From 7dbf72e4540c687c5dbbd15442dbc274f104afc3 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 22 Aug 2020 14:48:09 +0000 Subject: [PATCH 1/5] We now fetch data with an automatically generated system user --- src/Model/User.php | 108 +++++++++++++++++++++-- src/Module/Admin/Site.php | 9 ++ src/Module/Friendica.php | 11 +++ src/Module/Xrd.php | 63 +++++++++---- src/Protocol/ActivityPub.php | 14 --- src/Protocol/ActivityPub/Transmitter.php | 76 +++++++++++----- src/Util/HTTPSignature.php | 33 ++++--- view/templates/admin/site.tpl | 1 + view/theme/frio/templates/admin/site.tpl | 1 + 9 files changed, 244 insertions(+), 72 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index 990df65dbd..fe20857b95 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -99,6 +99,95 @@ class User private static $owner; + /** + * Fetch the system account + * + * @return return system account + */ + public static function getSystemAccount() + { + $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]); + if (!DBA::isResult($system)) { + self::createSystemAccount(); + $system = Contact::selectFirst([], ['self' => true, 'uid' => 0]); + if (!DBA::isResult($system)) { + return []; + } + } + + $system['spubkey'] = $system['uprvkey'] = $system['prvkey']; + $system['username'] = $system['name']; + $system['nickname'] = $system['nick']; + return $system; + } + + /** + * Create the system account + * + * @return void + */ + private static function createSystemAccount() + { + $system_actor_name = DI::config()->get('system', 'actor_name'); + if (empty($system_actor_name)) { + $system_actor_name = self::getActorName(); + if (empty($system_actor_name)) { + return; + } + } + + $keys = Crypto::newKeypair(4096); + if ($keys === false) { + throw new Exception(DI::l10n()->t('SERIOUS ERROR: Generation of security keys failed.')); + } + + $system = []; + $system['uid'] = 0; + $system['created'] = DateTimeFormat::utcNow(); + $system['self'] = true; + $system['network'] = Protocol::ACTIVITYPUB; + $system['name'] = 'System Account'; + $system['addr'] = $system_actor_name . '@' . DI::baseUrl()->getHostname(); + $system['nick'] = $system_actor_name; + $system['avatar'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO; + $system['photo'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO; + $system['thumb'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_THUMB; + $system['micro'] = DI::baseUrl() . Contact::DEFAULT_AVATAR_MICRO; + $system['url'] = DI::baseUrl() . '/friendica'; + $system['nurl'] = Strings::normaliseLink($system['url']); + $system['pubkey'] = $keys['pubkey']; + $system['prvkey'] = $keys['prvkey']; + $system['blocked'] = 0; + $system['pending'] = 0; + $system['contact-type'] = Contact::TYPE_RELAY; // In AP this is translated to 'Application' + $system['name-date'] = DateTimeFormat::utcNow(); + $system['uri-date'] = DateTimeFormat::utcNow(); + $system['avatar-date'] = DateTimeFormat::utcNow(); + $system['closeness'] = 0; + $system['baseurl'] = DI::baseUrl(); + $system['gsid'] = GServer::getID($system['baseurl']); + DBA::insert('contact', $system); + } + + /** + * Detect a usable actor name + * + * @return string actor account name + */ + public static function getActorName() + { + // List of possible actor names + $possible_accounts = ['friendica', 'actor', 'system', 'internal']; + foreach ($possible_accounts as $name) { + if (!DBA::exists('user', ['nickname' => $name, 'account_removed' => false, 'expire']) && + !DBA::exists('userd', ['username' => $name])) { + DI::config()->set('system', 'actor_name', $name); + return $name; + } + } + return ''; + } + /** * Returns true if a user record exists with the provided id * @@ -588,15 +677,24 @@ class User public static function isNicknameBlocked($nickname) { $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', ''); + if (!empty($forbidden_nicknames)) { + // check if the nickname