123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275 |
- <?php
- /*
- * StatusNet - the distributed open-source microblogging tool
- * Copyright (C) 2010, StatusNet, Inc.
- *
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as published by
- * the Free Software Foundation, either version 3 of the License, or
- * (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see <http://www.gnu.org/licenses/>.
- */
- /**
- * @package OStatusPlugin
- * @author James Walker <james@status.net>
- */
- if (!defined('GNUSOCIAL')) { exit(1); }
- class SalmonAction extends Action
- {
- protected $needPost = true;
- protected $oprofile = null; // Ostatus_profile of the actor
- protected $actor = null; // Profile object of the actor
- var $xml = null;
- var $activity = null;
- var $target = null;
- protected function prepare(array $args=array())
- {
- StatusNet::setApi(true); // Send smaller error pages
- parent::prepare($args);
- if (!isset($_SERVER['CONTENT_TYPE']) || $_SERVER['CONTENT_TYPE'] != 'application/magic-envelope+xml') {
- // TRANS: Client error. Do not translate "application/magic-envelope+xml".
- $this->clientError(_m('Salmon requires "application/magic-envelope+xml".'));
- }
- try {
- $envxml = file_get_contents('php://input');
- $magic_env = new MagicEnvelope($envxml); // parse incoming XML as a MagicEnvelope
- $entry = $magic_env->getPayload(); // Not cryptographically verified yet!
- $this->activity = new Activity($entry->documentElement);
- if (empty($this->activity->actor->id)) {
- common_log(LOG_ERR, "broken actor: " . var_export($this->activity->actor->id, true));
- common_log(LOG_ERR, "activity with no actor: " . var_export($this->activity, true));
- // TRANS: Exception.
- throw new Exception(_m('Received a salmon slap from unidentified actor.'));
- }
- // ensureProfiles sets $this->actor and $this->oprofile
- $this->ensureProfiles();
- } catch (Exception $e) {
- common_debug('Salmon envelope parsing failed with: '.$e->getMessage());
- $this->clientError($e->getMessage());
- }
- // Cryptographic verification test
- if (!$magic_env->verify($this->actor)) {
- common_log(LOG_DEBUG, "Salmon signature verification failed.");
- // TRANS: Client error.
- $this->clientError(_m('Salmon signature verification failed.'));
- }
- return true;
- }
- /**
- * Check the posted activity type and break out to appropriate processing.
- */
- protected function handle()
- {
- parent::handle();
- common_log(LOG_DEBUG, "Got a " . $this->activity->verb);
- try {
- if (Event::handle('StartHandleSalmonTarget', array($this->activity, $this->target)) &&
- Event::handle('StartHandleSalmon', array($this->activity))) {
- switch ($this->activity->verb) {
- case ActivityVerb::POST:
- $this->handlePost();
- break;
- case ActivityVerb::SHARE:
- $this->handleShare();
- break;
- case ActivityVerb::FOLLOW:
- case ActivityVerb::FRIEND:
- $this->handleFollow();
- break;
- case ActivityVerb::UNFOLLOW:
- $this->handleUnfollow();
- break;
- case ActivityVerb::JOIN:
- $this->handleJoin();
- break;
- case ActivityVerb::LEAVE:
- $this->handleLeave();
- break;
- case ActivityVerb::TAG:
- $this->handleTag();
- break;
- case ActivityVerb::UNTAG:
- $this->handleUntag();
- break;
- case ActivityVerb::UPDATE_PROFILE:
- $this->handleUpdateProfile();
- break;
- default:
- // TRANS: Client exception.
- throw new ClientException(_m('Unrecognized activity type.'));
- }
- Event::handle('EndHandleSalmon', array($this->activity));
- Event::handle('EndHandleSalmonTarget', array($this->activity, $this->target));
- }
- } catch (AlreadyFulfilledException $e) {
- // The action's results are already fulfilled. Maybe it was a
- // duplicate? Maybe someone's database is out of sync?
- // Let's just accept it and move on.
- common_log(LOG_INFO, 'Salmon slap carried an event which had already been fulfilled.');
- }
- }
- function handlePost()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand posts.'));
- }
- function handleFollow()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand follows.'));
- }
- function handleUnfollow()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand unfollows.'));
- }
- function handleShare()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand share events.'));
- }
- function handleJoin()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand joins.'));
- }
- function handleLeave()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand leave events.'));
- }
- function handleTag()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand list events.'));
- }
- function handleUntag()
- {
- // TRANS: Client exception.
