oldkid/friendica
1
0
Fork 0
mirror of https://git.sekbaer.de/Friendica/friendica.git synced 2025-06-16 20:05:14 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Legacy DFRN transport layer is removed

Browse source
This commit is contained in:
Michael 2021-07-15 13:28:32 +00:00
parent fd37a57678
commit 3a5523820c
27 changed files with 199 additions and 3175 deletions
Download patch file Download diff file Expand all files Collapse all files

563
mod/dfrn_confirm.php
View file

@ -1,563 +0,0 @@
<?php
/**
* @copyright Copyright (C) 2010-2021, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
* Friendship acceptance for DFRN contacts
*
* There are two possible entry points and three scenarios.
*
* 1. A form was submitted by our user approving a friendship that originated elsewhere.
* This may also be called from dfrn_request to automatically approve a friendship.
*
* 2. We may be the target or other side of the conversation to scenario 1, and will
* interact with that process on our own user's behalf.
*
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/stable/spec/dfrn2.pdf
* You also find a graphic which describes the confirmation process at
* https://github.com/friendica/friendica/blob/stable/spec/dfrn2_contact_confirmation.png
*/
use Friendica\App;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\Group;
use Friendica\Model\Notification;
use Friendica\Model\User;
use Friendica\Protocol\Activity;
use Friendica\Util\Crypto;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Strings;
use Friendica\Util\XML;
function dfrn_confirm_post(App $a, $handsfree = null)
{
$node = null;
if (is_array($handsfree)) {
/*
* We were called directly from dfrn_request due to automatic friend acceptance.
* Any $_POST parameters we may require are supplied in the $handsfree array.
*
*/
$node = $handsfree['node'];
$a->interactive = false; // notice() becomes a no-op since nobody is there to see it
} elseif ($a->argc > 1) {
$node = $a->argv[1];
}
/*
* Main entry point. Scenario 1. Our user received a friend request notification (perhaps
* from another site) and clicked 'Approve'.
* $POST['source_url'] is not set. If it is, it indicates Scenario 2.
*
* We may also have been called directly from dfrn_request ($handsfree != null) due to
* this being a page type which supports automatic friend acceptance. That is also Scenario 1
* since we are operating on behalf of our registered user to approve a friendship.
*/
if (empty($_POST['source_url'])) {
$uid = ($handsfree['uid'] ?? 0) ?: local_user();
if (!$uid) {
notice(DI::l10n()->t('Permission denied.'));
return;
}
$user = DBA::selectFirst('user', [], ['uid' => $uid]);
if (!DBA::isResult($user)) {
notice(DI::l10n()->t('Profile not found.'));
return;
}
// These data elements may come from either the friend request notification form or $handsfree array.
if (is_array($handsfree)) {
Logger::log('Confirm in handsfree mode');
$dfrn_id = $handsfree['dfrn_id'];
$intro_id = $handsfree['intro_id'];
$duplex = $handsfree['duplex'];
$cid = 0;
$hidden = intval($handsfree['hidden'] ?? 0);
} else {
$dfrn_id = Strings::escapeTags(trim($_POST['dfrn_id'] ?? ''));
$intro_id = intval($_POST['intro_id'] ?? 0);
$duplex = intval($_POST['duplex'] ?? 0);
$cid = intval($_POST['contact_id'] ?? 0);
$hidden = intval($_POST['hidden'] ?? 0);
}
/*
* Ensure that dfrn_id has precedence when we go to find the contact record.
* We only want to search based on contact id if there is no dfrn_id,
* e.g. for OStatus network followers.
*/
if (strlen($dfrn_id)) {
$cid = 0;
}
Logger::log('Confirming request for dfrn_id (issued) ' . $dfrn_id);
if ($cid) {
Logger::log('Confirming follower with contact_id: ' . $cid);
}
/*
* The other person will have been issued an ID when they first requested friendship.
* Locate their record. At this time, their record will have both pending and blocked set to 1.
* There won't be any dfrn_id if this is a network follower, so use the contact_id instead.
*/
$r = q("SELECT *
FROM `contact`
WHERE (
(`issued-id` != '' AND `issued-id` = '%s')
OR
(`id` = %d AND `id` != 0)
)
AND `uid` = %d
AND `duplex` = 0
LIMIT 1",
DBA::escape($dfrn_id),
intval($cid),
intval($uid)
);
if (!DBA::isResult($r)) {
Logger::log('Contact not found in DB.');
notice(DI::l10n()->t('Contact not found.'));
notice(DI::l10n()->t('This may occasionally happen if contact was requested by both persons and it has already been approved.'));
return;
}
$contact = $r[0];
$contact_id = $contact['id'];
$relation = $contact['rel'];
$site_pubkey = $contact['site-pubkey'];
$dfrn_confirm = $contact['confirm'];
$aes_allow = $contact['aes_allow'];
$protocol = $contact['network'];
/*
* Generate a key pair for all further communications with this person.