is in the list of blocked nicknames + $forbidden = explode(',', $forbidden_nicknames); + $forbidden = array_map('trim', $forbidden); + } else { + $forbidden = []; + } - // if the config variable is empty return false - if (empty($forbidden_nicknames)) { + // Add the name of the internal actor to the "forbidden" list + $actor_name = DI::config()->get('system', 'actor_name'); + if (!empty($actor_name)) { + $forbidden[] = $actor_name; + } + + if (empty($forbidden)) { return false; } - // check if the nickname is in the list of blocked nicknames - $forbidden = explode(',', $forbidden_nicknames); - $forbidden = array_map('trim', $forbidden); if (in_array(strtolower($nickname), $forbidden)) { return true; } diff --git a/src/Module/Admin/Site.php b/src/Module/Admin/Site.php index 7cc17fa036..7033f09b9c 100644 --- a/src/Module/Admin/Site.php +++ b/src/Module/Admin/Site.php @@ -29,6 +29,7 @@ use Friendica\Core\Worker; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Contact; +use Friendica\Model\User; use Friendica\Module\BaseAdmin; use Friendica\Module\Register; use Friendica\Util\BasePath; @@ -148,6 +149,7 @@ class Site extends BaseAdmin $allowed_sites = (!empty($_POST['allowed_sites']) ? Strings::escapeTags(trim($_POST['allowed_sites'])) : ''); $allowed_email = (!empty($_POST['allowed_email']) ? Strings::escapeTags(trim($_POST['allowed_email'])) : ''); $forbidden_nicknames = (!empty($_POST['forbidden_nicknames']) ? strtolower(Strings::escapeTags(trim($_POST['forbidden_nicknames']))) : ''); + $system_actor_name = (!empty($_POST['system_actor_name']) ? Strings::escapeTags(trim($_POST['system_actor_name'])) : ''); $no_oembed_rich_content = !empty($_POST['no_oembed_rich_content']); $allowed_oembed = (!empty($_POST['allowed_oembed']) ? Strings::escapeTags(trim($_POST['allowed_oembed'])) : ''); $block_public = !empty($_POST['block_public']); @@ -355,6 +357,7 @@ class Site extends BaseAdmin DI::config()->set('system', 'allowed_sites' , $allowed_sites); DI::config()->set('system', 'allowed_email' , $allowed_email); DI::config()->set('system', 'forbidden_nicknames' , $forbidden_nicknames); + DI::config()->set('system', 'system_actor_name' , $system_actor_name); DI::config()->set('system', 'no_oembed_rich_content' , $no_oembed_rich_content); DI::config()->set('system', 'allowed_oembed' , $allowed_oembed); DI::config()->set('system', 'block_public' , $block_public); @@ -510,6 +513,11 @@ class Site extends BaseAdmin get_temppath(); get_itemcachepath(); + $system_actor_name = DI::config()->get('system', 'actor_name'); + if (empty($system_actor_name)) { + $system_actor_name = User::getActorName(); + } + /* Register policy */ $register_choices = [ Register::CLOSED => DI::l10n()->t('Closed'), @@ -600,6 +608,7 @@ class Site extends BaseAdmin // name, label, value, help string, extra data... '$sitename' => ['sitename', DI::l10n()->t('Site name'), DI::config()->get('config', 'sitename'), ''], '$sender_email' => ['sender_email', DI::l10n()->t('Sender Email'), DI::config()->get('config', 'sender_email'), DI::l10n()->t('The email address your server shall use to send notification emails from.'), '', '', 'email'], + '$system_actor_name' => ['system_actor_name', DI::l10n()->t('Name of the system actor'), $system_actor_name, DI::l10n()->t("Name of the internal system account that is used to perform ActivityPub requests. This must be an unused username. If set, this shouldn't be changed again.")], '$banner' => ['banner', DI::l10n()->t('Banner/Logo'), $banner, ''], '$email_banner' => ['email_banner', DI::l10n()->t('Email Banner/Logo'), $email_banner, ''], '$shortcut_icon' => ['shortcut_icon', DI::l10n()->t('Shortcut icon'), DI::config()->get('system', 'shortcut_icon'), DI::l10n()->t('Link to an icon that will be used for browsers.')], diff --git a/src/Module/Friendica.php b/src/Module/Friendica.php index ea693ce275..2d76f80d04 100644 --- a/src/Module/Friendica.php +++ b/src/Module/Friendica.php @@ -25,8 +25,10 @@ use Friendica\BaseModule; use Friendica\Core\Addon; use Friendica\Core\Hook; use Friendica\Core\Renderer; +use Friendica\Core\System; use Friendica\DI; use Friendica\Model\User; +use Friendica\Protocol\ActivityPub; /** * Prints information about the current node @@ -108,6 +110,15 @@ class Friendica extends BaseModule public static function rawContent(array $parameters = []) { + if (ActivityPub::isRequest()) { + $data = ActivityPub\Transmitter::getProfile(0); + if (!empty($data)) { + header('Access-Control-Allow-Origin: *'); + header('Cache-Control: max-age=23200, stale-while-revalidate=23200'); + System::jsonExit($data, 'application/activity+json'); + } + } + $app = DI::app(); // @TODO: Replace with parameter from router diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php index 249c143ffb..87adef5cfc 100644 --- a/src/Module/Xrd.php +++ b/src/Module/Xrd.php @@ -24,6 +24,7 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Core\Hook; use Friendica\Core\Renderer; +use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Photo; @@ -77,24 +78,30 @@ class Xrd extends BaseModule $name = substr($local, 0, strpos($local, '@')); } - $user = User::getByNickname($name); + if ($name == DI::config()->get('system', 'actor_name')) { + $owner = User::getSystemAccount(); + if (empty($owner)) { + throw new \Friendica\Network\HTTPException\NotFoundException(); + } + self::printSystemJSON($owner); + } else { + $user = User::getByNickname($name); + if (empty($user)) { + throw new \Friendica\Network\HTTPException\NotFoundException(); + } - if (empty($user)) { - throw new \Friendica\Network\HTTPException\NotFoundException(); + $owner = User::getOwnerDataById($user['uid']); + if (empty($owner)) { + DI::logger()->warning('No owner data for user id', ['uri' => $uri, 'name' => $name, 'user' => $user]); + throw new \Friendica\Network\HTTPException\NotFoundException(); + } + + $alias = str_replace('/profile/', '/~', $owner['url']); + + $avatar = Photo::selectFirst(['type'], ['uid' => $owner['uid'], 'profile' => true]); } - $owner = User::getOwnerDataById($user['uid']); - - if (empty($owner)) { - DI::logger()->warning('No owner data for user id', ['uri' => $uri, 'name' => $name, 'user' => $user]); - throw new \Friendica\Network\HTTPException\NotFoundException(); - } - - $alias = str_replace('/profile/', '/~', $owner['url']); - - $avatar = Photo::selectFirst(['type'], ['uid' => $owner['uid'], 'profile' => true]); - - if (!DBA::isResult($avatar)) { + if (empty($avatar)) { $avatar = ['type' => 'image/jpeg']; } @@ -105,6 +112,32 @@ class Xrd extends BaseModule } } + private static function printSystemJSON(array $owner) + { + $json = [ + 'subject' => 'acct:' . $owner['addr'], + 'aliases' => [$owner['url']], + 'links' => [ + [ + 'rel' => 'http://webfinger.net/rel/profile-page', + 'type' => 'text/html', + 'href' => $owner['url'], + ], + [ + 'rel' => 'self', + 'type' => 'application/activity+json', + 'href' => $owner['url'], + ], + [ + 'rel' => 'http://ostatus.org/schema/1.0/subscribe', + 'template' => DI::baseUrl()->get() . '/follow?url={uri}', + ], + ] + ]; + header('Access-Control-Allow-Origin: *'); + System::jsonExit($json, 'application/jrd+json; charset=utf-8'); + } + private static function printJSON($alias, $baseURL, $owner, $avatar) { $salmon_key = Salmon::salmonKey($owner['spubkey']); diff --git a/src/Protocol/ActivityPub.php b/src/Protocol/ActivityPub.php index c04b9e592d..359d361b01 100644 --- a/src/Protocol/ActivityPub.php +++ b/src/Protocol/ActivityPub.php @@ -90,20 +90,6 @@ class ActivityPub */ public static function fetchContent(string $url, int $uid = 0) { - if (empty($uid)) { - $user = User::getFirstAdmin(['uid']); - - if (empty($user['uid'])) { - // When the system setup is missing an admin we just take the first user - $condition = ['verified' => true, 