tobias/friendica
1
0
Fork 0
Code Pull requests Activity

workflow for federated/non-dfrn followers

Browse source
This commit is contained in:
Mike Macgirvin 2010-10-24 20:39:24 -07:00
commit b41218ca30
16 changed files with 670 additions and 382 deletions
Download patch file Download diff file Expand all files Collapse all files

1
mod/contacts.php
View file

@ -271,7 +271,6 @@ function contacts_content(&$a) {
default:
break;
}
if(($rr['network'] === 'dfrn') && ($rr['rel'])) {
$url = "redir/{$rr['id']}";
$sparkle = ' class="sparkle" ';

406
mod/dfrn_confirm.php
View file

@ -7,7 +7,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
if(is_array($handsfree)) {
// called directly from dfrn_request due to automatic friend acceptance
// any $_POST parameters we might need are supplied in the $handsfree array
// any $_POST parameters we may require are supplied in the $handsfree array
$node = $handsfree['node'];
$a->interactive = false; // notice() becomes a no-op since nobody is there to see it
@ -19,12 +19,12 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
}
// Main entry point. Our user received a friend request notification (perhaps
// from another site) and clicked 'Accept'. $POST['source_url'] is not set.
// from another site) and clicked 'Approve'. $POST['source_url'] is not set.
// OR we have been called directly from dfrn_request ($handsfree != null) due to
// this being a page type which supports automatic friend acceptance.
if(! x($_POST,'source_url')) {
$uid = ((is_array($handsfree)) ? $handsfree['uid'] : local_user());
if(! $uid) {
@ -42,7 +42,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
}
// These come from the friend request notification form or $handsfree reply.
// These come from either the friend request notification form or $handsfree array.
if(is_array($handsfree)) {
$dfrn_id = $handsfree['dfrn_id'];
@ -53,13 +53,16 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$dfrn_id = ((x($_POST,'dfrn_id')) ? notags(trim($_POST['dfrn_id'])) : "");
$intro_id = intval($_POST['intro_id']);
$duplex = intval($_POST['duplex']);
$cid = intval($_POST['contact_id']);
}
// The other person will have been issued an ID when they first requested friendship.
// Locate their record. At this time, their record will have both pending and blocked set to 1.
// There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
$r = q("SELECT * FROM `contact` WHERE `issued-id` = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM `contact` WHERE ( ( `issued-id` != '' AND `issued-id` = '%s' ) OR ( `id` = %d AND `id` != 0 ) ) AND `uid` = %d LIMIT 1",
dbesc($dfrn_id),
intval($cid),
intval($uid)
);
@ -68,153 +71,158 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
return;
}
$contact_id = $r[0]['id'];
$relation = $r[0]['rel'];
$site_pubkey = $r[0]['site-pubkey'];
$dfrn_confirm = $r[0]['confirm'];
$aes_allow = $r[0]['aes_allow'];
$contact = $r[0];
$contact_id = $contact['id'];
$relation = $contact['rel'];
$site_pubkey = $contact['site-pubkey'];
$dfrn_confirm = $contact['confirm'];
$aes_allow = $contact['aes_allow'];
// Generate a key pair for all further communications with this person.
// We have a keypair for every contact, and a site key for unknown people.
// This provides a means to carry on relationships with other people if
// any single key is compromised. It is a robust key. We're much more
// worried about key leakage than anybody cracking it.
if($contact['network'] === 'dfrn') {
$res = openssl_pkey_new(array(
'digest_alg' => 'whirlpool',
'private_key_bits' => 4096,
'encrypt_key' => false )
);
// Generate a key pair for all further communications with this person.
// We have a keypair for every contact, and a site key for unknown people.
// This provides a means to carry on relationships with other people if
// any single key is compromised. It is a robust key. We're much more
// worried about key leakage than anybody cracking it.
$res = openssl_pkey_new(array(
'digest_alg' => 'whirlpool',
'private_key_bits' => 4096,
'encrypt_key' => false )
);
$private_key = '';
$private_key = '';
openssl_pkey_export($res, $private_key);
openssl_pkey_export($res, $private_key);
$pubkey = openssl_pkey_get_details($res);
$public_key = $pubkey["key"];
$pubkey = openssl_pkey_get_details($res);
$public_key = $pubkey["key"];
// Save the private key. Send them the public key.
// Save the private key. Send them the public key.
$r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($private_key),
intval($contact_id),
intval($uid)
);
$r = q("UPDATE `contact` SET `prvkey` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($private_key),
intval($contact_id),
intval($uid)
);
$params = array();
$params = array();
// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our
// site private key (person on the other end can decrypt it with our site public key).
// Then encrypt our profile URL with the other person's site public key. They can decrypt
// it with their site private key. If the decryption on the other end fails for either
