* @author James Walker <james@status.net>
*/
-if (!defined('STATUSNET')) {
- exit(1);
-}
+if (!defined('GNUSOCIAL')) { exit(1); }
class SalmonAction extends Action
{
+ protected $needPost = true;
+
+ protected $oprofile = null; // Ostatus_profile of the actor
+ protected $actor = null; // Profile object of the actor
+
var $xml = null;
var $activity = null;
var $target = null;
- function prepare($args)
+ protected function prepare(array $args=array())
{
- StatusNet::setApi(true); // Send smaller error pages
+ GNUsocial::setApi(true); // Send smaller error pages
parent::prepare($args);
- if ($_SERVER['REQUEST_METHOD'] != 'POST') {
- // TRANS: Client error. POST is a HTTP command. It should not be translated.
- $this->clientError(_m('This method requires a POST.'));
+ if (!isset($_SERVER['CONTENT_TYPE'])) {
+ // TRANS: Client error. Do not translate "Content-type"
+ $this->clientError(_m('Salmon requires a Content-type header.'));
}
-
- if (empty($_SERVER['CONTENT_TYPE']) || $_SERVER['CONTENT_TYPE'] != 'application/magic-envelope+xml') {
- // TRANS: Client error. Do not translate "application/magic-envelope+xml".
- $this->clientError(_m('Salmon requires "application/magic-envelope+xml".'));
+ $envxml = null;
+ switch ($_SERVER['CONTENT_TYPE']) {
+ case 'application/magic-envelope+xml':
+ $envxml = file_get_contents('php://input');
+ break;
+ case 'application/x-www-form-urlencoded':
+ $envxml = Magicsig::base64_url_decode($this->trimmed('xml'));
+ break;
+ default:
+ // TRANS: Client error. Do not translate the quoted "application/[type]" strings.
+ $this->clientError(_m('Salmon requires "application/magic-envelope+xml". For Diaspora we also accept "application/x-www-form-urlencoded" with an "xml" parameter.', 415));
}
- $xml = file_get_contents('php://input');
+ try {
+ if (empty($envxml)) {
+ throw new ClientException('No magic envelope supplied in POST.');
+ }
+ $magic_env = new MagicEnvelope($envxml); // parse incoming XML as a MagicEnvelope
- // Check the signature
- $salmon = new Salmon;
- if (!$salmon->verifyMagicEnv($xml)) {
- common_log(LOG_DEBUG, "Salmon signature verification failed.");
- // TRANS: Client error.
- $this->clientError(_m('Salmon signature verification failed.'));
- } else {
- $magic_env = new MagicEnvelope();
- $env = $magic_env->parse($xml);
- $xml = $magic_env->unfold($env);
+ $entry = $magic_env->getPayload(); // Not cryptographically verified yet!
+ $this->activity = new Activity($entry->documentElement);
+ if (empty($this->activity->actor->id)) {
+ common_log(LOG_ERR, "broken actor: " . var_export($this->activity->actor->id, true));
+ common_log(LOG_ERR, "activity with no actor: " . var_export($this->activity, true));
+ // TRANS: Exception.
+ throw new Exception(_m('Received a salmon slap from unidentified actor.'));
+ }
+ // ensureProfiles sets $this->actor and $this->oprofile
+ $this->ensureProfiles();
+ } catch (Exception $e) {
+ common_debug('Salmon envelope parsing failed with: '.$e->getMessage());
+ $this->clientError($e->getMessage());
}
- $dom = DOMDocument::loadXML($xml);
- if ($dom->documentElement->namespaceURI != Activity::ATOM ||
- $dom->documentElement->localName != 'entry') {
- common_log(LOG_DEBUG, "Got invalid Salmon post: $xml");
- // TRANS: Client error.
- $this->clientError(_m('Salmon post must be an Atom entry.'));
- }
+ // Cryptographic verification test, throws exception on failure
+ $magic_env->verify($this->actor);
- $this->activity = new Activity($dom->documentElement);
return true;
}
* Check the posted activity type and break out to appropriate processing.