* We have a keypair for every contact, and a site key for unknown people.
* This provides a means to carry on relationships with other people if
* any single key is compromised. It is a robust key. We're much more
* worried about key leakage than anybody cracking it.
*/
$res = Crypto::newKeypair(4096);
$private_key = $res['prvkey'];
$public_key = $res['pubkey'];
// Save the private key. Send them the public key.
$fields = ['prvkey' => $private_key, 'protocol' => Protocol::DFRN];
DBA::update('contact', $fields, ['id' => $contact_id]);
$params = [];
/*
* Per the DFRN protocol, we will verify both ends by encrypting the dfrn_id with our
* site private key (person on the other end can decrypt it with our site public key).
* Then encrypt our profile URL with the other person's site public key. They can decrypt
* it with their site private key. If the decryption on the other end fails for either
* item, it indicates tampering or key failure on at least one site and we will not be
* able to provide a secure communication pathway.
*
* If other site is willing to accept full encryption, (aes_allow is 1 AND we have php5.3
* or later) then we encrypt the personal public key we send them using AES-256-CBC and a
* random key which is encrypted with their site public key.
*/
$src_aes_key = random_bytes(64);
$result = '';
openssl_private_encrypt($dfrn_id, $result, $user['prvkey']);
$params['dfrn_id'] = bin2hex($result);
$params['public_key'] = $public_key;
$my_url = DI::baseUrl() . '/profile/' . $user['nickname'];
openssl_public_encrypt($my_url, $params['source_url'], $site_pubkey);
$params['source_url'] = bin2hex($params['source_url']);
if ($aes_allow && function_exists('openssl_encrypt')) {
openssl_public_encrypt($src_aes_key, $params['aes_key'], $site_pubkey);
$params['aes_key'] = bin2hex($params['aes_key']);
$params['public_key'] = bin2hex(openssl_encrypt($public_key, 'AES-256-CBC', $src_aes_key));
}
$params['dfrn_version'] = DFRN_PROTOCOL_VERSION;
if ($duplex == 1) {
$params['duplex'] = 1;
}
if ($user['page-flags'] == User::PAGE_FLAGS_COMMUNITY) {
$params['page'] = 1;
}
if ($user['page-flags'] == User::PAGE_FLAGS_PRVGROUP) {
$params['page'] = 2;
}
Logger::debug('Confirm: posting data', ['confirm' => $dfrn_confirm, 'parameter' => $params]);
/*
*
* POST all this stuff to the other site.
* Temporarily raise the network timeout to 120 seconds because the default 60
* doesn't always give the other side quite enough time to decrypt everything.
*
*/
$res = DI::httpRequest()->post($dfrn_confirm, $params, [], 120)->getBody();
Logger::log(' Confirm: received data: ' . $res, Logger::DATA);
// Now figure out what they responded. Try to be robust if the remote site is
// having difficulty and throwing up errors of some kind.
$leading_junk = substr($res, 0, strpos($res, '<?xml'));
$res = substr($res, strpos($res, '<?xml'));
if (!strlen($res)) {
// No XML at all, this exchange is messed up really bad.
// We shouldn't proceed, because the xml parser might choke,
// and $status is going to be zero, which indicates success.
// We can hardly call this a success.
notice(DI::l10n()->t('Response from remote site was not understood.'));
return;
}
if (strlen($leading_junk) && DI::config()->get('system', 'debugging')) {
// This might be more common. Mixed error text and some XML.
// If we're configured for debugging, show the text. Proceed in either case.
notice(DI::l10n()->t('Unexpected response from remote site: ') . $leading_junk);
}
if (stristr($res, "<status") === false) {
// wrong xml! stop here!
Logger::log('Unexpected response posting to ' . $dfrn_confirm);
notice(DI::l10n()->t('Unexpected response from remote site: ') . EOL . htmlspecialchars($res));
return;
}
$xml = XML::parseString($res);
$status = (int) $xml->status;
$message = XML::unescape($xml->message); // human readable text of what may have gone wrong.
switch ($status) {
case 0:
info(DI::l10n()->t("Confirmation completed successfully."));
break;
case 1:
// birthday paradox - generate new dfrn-id and fall through.
$new_dfrn_id = Strings::getRandomHex();
q("UPDATE contact SET `issued-id` = '%s' WHERE `id` = %d AND `uid` = %d",
DBA::escape($new_dfrn_id),
intval($contact_id),
intval($uid)
);
case 2:
notice(DI::l10n()->t("Temporary failure. Please wait and try again."));
break;
case 3:
notice(DI::l10n()->t("Introduction failed or was revoked."));
break;
}
if (strlen($message)) {
notice(DI::l10n()->t('Remote site reported: ') . $message);
}
if (($status == 0) && $intro_id) {
$intro = DBA::selectFirst('intro', ['note'], ['id' => $intro_id]);
if (DBA::isResult($intro)) {
DBA::update('contact', ['reason' => $intro['note']], ['id' => $contact_id]);
}
// Success. Delete the notification.