// item, it indicates tampering or key failure on at least one site and we will not be
// able to provide a secure communication pathway.
// Per the protocol document, we will verify both ends by encrypting the dfrn_id with our
// site private key (person on the other end can decrypt it with our site public key).
// Then encrypt our profile URL with the other person's site public key. They can decrypt
// it with their site private key. If the decryption on the other end fails for either
// item, it indicates tampering or key failure on at least one site and we will not be
// able to provide a secure communication pathway.
// If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
// or later) then we encrypt the personal public key we send them using AES-256-CBC and a
// random key which is encrypted with their site public key.
// If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
// or later) then we encrypt the personal public key we send them using AES-256-CBC and a
// random key which is encrypted with their site public key.
$src_aes_key = random_string();
$src_aes_key = random_string();
$result = '';
openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
$result = '';
openssl_private_encrypt($dfrn_id,$result,$user[0]['prvkey']);
$params['dfrn_id'] = bin2hex($result);
$params['public_key'] = $public_key;
$params['dfrn_id'] = bin2hex($result);
$params['public_key'] = $public_key;
$my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
$my_url = $a->get_baseurl() . '/profile/' . $user[0]['nickname'];
openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
$params['source_url'] = bin2hex($params['source_url']);
openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
$params['source_url'] = bin2hex($params['source_url']);
if($aes_allow && function_exists('openssl_encrypt')) {
openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
$params['aes_key'] = bin2hex($params['aes_key']);
$params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
}
$params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
if($duplex == 1)
$params['duplex'] = 1;
// POST all this stuff to the other site.
$res = post_url($dfrn_confirm,$params);
// Now figure out what they responded. Try to be robust if the remote site is
// having difficulty and throwing up errors of some kind.
$leading_junk = substr($res,0,strpos($res,'<?xml'));
$res = substr($res,strpos($res,'<?xml'));
if(! strlen($res)) {
// No XML at all, this exchange is messed up really bad.
// We shouldn't proceed, because the xml parser might choke,
// and $status is going to be zero, which indicates success.
// We can hardly call this a success.
notice( t('Response from remote site was not understood.') . EOL);
return;
}
if(strlen($leading_junk) && get_config('system','debugging')) {
// This might be more common. Mixed error text and some XML.
// If we're configured for debugging, show the text. Proceed in either case.
notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
}
$xml = simplexml_load_string($res);
$status = (int) $xml->status;
$message = unxmlify($xml->message); // human readable text of what may have gone wrong.
switch($status) {
case 0:
notice( t("Confirmation completed successfully.") . EOL);
if(strlen($message))
notice( t('Remote site reported: ') . $message . EOL);
break;
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string();
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($new_dfrn_id),
intval($contact_id),
intval($uid)
);
case 2:
notice( t("Temporary failure. Please wait and try again.") . EOL);
if(strlen($message))
notice( t('Remote site reported: ') . $message . EOL);
break;
case 3:
notice( t("Introduction failed or was revoked.") . EOL);
if(strlen($message))
notice( t('Remote site reported: ') . $message . EOL);
break;
if($aes_allow && function_exists('openssl_encrypt')) {
openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
$params['aes_key'] = bin2hex($params['aes_key']);
$params['public_key'] = bin2hex(openssl_encrypt($public_key,'AES-256-CBC',$src_aes_key));
}
if(($status == 0) && ($intro_id)) {
$params['dfrn_version'] = DFRN_PROTOCOL_VERSION ;
if($duplex == 1)
$params['duplex'] = 1;
// Success. Delete the notification.
// POST all this stuff to the other site.
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($intro_id),
intval($uid)
);
$res = post_url($dfrn_confirm,$params);
// Now figure out what they responded. Try to be robust if the remote site is
// having difficulty and throwing up errors of some kind.
$leading_junk = substr($res,0,strpos($res,'<?xml'));
$res = substr($res,strpos($res,'<?xml'));
if(! strlen($res)) {
// No XML at all, this exchange is messed up really bad.
// We shouldn't proceed, because the xml parser might choke,
// and $status is going to be zero, which indicates success.
// We can hardly call this a success.
notice( t('Response from remote site was not understood.') . EOL);
return;
}
if(strlen($leading_junk) && get_config('system','debugging')) {
// This might be more common. Mixed error text and some XML.
