Change to use OAuth for authentication

diff --git a/ActivitySpamPlugin.php b/ActivitySpamPlugin.php
index ad33f6e9981b12bf50fbdeb69fd176526beafd8f..b6871d4cd94c33e286622d552ecf38a4e766ee31 100644 (file)
--- a/ActivitySpamPlugin.php
+++ b/ActivitySpamPlugin.php
@@ -47,8 +47,6 @@ if (!defined('STATUSNET')) {
 class ActivitySpamPlugin extends Plugin
 {
     public $server = null;
-    public $username = null;
-    public $password = null;
 
     const REVIEWSPAM = 'ActivitySpamPlugin::REVIEWSPAM';
     const TRAINSPAM = 'ActivitySpamPlugin::TRAINSPAM';
@@ -60,13 +58,9 @@ class ActivitySpamPlugin extends Plugin
      */
     function initialize()
     {
-        foreach (array('username', 'password', 'server') as $attr) {
-            if (!$this->$attr) {
-                $this->$attr = common_config('activityspam', $attr);
-            }
-        }
-
-        $this->filter = new SpamFilter($this->server, $this->username, $this->password);
+        $this->filter = new SpamFilter(common_config('activityspam', 'server'),
+                                       common_config('activityspam', 'consumerkey'),
+                                       common_config('activityspam', 'secret'));
 
         return true;
     }

diff --git a/spamfilter.php b/spamfilter.php
index 0e321ebc8b6250bd666c1fa9c2169aa168bc0891..47246b35c59502447d029f12e5bd5efd3c7f11fa 100644 (file)
--- a/spamfilter.php
+++ b/spamfilter.php
@@ -1,32 +1,32 @@
 <?php
-/**
- * StatusNet - the distributed open-source microblogging tool
- * Copyright (C) 2012, StatusNet, Inc.
- *
- * Spam filter class
- * 
- * PHP version 5
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program.  If not, see <http://www.gnu.org/licenses/>.
- *
- * @category  Spam
- * @package   StatusNet
- * @author    Evan Prodromou <evan@status.net>
- * @copyright 2012 StatusNet, Inc.
- * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
- * @link      http://status.net/
- */
+  /**
+   * StatusNet - the distributed open-source microblogging tool
+   * Copyright (C) 2012, StatusNet, Inc.
+   *
+   * Spam filter class
+   * 
+   * PHP version 5
+   *
+   * This program is free software: you can redistribute it and/or modify
+   * it under the terms of the GNU Affero General Public License as published by
+   * the Free Software Foundation, either version 3 of the License, or
+   * (at your option) any later version.
+   *
+   * This program is distributed in the hope that it will be useful,
+   * but WITHOUT ANY WARRANTY; without even the implied warranty of
+   * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   * GNU Affero General Public License for more details.
+   *
+   * You should have received a copy of the GNU Affero General Public License
+   * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+   *
+   * @category  Spam
+   * @package   StatusNet
+   * @author    Evan Prodromou <evan@status.net>
+   * @copyright 2012 StatusNet, Inc.
+   * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0
+   * @link      http://status.net/
+   */
 
 if (!defined('STATUSNET')) {
     // This check helps protect against security problems;
@@ -47,20 +47,16 @@ if (!defined('STATUSNET')) {
  * @link      http://status.net/
  */
 
-class SpamFilter {
+class SpamFilter extends OAuthClient {
 
     const HAM  = 'ham';
     const SPAM = 'spam';
 
     public $server;
-    public $username;
-    public $password;
 
-    function __construct($server, $username, $password) {
-
-        $this->server   = $server;
-        $this->username = $username;
-        $this->password = $password;
+    function __construct($server, $consumerKey, $secret) {
+        parent::__construct($consumerKey, $secret);
+        $this->server = $server;
     }
 
     protected function toActivity($notice) {
@@ -80,14 +76,7 @@ class SpamFilter {
     
     public function testActivity($activity) {
 
-        $client = new HTTPClient($this->server . "/is-this-spam");
-
-        $client->setMethod('POST');
-        $client->setAuth($this->username, $this->password);
-        $client->setHeader('Content-Type', 'application/json');
-        $client->setBody(json_encode($activity->asArray()));
-
-        $response = $client->send();
+        $response = $this->postJSON($this->server . "/is-this-spam", $activity->asArray());
 
         if (!$response->isOK()) {
             throw new Exception("Error " . $response->getStatus() . " checking spam score: " . $response->getBody());
@@ -118,14 +107,7 @@ class SpamFilter {
             throw new Exception("Unknown category: " + $category);
         }
 
-        $client = new HTTPClient($this->server . $endpoint);
-
-        $client->setMethod('POST');
-        $client->setAuth($this->username, $this->password);
-        $client->setHeader('Content-Type', 'application/json');
-        $client->setBody(json_encode($activity->asArray()));
-
-        $response = $client->send();
+        $response = $this->postJSON($this->server . $endpoint, $activity->asArray());
 
         if (!$response->isOK()) {
             throw new Exception("Error " . $response->getStatus() . " checking spam score: " . $response->getBody());
@@ -153,4 +135,45 @@ class SpamFilter {
             return $this->trainActivity($activity, $category);
         }
     }
+
+    function postJSON($url, $body)
+    {
+        $request = OAuthRequest::from_consumer_and_token($this->consumer,
+                                                         $this->token,
+                                                         'POST',
+                                                         $url);
+
+        $request->sign_request($this->sha1_method,
+                               $this->consumer,
+                               $this->token);
+
+        $hclient = new HTTPClient($url);
+
+        $hclient->setConfig(array('connect_timeout' => 120,
+                                  'timeout' => 120,
+                                  'follow_redirects' => true,
+                                  'ssl_verify_peer' => false,
+                                  'ssl_verify_host' => false));
+
+        $hclient->setMethod(HTTP_Request2::METHOD_POST);
+        $hclient->setBody(json_encode($body));
+        $hclient->setHeader('Content-Type', 'application/json');
+        $hclient->setHeader($request->to_header());
+
+        // Twitter is strict about accepting invalid "Expect" headers
+        // No reason not to clear it still here -ESP
+
+        $hclient->setHeader('Expect', '');
+
+        try {
+            $response = $hclient->send();
+            $code = $response->getStatus();
+            if ($code < 200 || $code >= 400) {
+                throw new OAuthClientException($response->getBody(), $code);
+            }
+            return $response->getBody();
+        } catch (Exception $e) {
+            throw new OAuthClientException($e->getMessage(), $e->getCode());
+        }
+    }
 }