DBA::delete('intro', ['id' => $intro_id]);
}
if ($status != 0) {
return;
}
/*
* We have now established a relationship with the other site.
* Let's make our own personal copy of their profile photo so we don't have
* to always load it from their site.
*
* We will also update the contact record with the nature and scope of the relationship.
*/
Contact::updateAvatar($contact_id, $contact['photo']);
Logger::log('dfrn_confirm: confirm - imported photos');
$new_relation = Contact::FOLLOWER;
if (($relation == Contact::SHARING) || ($duplex)) {
$new_relation = Contact::FRIEND;
}
if (($relation == Contact::SHARING) && ($duplex)) {
$duplex = 0;
}
$r = q("UPDATE `contact` SET `rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`hidden` = %d,
`network` = '%s' WHERE `id` = %d
",
intval($new_relation),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape(DateTimeFormat::utcNow()),
intval($duplex),
intval($hidden),
DBA::escape(Protocol::DFRN),
intval($contact_id)
);
// reload contact info
$contact = DBA::selectFirst('contact', [], ['id' => $contact_id]);
Group::addMember(User::getDefaultGroup($uid, $contact["network"]), $contact['id']);
// Let's send our user to the contact editor in case they want to
// do anything special with this new friend.
if ($handsfree === null) {
DI::baseUrl()->redirect('contact/' . intval($contact_id));
} else {
return;
}
//NOTREACHED
}
/*
* End of Scenario 1. [Local confirmation of remote friend request].
*
* Begin Scenario 2. This is the remote response to the above scenario.
* This will take place on the site that originally initiated the friend request.
* In the section above where the confirming party makes a POST and
* retrieves xml status information, they are communicating with the following code.
*/
if (!empty($_POST['source_url'])) {
// We are processing an external confirmation to an introduction created by our user.
$public_key = $_POST['public_key'] ?? '';
$dfrn_id = hex2bin($_POST['dfrn_id'] ?? '');
$source_url = hex2bin($_POST['source_url'] ?? '');
$aes_key = $_POST['aes_key'] ?? '';
$duplex = intval($_POST['duplex'] ?? 0);
$page = intval($_POST['page'] ?? 0);
$forum = (($page == 1) ? 1 : 0);
$prv = (($page == 2) ? 1 : 0);
Logger::notice('requestee contacted', ['node' => $node]);
Logger::debug('request', ['POST' => $_POST]);
// If $aes_key is set, both of these items require unpacking from the hex transport encoding.
if (!empty($aes_key)) {
$aes_key = hex2bin($aes_key);
$public_key = hex2bin($public_key);
}
// Find our user's account
$user = DBA::selectFirst('user', [], ['nickname' => $node]);
if (!DBA::isResult($user)) {
$message = DI::l10n()->t('No user record found for \'%s\' ', $node);
System::xmlExit(3, $message); // failure
// NOTREACHED
}
$my_prvkey = $user['prvkey'];
$local_uid = $user['uid'];
if (!strstr($my_prvkey, 'PRIVATE KEY')) {
$message = DI::l10n()->t('Our site encryption key is apparently messed up.');
System::xmlExit(3, $message);
}
// verify everything
$decrypted_source_url = "";
openssl_private_decrypt($source_url, $decrypted_source_url, $my_prvkey);
if (!strlen($decrypted_source_url)) {
$message = DI::l10n()->t('Empty site URL was provided or URL could not be decrypted by us.');
System::xmlExit(3, $message);
// NOTREACHED
}
$contact = DBA::selectFirst('contact', [], ['url' => $decrypted_source_url, 'uid' => $local_uid]);
if (!DBA::isResult($contact)) {
if (strstr($decrypted_source_url, 'http:')) {
$newurl = str_replace('http:', 'https:', $decrypted_source_url);
} else {
$newurl = str_replace('https:', 'http:', $decrypted_source_url);
}
$contact = DBA::selectFirst('contact', [], ['url' => $newurl, 'uid' => $local_uid]);
if (!DBA::isResult($contact)) {
// this is either a bogus confirmation (?) or we deleted the original introduction.