'blocked' => false, 'account_removed' => false, 'account_expired' => false]; - $user = DBA::selectFirst('user', ['uid'], $condition); - } - - if (!empty($user['uid'])) { - $uid = $user['uid']; - } - } - return HTTPSignature::fetch($url, $uid); } diff --git a/src/Protocol/ActivityPub/Transmitter.php b/src/Protocol/ActivityPub/Transmitter.php index f1b2d3acc7..259c8c2251 100644 --- a/src/Protocol/ActivityPub/Transmitter.php +++ b/src/Protocol/ActivityPub/Transmitter.php @@ -214,39 +214,63 @@ class Transmitter */ public static function getProfile($uid) { - $condition = ['uid' => $uid, 'blocked' => false, 'account_expired' => false, - 'account_removed' => false, 'verified' => true]; - $fields = ['guid', 'nickname', 'pubkey', 'account-type', 'page-flags']; - $user = DBA::selectFirst('user', $fields, $condition); - if (!DBA::isResult($user)) { - return []; - } + if ($uid != 0) { + $condition = ['uid' => $uid, 'blocked' => false, 'account_expired' => false, + 'account_removed' => false, 'verified' => true]; + $fields = ['guid', 'nickname', 'pubkey', 'account-type', 'page-flags']; + $user = DBA::selectFirst('user', $fields, $condition); + if (!DBA::isResult($user)) { + return []; + } - $fields = ['locality', 'region', 'country-name']; - $profile = DBA::selectFirst('profile', $fields, ['uid' => $uid]); - if (!DBA::isResult($profile)) { - return []; - } + $fields = ['locality', 'region', 'country-name']; + $profile = DBA::selectFirst('profile', $fields, ['uid' => $uid]); + if (!DBA::isResult($profile)) { + return []; + } - $fields = ['name', 'url', 'location', 'about', 'avatar', 'photo']; - $contact = DBA::selectFirst('contact', $fields, ['uid' => $uid, 'self' => true]); - if (!DBA::isResult($contact)) { - return []; + $fields = ['name', 'url', 'location', 'about', 'avatar', 'photo']; + $contact = DBA::selectFirst('contact', $fields, ['uid' => $uid, 'self' => true]); + if (!DBA::isResult($contact)) { + return []; + } + } else { + $contact = User::getSystemAccount(); + $user = ['guid' => '', 'nickname' => $contact['nick'], 'pubkey' => $contact['pubkey'], + 'account-type' => $contact['contact-type'], 'page-flags' => User::PAGE_FLAGS_NORMAL]; + $profile = ['locality' => '', 'region' => '', 'country-name' => '']; } $data = ['@context' => ActivityPub::CONTEXT]; $data['id'] = $contact['url']; - $data['diaspora:guid'] = $user['guid']; + + if (!empty($user['guid'])) { + $data['diaspora:guid'] = $user['guid']; + } + $data['type'] = ActivityPub::ACCOUNT_TYPES[$user['account-type']]; - $data['following'] = DI::baseUrl() . '/following/' . $user['nickname']; - $data['followers'] = DI::baseUrl() . '/followers/' . $user['nickname']; - $data['inbox'] = DI::baseUrl() . '/inbox/' . $user['nickname']; - $data['outbox'] = DI::baseUrl() . '/outbox/' . $user['nickname']; + + if ($uid != 0) { + $data['following'] = DI::baseUrl() . '/following/' . $user['nickname']; + $data['followers'] = DI::baseUrl() . '/followers/' . $user['nickname']; + $data['inbox'] = DI::baseUrl() . '/inbox/' . $user['nickname']; + $data['outbox'] = DI::baseUrl() . '/outbox/' . $user['nickname']; + } else { + $data['inbox'] = DI::baseUrl() . '/friendica/inbox'; + } + $data['preferredUsername'] = $user['nickname']; $data['name'] = $contact['name']; - $data['vcard:hasAddress'] = ['@type' => 'vcard:Home', 'vcard:country-name' => $profile['country-name'], - 'vcard:region' => $profile['region'], 'vcard:locality' => $profile['locality']]; - $data['summary'] = BBCode::convert($contact['about'], false); + + if (!empty($profile['country-name'] . $profile['region'] . $profile['locality'])) { + $data['vcard:hasAddress'] = ['@type' => 'vcard:Home', 'vcard:country-name' => $profile['country-name'], + 'vcard:region' => $profile['region'], 'vcard:locality' => $profile['locality']]; + } + + if (!empty($contact['about'])) { + $data['summary'] = BBCode::convert($contact['about'], false); + } + $data['url'] = $contact['url']; $data['manuallyApprovesFollowers'] = in_array($user['page-flags'], [User::PAGE_FLAGS_NORMAL, User::PAGE_FLAGS_PRVGROUP]); $data['publicKey'] = ['id' => $contact['url'] . '#main-key', @@ -652,6 +676,10 @@ class Transmitter $item_profile = APContact::getByURL($item['owner-link'], false); } + if (empty($item_profile)) { + return []; + } + $profile_uid = User::getIdForURL($item_profile['url']); foreach (['to', 'cc', 'bto', 'bcc'] as $element) { diff --git a/src/Util/HTTPSignature.php b/src/Util/HTTPSignature.php index bbd5cd9b15..5165f600fc 100644 --- a/src/Util/HTTPSignature.php +++ b/src/Util/HTTPSignature.php @@ -420,23 +420,28 @@ class HTTPSignature if (!$owner) { return; } - - if (!empty($owner['uprvkey'])) { - // Header data that is about to be signed. - $host = parse_url($request, PHP_URL_HOST); - $path = parse_url($request, PHP_URL_PATH); - $date = DateTimeFormat::utcNow(DateTimeFormat::HTTP); - - $headers = ['Date: ' . $date, 'Host: ' . $host]; - - $signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host; - - $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); - - $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; + } else { + $owner = User::getSystemAccount(); + if (!$owner) { + return; } } + if (!empty($owner['uprvkey'])) { + // Header data that is about to be signed. + $host = parse_url($request, PHP_URL_HOST); + $path = parse_url($request, PHP_URL_PATH); + $date = DateTimeFormat::utcNow(DateTimeFormat::HTTP); + + $headers = ['Date: ' . $date, 'Host: ' . $host]; + + $signed_data = "(request-target): get " . $path . "\ndate: ". $date . "\nhost: " . $host; + + $signature = base64_encode(Crypto::rsaSign($signed_data, $owner['uprvkey'], 'sha256')); + + $headers[] = 'Signature: keyId="' . $owner['url'] . '#main-key' . '",algorithm="rsa-sha256",headers="(request-target) date host",signature="' . $signature . '"'; + } + if (!empty($opts['accept_content'])) { $headers[] = 'Accept: ' . $opts['accept_content']; } diff --git a/view/templates/admin/site.tpl b/view/templates/admin/site.tpl index 5c63970e9f..0c09741343 100644 --- a/view/templates/admin/site.tpl +++ b/view/templates/admin/site.tpl @@ -14,6 +14,7 @@ {{include file="field_input.tpl" field=$sitename}} {{include file="field_input.tpl" field=$sender_email}} + {{include file="field_input.tpl" field=$system_actor_name}} {{include file="field_textarea.tpl" field=$banner}} {{include file="field_input.tpl" field=$email_banner}} {{include file="field_input.tpl" field=$shortcut_icon}} diff --git a/view/theme/frio/templates/admin/site.tpl b/view/theme/frio/templates/admin/site.tpl index 0136b1cd44..a60cb06b63 100644 --- a/view/theme/frio/templates/admin/site.tpl +++ b/view/theme/frio/templates/admin/site.tpl @@ -41,6 +41,7 @@
{{include file="field_input.tpl" field=$sitename}} {{include file="field_input.tpl" field=$sender_email}} + {{include file="field_input.tpl" field=$system_actor_name}} {{include file="field_textarea.tpl" field=$banner}} {{include file="field_input.tpl" field=$shortcut_icon}} {{include file="field_input.tpl" field=$touch_icon}} From 4285f4643f7da87dc25280e04b90870efbaa136e Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 22 Aug 2020 15:19:34 +0000 Subject: [PATCH 2/5] Fix Test --- src/Network/Probe.