- throw new ClientException(_m('This target does not understand unlist events.'));
- }
- /**
- * Remote user sent us an update to their profile.
- * If we already know them, accept the updates.
- */
- function handleUpdateProfile()
- {
- $oprofile = Ostatus_profile::getActorProfile($this->activity);
- if ($oprofile instanceof Ostatus_profile) {
- common_log(LOG_INFO, "Got a profile-update ping from $oprofile->uri");
- $oprofile->updateFromActivityObject($this->activity->actor);
- } else {
- common_log(LOG_INFO, "Ignoring profile-update ping from unknown " . $this->activity->actor->id);
- }
- }
- function ensureProfiles()
- {
- try {
- $this->oprofile = Ostatus_profile::getActorProfile($this->activity);
- if (!$this->oprofile instanceof Ostatus_profile) {
- throw new UnknownUriException($this->activity->actor->id);
- }
- } catch (UnknownUriException $e) {
- // Apparently we didn't find the Profile object based on our URI,
- // so OStatus doesn't have it with this URI in ostatus_profile.
- // Try to look it up again, remote side may have changed from http to https
- // or maybe publish an acct: URI now instead of an http: URL.
- //
- // Steps:
- // 1. Check the newly received URI. Who does it say it is?
- // 2. Compare these alleged identities to our local database.
- // 3. If we found any locally stored identities, ask it about its aliases.
- // 4. Do any of the aliases from our known identity match the recently introduced one?
- //
- // Example: We have stored http://example.com/user/1 but this URI says https://example.com/user/1
- common_debug('No local Profile object found for a magicsigned activity author URI: '.$e->object_uri);
- $disco = new Discovery();
- $xrd = $disco->lookup($e->object_uri);
- // Step 1: We got a bunch of discovery data for https://example.com/user/1 which includes
- // aliases https://example.com/user and hopefully our original http://example.com/user/1 too
- $all_ids = array_merge(array($xrd->subject), $xrd->aliases);
- if (!in_array($e->object_uri, $all_ids)) {
- common_debug('The activity author URI we got was not listed itself when doing discovery on it.');
- throw $e;
- }
- // Go through each reported alias from lookup to see if we know this already
- foreach ($all_ids as $aliased_uri) {
- $oprofile = Ostatus_profile::getKV('uri', $aliased_uri);
- if (!$oprofile instanceof Ostatus_profile) {
- continue; // unknown locally, check the next alias
- }
- // Step 2: We found the alleged http://example.com/user/1 URI in our local database,
- // but this can't be trusted yet because anyone can publish any alias.
- common_debug('Found a local Ostatus_profile for "'.$e->object_uri.'" with this URI: '.$aliased_uri);
- // We found an existing OStatus profile, but is it really the same? Do a callback to the URI's origin
- // Step 3: lookup our previously known http://example.com/user/1 webfinger etc.
- $xrd = $disco->lookup($oprofile->getUri()); // getUri returns ->uri, which we filtered on earlier
- $doublecheck_aliases = array_merge(array($xrd->subject), $xrd->aliases);
- common_debug('Trying to match known "'.$aliased_uri.'" against its returned aliases: '.implode(' ', $doublecheck_aliases));
- // if we find our original URI here, it is a legitimate alias
- // Step 4: Is the newly introduced https://example.com/user/1 URI in the list of aliases
- // presented by http://example.com/user/1 (i.e. do they both say they are the same identity?)
- if (in_array($e->object_uri, $doublecheck_aliases)) {
- common_debug('These identities both say they are each other: "'.$aliased_uri.'" and "'.$e->object_uri);
- $this->oprofile = $oprofile;
- break; // don't iterate through aliases anymore
- }
- }
- // We might end up here after $all_ids is iterated through without a $this->oprofile value,
- if (!$this->oprofile instanceof Ostatus_profile) {
- common_debug("We do not have a local profile to connect to this activity's author. Let's create one.");
- // ensureActivityObjectProfile throws exception on failure
- $this->oprofile = Ostatus_profile::ensureActivityObjectProfile($this->activity->actor);
- }
- }
- assert($this->oprofile instanceof Ostatus_profile);
- $this->actor = $this->oprofile->localProfile();
- }
- function saveNotice()
- {
- if (!$this->oprofile instanceof Ostatus_profile) {
- common_debug('Ostatus_profile missing in ' . get_class(). ' profile: '.var_export($this->profile));
- }
- return $this->oprofile->processPost($this->activity, 'salmon');
- }
- }
|