$message = DI::l10n()->t('Contact record was not found for you on our site.');
System::xmlExit(3, $message);
return; // NOTREACHED
}
}
$relation = $contact['rel'];
// Decrypt all this stuff we just received
$foreign_pubkey = $contact['site-pubkey'];
$dfrn_record = $contact['id'];
if (!$foreign_pubkey) {
$message = DI::l10n()->t('Site public key not available in contact record for URL %s.', $decrypted_source_url);
System::xmlExit(3, $message);
}
$decrypted_dfrn_id = "";
openssl_public_decrypt($dfrn_id, $decrypted_dfrn_id, $foreign_pubkey);
if (strlen($aes_key)) {
$decrypted_aes_key = "";
openssl_private_decrypt($aes_key, $decrypted_aes_key, $my_prvkey);
$dfrn_pubkey = openssl_decrypt($public_key, 'AES-256-CBC', $decrypted_aes_key);
} else {
$dfrn_pubkey = $public_key;
}
if (DBA::exists('contact', ['dfrn-id' => $decrypted_dfrn_id])) {
$message = DI::l10n()->t('The ID provided by your system is a duplicate on our system. It should work if you try again.');
System::xmlExit(1, $message); // Birthday paradox - duplicate dfrn-id
// NOTREACHED
}
$r = q("UPDATE `contact` SET `dfrn-id` = '%s', `pubkey` = '%s' WHERE `id` = %d",
DBA::escape($decrypted_dfrn_id),
DBA::escape($dfrn_pubkey),
intval($dfrn_record)
);
if (!DBA::isResult($r)) {
$message = DI::l10n()->t('Unable to set your contact credentials on our system.');
System::xmlExit(3, $message);
}
// It's possible that the other person also requested friendship.
// If it is a duplex relationship, ditch the issued-id if one exists.
if ($duplex) {
q("UPDATE `contact` SET `issued-id` = '' WHERE `id` = %d",
intval($dfrn_record)
);
}
// We're good but now we have to scrape the profile photo and send notifications.
$contact = DBA::selectFirst('contact', ['photo'], ['id' => $dfrn_record]);
if (DBA::isResult($contact)) {
$photo = $contact['photo'];
} else {
$photo = DI::baseUrl() . Contact::DEFAULT_AVATAR_PHOTO;
}
Contact::updateAvatar($dfrn_record, $photo);
Logger::log('dfrn_confirm: request - photos imported');
$new_relation = Contact::SHARING;
if (($relation == Contact::FOLLOWER) || ($duplex)) {
$new_relation = Contact::FRIEND;
}
if (($relation == Contact::FOLLOWER) && ($duplex)) {
$duplex = 0;
}
$r = q("UPDATE `contact` SET
`rel` = %d,
`name-date` = '%s',
`uri-date` = '%s',
`blocked` = 0,
`pending` = 0,
`duplex` = %d,
`forum` = %d,
`prv` = %d,
`network` = '%s' WHERE `id` = %d
",
intval($new_relation),
DBA::escape(DateTimeFormat::utcNow()),
DBA::escape(DateTimeFormat::utcNow()),
intval($duplex),
intval($forum),
intval($prv),
DBA::escape(Protocol::DFRN),
intval($dfrn_record)
);
if (!DBA::isResult($r)) { // indicates schema is messed up or total db failure
$message = DI::l10n()->t('Unable to update your contact profile details on our system');
System::xmlExit(3, $message);
}
// Otherwise everything seems to have worked and we are almost done. Yay!
// Send an email notification
Logger::log('dfrn_confirm: request: info updated');
$combined = null;
$r = q("SELECT `contact`.*, `user`.*
FROM `contact`
LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`id` = %d
LIMIT 1",
intval($dfrn_record)
);
if (DBA::isResult($r)) {
$combined = $r[0];
if ($combined['notify-flags'] & Notification\Type::CONFIRM) {
$mutual = ($new_relation == Contact::FRIEND);
notification([
'type' => Notification\Type::CONFIRM,
'otype' => Notification\ObjectType::INTRO,
'verb' => ($mutual ? Activity::FRIEND : Activity::FOLLOW),
'uid' => $combined['uid'],
'cid' => $combined['id'],
'link' => DI::baseUrl() . '/contact/' . $dfrn_record,
]);
}
}
System::xmlExit(0); // Success
return; // NOTREACHED
////////////////////// End of this scenario ///////////////////////////////////////////////
}
// somebody arrived here by mistake or they are fishing. Send them to the homepage.