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Network/Probe.php b/src/Network/Probe.php index 99e62fb466..943d53ff66 100644 --- a/src/Network/Probe.php +++ b/src/Network/Probe.php @@ -2200,7 +2200,7 @@ class Probe $profile['gsid'] = GServer::getID($approfile['generator']['url']); } - $data = ['name' => $profile['name'], 'nick' => $profile['nick'], 'guid' => $approfile['diaspora:guid'], + $data = ['name' => $profile['name'], 'nick' => $profile['nick'], 'guid' => $approfile['diaspora:guid'] ?? '', 'url' => $profile['url'], 'addr' => $profile['addr'], 'alias' => $profile['alias'], 'photo' => $profile['photo'], 'account-type' => $profile['contact-type'], 'community' => ($profile['contact-type'] == User::ACCOUNT_TYPE_COMMUNITY), From 6d9302fbe43a8fb18b33c76871a93f41eb28f567 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 22 Aug 2020 16:34:04 +0000 Subject: [PATCH 3/5] Check for empty owners --- src/Protocol/ActivityPub/Processor.php | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/Protocol/ActivityPub/Processor.php b/src/Protocol/ActivityPub/Processor.php index b4dba53ccc..0937859fbe 100644 --- a/src/Protocol/ActivityPub/Processor.php +++ b/src/Protocol/ActivityPub/Processor.php @@ -774,6 +774,9 @@ class Processor } $owner = User::getOwnerDataById($uid); + if (empty($owner)) { + return; + } $cid = Contact::getIdForURL($activity['actor'], $uid); if (!empty($cid)) { @@ -956,6 +959,9 @@ class Processor } $owner = User::getOwnerDataById($uid); + if (empty($owner)) { + return; + } $cid = Contact::getIdForURL($activity['actor'], $uid); if (empty($cid)) { From b12a2c486e689e2d780f67f7d017e07bb8c67feb Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 22 Aug 2020 18:52:37 +0000 Subject: [PATCH 4/5] Use "getActorName" --- src/Model/User.php | 16 +++++++++------- src/Module/Admin/Site.php | 7 +------ src/Module/Xrd.php | 2 +- 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index fe20857b95..2a954e6e60 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -102,7 +102,7 @@ class User /** * Fetch the system account * - * @return return system account + * @return array system account */ public static function getSystemAccount() { @@ -128,12 +128,9 @@ class User */ private static function createSystemAccount() { - $system_actor_name = DI::config()->get('system', 'actor_name'); + $system_actor_name = self::getActorName(); if (empty($system_actor_name)) { - $system_actor_name = self::getActorName(); - if (empty($system_actor_name)) { - return; - } + return; } $keys = Crypto::newKeypair(4096); @@ -176,6 +173,11 @@ class User */ public static function getActorName() { + $system_actor_name = DI::config()->get('system', 'actor_name'); + if (!empty($system_actor_name)) { + return $system_actor_name; + } + // List of possible actor names $possible_accounts = ['friendica', 'actor', 'system', 'internal']; foreach ($possible_accounts as $name) { @@ -686,7 +688,7 @@ class User } // Add the name of the internal actor to the "forbidden" list - $actor_name = DI::config()->get('system', 'actor_name'); + $actor_name = self::getActorName(); if (!empty($actor_name)) { $forbidden[] = $actor_name; } diff --git a/src/Module/Admin/Site.php b/src/Module/Admin/Site.php index 7033f09b9c..64b9395dad 100644 --- a/src/Module/Admin/Site.php +++ b/src/Module/Admin/Site.php @@ -513,11 +513,6 @@ class Site extends BaseAdmin get_temppath(); get_itemcachepath(); - $system_actor_name = DI::config()->get('system', 'actor_name'); - if (empty($system_actor_name)) { - $system_actor_name = User::getActorName(); - } - /* Register policy */ $register_choices = [ Register::CLOSED => DI::l10n()->t('Closed'), @@ -608,7 +603,7 @@ class Site extends BaseAdmin // name, label, value, help string, extra data... '$sitename' => ['sitename', DI::l10n()->t('Site name'), DI::config()->get('config', 'sitename'), ''], '$sender_email' => ['sender_email', DI::l10n()->t('Sender Email'), DI::config()->get('config', 'sender_email'), DI::l10n()->t('The email address your server shall use to send notification emails from.'), '', '', 'email'], - '$system_actor_name' => ['system_actor_name', DI::l10n()->t('Name of the system actor'), $system_actor_name, DI::l10n()->t("Name of the internal system account that is used to perform ActivityPub requests. This must be an unused username. If set, this shouldn't be changed again.")], + '$system_actor_name' => ['system_actor_name', DI::l10n()->t('Name of the system actor'), User::getActorName(), DI::l10n()->t("Name