WebFingerPlugin.php 9.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235
  1. <?php
  2. /*
  3. * GNU Social - a federating social network
  4. * Copyright (C) 2013, Free Software Foundation, Inc.
  5. *
  6. * This program is free software: you can redistribute it and/or modify
  7. * it under the terms of the GNU Affero General Public License as published by
  8. * the Free Software Foundation, either version 3 of the License, or
  9. * (at your option) any later version.
  10. *
  11. * This program is distributed in the hope that it will be useful,
  12. * but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
  14. * GNU Affero General Public License for more details.
  15. *
  16. * You should have received a copy of the GNU Affero General Public License
  17. * along with this program. If not, see <http://www.gnu.org/licenses/>.
  18. */
  19. /**
  20. * Implements WebFinger for GNU Social, as well as support for the
  21. * '.well-known/host-meta' resource.
  22. *
  23. * Depends on: LRDD plugin
  24. *
  25. * @package GNUsocial
  26. * @author Mikael Nordfeldth <mmn@hethane.se>
  27. */
  28. if (!defined('GNUSOCIAL')) { exit(1); }
  29. class WebFingerPlugin extends Plugin
  30. {
  31. const PLUGIN_VERSION = '2.0.0';
  32. const OAUTH_ACCESS_TOKEN_REL = 'http://apinamespace.org/oauth/access_token';
  33. const OAUTH_REQUEST_TOKEN_REL = 'http://apinamespace.org/oauth/request_token';
  34. const OAUTH_AUTHORIZE_REL = 'http://apinamespace.org/oauth/authorize';
  35. public function onRouterInitialized(URLMapper $m)
  36. {
  37. $m->connect('.well-known/host-meta', ['action' => 'hostmeta']);
  38. $m->connect('.well-known/host-meta.:format',
  39. ['action' => 'hostmeta'],
  40. ['format' => '(xml|json)']);
  41. // the resource GET parameter can be anywhere, so don't mention it here
  42. $m->connect('.well-known/webfinger', ['action' => 'webfinger']);
  43. $m->connect('.well-known/webfinger.:format',
  44. ['action' => 'webfinger'],
  45. ['format' => '(xml|json)']);
  46. $m->connect('main/ownerxrd', ['action' => 'ownerxrd']);
  47. return true;
  48. }
  49. public function onLoginAction($action, &$login)
  50. {
  51. switch ($action) {
  52. case 'hostmeta':
  53. case 'webfinger':
  54. $login = true;
  55. return false;
  56. }
  57. return true;
  58. }
  59. public function onStartGetProfileAcctUri(Profile $profile, &$acct)
  60. {
  61. $wfr = new WebFingerResource_Profile($profile);
  62. try {
  63. $acct = $wfr->reconstructAcct();
  64. } catch (Exception $e) {
  65. return true;
  66. }
  67. return false;
  68. }
  69. public function onEndGetWebFingerResource($resource, WebFingerResource &$target=null, array $args=array())
  70. {
  71. $profile = null;
  72. if (Discovery::isAcct($resource)) {
  73. $parts = explode('@', substr(urldecode($resource), 5)); // 5 is strlen of 'acct:'
  74. if (count($parts) == 2) {
  75. list($nick, $domain) = $parts;
  76. if ($domain !== common_config('site', 'server')) {
  77. throw new Exception(_('Remote profiles not supported via WebFinger yet.'));
  78. }
  79. $nick = common_canonical_nickname($nick);
  80. $user = User::getKV('nickname', $nick);
  81. if (!($user instanceof User)) {
  82. throw new NoSuchUserException(array('nickname'=>$nick));
  83. }
  84. $profile = $user->getProfile();
  85. }
  86. } elseif (!common_valid_http_url($resource)) {
  87. // If it's not a URL, we can't do our http<->https legacy fix thingie anyway,
  88. // so just try the User URI lookup!
  89. try {
  90. $user = User::getByUri($resource);
  91. $profile = $user->getProfile();
  92. } catch (NoResultException $e) {
  93. // not a User, maybe a Notice? we'll try that further down...
  94. }
  95. } else {
  96. // this means $resource is a common_valid_http_url (or https)
  97. // First build up a set of alternative resource URLs that we can use.