*/
- function handle($args)
+ protected function handle()
{
- StatusNet::setApi(true); // Send smaller error pages
-
- common_log(LOG_DEBUG, "Got a " . $this->activity->verb);
- if (Event::handle('StartHandleSalmonTarget', array($this->activity, $this->target)) &&
- Event::handle('StartHandleSalmon', array($this->activity))) {
- switch ($this->activity->verb)
- {
- case ActivityVerb::POST:
- $this->handlePost();
- break;
- case ActivityVerb::SHARE:
- $this->handleShare();
- break;
- case ActivityVerb::FAVORITE:
- $this->handleFavorite();
- break;
- case ActivityVerb::UNFAVORITE:
- $this->handleUnfavorite();
- break;
- case ActivityVerb::FOLLOW:
- case ActivityVerb::FRIEND:
- $this->handleFollow();
- break;
- case ActivityVerb::UNFOLLOW:
- $this->handleUnfollow();
- break;
- case ActivityVerb::JOIN:
- $this->handleJoin();
- break;
- case ActivityVerb::LEAVE:
- $this->handleLeave();
- break;
- case ActivityVerb::TAG:
- $this->handleTag();
- break;
- case ActivityVerb::UNTAG:
- $this->handleUntag();
- break;
- case ActivityVerb::UPDATE_PROFILE:
- $this->handleUpdateProfile();
- break;
- default:
- // TRANS: Client exception.
- throw new ClientException(_m('Unrecognized activity type.'));
+ parent::handle();
+
+ common_debug("Got a " . $this->activity->verb);
+ try {
+ if (Event::handle('StartHandleSalmonTarget', array($this->activity, $this->target)) &&
+ Event::handle('StartHandleSalmon', array($this->activity))) {
+ switch ($this->activity->verb) {
+ case ActivityVerb::POST:
+ $this->handlePost();
+ break;
+ case ActivityVerb::SHARE:
+ $this->handleShare();
+ break;
+ case ActivityVerb::FOLLOW:
+ case ActivityVerb::FRIEND:
+ $this->handleFollow();
+ break;
+ case ActivityVerb::UNFOLLOW:
+ $this->handleUnfollow();
+ break;
+ case ActivityVerb::JOIN:
+ $this->handleJoin();
+ break;
+ case ActivityVerb::LEAVE:
+ $this->handleLeave();
+ break;
+ case ActivityVerb::TAG:
+ $this->handleTag();
+ break;
+ case ActivityVerb::UNTAG:
+ $this->handleUntag();
+ break;
+ case ActivityVerb::UPDATE_PROFILE:
+ $this->handleUpdateProfile();
+ break;
+ default:
+ // TRANS: Client exception.
+ throw new ClientException(_m('Unrecognized activity type.'));
+ }
+ Event::handle('EndHandleSalmon', array($this->activity));
+ Event::handle('EndHandleSalmonTarget', array($this->activity, $this->target));
}
- Event::handle('EndHandleSalmon', array($this->activity));
- Event::handle('EndHandleSalmonTarget', array($this->activity, $this->target));
+ } catch (AlreadyFulfilledException $e) {
+ // The action's results are already fulfilled. Maybe it was a
+ // duplicate? Maybe someone's database is out of sync?
+ // Let's just accept it and move on.
+ common_log(LOG_INFO, 'Salmon slap carried an event which had already been fulfilled.');
}
}
throw new ClientException(_m('This target does not understand unfollows.'));
}
- function handleFavorite()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand favorites.'));
- }
-
- function handleUnfavorite()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand unfavorites.'));
- }
-
function handleShare()
{
// TRANS: Client exception.
function handleUpdateProfile()
{
$oprofile = Ostatus_profile::getActorProfile($this->activity);
- if ($oprofile) {
+ if ($oprofile instanceof Ostatus_profile) {
common_log(LOG_INFO, "Got a profile-update ping from $oprofile->uri");
$oprofile->updateFromActivityObject($this->activity->actor);
} else {
}
}
- /**
- * @return Ostatus_profile
- */
- function ensureProfile()
+ function ensureProfiles()
{
- $actor = $this->activity->actor;
- if (empty($actor->id)) {
- common_log(LOG_ERR, "broken actor: " . var_export($actor, true));
- common_log(LOG_ERR, "activity with no actor: " . var_export($this->activity, true));
- // TRANS: Exception.
