aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Lib/Libsync.php40
-rw-r--r--include/connections.php2
-rw-r--r--include/conversation.php2
-rw-r--r--include/permissions.php43
-rw-r--r--include/security.php2
5 files changed, 38 insertions, 51 deletions
diff --git a/Zotlabs/Lib/Libsync.php b/Zotlabs/Lib/Libsync.php
index 23573e837..ef10e8046 100644
--- a/Zotlabs/Lib/Libsync.php
+++ b/Zotlabs/Lib/Libsync.php
@@ -384,19 +384,42 @@ class Libsync {
// This relies on the undocumented behaviour that red sites send xchan info with the abook
// and import_author_xchan will look them up on all federated networks
- if ($abook['abook_xchan'] && $abook['xchan_addr']) {
+ $found = false;
+ if ($abook['abook_xchan'] && $abook['xchan_addr'] && (! in_array($abook['xchan_network'], [ 'token', 'unknown' ]))) {
$h = Libzot::get_hublocs($abook['abook_xchan']);
- if (!$h) {
+ if ($h) {
+ $found = true;
+ }
+ else {
$xhash = import_author_xchan(encode_item_xchan($abook));
- if (!$xhash) {
+ if ($xhash) {
+ $found = true;
+ }
+ else {
logger('Import of ' . $abook['xchan_addr'] . ' failed.');
- continue;
}
}
}
+ if (!$found && !in_array($abook['xchan_network'], ['zot6', 'activitypub', 'diaspora'])) {
+ // just import the record.
+ $xc = [];
+ foreach ($abook as $k => $v) {
+ if (strpos($k,'xchan_') === 0) {
+ $xc[$k] = $v;
+ }
+ }
+ $r = q("select * from xchan where xchan_hash = '%s'",
+ dbesc($xc['xchan_hash'])
+ );
+ if (! $r) {
+ xchan_store_lowlevel($xc);
+ }
+ }
+
+
foreach ($abook as $k => $v) {
- if (in_array($k, $disallowed) || (strpos($k, 'abook') !== 0)) {
+ if (in_array($k, $disallowed) || (strpos($k, 'abook_') !== 0)) {
continue;
}
if (!in_array($k, $fields)) {
@@ -410,6 +433,13 @@ class Libsync {
if (array_key_exists('abook_instance', $clean) && $clean['abook_instance'] && strpos($clean['abook_instance'], z_root()) === false) {
$clean['abook_not_here'] = 1;
+
+ // guest pass or access token - don't try to probe since it is one-way
+ // we are relying on the undocumented behaviour that the abook record also contains the xchan
+ if ($abook['xchan_network'] === 'token') {
+ $clean['abook_instance'] .= ',';
+ $clean['abook_instance'] .= z_root();
+ }
}
diff --git a/include/connections.php b/include/connections.php
index 98cd4bbb5..a0a9e04a7 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -114,7 +114,7 @@ function vcard_from_xchan($xchan, $observer = null, $mode = '') {
// don't provide a connect button for transient or one-way identities
- if(in_array($xchan['xchan_network'],['rss','anon','unknown']) || strpos($xchan['xchan_addr'],'guest:') === 0) {
+ if(in_array($xchan['xchan_network'],['rss', 'anon', 'unknown', 'token'])) {
$connect = false;
}
diff --git a/include/conversation.php b/include/conversation.php
index d12151fcc..bdd27c55f 100644
--- a/include/conversation.php
+++ b/include/conversation.php
@@ -1061,7 +1061,7 @@ function thread_author_menu($item, $mode = '') {
}
else {
$url = (($item['author']['xchan_addr']) ? $item['author']['xchan_addr'] : $item['author']['xchan_url']);
- if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot' ]))) {
+ if($local_channel && $url && (! in_array($item['author']['xchan_network'],[ 'rss', 'anon','unknown', 'zot', 'token']))) {
$follow_url = z_root() . '/follow/?f=&url=' . urlencode($url) . '&interactive=0';
}
}
diff --git a/include/permissions.php b/include/permissions.php
index bbd13ed58..c3a9286c0 100644
--- a/include/permissions.php
+++ b/include/permissions.php
@@ -80,23 +80,6 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_
intval($uid),
dbesc($observer_xchan)
);
- if(! $x) {
- // see if they've got a guest access token; these are treated as connections
- $y = atoken_abook($uid,$observer_xchan);
- if($y)
- $x = array($y);
-
- if(! $x) {
- // not in address book and no guest token, see if they've got an xchan
- // these *may* have individual (PERMS_SPECIFIC) permissions, but are not connections
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
- if($y) {
- $x = array(pseudo_abook($y[0]));
- }
- }
- }
$abook_checked = true;
}
@@ -309,32 +292,6 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock =
if(($x) && in_array($permission,$blocked_anon_perms) && intval($x[0]['abook_ignored']))
return false;
- if(! $x) {
- // see if they've got a guest access token
- $y = atoken_abook($uid,$observer_xchan);
- if($y)
- $x = array($y);
-
- if(! $x) {
- // not in address book and no guest token, see if they've got an xchan
-
- $y = q("select xchan_network from xchan where xchan_hash = '%s' limit 1",
- dbesc($observer_xchan)
- );
- if($y) {
-
- // This requires an explanation and the effects are subtle.
- // The following line creates a fake connection, and this allows
- // access tokens to have specific permissions even though they are
- // not actual connections.
- // The existence of this fake entry must be checked when dealing
- // with connection related permissions.
-
- $x = array(pseudo_abook($y[0]));
- }
- }
-
- }
$abperms = load_abconfig($uid,$observer_xchan,'my_perms');
}
diff --git a/include/security.php b/include/security.php
index f02fb8023..7f5f3193f 100644
--- a/include/security.php
+++ b/include/security.php
@@ -128,7 +128,7 @@ function atoken_xchan($atoken) {
'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_name' => $atoken['atoken_name'],
'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(),
- 'xchan_network' => 'unknown',
+ 'xchan_network' => 'token',
'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_hidden' => 1,
'xchan_photo_mimetype' => 'image/png',