From 89d72852d51708b793b453c385489da7ee66b9ec Mon Sep 17 00:00:00 2001 From: Evan Prodromou Date: Sat, 17 Mar 2012 01:02:41 -0400 Subject: [PATCH] Change to use OAuth for authentication --- ActivitySpamPlugin.php | 12 +--- spamfilter.php | 127 ++++++++++++++++++++++++----------------- 2 files changed, 78 insertions(+), 61 deletions(-) diff --git a/ActivitySpamPlugin.php b/ActivitySpamPlugin.php index ad33f6e998..b6871d4cd9 100644 --- a/ActivitySpamPlugin.php +++ b/ActivitySpamPlugin.php @@ -47,8 +47,6 @@ if (!defined('STATUSNET')) { class ActivitySpamPlugin extends Plugin { public $server = null; - public $username = null; - public $password = null; const REVIEWSPAM = 'ActivitySpamPlugin::REVIEWSPAM'; const TRAINSPAM = 'ActivitySpamPlugin::TRAINSPAM'; @@ -60,13 +58,9 @@ class ActivitySpamPlugin extends Plugin */ function initialize() { - foreach (array('username', 'password', 'server') as $attr) { - if (!$this->$attr) { - $this->$attr = common_config('activityspam', $attr); - } - } - - $this->filter = new SpamFilter($this->server, $this->username, $this->password); + $this->filter = new SpamFilter(common_config('activityspam', 'server'), + common_config('activityspam', 'consumerkey'), + common_config('activityspam', 'secret')); return true; } diff --git a/spamfilter.php b/spamfilter.php index 0e321ebc8b..47246b35c5 100644 --- a/spamfilter.php +++ b/spamfilter.php @@ -1,32 +1,32 @@ . - * - * @category Spam - * @package StatusNet - * @author Evan Prodromou - * @copyright 2012 StatusNet, Inc. - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 - * @link http://status.net/ - */ + /** + * StatusNet - the distributed open-source microblogging tool + * Copyright (C) 2012, StatusNet, Inc. + * + * Spam filter class + * + * PHP version 5 + * + * This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see . + * + * @category Spam + * @package StatusNet + * @author Evan Prodromou + * @copyright 2012 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html AGPL 3.0 + * @link http://status.net/ + */ if (!defined('STATUSNET')) { // This check helps protect against security problems; @@ -47,20 +47,16 @@ if (!defined('STATUSNET')) { * @link http://status.net/ */ -class SpamFilter { +class SpamFilter extends OAuthClient { const HAM = 'ham'; const SPAM = 'spam'; public $server; - public $username; - public $password; - function __construct($server, $username, $password) { - - $this->server = $server; - $this->username = $username; - $this->password = $password; + function __construct($server, $consumerKey, $secret) { + parent::__construct($consumerKey, $secret); + $this->server = $server; } protected function toActivity($notice) { @@ -80,14 +76,7 @@ class SpamFilter { public function testActivity($activity) { - $client = new HTTPClient($this->server . "/is-this-spam"); - - $client->setMethod('POST'); - $client->setAuth($this->username, $this->password); - $client->setHeader('Content-Type', 'application/json'); - $client->setBody(json_encode($activity->asArray())); - - $response = $client->send(); + $response = $this->postJSON($this->server . "/is-this-spam", $activity->asArray()); if (!$response->isOK()) { throw new Exception("Error " . $response->getStatus() . " checking spam score: " . $response->getBody()); @@ -118,14 +107,7 @@ class SpamFilter { throw new Exception("Unknown category: " + $category); } - $client = new HTTPClient($this->server . $endpoint); - - $client->setMethod('POST'); - $client->setAuth($this->username, $this->password); - $client->setHeader('Content-Type', 'application/json'); - $client->setBody(json_encode($activity->asArray())); - - $response = $client->send(); + $response = $this->postJSON($this->server . $endpoint, $activity->asArray()); if (!$response->isOK()) { throw new Exception("Error " . $response->getStatus() . " checking spam score: " . $response->getBody()); @@ -153,4 +135,45 @@ class SpamFilter { return $this->trainActivity($activity, $category); } } + + function postJSON($url, $body) + { + $request = OAuthRequest::from_consumer_and_token($this->consumer, + $this->token, + 'POST', + $url); + + $request->sign_request($this->sha1_method, + $this->consumer, + $this->token); + + $hclient = new HTTPClient($url); + + $hclient->setConfig(array('connect_timeout' => 120, + 'timeout' => 120, + 'follow_redirects' => true, + 'ssl_verify_peer' => false, + 'ssl_verify_host' => false)); + + $hclient->setMethod(HTTP_Request2::METHOD_POST); + $hclient->setBody(json_encode($body)); + $hclient->setHeader('Content-Type', 'application/json'); + $hclient->setHeader($request->to_header()); + + // Twitter is strict about accepting invalid "Expect" headers + // No reason not to clear it still here -ESP + + $hclient->setHeader('Expect', ''); + + try { + $response = $hclient->send(); + $code = $response->getStatus(); + if ($code < 200 || $code >= 400) { + throw new OAuthClientException($response->getBody(), $code); + } + return $response->getBody(); + } catch (Exception $e) { + throw new OAuthClientException($e->getMessage(), $e->getCode()); + } + } } -- 2.39.5