diff --git a/include/Probe.php b/include/Probe.php index f67a821f9d..bed13fdf3d 100644 --- a/include/Probe.php +++ b/include/Probe.php @@ -174,6 +174,9 @@ class Probe { return array(); $host = $parts["host"]; + if (isset($parts["port"])) { + $host .= ':'.$parts["port"]; + } $path_parts = explode("/", trim($parts["path"], "/")); @@ -334,8 +337,10 @@ class Probe { if (isset($parts["scheme"]) AND isset($parts["host"]) AND isset($parts["path"])) { - /// @todo: Ports? $host = $parts["host"]; + if (isset($parts["port"])) { + $host .= ':'.$parts["port"]; + } if ($host == 'twitter.com') { return array("network" => NETWORK_TWITTER); @@ -788,7 +793,7 @@ class Probe { if (sizeof($avatar)) { ksort($avatar); - $data["photo"] = array_pop($avatar); + $data["photo"] = self::fix_avatar(array_pop($avatar), $data["baseurl"]); } if ($dfrn) { @@ -959,7 +964,7 @@ class Probe { $data["nick"] = $feed_data["header"]["author-nick"]; } if ($feed_data["header"]["author-avatar"] != "") { - $data["photo"] = ostatus::fix_avatar($feed_data["header"]["author-avatar"], $data["url"]); + $data["photo"] = self::fix_avatar($feed_data["header"]["author-avatar"], $data["url"]); } if ($feed_data["header"]["author-id"] != "") { $data["alias"] = $feed_data["header"]["author-id"]; @@ -1218,5 +1223,42 @@ class Probe { return $data; } + + /** + * @brief Mix two paths together to possibly fix missing parts + * + * @param string $avatar Path to the avatar + * @param string $base Another path that is hopefully complete + * + * @return string fixed avatar path + */ + public static function fix_avatar($avatar, $base) { + $base_parts = parse_url($base); + + // Remove all parts that could create a problem + unset($base_parts['path']); + unset($base_parts['query']); + unset($base_parts['fragment']); + + $avatar_parts = parse_url($avatar); + + // Now we mix them + $parts = array_merge($base_parts, $avatar_parts); + + // And put them together again + $scheme = isset($parts['scheme']) ? $parts['scheme'] . '://' : ''; + $host = isset($parts['host']) ? $parts['host'] : ''; + $port = isset($parts['port']) ? ':' . $parts['port'] : ''; + $path = isset($parts['path']) ? $parts['path'] : ''; + $query = isset($parts['query']) ? '?' . $parts['query'] : ''; + $fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : ''; + + $fixed = $scheme.$host.$port.$path.$query.$fragment; + + logger('Base: '.$base.' - Avatar: '.$avatar.' - Fixed: '.$fixed, LOGGER_DATA); + + return $fixed; + } + } ?> diff --git a/include/diaspora.php b/include/diaspora.php index 39d4353429..0c3ff68da4 100644 --- a/include/diaspora.php +++ b/include/diaspora.php @@ -187,7 +187,80 @@ class Diaspora { } /** - * @brief: Decodes incoming Diaspora message + * @brief: Decodes incoming Diaspora message in the new format + * + * @param array $importer Array of the importer user + * @param string $raw raw post message + * + * @return array + * 'message' -> decoded Diaspora XML message + * 'author' -> author diaspora handle + * 'key' -> author public key (converted to pkcs#8) + */ + public static function decode_raw($importer, $raw) { + $data = json_decode($raw); + + // Is it a private post? Then decrypt the outer Salmon + if (is_object($data)) { + $encrypted_aes_key_bundle = base64_decode($data->aes_key); + $ciphertext = base64_decode($data->encrypted_magic_envelope); + + $outer_key_bundle = ''; + @openssl_private_decrypt($encrypted_aes_key_bundle, $outer_key_bundle, $importer['prvkey']); + $j_outer_key_bundle = json_decode($outer_key_bundle); + + if (!is_object($j_outer_key_bundle)) { + logger('Outer Salmon did not verify. Discarding.'); + http_status_exit(400); + } + + $outer_iv = base64_decode($j_outer_key_bundle->iv); + $outer_key = base64_decode($j_outer_key_bundle->key); + + $xml = diaspora::aes_decrypt($outer_key, $outer_iv, $ciphertext); + } else { + $xml = $raw; + } + + $basedom = parse_xml_string($xml); + + if (!is_object($basedom)) { + logger('Received data does not seem to be an XML. Discarding.'); + http_status_exit(400); + } + + $base = $basedom->children(NAMESPACE_SALMON_ME); + + // Not sure if this cleaning is needed + $data = str_replace(array(" ", "\t", "\r", "\n"), array("", "", "", ""), $base->data); + + // Build the signed data + $type = $base->data[0]->attributes()->type[0]; + $encoding = $base->encoding; + $alg = $base->alg; + $signed_data = $data.'.'.base64url_encode($type).'.'.base64url_encode($encoding).'.'.base64url_encode($alg); + + // This is the signature + $signature = base64url_decode($base->sig); + + // Get the senders' public key + $key_id = $base->sig[0]->attributes()->key_id[0]; + $author_addr = base64_decode($key_id); + $key = diaspora::key($author_addr); + + $verify = rsa_verify($signed_data, $signature, $key); + if (!$verify) { + logger('Message did not verify. Discarding.'); + http_status_exit(400); + } + + return array('message' => (string)base64url_decode($base->data), + 'author' => unxmlify($author_addr), + 'key' => (string)$key); + } + + /** + * @brief: Decodes incoming Diaspora message in the deprecated format * * @param array $importer Array of the importer user * @param string $xml urldecoded Diaspora salmon @@ -202,9 +275,10 @@ class Diaspora { $public = false; $basedom = parse_xml_string($xml); - if (!is_object($basedom)) + if (!is_object($basedom)) { + logger("XML is not parseable."); return false; - + } $children = $basedom->children('https://joindiaspora.com/protocol'); if ($children->header) { @@ -502,32 +576,38 @@ class Diaspora { foreach ($element->children() AS $fieldname => $entry) { if ($oldXML) { // Translation for the old XML structure - if ($fieldname == "diaspora_handle") + if ($fieldname == "diaspora_handle") { $fieldname = "author"; - - if ($fieldname == "participant_handles") - $fieldname = "participants"; - - if (in_array($type, array("like", "participation"))) { - if ($fieldname == "target_type") - $fieldname = "parent_type"; } - - if ($fieldname == "sender_handle") + if ($fieldname == "participant_handles") { + $fieldname = "participants"; + } + if (in_array($type, array("like", "participation"))) { + if ($fieldname == "target_type") { + $fieldname = "parent_type"; + } + } + if ($fieldname == "sender_handle") { $fieldname = "author"; - - if ($fieldname == "recipient_handle") + } + if ($fieldname == "recipient_handle") { $fieldname = "recipient"; - - if ($fieldname == "root_diaspora_id") + } + if ($fieldname == "root_diaspora_id") { $fieldname = "root_author"; - + } + if ($type == "status_message") { + if ($fieldname == "raw_message") { + $fieldname = "text"; + } + } if ($type == "retraction") { - if ($fieldname == "post_guid") + if ($fieldname == "post_guid") { $fieldname = "target_guid"; - - if ($fieldname == "type") + } + if ($fieldname == "type") { $fieldname = "target_type"; + } } } @@ -556,7 +636,7 @@ class Diaspora { } // Only some message types have signatures. So we quit here for the other types. - if (!in_array($type, array("comment", "message", "like"))) { + if (!in_array($type, array("comment", "like"))) { return array("fields" => $fields, "relayed" => false); } // No