From 0a5e3c75dc0bb5138c01e46577c60a83f5298655 Mon Sep 17 00:00:00 2001 From: Hank Grabowski Date: Wed, 22 Mar 2023 18:18:49 -0400 Subject: [PATCH 1/4] Fix Twitter NewDM API w/OAuth by passing in UID not query session --- src/Model/Mail.php | 22 ++++++++++--------- .../Api/Twitter/DirectMessages/NewDM.php | 2 +- 2 files changed, 13 insertions(+), 11 deletions(-) diff --git a/src/Model/Mail.php b/src/Model/Mail.php index e624a6f975..2b9d8bea49 100644 --- a/src/Model/Mail.php +++ b/src/Model/Mail.php @@ -124,7 +124,7 @@ class Mail * @return int * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ - public static function send(int $recipient = 0, string $body = '', string $subject = '', string $replyto = ''): int + public static function send(string $uid, int $recipient = 0, string $body = '', string $subject = '', string $replyto = ''): int { $a = DI::app(); @@ -136,12 +136,12 @@ class Mail $subject = DI::l10n()->t('[no subject]'); } - $me = DBA::selectFirst('contact', [], ['uid' => DI::userSession()->getLocalUserId(), 'self' => true]); + $me = DBA::selectFirst('contact', [], ['uid' => $uid, 'self' => true]); if (!DBA::isResult($me)) { return -2; } - $contacts = ACL::getValidMessageRecipientsForUser(DI::userSession()->getLocalUserId()); + $contacts = ACL::getValidMessageRecipientsForUser($uid); $contactIndex = array_search($recipient, array_column($contacts, 'id')); if ($contactIndex === false) { @@ -150,7 +150,7 @@ class Mail $contact = $contacts[$contactIndex]; - Photo::setPermissionFromBody($body, DI::userSession()->getLocalUserId(), $me['id'], '<' . $contact['id'] . '>', '', '', ''); + Photo::setPermissionFromBody($body, $uid, $me['id'], '<' . $contact['id'] . '>', '', '', ''); $guid = System::createUUID(); $uri = Item::newURI($guid); @@ -163,7 +163,7 @@ class Mail if (strlen($replyto)) { $reply = true; $condition = ["`uid` = ? AND (`uri` = ? OR `parent-uri` = ?)", - DI::userSession()->getLocalUserId(), $replyto, $replyto]; + $uid, $replyto, $replyto]; $mail = DBA::selectFirst('mail', ['convid'], $condition); if (DBA::isResult($mail)) { $convid = $mail['convid']; @@ -176,7 +176,7 @@ class Mail $conv_guid = System::createUUID(); $convuri = $contact['addr'] . ':' . $conv_guid; - $fields = ['uid' => DI::userSession()->getLocalUserId(), 'guid' => $conv_guid, 'creator' => $me['addr'], + $fields = ['uid' => $uid, 'guid' => $conv_guid, 'creator' => $me['addr'], 'created' => DateTimeFormat::utcNow(), 'updated' => DateTimeFormat::utcNow(), 'subject' => $subject, 'recips' => $contact['addr'] . ';' . $me['addr']]; if (DBA::insert('conv', $fields)) { @@ -195,7 +195,7 @@ class Mail $post_id = self::insert( [ - 'uid' => DI::userSession()->getLocalUserId(), + 'uid' => $uid, 'guid' => $guid, 'convid' => $convid, 'from-name' => $me['name'], @@ -210,7 +210,8 @@ class Mail 'uri' => $uri, 'parent-uri' => $replyto, 'created' => DateTimeFormat::utcNow() - ], false + ], + false ); /** @@ -231,7 +232,7 @@ class Mail foreach ($images as $image) { $image_rid = Photo::ridFromURI($image); if (!empty($image_rid)) { - Photo::update(['allow-cid' => '<' . $recipient . '>'], ['resource-id' => $image_rid, 'album' => 'Wall Photos', 'uid' => DI::userSession()->getLocalUserId()]); + Photo::update(['allow-cid' => '<' . $recipient . '>'], ['resource-id' => $image_rid, 'album' => 'Wall Photos', 'uid' => $uid]); } } } @@ -311,7 +312,8 @@ class Mail 'parent-uri' => $me['url'], 'created' => DateTimeFormat::utcNow(), 'unknown' => 1 - ], false + ], + false ); return 0; diff --git a/src/Module/Api/Twitter/DirectMessages/NewDM.php b/src/Module/Api/Twitter/DirectMessages/NewDM.php index 5d7fb3a564..866660810c 100644 --- a/src/Module/Api/Twitter/DirectMessages/NewDM.php +++ b/src/Module/Api/Twitter/DirectMessages/NewDM.php @@ -83,7 +83,7 @@ class NewDM extends BaseApi $cdata = Contact::getPublicAndUserContactID($cid, $uid); - $id = Mail::send($cdata['user'], $request['text'], $sub, $replyto); + $id = Mail::send($uid, $cdata['user'], $request['text'], $sub, $replyto); if ($id > -1) { $ret = $this->directMessage->createFromMailId($id, $uid, $this->getRequestValue($request, 'getText', '')); From 3d4e11045acd47b05563085af528dbee110f972c Mon Sep 17 00:00:00 2001 From: Hank Grabowski Date: Wed, 22 Mar 2023 18:25:13 -0400 Subject: [PATCH 2/4] Fix type and name on Mail::send sender ID argument --- src/Model/Mail.php | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/src/Model/Mail.php b/src/Model/Mail.php index 2b9d8bea49..ea67394ed8 100644 --- a/src/Model/Mail.php +++ b/src/Model/Mail.php @@ -117,6 +117,7 @@ class Mail /** * Send private message * + * @param integer $sender_uid the user id of the sender, default 0 * @param integer $recipient recipient id, default 0 * @param string $body message body, default