DI::baseUrl()->redirect();
// NOTREACHED
}

276
mod/dfrn_notify.php
View file

@ -26,14 +26,12 @@ use Friendica\App;
use Friendica\Core\Logger;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\Conversation;
use Friendica\Model\User;
use Friendica\Network\HTTPException;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\Diaspora;
use Friendica\Util\Network;
use Friendica\Util\Strings;
function dfrn_notify_post(App $a) {
$postdata = Network::postdata();
@ -53,148 +51,7 @@ function dfrn_notify_post(App $a) {
salmon_post($a, $postdata);
}
}
$dfrn_id = (!empty($_POST['dfrn_id']) ? Strings::escapeTags(trim($_POST['dfrn_id'])) : '');
$dfrn_version = (!empty($_POST['dfrn_version']) ? (float) $_POST['dfrn_version'] : 2.0);
$challenge = (!empty($_POST['challenge']) ? Strings::escapeTags(trim($_POST['challenge'])) : '');
$data = $_POST['data'] ?? '';
$key = $_POST['key'] ?? '';
$rino_remote = (!empty($_POST['rino']) ? intval($_POST['rino']) : 0);
$dissolve = (!empty($_POST['dissolve']) ? intval($_POST['dissolve']) : 0);
$perm = (!empty($_POST['perm']) ? Strings::escapeTags(trim($_POST['perm'])) : 'r');
$ssl_policy = (!empty($_POST['ssl_policy']) ? Strings::escapeTags(trim($_POST['ssl_policy'])): 'none');
$page = (!empty($_POST['page']) ? intval($_POST['page']) : 0);
$forum = (($page == 1) ? 1 : 0);
$prv = (($page == 2) ? 1 : 0);
$writable = (-1);
if ($dfrn_version >= 2.21) {
$writable = (($perm === 'rw') ? 1 : 0);
}
$direction = (-1);
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
if (!DBA::exists('challenge', ['dfrn-id' => $dfrn_id, 'challenge' => $challenge])) {
Logger::log('could not match challenge to dfrn_id ' . $dfrn_id . ' challenge=' . $challenge);
System::xmlExit(3, 'Could not match challenge');
}
DBA::delete('challenge', ['dfrn-id' => $dfrn_id, 'challenge' => $challenge]);
$user = DBA::selectFirst('user', ['uid'], ['nickname' => $a->argv[1]]);
if (!DBA::isResult($user)) {
Logger::log('User not found for nickname ' . $a->argv[1]);
System::xmlExit(3, 'User not found');
}
// find the local user who owns this relationship.
$condition = [];
switch ($direction) {
case (-1):
$condition = ["(`issued-id` = ? OR `dfrn-id` = ?) AND `uid` = ?", $dfrn_id, $dfrn_id, $user['uid']];
break;
case 0:
$condition = ['issued-id' => $dfrn_id, 'duplex' => true, 'uid' => $user['uid']];
break;
case 1:
$condition = ['dfrn-id' => $dfrn_id, 'duplex' => true, 'uid' => $user['uid']];
break;
default:
System::xmlExit(3, 'Invalid direction');
break; // NOTREACHED
}
$contact = DBA::selectFirst('contact', ['id'], $condition);
if (!DBA::isResult($contact)) {
Logger::log('contact not found for dfrn_id ' . $dfrn_id);
System::xmlExit(3, 'Contact not found');
}
// $importer in this case contains the contact record for the remote contact joined with the user record of our user.
$importer = DFRN::getImporter($contact['id'], $user['uid']);
if ((($writable != (-1)) && ($writable != $importer['writable'])) || ($importer['forum'] != $forum) || ($importer['prv'] != $prv)) {
$fields = ['writable' => ($writable == (-1)) ? $importer['writable'] : $writable,
'forum' => $forum, 'prv' => $prv];
DBA::update('contact', $fields, ['id' => $importer['id']]);
if ($writable != (-1)) {
$importer['writable'] = $writable;
}
$importer['forum'] = $page;
}
// if contact's ssl policy changed, update our links
$importer = Contact::updateSslPolicy($importer, $ssl_policy);
Logger::log('data: ' . $data, Logger::DATA);
if ($dissolve == 1) {
// Relationship is dissolved permanently
Contact::remove($importer['id']);
Logger::log('relationship dissolved : ' . $importer['name'] . ' dissolved ' . $importer['username']);
System::xmlExit(0, 'relationship dissolved');
}
$rino = DI::config()->get('system', 'rino_encrypt');
$rino = intval($rino);
if (strlen($key)) {
// if local rino is lower than remote rino, abort: should not happen!
// but only for $remote_rino > 1, because old code did't send rino version
if ($rino_remote > 1 && $rino < $rino_remote) {
Logger::log("rino version '$rino_remote' is lower than supported '$rino'");
System::xmlExit(0, "rino version '$rino_remote' is lower than supported '$rino'");
}
$rawkey = hex2bin(trim($key));
Logger::log('rino: md5 raw key: ' . md5($rawkey), Logger::DATA);
$final_key = '';
if ($dfrn_version >= 2.1) {
if (($importer['duplex'] && strlen($importer['cprvkey'])) || !strlen($importer['cpubkey'])) {
openssl_private_decrypt($rawkey, $final_key, $importer['cprvkey']);
} else {
openssl_public_decrypt($rawkey, $final_key, $importer['cpubkey']);
}
} else {
if (($importer['duplex'] && strlen($importer['cpubkey'])) || !strlen($importer['cprvkey'])) {
openssl_public_decrypt($rawkey, $final_key, $importer['cpubkey']);
} else {
openssl_private_decrypt($rawkey, $final_key, $importer['cprvkey']);
}
}
switch ($rino_remote) {
case 0:
case 1:
// we got a key. old code send only the key, without RINO version.
