diff options
| author | Andrew Manning <tamanning@zoho.com> | 2018-03-04 06:45:07 -0500 |
|---|---|---|
| committer | Andrew Manning <tamanning@zoho.com> | 2018-03-04 06:45:07 -0500 |
| commit | 058f7277b52bdcdb80dc3e28bf0ec93a573195a7 (patch) | |
| tree | 32ca12ca4eb390396e429b1e86fd79de614f2551 /Zotlabs | |
| parent | 39fe80a196ee626dda15b5b844dd1d05893f7646 (diff) | |
| parent | 471c3c4d068d1c6d4e149098d400d792fb3550a6 (diff) | |
| download | volse-hubzilla-058f7277b52bdcdb80dc3e28bf0ec93a573195a7.tar.gz volse-hubzilla-058f7277b52bdcdb80dc3e28bf0ec93a573195a7.tar.bz2 volse-hubzilla-058f7277b52bdcdb80dc3e28bf0ec93a573195a7.zip | |
Merge branch 'dev' into oauth2
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Module/Directory.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Display.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Email_validation.php | 11 | ||||
| -rw-r--r-- | Zotlabs/Module/Follow.php | 20 | ||||
| -rw-r--r-- | Zotlabs/Module/Go.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Register.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Settings/Featured.php | 19 | ||||
| -rw-r--r-- | Zotlabs/Module/Thing.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Wfinger.php | 3 | ||||
| -rw-r--r-- | Zotlabs/Update/_1205.php | 11 | ||||
| -rw-r--r-- | Zotlabs/Update/_1207.php | 24 | ||||
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 117 | ||||
| -rw-r--r-- | Zotlabs/Widget/Newmember.php | 83 |
13 files changed, 256 insertions, 52 deletions
diff --git a/Zotlabs/Module/Directory.php b/Zotlabs/Module/Directory.php index b1552a694..85c0be6b6 100644 --- a/Zotlabs/Module/Directory.php +++ b/Zotlabs/Module/Directory.php @@ -17,7 +17,7 @@ class Directory extends \Zotlabs\Web\Controller { intval(local_channel()), dbesc($_GET['ignore']) ); - goaway(z_root() . '/directory?suggest=1'); + goaway(z_root() . '/directory?f=&suggest=1'); } $observer = get_observer_hash(); diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 11dd0d174..8e8a1ed24 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -215,6 +215,7 @@ class Display extends \Zotlabs\Web\Controller { $pager_sql = sprintf(" LIMIT %d OFFSET %d ", intval(\App::$pager['itemspage']),intval(\App::$pager['start'])); if($load || ($checkjs->disabled()) || ($module_format !== 'html')) { + $r = null; require_once('include/channel.php'); @@ -235,7 +236,7 @@ class Display extends \Zotlabs\Web\Controller { } } - if($r === null) { + if(! $r) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner uid can't match @@ -281,7 +282,7 @@ class Display extends \Zotlabs\Web\Controller { } } - if($r === null) { + if(! $r) { // in case somebody turned off public access to sys channel content using permissions // make that content unsearchable by ensuring the owner_xchan can't match if(! perm_is_allowed($sysid,$observer_hash,'view_stream')) diff --git a/Zotlabs/Module/Email_validation.php b/Zotlabs/Module/Email_validation.php index b8bb720cd..c1ba9a01a 100644 --- a/Zotlabs/Module/Email_validation.php +++ b/Zotlabs/Module/Email_validation.php @@ -7,12 +7,11 @@ class Email_validation extends \Zotlabs\Web\Controller { function post() { + $success = false; if($_POST['token']) { // This will redirect internally on success unless the channel is auto_created - if(! account_approve(trim(basename($_POST['token'])))) { - notice('Token verification failed.'); - } - else { + if(account_approve(trim(basename($_POST['token'])))) { + $success = true; if(get_config('system','auto_channel_create')) { $next_page = get_config('system', 'workflow_channel_next', 'profiles'); } @@ -21,7 +20,9 @@ class Email_validation extends \Zotlabs\Web\Controller { } } } - + if(! $success) { + notice( t('Token verification failed.') . EOL); + } } diff --git a/Zotlabs/Module/Follow.php b/Zotlabs/Module/Follow.php index d8a86d0ce..146c4e564 100644 --- a/Zotlabs/Module/Follow.php +++ b/Zotlabs/Module/Follow.php @@ -17,18 +17,23 @@ class Follow extends \Zotlabs\Web\Controller { $url = notags(trim($_REQUEST['url'])); $return_url = $_SESSION['return_url']; $confirm = intval($_REQUEST['confirm']); - + $interactive = (($_REQUEST['interactive']) ? intval($_REQUEST['interactive']) : 1); $channel = \App::get_channel(); - $result = new_contact($uid,$url,$channel,true,$confirm); + $result = new_contact($uid,$url,$channel,$interactive,$confirm); if($result['success'] == false) { if($result['message']) notice($result['message']); - goaway($return_url); + if($interactive) { + goaway($return_url); + } + else { + json_return_and_die($result); + } } - info( t('Channel added.') . EOL); + info( t('Connection added.') . EOL); $clone = array(); foreach($result['abook'] as $k => $v) { @@ -53,7 +58,12 @@ class Follow extends \Zotlabs\Web\Controller { if(($can_view_stream) || ($result['abook']['xchan_network'] === 'rss')) \Zotlabs\Daemon\Master::Summon(array('Onepoll',$result['abook']['abook_id'])); - goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); + if($interactive) { + goaway(z_root() . '/connedit/' . $result['abook']['abook_id'] . '?f=&follow=1'); + } + else { + json_return_and_die([ 'success' => true ]); + } } diff --git a/Zotlabs/Module/Go.php b/Zotlabs/Module/Go.php index d23e940c3..d33136d9e 100644 --- a/Zotlabs/Module/Go.php +++ b/Zotlabs/Module/Go.php @@ -36,7 +36,7 @@ class Go extends \Zotlabs\Web\Controller { 'cover_photo' => t('Upload a cover photo'), 'profiles' => t('Edit your default profile'), 'suggest' => t('View friend suggestions'), - 'directory' => t('View the directory to find other interesting channels'), + 'directory' => t('View the channel directory'), 'settings' => t('View/edit your channel settings'), 'help' => t('View the site or project documentation'), 'channel/' . $channel['channel_address'] => t('Visit your channel homepage'), diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php index c7fa1cee8..5356669e9 100644 --- a/Zotlabs/Module/Register.php +++ b/Zotlabs/Module/Register.php @@ -123,9 +123,6 @@ class Register extends \Zotlabs\Web\Controller { if($policy == REGISTER_OPEN ) { if($email_verify) { $res = verify_email_address($result); - if($res) { - info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; - } } else { $res = send_register_success_email($result['email'],$result['password']); @@ -133,7 +130,8 @@ class Register extends \Zotlabs\Web\Controller { if($res) { if($invite_code) { info( t('Registration successful. Continue to create your first channel...') . EOL ) ; - } else { + } + else { info( t('Registration successful. Please check your email for validation instructions.') . EOL ) ; } } diff --git a/Zotlabs/Module/Settings/Featured.php b/Zotlabs/Module/Settings/Featured.php index 1da139206..542a05363 100644 --- a/Zotlabs/Module/Settings/Featured.php +++ b/Zotlabs/Module/Settings/Featured.php @@ -57,7 +57,10 @@ class Featured { } call_hooks('feature_settings', $settings_addons); - + + $this->sortpanels($settings_addons); + + $tpl = get_markup_template("settings_addons.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_featured"), @@ -67,5 +70,15 @@ class Featured { )); return $o; } - -}
\ No newline at end of file + + function sortpanels(&$s) { + $a = explode('<div class="panel">',$s); + if($a) { + usort($a,'featured_sort'); + $s = implode('<div class="panel">',$a); + } + } + +} + + diff --git a/Zotlabs/Module/Thing.php b/Zotlabs/Module/Thing.php index f816632ab..c3d8ff802 100644 --- a/Zotlabs/Module/Thing.php +++ b/Zotlabs/Module/Thing.php @@ -20,6 +20,11 @@ class Thing extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); + if($_SERVER['REQUEST_METHOD'] === 'GET' && argc() < 2) { + profile_load($channel['channel_address']); + } + + $term_hash = (($_REQUEST['term_hash']) ? $_REQUEST['term_hash'] : ''); $name = escape_tags($_REQUEST['term']); diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 753721d27..81d4beaed 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -123,7 +123,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], - 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], + 'http://purl.org/zot/federation' => 'zot' ]; foreach($aliases as $alias) diff --git a/Zotlabs/Update/_1205.php b/Zotlabs/Update/_1205.php index 5384f183e..968833726 100644 --- a/Zotlabs/Update/_1205.php +++ b/Zotlabs/Update/_1205.php @@ -7,6 +7,17 @@ class _1205 { function run() { if(ACTIVE_DBTYPE == DBTYPE_MYSQL) { + + q("ALTER TABLE item DROP INDEX title"); + q("ALTER TABLE item DROP INDEX body"); + q("ALTER TABLE item DROP INDEX allow_cid"); + q("ALTER TABLE item DROP INDEX allow_gid"); + q("ALTER TABLE item DROP INDEX deny_cid"); + q("ALTER TABLE item DROP INDEX deny_gid"); + q("ALTER TABLE item DROP INDEX item_flags"); + q("ALTER TABLE item DROP INDEX item_restrict"); + q("ALTER