- throw new Exception(_m('Received a salmon slap from unidentified actor.'));
+ try {
+ $this->oprofile = Ostatus_profile::getActorProfile($this->activity);
+ if (!$this->oprofile instanceof Ostatus_profile) {
+ throw new UnknownUriException($this->activity->actor->id);
+ }
+ } catch (UnknownUriException $e) {
+ // Apparently we didn't find the Profile object based on our URI,
+ // so OStatus doesn't have it with this URI in ostatus_profile.
+ // Try to look it up again, remote side may have changed from http to https
+ // or maybe publish an acct: URI now instead of an http: URL.
+ //
+ // Steps:
+ // 1. Check the newly received URI. Who does it say it is?
+ // 2. Compare these alleged identities to our local database.
+ // 3. If we found any locally stored identities, ask it about its aliases.
+ // 4. Do any of the aliases from our known identity match the recently introduced one?
+ //
+ // Example: We have stored http://example.com/user/1 but this URI says https://example.com/user/1
+ common_debug('No local Profile object found for a magicsigned activity author URI: '.$e->object_uri);
+ $disco = new Discovery();
+ $xrd = $disco->lookup($e->object_uri);
+ // Step 1: We got a bunch of discovery data for https://example.com/user/1 which includes
+ // aliases https://example.com/user and hopefully our original http://example.com/user/1 too
+ $all_ids = array_merge(array($xrd->subject), $xrd->aliases);
+
+ if (!in_array($e->object_uri, $all_ids)) {
+ common_debug('The activity author URI we got was not listed itself when doing discovery on it.');
+ throw $e;
+ }
+
+ // Go through each reported alias from lookup to see if we know this already
+ foreach ($all_ids as $aliased_uri) {
+ $oprofile = Ostatus_profile::getKV('uri', $aliased_uri);
+ if (!$oprofile instanceof Ostatus_profile) {
+ continue; // unknown locally, check the next alias
+ }
+ // Step 2: We found the alleged http://example.com/user/1 URI in our local database,
+ // but this can't be trusted yet because anyone can publish any alias.
+ common_debug('Found a local Ostatus_profile for "'.$e->object_uri.'" with this URI: '.$aliased_uri);
+
+ // We found an existing OStatus profile, but is it really the same? Do a callback to the URI's origin
+ // Step 3: lookup our previously known http://example.com/user/1 webfinger etc.
+ $xrd = $disco->lookup($oprofile->getUri()); // getUri returns ->uri, which we filtered on earlier
+ $doublecheck_aliases = array_merge(array($xrd->subject), $xrd->aliases);
+ common_debug('Trying to match known "'.$aliased_uri.'" against its returned aliases: '.implode(' ', $doublecheck_aliases));
+ // if we find our original URI here, it is a legitimate alias
+ // Step 4: Is the newly introduced https://example.com/user/1 URI in the list of aliases
+ // presented by http://example.com/user/1 (i.e. do they both say they are the same identity?)
+ if (in_array($e->object_uri, $doublecheck_aliases)) {
+ $oprofile->updateUriKeys($e->object_uri, DiscoveryHints::fromXRD($xrd));
+ $this->oprofile = $oprofile;
+ break; // don't iterate through aliases anymore
+ }
+ }
+
+ // We might end up here after $all_ids is iterated through without a $this->oprofile value,
+ if (!$this->oprofile instanceof Ostatus_profile) {
+ common_debug("We do not have a local profile to connect to this activity's author. Let's create one.");
+ // ensureActivityObjectProfile throws exception on failure
+ $this->oprofile = Ostatus_profile::ensureActivityObjectProfile($this->activity->actor);
+ }
}
- return Ostatus_profile::ensureActivityObjectProfile($actor);
+ assert($this->oprofile instanceof Ostatus_profile);
+
+ $this->actor = $this->oprofile->localProfile();
}
function saveNotice()
{
- $oprofile = $this->ensureProfile();
- return $oprofile->processPost($this->activity, 'salmon');
+ if (!$this->oprofile instanceof Ostatus_profile) {
+ common_debug('Ostatus_profile missing in ' . get_class(). ' profile: '.var_export($this->profile, true));
+ }
+ return $this->oprofile->processPost($this->activity, 'salmon');
}
}