// If we're configured for debugging, show the text. Proceed in either case.
notice( t('Unexpected response from remote site: ') . EOL . $leading_junk . EOL );
}
$xml = simplexml_load_string($res);
$status = (int) $xml->status;
$message = unxmlify($xml->message); // human readable text of what may have gone wrong.
switch($status) {
case 0:
notice( t("Confirmation completed successfully.") . EOL);
if(strlen($message))
notice( t('Remote site reported: ') . $message . EOL);
break;
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = random_string();
$r = q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d LIMIT 1",
dbesc($new_dfrn_id),
intval($contact_id),
intval($uid)
);
case 2:
notice( t("Temporary failure. Please wait and try again.") . EOL);
if(strlen($message))
notice( t('Remote site reported: ') . $message . EOL);
break;
case 3:
notice( t("Introduction failed or was revoked.") . EOL);
if(strlen($message))
notice( t('Remote site reported: ') . $message . EOL);
break;
}
if(($status == 0) && ($intro_id)) {
// Success. Delete the notification.
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($intro_id),
intval($uid)
);
}
if($status != 0)
return;
}
if($status != 0)
return;
// We have now established a relationship with the other site.
// Let's make our own personal copy of their profile photo so we don't have
// to always load it from their site.
@ -223,36 +231,29 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$photo_failure = false;
$r = q("SELECT `photo` FROM `contact` WHERE `id` = %d LIMIT 1",
intval($contact_id));
if(count($r)) {
$filename = basename($contact['photo']);
$img_str = fetch_url($contact['photo'],true);
$img = new Photo($img_str);
if($img->is_valid()) {
$filename = basename($r[0]['photo']);
$img_str = fetch_url($r[0]['photo'],true);
$img = new Photo($img_str);
if($img->is_valid()) {
$img->scaleImageSquare(175);
$img->scaleImageSquare(175);
$hash = photo_new_resource();
$hash = photo_new_resource();
$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 4 );
$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 4 );
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 5 );
if($r === false)
$photo_failure = true;
$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
}
else
if($r === false)
$photo_failure = true;
$img->scaleImage(80);
$r = $img->store($uid, $contact_id, $hash, $filename, t('Contact Photos'), 5 );
if($r === false)
$photo_failure = true;
$photo = $a->get_baseurl() . '/photo/' . $hash . '-4.jpg';
$thumb = $a->get_baseurl() . '/photo/' . $hash . '-5.jpg';
}
else
$photo_failure = true;
@ -262,40 +263,89 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
$thumb = $a->get_baseurl() . '/images/default-profile-sm.jpg';
}
$new_relation = REL_VIP;
if(($relation == REL_FAN) || ($duplex))
$new_relation = REL_BUD;
$r = q("UPDATE `contact` SET `photo` = '%s',
`thumb` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`network` = 'dfrn' WHERE `id` = %d LIMIT 1
",
dbesc($photo),
dbesc($thumb),
intval($new_relation),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($duplex),
intval($contact_id)
);
if($contact['network'] === 'dfrn') {
$new_relation = REL_VIP;
if(($relation == REL_FAN) || ($duplex))
$new_relation = REL_BUD;
$r = q("UPDATE `contact` SET `photo` = '%s',
`thumb` = '%s',
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`network` = 'dfrn' WHERE `id` = %d LIMIT 1
",
dbesc($photo),
dbesc($thumb),
intval($new_relation),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
intval($duplex),
intval($contact_id)
);
}
else {
$notify = '';
$poll = '';
// $contact['network'] !== 'dfrn'
$arr = lrdd($contact['url']);
if(count($arr)) {
foreach($arr as $link) {
if($link['@attributes']['rel'] === 'salmon')
$notify = $link['@attributes']['href'];
if($link['@attributes']['rel'] === NAMESPACE_FEED)
$poll = $link['@attributes']['href'];
}
}
$r = q("DELETE FROM `intro` WHERE `id` = %d AND `uid` = %d LIMIT 1",
intval($intro_id),
intval($uid)
);
$r = q("UPDATE `contact` SET `photo` = '%s',
`thumb` = '%s',
`name-date` = '%s',
`uri-date` = '%s',
`avatar-date` = '%s',
`notify` = '%s',
`poll` = '%s',
`blocked` = 0,
`pending` = 0
WHERE `id` = %d LIMIT 1
",
dbesc($photo),
dbesc($thumb),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc(datetime_convert()),
dbesc($notify),
dbesc($poll),
intval($contact_id)
);
}
if($r === false)
notice( t('Unable to set contact photo.') . EOL);
notice( t('Unable to set contact photo.') . EOL);
// Let's send our user to the contact editor in case they want to
// do anything special with this new friend.
if($handsfree === null)
goaway($a->get_baseurl() . '/contacts/' . intval($contact_id));
return; //NOTREACHED
}
@ -480,7 +530,7 @@ function dfrn_confirm_post(&$a,$handsfree = null) {
intval($duplex),
intval($dfrn_record)
);
if($r === false) { // indicates schema is messed up or total db failure
if($r === false) { // indicates schema is messed up or total db failure
$message = t('Unable to update your contact profile details on our system');
xml_status(3,$message);
}