author_signature? This is a must, so we quit. @@ -614,7 +694,7 @@ class Diaspora { * * @return array the queried data */ - private static function person_by_handle($handle) { + public static function person_by_handle($handle) { $r = q("SELECT * FROM `fcontact` WHERE `network` = '%s' AND `addr` = '%s' LIMIT 1", dbesc(NETWORK_DIASPORA), @@ -1289,10 +1369,10 @@ class Diaspora { * @return int The message id of the generated comment or "false" if there was an error */ private static function receive_comment($importer, $sender, $data, $xml) { + $author = notags(unxmlify($data->author)); $guid = notags(unxmlify($data->guid)); $parent_guid = notags(unxmlify($data->parent_guid)); $text = unxmlify($data->text); - $author = notags(unxmlify($data->author)); if (isset($data->created_at)) { $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); @@ -1407,16 +1487,9 @@ class Diaspora { * @return bool "true" if it was successful */ private static function receive_conversation_message($importer, $contact, $data, $msg, $mesg, $conversation) { + $author = notags(unxmlify($data->author)); $guid = notags(unxmlify($data->guid)); $subject = notags(unxmlify($data->subject)); - $author = notags(unxmlify($data->author)); - - $msg_guid = notags(unxmlify($mesg->guid)); - $msg_parent_guid = notags(unxmlify($mesg->parent_guid)); - $msg_parent_author_signature = notags(unxmlify($mesg->parent_author_signature)); - $msg_author_signature = notags(unxmlify($mesg->author_signature)); - $msg_text = unxmlify($mesg->text); - $msg_created_at = datetime_convert("UTC", "UTC", notags(unxmlify($mesg->created_at))); // "diaspora_handle" is the element name from the old version // "author" is the element name from the new version @@ -1428,7 +1501,10 @@ class Diaspora { return false; } + $msg_guid = notags(unxmlify($mesg->guid)); $msg_conversation_guid = notags(unxmlify($mesg->conversation_guid)); + $msg_text = unxmlify($mesg->text); + $msg_created_at = datetime_convert("UTC", "UTC", notags(unxmlify($mesg->created_at))); if ($msg_conversation_guid != $guid) { logger("message conversation guid does not belong to the current conversation."); @@ -1438,41 +1514,7 @@ class Diaspora { $body = diaspora2bb($msg_text); $message_uri = $msg_author.":".$msg_guid; - $author_signed_data = $msg_guid.";".$msg_parent_guid.";".$msg_text.";".unxmlify($mesg->created_at).";".$msg_author.";".$msg_conversation_guid; - - $author_signature = base64_decode($msg_author_signature); - - if (strcasecmp($msg_author,$msg["author"]) == 0) { - $person = $contact; - $key = $msg["key"]; - } else { - $person = self::person_by_handle($msg_author); - - if (is_array($person) && x($person, "pubkey")) { - $key = $person["pubkey"]; - } else { - logger("unable to find author details"); - return false; - } - } - - if (!rsa_verify($author_signed_data, $author_signature, $key, "sha256")) { - logger("verification failed."); - return false; - } - - if ($msg_parent_author_signature) { - $owner_signed_data = $msg_guid.";".$msg_parent_guid.";".$msg_text.";".unxmlify($mesg->created_at).";".$msg_author.";".