TABLE item DROP INDEX aid"); + $r = q("ALTER TABLE item DROP INDEX item_private, ADD INDEX uid_item_private (uid, item_private), diff --git a/Zotlabs/Update/_1207.php b/Zotlabs/Update/_1207.php new file mode 100644 index 000000000..f53bc46ae --- /dev/null +++ b/Zotlabs/Update/_1207.php @@ -0,0 +1,24 @@ +<?php + +namespace Zotlabs\Update; + +class _1207 { + + function run() { + + if(ACTIVE_DBTYPE == DBTYPE_MYSQL) { + $r = q("ALTER TABLE item + DROP INDEX resource_type + "); + + if($r) + return UPDATE_SUCCESS; + return UPDATE_FAILED; + } + else { + return UPDATE_SUCCESS; + } + + } + +} diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index a27edb73d..9bcc2e5ec 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -3,16 +3,24 @@ namespace Zotlabs\Web; /** - * Implements HTTP Signatures per draft-cavage-http-signatures-07 + * @brief Implements HTTP Signatures per draft-cavage-http-signatures-07. + * + * @see https://tools.ietf.org/html/draft-cavage-http-signatures-07 */ - - class HTTPSig { - // See RFC5843 - - static function generate_digest($body,$set = true) { - $digest = base64_encode(hash('sha256',$body,true)); + /** + * @brief RFC5843 + * + * @see https://tools.ietf.org/html/rfc5843 + * + * @param string $body The value to create the digest for + * @param boolean $set (optional, default true) + * If set send a Digest HTTP header + * @return string The generated digest of $body + */ + static function generate_digest($body, $set = true) { + $digest = base64_encode(hash('sha256', $body, true)); if($set) { header('Digest: SHA-256=' . $digest); @@ -40,6 +48,7 @@ class HTTPSig { if(is_array($data) && $data['header']) { if(! $data['success']) return $result; + $h = new \Zotlabs\Web\HTTPHeaders($data['header']); $headers = $h->fetcharr(); $body = $data['body']; @@ -47,7 +56,7 @@ class HTTPSig { else { $headers = []; - $headers['(request-target)'] = + $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; foreach($_SERVER as $k => $v) { @@ -78,7 +87,7 @@ class HTTPSig { $result['header_signed'] = true; $signed_headers = $sig_block['headers']; - if(! $signed_headers) + if(! $signed_headers) $signed_headers = [ 'date' ]; $signed_data = ''; @@ -131,7 +140,7 @@ class HTTPSig { if($digest[0] === 'SHA-512') $hashalg = 'sha512'; - // The explode operation will have stripped the '=' padding, so compare against unpadded base64 + // The explode operation will have stripped the '=' padding, so compare against unpadded base64 if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) { $result['content_valid'] = true; } @@ -146,7 +155,7 @@ class HTTPSig { if($digest[0] === 'SHA-512') $hashalg = 'sha512'; - // The explode operation will have stripped the '=' padding, so compare against unpadded base64 + // The explode operation will have stripped the '=' padding, so compare against unpadded base64 if(rtrim(base64_encode(hash($hashalg,$_POST['data'],true)),'=') === $digest[1]) { $result['content_valid'] = true; } @@ -155,9 +164,15 @@ class HTTPSig { logger('Content_Valid: ' . (($result['content_valid']) ? 'true' : 'false')); return $result; - } + /** + * @brief + * + * @param string $id + * @return boolean|string + * false if no pub key found, otherwise return the pub key + */ function get_activitypub_key($id) { if(strpos($id,'acct:') === 0) { @@ -180,19 +195,33 @@ class HTTPSig { $j = json_decode($r,true); if($j['id'] !== $id) - return false; + return false; + if(array_key_exists('publicKey',$j) && array_key_exists('publicKeyPem',$j['publicKey'])) { return($j['publicKey']['publicKeyPem']); } } + return false; } - - - - static function create_sig($request,$head,$prvkey,$keyid = 'Key',$send_headers = false,$auth = false,$alg = 'sha256', - $crypt_key = null, $crypt_algo = 'aes256ctr') { + /** + * @brief + * + * @param string $request + * @param array $head + * @param string $prvkey + * @param string $keyid (optional, default 'Key') + * @param boolean $send_headers (optional, default false) + * If set send a HTTP header + * @param boolean $auth (optional, default false) + * @param string $alg (optional, default 'sha256') + * @param string $crypt_key (optional, default null) + * @param string $crypt_algo (optional, default 'aes256ctr') + * @return array + */ + static function create_sig($request, $head, $prvkey, $keyid = 'Key', $send_headers = false, $auth = false, + $alg = 'sha256', $crypt_key = null, $crypt_algo = 'aes256ctr') { $return_headers = []; @@ -212,7 +241,7 @@ class HTTPSig { $x = crypto_encapsulate($headerval,$crypt_key,$crypt_algo); $headerval = 'iv="' . $x['iv'] . '",key="' . $x['key'] . '",alg="' . $x['alg'] . '",data="' . $x['data'] . '"'; } - + if($auth) { $sighead = 'Authorization: Signature ' . $headerval; } @@ -236,12 +265,20 @@ class HTTPSig { else { $return_headers[] = $sighead; } + return $return_headers; } - - - static function sign($request,$head,$prvkey,$alg = 'sha256') { + /** + * @brief + * + * @param string $request + * @param array $head + * @param string $prvkey + * @param string $alg (optional) default 'sha256' + * @return array + */ + static function sign($request, $head, $prvkey, $alg = 'sha256') { $ret = []; @@ -250,27 +287,38 @@ class HTTPSig { if($request) { $headers = '(request-target)' . ': ' . trim($request) . "\n"; $fields = '(request-target)'; - } + } if($head) { foreach($head as $k => $v) { $headers .= strtolower($k) . ': ' . trim($v) . "\n"; if($fields) $fields .= ' '; + $fields .= strtolower($k); } // strip the trailing linefeed $headers = rtrim($headers,"\n"); } - $sig = base64_encode(rsa_sign($headers,$prvkey,$alg)); + $sig = base64_encode(rsa_sign($headers,$prvkey,$alg)); $ret['headers'] = $fields; $ret['signature'] = $sig; - + return $ret; } + /** + * @brief + * + * @param string $header + * @return array associate array with + * - \e string \b keyID + * - \e string \b algorithm + * - \e array \b headers + * - \e string \b signature + */ static function parse_sigheader($header) { $ret = []; @@ -297,12 +345,23 @@ class HTTPSig { } - static function decrypt_sigheader($header,$prvkey = null) { + /** + * @brief + * + * @param string $header + * @param string $prvkey (optional), if not set use site private key + * @return array|string associative array, empty string if failue + * - \e string \b iv + * - \e string \b key + * - \e string \b alg + * - \e string \b data + */ + static function decrypt_sigheader($header, $prvkey = null) { $iv = $key = $alg = $data = null; if(! $prvkey) { - $prvkey = get_config('system','prvkey'); + $prvkey = get_config('system', 'prvkey'); } $matches = []; @@ -319,10 +378,8 @@ class HTTPSig { if($iv && $key && $alg && $data) { return crypto_unencapsulate([ 'iv' => $iv, 'key' => $key, 'alg' => $alg, 'data' => $data ] , $prvkey); } - return ''; + return ''; } } - - diff --git a/Zotlabs/Widget/Newmember.php b/Zotlabs/Widget/Newmember.php new file mode 100644 index 000000000..cdb70e23d --- /dev/null +++ b/Zotlabs/Widget/Newmember.php @@ -0,0 +1,83 @@ +<?php + +namespace Zotlabs\Widget; + +class Newmember { + + function widget($arr) { + + if(! local_channel()) + return EMPTY_STR; + + $c = \App::get_channel(); + if(! $c) + return EMPTY_STR; + + + $a = \App::get_account(); + if(! $a) + return EMPTY_STR; + + + if(datetime_convert('UTC','UTC',$a['account_created']) < datetime_convert('UTC','UTC', 'now - 60 days')) + return EMPTY_STR; + + // This could be a new account that was used to clone a very old channel + + $ob = \App::get_observer(); + if($ob && array_key_exists('xchan_name_date',$ob) && $ob['xchan_name_date'] < datetime_convert('UTC','UTC','now - 60 days')) + return EMPTY_STR; + + + $options = [ + t('Profile Creation'), + [ + 'profile_photo' => t('Upload profile photo'), + 'cover_photo' => t('Upload cover photo'), + 'profiles' => t('Edit your profile'), + ], + + t('Find and Connect with others'), + [ + 'directory' => t('View the directory'), + 'directory?f=&suggest=1' => t('View friend suggestions'), + 'connections' => t('Manage your connections'), + ], + + t('Communicate'), + [ + 'channel/' . $channel['channel_address'] => t('View your channel homepage'), + 'network' => t('View your network stream'), + ], + + t('Miscellaneous'), + [ + 'settings' => t('Settings'), + 'help' => t('Documentation'), + ] + ]; + + $site_firehose = ((intval(get_config('system','site_firehose',0))) ? true : false); + $net_firehose = ((get_config('system','disable_discover_tab',1)) ? false : true); + + + // hack to put this in the correct spot of the array + + if($site_firehose || $net_firehose) { + $options[5]['pubstream'] = t('View public stream'); + } + + $o = replace_macros(get_markup_template('new_member.tpl'), [ + '$title' => t('New Member Links'), + '$options' => $options + + ]); + + return $o; + + } + +} + + + |