Reworked "remote" cookie handling

This commit is contained in:
Michael 2019-09-25 22:24:17 +00:00
parent d5c37001cd
commit ec66553032
13 changed files with 106 additions and 192 deletions

View file

@ -23,6 +23,7 @@ use Friendica\Core\Config;
use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
use Friendica\Core\System;
use Friendica\Core\Session;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Term;
@ -426,14 +427,8 @@ function remote_user($uid = null)
return false;
}
if (!is_null($uid) && !empty($_SESSION['remote'])) {
/// @todo replace it with this:
// if (!empty($_SESSION['remote'][$uid])) ...
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) {
return $visitor['cid'];
}
}
if (!is_null($uid)) {
return Session::getVisitorContactIDForUserID($uid);
} elseif (is_null($uid) && !empty($_SESSION['visitor_id'])) {
return intval($_SESSION['visitor_id']);
}

View file

@ -362,14 +362,8 @@ function drop_item($id, $return = '')
$contact_id = 0;
// check if logged in user is either the author or owner of this item
if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $item['uid'] && $visitor['cid'] == $item['contact-id']) {
$contact_id = $visitor['cid'];
break;
}
}
if (remote_user($item['uid']) == $item['contact-id']) {
$contact_id = $item['contact-id'];
}
if ((local_user() == $item['uid']) || $contact_id) {

View file

@ -113,13 +113,8 @@ function cal_content(App $a)
$owner_uid = intval($a->data['user']['uid']);
$nick = $a->data['user']['nickname'];
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $a->profile['profile_uid']) {
$contact_id = $v['cid'];
break;
}
}
if (!empty(remote_user($a->profile['profile_uid']))) {
$contact_id = remote_user($a->profile['profile_uid']);
}
$groups = [];

View file

@ -114,7 +114,7 @@ function dfrn_poll_init(App $a)
$_SESSION['remote'] = [];
}
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
$_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
@ -521,7 +521,8 @@ function dfrn_poll_content(App $a)
$_SESSION['remote'] = [];
}
$_SESSION['remote'][$r[0]['uid']] = ['cid' => $r[0]['id'], 'uid' => $r[0]['uid']];
$_SESSION['remote'][$r[0]['uid']] = $r[0]['id'];
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];

View file

@ -348,18 +348,8 @@ function item_post(App $a) {
if (local_user() && ((local_user() == $profile_uid) || $allow_comment)) {
$self = true;
$author = DBA::selectFirst('contact', [], ['uid' => local_user(), 'self' => true]);
} elseif (remote_user()) {
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $profile_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
$author = DBA::selectFirst('contact', [], ['id' => $contact_id]);
}
} elseif (!empty(remote_user($profile_uid))) {
$author = DBA::selectFirst('contact', [], ['id' => remote_user($profile_uid)]);
}
if (DBA::isResult($author)) {

View file

@ -154,16 +154,14 @@ function photos_post(App $a)
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} elseif ($community_page && remote_user($page_owner_uid)) {
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
if ($contact_id > 0) {
if (DBA::exists('contact', ['id' => $contact_id, 'uid' => $page_owner_uid, 'blocked' => false, 'pending' => false])) {
$can_post = true;
$visitor = $contact_id;
}
}
}
if (!$can_post) {
notice(L10n::t('Permission denied.') . EOL);
@ -883,18 +881,8 @@ function photos_content(App $a)
if (local_user() && (local_user() == $owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
} elseif ($community_page && !empty(remote_user($owner_uid))) {
$contact_id = remote_user($owner_uid);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
if (DBA::isResult($contact)) {
@ -903,31 +891,18 @@ function photos_content(App $a)
$visitor = $contact_id;
}
}
}
}
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && !$visitor) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id) {
if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid);
$groups = Group::getIdsByContactId($contact_id);
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id, 'uid' => $owner_uid, 'blocked' => false, 'pending' => false]);
$remote_contact = DBA::isResult($contact);
}
}
if (!$remote_contact && local_user()) {
$contact_id = $_SESSION['cid'];

View file

@ -66,22 +66,13 @@ function redir_init(App $a) {
// with the local contact. Otherwise the local user would ask the local contact
// for authentification everytime he/she is visiting a profile page of the local
// contact.
if ($host == $remotehost
&& !empty($_SESSION['remote'])
&& is_array($_SESSION['remote']))
{
foreach ($_SESSION['remote'] as $v) {
if (!empty($v['uid']) && !empty($v['cid']) &&
$v['uid'] == Session::get('visitor_visiting') &&
$v['cid'] == Session::get('visitor_id')) {
if (($host == $remotehost) && (remote_user(Session::get('visitor_visiting')) == Session::get('visitor_id'))) {
// Remote user is already authenticated.
$target_url = defaults($url, $contact_url);
Logger::log($contact['name'] . " is already authenticated. Redirecting to " . $target_url, Logger::DEBUG);
$a->redirect($target_url);
}
}
}
}
// When the remote page does support OWA, then we enforce the use of it
$basepath = Contact::getBasepath($contact_url);