$msg_conversation_guid; - - $parent_author_signature = base64_decode($msg_parent_author_signature); - - $key = $msg["key"]; - - if (!rsa_verify($owner_signed_data, $parent_author_signature, $key, "sha256")) { - logger("owner verification failed."); - return false; - } - } + $person = self::person_by_handle($msg_author); $r = q("SELECT `id` FROM `mail` WHERE `uri` = '%s' LIMIT 1", dbesc($message_uri) @@ -1532,10 +1574,10 @@ class Diaspora { * @return bool Success */ private static function receive_conversation($importer, $msg, $data) { + $author = notags(unxmlify($data->author)); $guid = notags(unxmlify($data->guid)); $subject = notags(unxmlify($data->subject)); $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); - $author = notags(unxmlify($data->author)); $participants = notags(unxmlify($data->participants)); $messages = $data->message; @@ -1640,11 +1682,11 @@ class Diaspora { * @return int The message id of the generated like or "false" if there was an error */ private static function receive_like($importer, $sender, $data) { - $positive = notags(unxmlify($data->positive)); - $guid = notags(unxmlify($data->guid)); - $parent_type = notags(unxmlify($data->parent_type)); - $parent_guid = notags(unxmlify($data->parent_guid)); $author = notags(unxmlify($data->author)); + $guid = notags(unxmlify($data->guid)); + $parent_guid = notags(unxmlify($data->parent_guid)); + $parent_type = notags(unxmlify($data->parent_type)); + $positive = notags(unxmlify($data->positive)); // likes on comments aren't supported by Diaspora - only on posts // But maybe this will be supported in the future, so we will accept it. @@ -1739,12 +1781,11 @@ class Diaspora { * @return bool Success? */ private static function receive_message($importer, $data) { + $author = notags(unxmlify($data->author)); $guid = notags(unxmlify($data->guid)); - $parent_guid = notags(unxmlify($data->parent_guid)); + $conversation_guid = notags(unxmlify($data->conversation_guid)); $text = unxmlify($data->text); $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); - $author = notags(unxmlify($data->author)); - $conversation_guid = notags(unxmlify($data->conversation_guid)); $contact = self::allowed_contact_by_handle($importer, $author, true); if (!$contact) { @@ -1799,7 +1840,7 @@ class Diaspora { 0, 1, dbesc($message_uri), - dbesc($author.":".$parent_guid), + dbesc($author.":".$conversation["guid"]), dbesc($created_at) ); @@ -1868,9 +1909,9 @@ class Diaspora { $name = unxmlify($data->first_name).((strlen($data->last_name)) ? " ".unxmlify($data->last_name) : ""); $image_url = unxmlify($data->image_url); $birthday = unxmlify($data->birthday); - $location = diaspora2bb(unxmlify($data->location)); - $about = diaspora2bb(unxmlify($data->bio)); $gender = unxmlify($data->gender); + $about = diaspora2bb(unxmlify($data->bio)); + $location = diaspora2bb(unxmlify($data->location)); $searchable = (unxmlify($data->searchable) == "true"); $nsfw = (unxmlify($data->nsfw) == "true"); $tags = unxmlify($data->tag_string); @@ -2290,12 +2331,13 @@ class Diaspora { * @return int the message id */ private static function receive_reshare($importer, $data, $xml) { + $author = notags(unxmlify($data->author)); + $guid = notags(unxmlify($data->guid)); + $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); $root_author = notags(unxmlify($data->root_author)); $root_guid = notags(unxmlify($data->root_guid)); - $guid = notags(unxmlify($data->guid)); - $author = notags(unxmlify($data->author)); + /// @todo handle unprocessed property "provider_display_name" $public = notags(unxmlify($data->public)); - $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); $contact = self::allowed_contact_by_handle($importer, $author, false); if (!