// we assume RINO 1 if key and no RINO version
$data = DFRN::aesDecrypt(hex2bin($data), $final_key);
break;
default:
Logger::log("rino: invalid sent version '$rino_remote'");
System::xmlExit(0, "Invalid sent version '$rino_remote'");
}
Logger::log('rino: decrypted data: ' . $data, Logger::DATA);
}
Logger::log('Importing post from ' . $importer['addr'] . ' to ' . $importer['nickname'] . ' with the RINO ' . $rino_remote . ' encryption.', Logger::DEBUG);
$ret = DFRN::import($data, $importer, Conversation::PARCEL_LEGACY_DFRN, Conversation::PUSH);
System::xmlExit($ret, 'Processed');
// NOTREACHED
throw new HTTPException\BadRequestException();
}
function dfrn_dispatch_public($postdata)
@ -261,132 +118,5 @@ function dfrn_dispatch_private($user, $postdata)
}
function dfrn_notify_content(App $a) {
if (!empty($_GET['dfrn_id'])) {
/*
* initial communication from external contact, $direction is their direction.
* If this is a duplex communication, ours will be the opposite.
*/
$dfrn_id = Strings::escapeTags(trim($_GET['dfrn_id']));
$rino_remote = (!empty($_GET['rino']) ? intval($_GET['rino']) : 0);
$type = "";
$last_update = "";
Logger::log('new notification dfrn_id=' . $dfrn_id);
$direction = (-1);
if (strpos($dfrn_id,':') == 1) {
$direction = intval(substr($dfrn_id,0,1));
$dfrn_id = substr($dfrn_id,2);
}
$hash = Strings::getRandomHex();
$status = 0;
DBA::delete('challenge', ["`expire` < ?", time()]);
$fields = ['challenge' => $hash, 'dfrn-id' => $dfrn_id, 'expire' => time() + 90,
'type' => $type, 'last_update' => $last_update];
DBA::insert('challenge', $fields);
Logger::log('challenge=' . $hash, Logger::DATA);
$user = DBA::selectFirst('user', ['uid'], ['nickname' => $a->argv[1]]);
if (!DBA::isResult($user)) {
Logger::log('User not found for nickname ' . $a->argv[1]);
exit();
}
$condition = [];
switch ($direction) {
case (-1):
$condition = ["(`issued-id` = ? OR `dfrn-id` = ?) AND `uid` = ?", $dfrn_id, $dfrn_id, $user['uid']];
$my_id = $dfrn_id;
break;
case 0:
$condition = ['issued-id' => $dfrn_id, 'duplex' => true, 'uid' => $user['uid']];
$my_id = '1:' . $dfrn_id;
break;
case 1:
$condition = ['dfrn-id' => $dfrn_id, 'duplex' => true, 'uid' => $user['uid']];
$my_id = '0:' . $dfrn_id;
break;
default:
$status = 1;
$my_id = '';
break;
}
$contact = DBA::selectFirst('contact', ['id'], $condition);
if (!DBA::isResult($contact)) {
Logger::log('contact not found for dfrn_id ' . $dfrn_id);
System::xmlExit(3, 'Contact not found');
}
// $importer in this case contains the contact record for the remote contact joined with the user record of our user.