View file

@ -154,17 +154,9 @@ function videos_content(App $a)
if ((local_user()) && (local_user() == $owner_uid)) {
$can_post = true;
} elseif ($community_page && remote_user()) {
if (!empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(remote_user($owner_uid))) {
$contact_id = remote_user($owner_uid);
if ($contact_id > 0) {
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($owner_uid)
@ -176,22 +168,12 @@ function videos_content(App $a)
$visitor = $contact_id;
}
}
}
$groups = [];
// perhaps they're visiting - but not a community page, so they wouldn't have write access
if (remote_user() && (!$visitor)) {
$contact_id = 0;
if (!empty($_SESSION['remote'])) {
foreach($_SESSION['remote'] as $v) {
if($v['uid'] == $owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if (!empty(remote_user($owner_uid)) && !$visitor) {
$contact_id = remote_user($owner_uid);
if ($contact_id > 0) {
$groups = Group::getIdsByContactId($contact_id);

View file

@ -43,22 +43,10 @@ function wall_attach_post(App $a) {
$page_owner_cid = $r[0]['id'];
$community_page = (($r[0]['page-flags'] == User::PAGE_FLAGS_COMMUNITY) ? true : false);
if ((local_user()) && (local_user() == $page_owner_uid)) {
if (local_user() && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
if ($contact_id > 0) {
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
$r = q("SELECT `uid` FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 AND `id` = %d AND `uid` = %d LIMIT 1",
intval($contact_id),
intval($page_owner_uid)
@ -68,10 +56,8 @@ function wall_attach_post(App $a) {
$can_post = true;
}
}
}
}
if (! $can_post) {
if (!$can_post) {
if ($r_json) {
echo json_encode(['error' => L10n::t('Permission denied.')]);
exit();

View file

@ -74,19 +74,9 @@ function wall_upload_post(App $a, $desktopmode = true)
if ((local_user()) && (local_user() == $page_owner_uid)) {
$can_post = true;
} else {
if ($community_page && remote_user()) {
$contact_id = 0;
if (is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $v) {
if ($v['uid'] == $page_owner_uid) {
$contact_id = $v['cid'];
break;
}
}
}
} elseif ($community_page && !empty(remote_user($page_owner_uid))) {
$contact_id = remote_user($page_owner_uid);
if ($contact_id) {
$r = q("SELECT `uid` FROM `contact`
WHERE `blocked` = 0 AND `pending` = 0
AND `id` = %d AND `uid` = %d LIMIT 1",
@ -98,9 +88,6 @@ function wall_upload_post(App $a, $desktopmode = true)
$visitor = $contact_id;
}
}
}
}
if (!$can_post) {
if ($r_json) {

View file

@ -120,7 +120,7 @@ class Session
'my_url' => $a->getBaseURL() . '/profile/' . $user_record['nickname'],
'my_address' => $user_record['nickname'] . '@' . substr($a->getBaseURL(), strpos($a->getBaseURL(), '://') + 3),
'addr' => defaults($_SERVER, 'REMOTE_ADDR', '0.0.0.0'),
'remote' => []
'remote' => [],
]);
$remote_contacts = DBA::select('contact', ['id', 'uid'], ['nurl' => Strings::normaliseLink($_SESSION['my_url']), 'rel' => [Contact::FOLLOWER, Contact::FRIEND], 'self' => false]);
@ -129,9 +129,7 @@ class Session
continue;
}
/// @todo Change it to this format to save space
// $_SESSION['remote'][$contact['uid']] = $contact['id'];
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
DBA::close($remote_contacts);
@ -216,4 +214,34 @@ class Session
}
}
}
/**
* Returns contact ID for given user ID
*
* @param integer $uid User ID
* @return integer Contact ID of visitor for given user ID
*/
public static function getVisitorContactIDForUserID($uid)
{
if (empty($_SESSION['remote'][$uid])) {
return false;
}
return $_SESSION['remote'][$uid];
}
/**
* Returns User ID for given contact ID of the visitor
*
* @param integer $cid Contact ID
* @return integer User ID for given contact ID of the visitor
*/
public static function getUserIDForVisitorContactID($cid)
{
if (empty($_SESSION['remote'])) {
return false;
}
return array_search($cid, $_SESSION['remote']);
}
}

View file

@ -248,16 +248,11 @@ class Profile
*/
public static function getByNickname($nickname, $uid = 0, $profile_id = 0)
{
if (remote_user($uid) && !empty($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['uid'] == $uid) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => $visitor['cid']]);
if (!empty(remote_user($uid))) {
$contact = DBA::selectFirst('contact', ['profile-id'], ['id' => remote_user($uid)]);
if (DBA::isResult($contact)) {
$profile_id = $contact['profile-id'];
}
break;
}
}
}
$profile = null;
@ -1130,7 +1125,7 @@ class Profile
continue;
}
$_SESSION['remote'][$contact['uid']] = ['cid' => $contact['id'], 'uid' => $contact['uid']];
$_SESSION['remote'][$contact['uid']] = $contact['id'];
}
$a->contact = $visitor;

View file

@ -14,8 +14,8 @@ use Friendica\Core\L10n;
use Friendica\Core\Logger;
use Friendica\Core\PConfig;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Session;
use Friendica\Core\Renderer;
use Friendica\Database\DBA;
use Friendica\Model\Contact;
use Friendica\Model\Item;
@ -71,13 +71,8 @@ class Post extends BaseObject
$this->setTemplate('wall');
$this->toplevel = $this->getId() == $this->getDataValue('parent');
if (!empty($_SESSION['remote']) && is_array($_SESSION['remote'])) {
foreach ($_SESSION['remote'] as $visitor) {
if ($visitor['cid'] == $this->getDataValue('contact-id')) {
if (!empty(Session::getUserIDForVisitorContactID($this->getDataValue('contact-id')))) {
$this->visiting = true;
break;
}
}
}
$this->writable = $this->getDataValue('writable') || $this->getDataValue('self');