diff options
-rw-r--r-- | Zotlabs/Lib/Libsync.php | 40 | ||||
-rw-r--r-- | include/connections.php | 2 | ||||
-rw-r--r-- | include/conversation.php | 2 | ||||
-rw-r--r-- | include/permissions.php | 43 | ||||
-rw-r--r-- | include/security.php | 2 |
5 files changed, 38 insertions, 51 deletions
diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php index 23573e837..ef10e8046 100644 --- a/Zotlabs/Lib/Libsync.php +++ b/Zotlabs/Lib/Libsync.php @@ -384,19 +384,42 @@ class Libsync { // This relies on the undocumented behaviour that red sites send xchan info with the abook // and import_author_xchan will look them up on all federated networks - if ($abook['abook_xchan'] && $abook['xchan_addr']) { + $found = false; + if ($abook['abook_xchan'] && $abook['xchan_addr'] && (! in_array($abook['xchan_network'], [ 'token', 'unknown' ]))) { $h = Libzot::get_hublocs($abook['abook_xchan']); - if (!$h) { + if ($h) { + $found = true; + } + else { $xhash = import_author_xchan(encode_item_xchan($abook)); - if (!$xhash) { + if ($xhash) { + $found = true; + } + else { logger('Import of ' . $abook['xchan_addr'] . ' failed.'); - continue; } } } + if (!$found && !in_array($abook['xchan_network'], ['zot6', 'activitypub', 'diaspora'])) { + // just import the record. + $xc = []; + foreach ($abook as $k => $v) { + if (strpos($k,'xchan_') === 0) { + $xc[$k] = $v; + } + } + $r = q("select * from xchan where xchan_hash = '%s'", + dbesc($xc['xchan_hash']) + ); + if (! $r) { + xchan_store_lowlevel($xc); + } + } + + foreach ($abook as $k => $v) { - if (in_array($k, $disallowed) || (strpos($k, 'abook') !== 0)) { + if (in_array($k, $disallowed) || (strpos($k, 'abook_') !== 0)) { continue; } if (!in_array($k, $fields)) { @@ -410,6 +433,13 @@ class Libsync { if (array_key_exists('abook_instance', $clean) && $clean['abook_instance'] && strpos($clean['abook_instance'], z_root()) === false) { $clean['abook_not_here'] = 1; + + // guest pass or access token - don't try to probe since it is one-way + // we are relying on the undocumented behaviour that the abook record also contains the xchan + if ($abook['xchan_network'] === 'token') { + $clean['abook_instance'] .= ','; + $clean['abook_instance'] .= z_root(); + } } diff --git a/include/connections.php b/include/connections.php index 98cd4bbb5..a0a9e04a7 100644 --- a/include/connections.php +++ b/include/connections.php @@ -114,7 +114,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') { // don't provide a connect button for transient or one-way identities - if(in_array($xchan['xchan_network'],['rss','anon','unknown']) || strpos($xchan['xchan_addr'],'guest:') === 0) { + if(in_array($xchan['xchan_network'],['rss', 'anon', 'unknown', 'token'])) { $connect = false; } diff --git a/include/conversation.php b/include/conversation.php index d12151fcc..bdd27c55f 100644 --- a/include/conversation.php +++ b/include/conversation.php @@ -1061,7 +1061,7 @@ function thread_author_menu($item, $mode = '') { } else { $url = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']); - if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot' ]))) { + if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot', 'token']))) { $follow_url = z_root() . '/follow/?f=&url=' . urlencode($url) . '&interactive=0'; } } diff --git a/include/permissions.php b/include/permissions.php index bbd13ed58..c3a9286c0 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -80,23 +80,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ intval($uid), dbesc($observer_xchan) ); - if(! $x) { - // see if they've got a guest access token; these are treated as connections - $y = atoken_abook($uid,$observer_xchan); - if($y) - $x = array($y); - - if(! $x) { - // not in address book and no guest token, see if they've got an xchan - // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); - if($y) { - $x = array(pseudo_abook($y[0])); - } - } - } $abook_checked = true; } @@ -309,32 +292,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored'])) return false; - if(! $x) { - // see if they've got a guest access token - $y = atoken_abook($uid,$observer_xchan); - if($y) - $x = array($y); - - if(! $x) { - // not in address book and no guest token, see if they've got an xchan - - $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1", - dbesc($observer_xchan) - ); - if($y) { - - // This requires an explanation and the effects are subtle. - // The following line creates a fake connection, and this allows - // access tokens to have specific permissions even though they are - // not actual connections. - // The existence of this fake entry must be checked when dealing - // with connection related permissions. - - $x = array(pseudo_abook($y[0])); - } - } - - } $abperms = load_abconfig($uid,$observer_xchan,'my_perms'); } diff --git a/include/security.php b/include/security.php index f02fb8023..7f5f3193f 100644 --- a/include/security.php +++ b/include/security.php @@ -128,7 +128,7 @@ function atoken_xchan($atoken) { 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'], 'xchan_name' => $atoken['atoken_name'], 'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(), - 'xchan_network' => 'unknown', + 'xchan_network' => 'token', 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'], 'xchan_hidden' => 1, 'xchan_photo_mimetype' => 'image/png', |