$importer = DFRN::getImporter($contact['id'], $user['uid']);
if (empty($importer)) {
Logger::log('No importer data found for user ' . $a->argv[1] . ' and contact ' . $dfrn_id);
exit();
}
Logger::log("Remote rino version: ".$rino_remote." for ".$importer["url"], Logger::DATA);
$challenge = '';
$encrypted_id = '';
$id_str = $my_id . '.' . mt_rand(1000,9999);
$prv_key = trim($importer['cprvkey']);
$pub_key = trim($importer['cpubkey']);
$dplx = intval($importer['duplex']);
if (($dplx && strlen($prv_key)) || (strlen($prv_key) && !strlen($pub_key))) {
openssl_private_encrypt($hash, $challenge, $prv_key);
openssl_private_encrypt($id_str, $encrypted_id, $prv_key);
} elseif (strlen($pub_key)) {
openssl_public_encrypt($hash, $challenge, $pub_key);
openssl_public_encrypt($id_str, $encrypted_id, $pub_key);
} else {
/// @TODO these kind of else-blocks are making the code harder to understand
$status = 1;
}
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
$rino = DI::config()->get('system', 'rino_encrypt');
$rino = intval($rino);
Logger::log("Local rino version: ". $rino, Logger::DATA);
// if requested rino is lower than enabled local rino, lower local rino version
// if requested rino is higher than enabled local rino, reply with local rino
if ($rino_remote < $rino) {
$rino = $rino_remote;
}
if (($importer['rel'] && ($importer['rel'] != Contact::SHARING)) || ($importer['page-flags'] == User::PAGE_FLAGS_COMMUNITY)) {
$perm = 'rw';
} else {
$perm = 'r';
}
header("Content-type: text/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
. '<dfrn_notify>' . "\r\n"
. "\t" . '<status>' . $status . '</status>' . "\r\n"
. "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
. "\t" . '<rino>' . $rino . '</rino>' . "\r\n"
. "\t" . '<perm>' . $perm . '</perm>' . "\r\n"
. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
. '</dfrn_notify>' . "\r\n";
exit();
}
throw new HTTPException\NotFoundException();
}

527
mod/dfrn_poll.php
View file

@ -20,536 +20,17 @@
*/
use Friendica\App;
use Friendica\Core\Logger;
use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Protocol\DFRN;
use Friendica\Protocol\OStatus;
use Friendica\Util\Strings;
use Friendica\Util\XML;
use Friendica\Network\HTTPException;
function dfrn_poll_init(App $a)
{
DI::auth()->withSession($a);
$dfrn_id = $_GET['dfrn_id'] ?? '';
$type = ($_GET['type'] ?? '') ?: 'data';
$last_update = $_GET['last_update'] ?? '';
$destination_url = $_GET['destination_url'] ?? '';
$challenge = $_GET['challenge'] ?? '';
$sec = $_GET['sec'] ?? '';
$dfrn_version = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
$quiet = !empty($_GET['quiet']);
// Possibly it is an OStatus compatible server that requests a user feed
$user_agent = $_SERVER['HTTP_USER_AGENT'] ?? '';
if (($a->argc > 1) && ($dfrn_id == '') && !strstr($user_agent, 'Friendica')) {
if ($a->argc > 1) {
$nickname = $a->argv[1];
header("Content-type: application/atom+xml");
$last_update = $_GET['last_update'] ?? '';
echo OStatus::feed($nickname, $last_update, 10);
exit();
}
$direction = -1;
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
$hidewall = false;
if (($dfrn_id === '') && empty($_POST['dfrn_id'])) {
if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
throw new \Friendica\Network\HTTPException\ForbiddenException();
}
$user = '';
if ($a->argc > 1) {
$r = q("SELECT `hidewall`,`nickname` FROM `user` WHERE `user`.`nickname` = '%s' LIMIT 1",
DBA::escape($a->argv[1])
);
if (!$r) {
throw new \Friendica\Network\HTTPException\NotFoundException();
}
$hidewall = ($r[0]['hidewall'] && !local_user());
$user = $r[0]['nickname'];
}
Logger::log('dfrn_poll: public feed request from ' . $_SERVER['REMOTE_ADDR'] . ' for ' . $user);
header("Content-type: application/atom+xml");
echo DFRN::feed('', $user, $last_update, 0, $hidewall);
exit();
}
if (($type === 'profile') && (!strlen($sec))) {
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND ( `dfrn-id` = '%s' OR `issued-id` = '%s' ) ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
DI::baseUrl()->redirect();
break; // NOTREACHED
}
$r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
DBA::escape($a->argv[1])
);
if (DBA::isResult($r)) {
$s = DI::httpRequest()->fetch($r[0]['poll'] . '?dfrn_id=' . $my_id . '&type=profile-check');
Logger::log("dfrn_poll: old profile returns " . $s, Logger::DATA);
if (strlen($s)) {
$xml = XML::parseString($s);
if ((int)$xml->status === 1) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_handle'] = $r[0]['addr'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
$_SESSION['my_url'] = $r[0]['url'];
$_SESSION['remote_comment'] = $r[0]['subscribe'];
Session::setVisitorsContacts();
if (!$quiet) {
info(DI::l10n()->t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']));
