 0; $contact_id = remote_user($owner_uid);
if (is_array($_SESSION['remote'])) { $groups = Group::getIdsByContactId($contact_id);
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) { $contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
$groups = Group::getIdsByContactId($contact_id);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]); $remote_contact = DBA::isResult($contact);
$remote_contact = DBA::isResult($contact);
}
} }
if (!$remote_contact && local_user()) { if (!$remote_contact && local_user()) {

View file

@ -66,20 +66,11 @@ function redir_init(App $a) {
// with the local contact. Otherwise the local user would ask the local contact // with the local contact. Otherwise the local user would ask the local contact
// for authentification everytime he/she is visiting a profile page of the local // for authentification everytime he/she is visiting a profile page of the local
// contact. // contact.
if ($host == $remotehost if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
&& !empty($_SESSION['remote']) // Remote user is already authenticated.
&& is_array($_SESSION['remote'])) $target_url = defaults($url, $contact_url);
{ Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
foreach ($_SESSION['remote'] as $v) { $a->redirect($target_url);
if (!empty($v['uid']) && !empty($v['cid']) &&
$v['uid'] == Session::get('visitor_visiting') &&
$v['cid'] == Session::get('visitor_id')) {
// Remote user is already authenticated.
$target_url = defaults($url, $contact_url);
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
$a->redirect($target_url);
}
}
} }
} }

View file

@ -154,44 +154,26 @@ function videos_content(App $a)
if ((local_user()) && (local_user() == $owner_uid)) { if ((local_user()) && (local_user() == $owner_uid)) {
$can_post = true; $can_post = true;
} elseif ($community_page && remote_user()) { } elseif ($community_page && !empty(remote_user($owner_uid))) {
if (!empty($_SESSION['remote'])) { $contact_id = remote_user($owner_uid);
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) { $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id),
intval($contact_id), intval($owner_uid)
intval($owner_uid) );
);
if (DBA::isResult($r)) { if (DBA::isResult($r)) {
$can_post = true; $can_post = true;
$remote_contact = true; $remote_contact = true;
$visitor = $contact_id; $visitor = $contact_id;
}
} }
} }
$groups = []; $groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access // perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && (!$visitor)) { if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = 0; $contact_id = remote_user($owner_uid);
if (!empty($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) { if ($contact_id > 0) {
$groups = Group::getIdsByContactId($contact_id); $groups = Group::getIdsByContactId($contact_id);

View file

@ -43,35 +43,21 @@ function wall_attach_post(App $a) {
$page_owner_cid = $r[0]['id']; $page_owner_cid = $r[0]['id'];
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false); $community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
if ((local_user()) && (local_user() == $page_owner_uid)) { if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true; $can_post = true;
} else { } elseif ($community_page && !empty(remote_user($page_owner_uid))) {
if ($community_page && remote_user()) { $contact_id = remote_user($page_owner_uid);
$contact_id = 0; $r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (is_array($_SESSION['remote'])) { if (DBA::isResult($r)) {
foreach ($_SESSION['remote'] as $v) { $can_post = true;
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
);
if (DBA::isResult($r)) {
$can_post = true;
}
}
} }
} }
if (! $can_post) { if (!$can_post) {
if ($r_json) { if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]); echo json_encode(['error' => L10n::t('Permission denied.')]);
exit(); exit();

View file

@ -74,34 +74,21 @@ function wall_upload_post(App $a, $desktopmode = true)
if ((local_user()) && (local_user() == $page_owner_uid)) { if ((local_user()) && (local_user() == $page_owner_uid)) {
$can_post = true; $can_post = true;
} else { } elseif ($community_page && !empty(remote_user($page_owner_uid))) {
if ($community_page && remote_user()) { $contact_id = remote_user($page_owner_uid);
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) { $r = q("SELECT `uid` FROM `contact`
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0
WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
AND `id` = %d AND `uid` = %d LIMIT 1", intval($contact_id),
intval($contact_id), intval($page_owner_uid)
intval($page_owner_uid) );
); if (DBA::isResult($r)) {
if (DBA::isResult($r)) { $can_post = true;
$can_post = true; $visitor = $contact_id;
$visitor = $contact_id;
}
}
} }
} }
if (!$can_post) { if (!$can_post) {
if ($r_json) { if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]); echo json_encode(['error' => L10n::t('Permission denied.')]);

View file

@ -120,7 +120,7 @@ class Session
'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'], 'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'],
'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3), 'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3),
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'), 'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'),
'remote' => [] 'remote' => [],
]); ]);
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]); $remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
@ -129,9 +129,7 @@ class Session
continue; continue;
} }
/// @todo Change it to this format to save space $_SESSION['remote'][$contact['uid']] = $contact['id'];
// $_SESSION['remote'][$contact['uid']] = $contact['id'];
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
} }
DBA::close($remote_contacts); DBA::close($remote_contacts);
@ -216,4 +214,34 @@ class Session
} }
} }
} }
/**
* Returns contact ID for given user ID
*
* @param integer $uid User ID
* @return integer Contact ID of visitor for given user ID
*/
public static function getVisitorContactIDForUserID($uid)
{
if (empty($_SESSION['remote'][$uid])) {
return false;
}
return $_SESSION['remote'][$uid];
}
/**
* Returns User ID for given contact ID of the visitor
*
* @param integer $cid Contact ID
* @return integer User ID for given contact ID of the visitor
*/
public static function getUserIDForVisitorContactID($cid)
{
if (empty($_SESSION['remote'])) {
return false;
}
return array_search($cid, $_SESSION['remote']);
}
} }

View file

@ -248,15 +248,10 @@ class Profile
*/ */
public static function getByNickname($nickname, $uid = 0, $profile_id = 0) public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
{ {
if (remote_user($uid) && !empty($_SESSION['remote'])) { if (!empty(remote_user($uid))) {
foreach ($_SESSION['remote'] as $visitor) { $contact = DBA::selectFirst('contact', ['profile-id'], ['id' => remote_user($uid)]);
if ($visitor['uid'] == $uid) { if (DBA::isResult($contact)) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]); $profile_id = $contact['profile-id'];
if (DBA::isResult($contact)) {
$profile_id = $contact['profile-id'];
}
break;
}
} }
} }
@ -1130,7 +1125,7 @@ class Profile
continue; continue;
} }
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']]; $_SESSION['remote'][$contact['uid']] = $contact['id'];
} }
$a->contact = $visitor; $a->contact = $visitor;

View file

@ -14,8 +14,8 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger; use Friendica\Core\Logger;
use Friendica\Core\PConfig; use Friendica\Core\PConfig;
use Friendica\Core\Protocol; use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Session; use Friendica\Core\Session;
use Friendica\Core\Renderer;
use Friendica\Database\DBA; use Friendica\Database\DBA;
use Friendica\Model\Contact; use Friendica\Model\Contact;
use Friendica\Model\Item; use Friendica\Model\Item;
@ -71,13 +71,8 @@ class Post extends BaseObject
$this->setTemplate('wall'); $this->setTemplate('wall');
$this->toplevel = $this->getId() == $this->getDataValue('parent'); $this->toplevel = $this->getId() == $this->getDataValue('parent');
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) { if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) {
foreach ($_SESSION['remote'] as $visitor) { $this->visiting = true;
if ($visitor['cid'] == $this->getDataValue('contact-id')) {
$this->visiting = true;
break;
}
}
} }
$this->writable = $this->getDataValue('writable') || $this->getDataValue('self'); $this->writable = $this->getDataValue('writable') || $this->getDataValue('self');