  98. $alt_urls = [$resource => true];
  99. if (strtolower(parse_url($resource, PHP_URL_SCHEME)) === 'https'
  100. && common_config('fix', 'legacy_http')) {
  101. $alt_urls[preg_replace('/^https:/i', 'http:', $resource, 1)] = true;
  102. }
  103. if (common_config('fix', 'fancyurls')) {
  104. foreach (array_keys($alt_urls) as $url) {
  105. try { // if it's a /index.php/ url
  106. // common_fake_local_fancy_url can throw an exception
  107. $alt_url = common_fake_local_fancy_url($url);
  108. } catch (Exception $e) { // let's try to create a fake local /index.php/ url
  109. // this too if it can't do anything about the URL
  110. $alt_url = common_fake_local_nonfancy_url($url);
  111. }
  112. $alt_urls[$alt_url] = true;
  113. }
  114. }
  115. common_debug(__METHOD__.': Generated these alternative URLs for various federation fixes: '._ve(array_keys($alt_urls)));
  116. try {
  117. common_debug(__METHOD__.': Finding User URI for WebFinger lookup on resource=='._ve($resource));
  118. $user = new User();
  119. $user->whereAddIn('uri', array_keys($alt_urls), $user->columnType('uri'));
  120. $user->limit(1);
  121. if ($user->find(true)) {
  122. $profile = $user->getProfile();
  123. }
  124. unset($user);
  125. } catch (Exception $e) {
  126. // Most likely a UserNoProfileException, if it ever happens
  127. // and then we need to do some debugging and perhaps fixes.
  128. common_log(LOG_ERR, get_class($e).': '._ve($e->getMessage()));
  129. throw $e;
  130. }
  131. try {
  132. common_debug(__METHOD__.': Finding User_group URI for WebFinger lookup on resource=='._ve($resource));
  133. $group = new User_group();
  134. $group->whereAddIn('uri', array_keys($alt_urls), $group->columnType('uri'));
  135. $group->limit(1);
  136. if ($group->find(true)) {
  137. $profile = $group->getProfile();
  138. }
  139. unset($group);
  140. } catch (Exception $e) {
  141. common_log(LOG_ERR, get_class($e).': '._ve($e->getMessage()));
  142. throw $e;
  143. }
  144. // User URI did not match, so let's try our alt_urls as Profile URL values
  145. if (!$profile instanceof Profile) {
  146. common_debug(__METHOD__.': Finding Profile URLs for WebFinger lookup on resource=='._ve($resource));
  147. // if our rewrite hack didn't work, try to get something by profile URL
  148. $profile = new Profile();
  149. $profile->whereAddIn('profileurl', array_keys($alt_urls), $profile->columnType('profileurl'));
  150. $profile->limit(1);
  151. if (!$profile->find(true) || !$profile->isLocal()) {
  152. // * Either we didn't find the profile, then we want to make
  153. // the $profile variable null for clarity.
  154. // * Or we did find it but for a possibly malicious remote
  155. // user who might've set their profile URL to a Notice URL
  156. // which would've caused a sort of DoS unless we continue
  157. // our search here by discarding the remote profile.
  158. $profile = null;
  159. }
  160. }
  161. }
  162. if ($profile instanceof Profile) {
  163. common_debug(__METHOD__.': Found Profile with ID=='._ve($profile->getID()).' for resource=='._ve($resource));
  164. $target = new WebFingerResource_Profile($profile);
  165. return false; // We got our target, stop handler execution
  166. }
  167. $notice = Notice::getKV('uri', $resource);
  168. if ($notice instanceof Notice) {
  169. $target = new WebFingerResource_Notice($notice);
  170. return false;
  171. }
  172. return true;
  173. }
  174. public function onStartHostMetaLinks(array &$links)
  175. {
  176. foreach (Discovery::supportedMimeTypes() as $type) {
  177. $links[] = new XML_XRD_Element_Link(Discovery::LRDD_REL,
  178. common_local_url('webfinger') . '?resource={uri}',
  179. $type,
  180. true); // isTemplate
  181. }
  182. // OAuth connections
  183. $links[] = new XML_XRD_Element_link(self::OAUTH_ACCESS_TOKEN_REL, common_local_url('ApiOAuthAccessToken'));
  184. $links[] = new XML_XRD_Element_link(self::OAUTH_REQUEST_TOKEN_REL, common_local_url('ApiOAuthRequestToken'));
  185. $links[] = new XML_XRD_Element_link(self::OAUTH_AUTHORIZE_REL, common_local_url('ApiOAuthAuthorize'));
  186. }
  187. /**
  188. * Add a link header for LRDD Discovery
  189. */
  190. public function onStartShowHTML($action)
  191. {
  192. if ($action instanceof ShowstreamAction) {
  193. $resource = $action->getTarget()->getUri();
  194. $url = common_local_url('webfinger') . '?resource='.urlencode($resource);
  195. foreach (array(Discovery::JRD_MIMETYPE, Discovery::XRD_MIMETYPE) as $type) {
  196. header('Link: <'.$url.'>; rel="'. Discovery::LRDD_REL.'"; type="'.$type.'"', false);
  197. }
  198. }
  199. }
  200. public function onPluginVersion(array &$versions): bool
  201. {
  202. $versions[] = array('name' => 'WebFinger',
  203. 'version' => self::PLUGIN_VERSION,
  204. 'author' => 'Mikael Nordfeldth',
  205. 'homepage' => GNUSOCIAL_ENGINE_URL,
  206. // TRANS: Plugin description.
  207. 'rawdescription' => _m('Adds WebFinger lookup to GNU Social'));
  208. return true;
  209. }
  210. }