6
mod/dfrn_notify.php
View file

@ -205,7 +205,7 @@ function dfrn_notify_post(&$a) {
if($is_reply) {
if($feed->get_item_quantity() == 1) {
// remote reply to our post. Import and then notify everybody else.
$datarray = get_atom_elements($item);
$datarray = get_atom_elements($feed,$item);
$datarray['type'] = 'remote-comment';
$datarray['wall'] = 1;
$datarray['parent-uri'] = $parent_uri;
@ -287,7 +287,7 @@ function dfrn_notify_post(&$a) {
}
continue;
}
$datarray = get_atom_elements($item);
$datarray = get_atom_elements($feed,$item);
$datarray['parent-uri'] = $parent_uri;
$datarray['uid'] = $importer['importer_uid'];
$datarray['contact-id'] = $importer['id'];
@ -354,7 +354,7 @@ function dfrn_notify_post(&$a) {
}
$datarray = get_atom_elements($item);
$datarray = get_atom_elements($feed,$item);
$datarray['parent-uri'] = $item_id;
$datarray['uid'] = $importer['importer_uid'];
$datarray['contact-id'] = $importer['id'];

2
mod/network.php
View file

@ -200,7 +200,7 @@ function network_content(&$a, $update = 0) {
$template = $wallwall;
$commentww = 'ww';
}
if($item['type'] === 'remote' && ($item['owner-link'] != $item['author-link'])) {
if(($item['type'] === 'remote') && (strlen($item['owner-link'])) && ($item['owner-link'] != $item['author-link'])) {
// Could be anybody.
$owner_url = $item['owner-link'];
$owner_photo = $item['owner-avatar'];

31
mod/notifications.php
View file

@ -71,7 +71,7 @@ function notifications_content(&$a) {
'$hide_text' => ((strlen($sql_extra)) ? t('Show Ignored Requests') : t('Hide Ignored Requests'))
));
$r = q("SELECT `intro`.`id` AS `intro-id`, `intro`.*, `contact`.*
$r = q("SELECT `intro`.`id` AS `intro_id`, `intro`.*, `contact`.*
FROM `intro` LEFT JOIN `contact` ON `intro`.`contact-id` = `contact`.`id`
WHERE `intro`.`uid` = %d $sql_extra AND `intro`.`blocked` = 0 ",
intval($_SESSION['uid']));
@ -83,15 +83,36 @@ function notifications_content(&$a) {
foreach($r as $rr) {
$friend_selected = (($rr['network'] === 'dfrn') ? ' checked="checked" ' : ' disabled ');
$fan_selected = (($rr['network'] === 'stat') ? ' checked="checked" disabled ' : '');
$dfrn_tpl = load_view_file('view/netfriend.tpl');
$knowyou = '';
$dfrn_text = '';
if($rr['network'] === 'dfrn') {
$knowyou = t('Claims to be known to you: ') . (($rr['knowyou']) ? t('yes') : t('no'));
$dfrn_text = replace_macros($dfrn_tpl,array(
'$intro_id' => $rr['intro_id'],
'$friend_selected' => $friend_selected,
'$fan_selected' => $fan_selected,
));
}
$o .= replace_macros($tpl,array(
'$intro_id' => $rr['intro-id'],
'$dfrn-id' => $rr['issued-id'],
'$notify_type' => (($rr['network'] === 'dfrn') ? t('Friend/Connect Request') : t('New Follower')),
'$dfrn_text' => $dfrn_text,
'$dfrn_id' => $rr['issued-id'],
'$uid' => $_SESSION['uid'],
'$contact-id' => $rr['contact-id'],
'$intro_id' => $rr['intro_id'],
'$contact_id' => $rr['contact-id'],
'$photo' => ((x($rr,'photo')) ? $rr['photo'] : "images/default-profile.jpg"),
'$fullname' => $rr['name'],
'$knowyou' => (($rr['knowyou']) ? t('yes') : t('no')),
'$url' => $rr['url'],
'$knowyou' => $knowyou,
'$note' => $rr['note']
));
}

10
mod/salmon.php
View file

@ -195,14 +195,16 @@ function salmon_post(&$a) {
*
*/
$r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND `lrdd` = '%s' AND `uid` = %d LIMIT 1",
$r = q("SELECT * FROM `contact` WHERE `network` = 'stat' AND ( `url` = '%s' OR `lrdd` = '%s') AND `uid` = %d
AND `readonly` = 0 LIMIT 1",
dbesc($author_link),
dbesc($author_link),
intval($importer['uid'])
);
if(! count($r)) {
if($debugging)
file_put_contents('salmon.out',"\n" . 'Author unknown to us.' . "\n", FILE_APPEND);
salmon_return(500);
}
require_once('include/items.php');
@ -212,7 +214,9 @@ function salmon_post(&$a) {
$hub = '';
consume_feed($feedxml,$importer,$r[0],$hub);
// consume_feed will only accept a follow activity from this person if there is no contact record.
consume_feed($feedxml,$importer,((count($r)) ? $r[0] : null),$hub);
salmon_return(200);
}