$contact) { @@ -2370,9 +2412,9 @@ class Diaspora { * @return bool success */ private static function item_retraction($importer, $contact, $data) { - $target_type = notags(unxmlify($data->target_type)); - $target_guid = notags(unxmlify($data->target_guid)); $author = notags(unxmlify($data->author)); + $target_guid = notags(unxmlify($data->target_guid)); + $target_type = notags(unxmlify($data->target_type)); $person = self::person_by_handle($author); if (!is_array($person)) { @@ -2474,19 +2516,13 @@ class Diaspora { * @return int The message id of the newly created item */ private static function receive_status_message($importer, $data, $xml) { - $raw_message = unxmlify($data->raw_message); - $guid = notags(unxmlify($data->guid)); $author = notags(unxmlify($data->author)); - $public = notags(unxmlify($data->public)); + $guid = notags(unxmlify($data->guid)); $created_at = datetime_convert("UTC", "UTC", notags(unxmlify($data->created_at))); + $public = notags(unxmlify($data->public)); + $text = unxmlify($data->text); $provider_display_name = notags(unxmlify($data->provider_display_name)); - /// @todo enable support for polls - //if ($data->poll) { - // foreach ($data->poll AS $poll) - // print_r($poll); - // die("poll!\n"); - //} $contact = self::allowed_contact_by_handle($importer, $author, false); if (!$contact) { return false; @@ -2504,7 +2540,7 @@ class Diaspora { } } - $body = diaspora2bb($raw_message); + $body = diaspora2bb($text); $datarray = array(); @@ -2525,6 +2561,15 @@ class Diaspora { } } + /// @todo enable support for polls + //if ($data->poll) { + // foreach ($data->poll AS $poll) + // print_r($poll); + // die("poll!\n"); + //} + + /// @todo enable support for events + $datarray["uid"] = $importer["uid"]; $datarray["contact-id"] = $contact["id"]; $datarray["network"] = NETWORK_DIASPORA; diff --git a/include/ostatus.php b/include/ostatus.php index 5bd1865bd0..7644eacc09 100644 --- a/include/ostatus.php +++ b/include/ostatus.php @@ -29,42 +29,6 @@ class ostatus { const OSTATUS_DEFAULT_POLL_TIMEFRAME = 1440; // given in minutes const OSTATUS_DEFAULT_POLL_TIMEFRAME_MENTIONS = 14400; // given in minutes - /** - * @brief Mix two paths together to possibly fix missing parts - * - * @param string $avatar Path to the avatar - * @param string $base Another path that is hopefully complete - * - * @return string fixed avatar path - */ - public static function fix_avatar($avatar, $base) { - $base_parts = parse_url($base); - - // Remove all parts that could create a problem - unset($base_parts['path']); - unset($base_parts['query']); - unset($base_parts['fragment']); - - $avatar_parts = parse_url($avatar); - - // Now we mix them - $parts = array_merge($base_parts, $avatar_parts); - - // And put them together again - $scheme = isset($parts['scheme']) ? $parts['scheme'] . '://' : ''; - $host = isset($parts['host']) ? $parts['host'] : ''; - $port = isset($parts['port']) ? ':' . $parts['port'] : ''; - $path = isset($parts['path']) ? $parts['path'] : ''; - $query = isset($parts['query']) ? '?' . $parts['query'] : ''; - $fragment = isset($parts['fragment']) ? '#' . $parts['fragment'] : ''; - - $fixed = $scheme.$host.$port.$path.$query.$fragment; - - logger('Base: '.$base.' - Avatar: '.$avatar.' - Fixed: '.