of the internal system account that is used to perform ActivityPub requests. This must be an unused username. If set, this shouldn't be changed again.")], '$banner' => ['banner', DI::l10n()->t('Banner/Logo'), $banner, ''], '$email_banner' => ['email_banner', DI::l10n()->t('Email Banner/Logo'), $email_banner, ''], '$shortcut_icon' => ['shortcut_icon', DI::l10n()->t('Shortcut icon'), DI::config()->get('system', 'shortcut_icon'), DI::l10n()->t('Link to an icon that will be used for browsers.')], diff --git a/src/Module/Xrd.php b/src/Module/Xrd.php index 87adef5cfc..be6a3bf9c5 100644 --- a/src/Module/Xrd.php +++ b/src/Module/Xrd.php @@ -78,7 +78,7 @@ class Xrd extends BaseModule $name = substr($local, 0, strpos($local, '@')); } - if ($name == DI::config()->get('system', 'actor_name')) { + if ($name == User::getActorName()) { $owner = User::getSystemAccount(); if (empty($owner)) { throw new \Friendica\Network\HTTPException\NotFoundException(); From 6fd0848cdebee7a3c2027b161a9fa2ad360fbe08 Mon Sep 17 00:00:00 2001 From: Michael Date: Sat, 22 Aug 2020 19:40:31 +0000 Subject: [PATCH 5/5] Ensure that the actor name can't be changed --- src/Model/User.php | 10 +++++++++- src/Module/Admin/Site.php | 2 +- 2 files changed, 10 insertions(+), 2 deletions(-) diff --git a/src/Model/User.php b/src/Model/User.php index 2a954e6e60..c329ef91a3 100644 --- a/src/Model/User.php +++ b/src/Model/User.php @@ -175,6 +175,14 @@ class User { $system_actor_name = DI::config()->get('system', 'actor_name'); if (!empty($system_actor_name)) { + $self = Contact::selectFirst(['nick'], ['uid' => 0, 'self' => true]); + if (!empty($self['nick'])) { + if ($self['nick'] != $system_actor_name) { + // Reset the actor name to the already used name + DI::config()->set('system', 'actor_name', $self['nick']); + $system_actor_name = $self['nick']; + } + } return $system_actor_name; } @@ -680,7 +688,6 @@ class User { $forbidden_nicknames = DI::config()->get('system', 'forbidden_nicknames', ''); if (!empty($forbidden_nicknames)) { - // check if the nickname is in the list of blocked nicknames $forbidden = explode(',', $forbidden_nicknames); $forbidden = array_map('trim', $forbidden); } else { @@ -697,6 +704,7 @@ class User return false; } + // check if the nickname is in the list of blocked nicknames if (in_array(strtolower($nickname), $forbidden)) { return true; } diff --git a/src/Module/Admin/Site.php b/src/Module/Admin/Site.php index 64b9395dad..de1ba5f8b3 100644 --- a/src/Module/Admin/Site.php +++ b/src/Module/Admin/Site.php @@ -603,7 +603,7 @@ class Site extends BaseAdmin // name, label, value, help string, extra data... '$sitename' => ['sitename', DI::l10n()->t('Site name'), DI::config()->get('config', 'sitename'), ''], '$sender_email' => ['sender_email', DI::l10n()->t('Sender Email'), DI::config()->get('config', 'sender_email'), DI::l10n()->t('The email address your server shall use to send notification emails from.'), '', '', 'email'], - '$system_actor_name' => ['system_actor_name', DI::l10n()->t('Name of the system actor'), User::getActorName(), DI::l10n()->t("Name of the internal system account that is used to perform ActivityPub requests. This must be an unused username. If set, this shouldn't be changed again.")], + '$system_actor_name' => ['system_actor_name', DI::l10n()->t('Name of the system actor'), User::getActorName(), DI::l10n()->t("Name of the internal system account that is used to perform ActivityPub requests. This must be an unused username. If set, this can't be changed again.")], '$banner' => ['banner', DI::l10n()->t('Banner/Logo'), $banner, ''], '$email_banner' => ['email_banner', DI::l10n()->t('Email Banner/Logo'), $email_banner, ''], '$shortcut_icon' => ['shortcut_icon', DI::l10n()->t('Shortcut icon'), DI::config()->get('system', 'shortcut_icon'), DI::l10n()->t('Link to an icon that will be used for browsers.')],