empty * @param string $subject message subject, default empty @@ -124,7 +125,7 @@ class Mail * @return int * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ - public static function send(string $uid, int $recipient = 0, string $body = '', string $subject = '', string $replyto = ''): int + public static function send(int $sender_uid = 0, int $recipient = 0, string $body = '', string $subject = '', string $replyto = ''): int { $a = DI::app(); @@ -136,12 +137,12 @@ class Mail $subject = DI::l10n()->t('[no subject]'); } - $me = DBA::selectFirst('contact', [], ['uid' => $uid, 'self' => true]); + $me = DBA::selectFirst('contact', [], ['uid' => $sender_uid, 'self' => true]); if (!DBA::isResult($me)) { return -2; } - $contacts = ACL::getValidMessageRecipientsForUser($uid); + $contacts = ACL::getValidMessageRecipientsForUser($sender_uid); $contactIndex = array_search($recipient, array_column($contacts, 'id')); if ($contactIndex === false) { @@ -150,7 +151,7 @@ class Mail $contact = $contacts[$contactIndex]; - Photo::setPermissionFromBody($body, $uid, $me['id'], '<' . $contact['id'] . '>', '', '', ''); + Photo::setPermissionFromBody($body, $sender_uid, $me['id'], '<' . $contact['id'] . '>', '', '', ''); $guid = System::createUUID(); $uri = Item::newURI($guid); @@ -163,7 +164,7 @@ class Mail if (strlen($replyto)) { $reply = true; $condition = ["`uid` = ? AND (`uri` = ? OR `parent-uri` = ?)", - $uid, $replyto, $replyto]; + $sender_uid, $replyto, $replyto]; $mail = DBA::selectFirst('mail', ['convid'], $condition); if (DBA::isResult($mail)) { $convid = $mail['convid']; @@ -176,7 +177,7 @@ class Mail $conv_guid = System::createUUID(); $convuri = $contact['addr'] . ':' . $conv_guid; - $fields = ['uid' => $uid, 'guid' => $conv_guid, 'creator' => $me['addr'], + $fields = ['uid' => $sender_uid, 'guid' => $conv_guid, 'creator' => $me['addr'], 'created' => DateTimeFormat::utcNow(), 'updated' => DateTimeFormat::utcNow(), 'subject' => $subject, 'recips' => $contact['addr'] . ';' . $me['addr']]; if (DBA::insert('conv', $fields)) { @@ -195,7 +196,7 @@ class Mail $post_id = self::insert( [ - 'uid' => $uid, + 'uid' => $sender_uid, 'guid' => $guid, 'convid' => $convid, 'from-name' => $me['name'], @@ -232,7 +233,7 @@ class Mail foreach ($images as $image) { $image_rid = Photo::ridFromURI($image); if (!empty($image_rid)) { - Photo::update(['allow-cid' => '<' . $recipient . '>'], ['resource-id' => $image_rid, 'album' => 'Wall Photos', 'uid' => $uid]); + Photo::update(['allow-cid' => '<' . $recipient . '>'], ['resource-id' => $image_rid, 'album' => 'Wall Photos', 'uid' => $sender_uid]); } } } From 1c4fbc9fdf49b27ead8af2fe6bdc5c145d59cd0c Mon Sep 17 00:00:00 2001 From: Hank Grabowski Date: Wed, 22 Mar 2023 18:25:32 -0400 Subject: [PATCH 3/4] Fix other calls to Mail::send to provide ID --- mod/message.php | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/mod/message.php b/mod/message.php index 1e8c012eeb..99fb6b3b41 100644 --- a/mod/message.php +++ b/mod/message.php @@ -69,12 +69,13 @@ function message_post(App $a) return; } + $sender_id = DI::userSession()->getLocalUserId(); $replyto = !empty($_REQUEST['replyto']) ? trim($_REQUEST['replyto']) : ''; $subject = !empty($_REQUEST['subject']) ? trim($_REQUEST['subject']) : ''; $body = !empty($_REQUEST['body']) ? Strings::escapeHtml(trim($_REQUEST['body'])) : ''; $recipient = !empty($_REQUEST['recipient']) ? intval($_REQUEST['recipient']) : 0; - $ret = Mail::send($recipient, $body, $subject, $replyto); + $ret = Mail::send($sender_id, $recipient, $body, $subject, $replyto); $norecip = false; switch ($ret) { From cc86a54c80325cb324623d1ace3131148f0b4c77 Mon Sep 17 00:00:00 2001 From: Hank G Date: Wed, 22 Mar 2023 21:35:44 -0400 Subject: [PATCH 4/4] Apply suggestions from code review Co-authored-by: Hypolite Petovan --- src/Model/Mail.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/Model/Mail.php b/src/Model/Mail.php index ea67394ed8..a6cb8a0780 100644 --- a/src/Model/Mail.php +++ b/src/Model/Mail.php @@ -117,7 +117,7 @@ class Mail /** * Send private message * - * @param integer $sender_uid the user id of the sender, default 0 + * @param integer $sender_uid the user id of the sender * @param integer $recipient recipient id, default 0 * @param string $body message body, default empty * @param string $subject message subject, default empty @@ -125,7 +125,7 @@ class Mail * @return int * @throws \Friendica\Network\HTTPException\InternalServerErrorException */ - public static function send(int $sender_uid = 0, int $recipient = 0, string $body = '', string $subject = '', string $replyto = ''): int + public static function send(int $sender_uid, int $recipient = 0, string $body = '', string $subject = '', string $replyto = ''): int { $a = DI::app();