$fixed, LOGGER_DATA); - - return $fixed; - } - /** * @brief Fetches author data * @@ -135,7 +99,7 @@ class ostatus { } if (count($avatarlist) > 0) { krsort($avatarlist); - $author["author-avatar"] = self::fix_avatar(current($avatarlist), $author["author-link"]); + $author["author-avatar"] = Probe::fix_avatar(current($avatarlist), $author["author-link"]); } $displayname = $xpath->evaluate('atom:author/poco:displayName/text()', $context)->item(0)->nodeValue; @@ -1196,7 +1160,7 @@ class ostatus { $arr["owner-name"] = $single_conv->actor->portablecontacts_net->displayName; $arr["owner-link"] = $actor; - $arr["owner-avatar"] = self::fix_avatar($single_conv->actor->image->url, $arr["owner-link"]); + $arr["owner-avatar"] = Probe::fix_avatar($single_conv->actor->image->url, $arr["owner-link"]); $arr["author-name"] = $arr["owner-name"]; $arr["author-link"] = $arr["owner-link"]; @@ -1261,7 +1225,7 @@ class ostatus { $arr["author-name"] = $single_conv->object->actor->contact->displayName; } $arr["author-link"] = $single_conv->object->actor->url; - $arr["author-avatar"] = self::fix_avatar($single_conv->object->actor->image->url, $arr["author-link"]); + $arr["author-avatar"] = Probe::fix_avatar($single_conv->object->actor->image->url, $arr["author-link"]); $arr["app"] = $single_conv->object->provider->displayName."#"; //$arr["verb"] = $single_conv->object->verb; diff --git a/mod/contacts.php b/mod/contacts.php index f2500099c3..4f7ccd1824 100644 --- a/mod/contacts.php +++ b/mod/contacts.php @@ -260,7 +260,7 @@ function _contact_update_profile($contact_id) { if ($uid != local_user()) return; - $data = probe_url($r[0]["url"]); + $data = Probe::uri($r[0]["url"], "", 0, false); // "Feed" or "Unknown" is mostly a sign of communication problems if ((in_array($data["network"], array(NETWORK_FEED, NETWORK_PHANTOM))) AND ($data["network"] != $r[0]["network"])) diff --git a/mod/receive.php b/mod/receive.php index 3563f2d705..15c9f1d412 100644 --- a/mod/receive.php +++ b/mod/receive.php @@ -11,30 +11,27 @@ require_once('include/diaspora.php'); function receive_post(App $a) { - - - $enabled = intval(get_config('system','diaspora_enabled')); - if(! $enabled) { + $enabled = intval(get_config('system', 'diaspora_enabled')); + if (!$enabled) { logger('mod-diaspora: disabled'); http_status_exit(500); } $public = false; - if(($a->argc == 2) && ($a->argv[1] === 'public')) { + if (($a->argc == 2) && ($a->argv[1] === 'public')) { $public = true; - } - else { + } else { - if($a->argc != 3 || $a->argv[1] !== 'users') + if ($a->argc != 3 || $a->argv[1] !== 'users') { http_status_exit(500); - + } $guid = $a->argv[2]; $r = q("SELECT * FROM `user` WHERE `guid` = '%s' AND `account_expired` = 0 AND `account_removed` = 0 LIMIT 1", dbesc($guid) ); - if (! dbm::is_result($r)) { + if (!dbm::is_result($r)) { http_status_exit(500); } @@ -47,29 +44,34 @@ function receive_post(App $a) { $xml = urldecode($_POST['xml']); - logger('mod-diaspora: new salmon ' . $xml, LOGGER_DATA); + if (!$xml) { + $postdata = file_get_contents("php://input"); + if ($postdata == '') { + http_status_exit(500); + } - if(! $xml) - http_status_exit(500); - - logger('mod-diaspora: message is okay', LOGGER_DEBUG); - - $msg = Diaspora::decode($importer,$xml); + logger('mod-diaspora: message is in the new format', LOGGER_DEBUG); + $msg = Diaspora::decode_raw($importer, $postdata); + } else { + logger('mod-diaspora: message is in the old format', LOGGER_DEBUG); + $msg = Diaspora::decode($importer, $xml); + } logger('mod-diaspora: decoded', LOGGER_DEBUG); - logger('mod-diaspora: decoded msg: ' . print_r($msg,true), LOGGER_DATA); + logger('mod-diaspora: decoded msg: ' . print_r($msg, true), LOGGER_DATA); - if(! is_array($msg)) + if (!is_array($msg)) { http_status_exit(500); + } logger('mod-diaspora: dispatching', LOGGER_DEBUG); $ret = 0; - if($public) { + if ($public) { Diaspora::dispatch_public($msg); } else { - $ret = Diaspora::dispatch($importer,$msg); + $ret = Diaspora::dispatch($importer, $msg); } http_status_exit(($ret) ? $ret : 200);