}
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
DBA::escape($expire),
DBA::escape($session_id)
);
}
}
$profile = (count($r) > 0 && isset($r[0]['nickname']) ? $r[0]['nickname'] : '');
if (!empty($destination_url)) {
System::externalRedirect($destination_url);
} else {
DI::baseUrl()->redirect('profile/' . $profile);
}
}
DI::baseUrl()->redirect();
}
if ($type === 'profile-check' && $dfrn_version < 2.2) {
if ((strlen($challenge)) && (strlen($sec))) {
DBA::delete('profile_check', ["`expire` < ?", time()]);
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
DBA::escape($sec)
);
if (!DBA::isResult($r)) {
System::xmlExit(3, 'No ticket');
// NOTREACHED
}
$orig_id = $r[0]['dfrn_id'];
if (strpos($orig_id, ':')) {
$orig_id = substr($orig_id, 2);
}
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid'])
);
if (!DBA::isResult($c)) {
System::xmlExit(3, 'No profile');
}
$contact = $c[0];
$sent_dfrn_id = hex2bin($dfrn_id);
$challenge = hex2bin($challenge);
$final_dfrn_id = '';
if (($contact['duplex']) && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']);
} else {
openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if (strpos($final_dfrn_id, ':') == 1) {
$final_dfrn_id = substr($final_dfrn_id, 2);
}
if ($final_dfrn_id != $orig_id) {
Logger::log('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, Logger::DEBUG);
// did not decode properly - cannot trust this site
System::xmlExit(3, 'Bad decryption');
}
header("Content-type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
exit();
// NOTREACHED
} else {
// old protocol
switch ($direction) {
case 1:
$dfrn_id = '0:' . $dfrn_id;
break;
case 0:
$dfrn_id = '1:' . $dfrn_id;
break;
default:
break;
}
DBA::delete('profile_check', ["`expire` < ?", time()]);
$r = q("SELECT * FROM `profile_check` WHERE `dfrn_id` = '%s' ORDER BY `expire` DESC",
DBA::escape($dfrn_id));
if (DBA::isResult($r)) {
System::xmlExit(1);
return; // NOTREACHED
}
System::xmlExit(0);
return; // NOTREACHED
}
}
}
function dfrn_poll_post(App $a)
{
$dfrn_id = $_POST['dfrn_id'] ?? '';
$challenge = $_POST['challenge'] ?? '';
$sec = $_POST['sec'] ?? '';
$ptype = $_POST['type'] ?? '';
$perm = ($_POST['perm'] ?? '') ?: 'r';
$dfrn_version = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
if ($ptype === 'profile-check') {
if (strlen($challenge) && strlen($sec)) {
Logger::log('dfrn_poll: POST: profile-check');
DBA::delete('profile_check', ["`expire` < ?", time()]);
$r = q("SELECT * FROM `profile_check` WHERE `sec` = '%s' ORDER BY `expire` DESC LIMIT 1",
DBA::escape($sec)
);
if (!DBA::isResult($r)) {
System::xmlExit(3, 'No ticket');
// NOTREACHED
}
$orig_id = $r[0]['dfrn_id'];
if (strpos($orig_id, ':')) {
$orig_id = substr($orig_id, 2);
}
$c = q("SELECT * FROM `contact` WHERE `id` = %d LIMIT 1",
intval($r[0]['cid'])
);
if (!DBA::isResult($c)) {
System::xmlExit(3, 'No profile');
}
$contact = $c[0];
$sent_dfrn_id = hex2bin($dfrn_id);
$challenge = hex2bin($challenge);
$final_dfrn_id = '';
if ($contact['duplex'] && strlen($contact['prvkey'])) {
openssl_private_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['prvkey']);
openssl_private_decrypt($challenge, $decoded_challenge, $contact['prvkey']);
} else {
openssl_public_decrypt($sent_dfrn_id, $final_dfrn_id, $contact['pubkey']);
openssl_public_decrypt($challenge, $decoded_challenge, $contact['pubkey']);
}
$final_dfrn_id = substr($final_dfrn_id, 0, strpos($final_dfrn_id, '.'));
if (strpos($final_dfrn_id, ':') == 1) {
$final_dfrn_id = substr($final_dfrn_id, 2);
}
if ($final_dfrn_id != $orig_id) {
Logger::log('profile_check: ' . $final_dfrn_id . ' != ' . $orig_id, Logger::DEBUG);
// did not decode properly - cannot trust this site
System::xmlExit(3, 'Bad decryption');
}
header("Content-type: text/xml");
echo "<?xml version=\"1.0\" encoding=\"UTF-8\"?><dfrn_poll><status>0</status><challenge>$decoded_challenge</challenge><sec>$sec</sec></dfrn_poll>";
exit();
// NOTREACHED
}
}
$direction = -1;
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
$r = q("SELECT * FROM `challenge` WHERE `dfrn-id` = '%s' AND `challenge` = '%s' LIMIT 1",
DBA::escape($dfrn_id),
DBA::escape($challenge)
);
if (!DBA::isResult($r)) {
exit();
}
$last_update = $r[0]['last_update'];
DBA::delete('challenge', ['dfrn-id' => $dfrn_id, 'challenge' => $challenge]);
$sql_extra = '';
switch ($direction) {
case -1:
$sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
break;
default:
DI::baseUrl()->redirect();
break; // NOTREACHED
}
$r = q("SELECT * FROM `contact` WHERE `blocked` = 0 AND `pending` = 0 $sql_extra LIMIT 1");
if (!DBA::isResult($r)) {
exit();
}
$contact = $r[0];
$contact_id = $r[0]['id'];
// Update the writable flag if it changed
Logger::debug('post request feed', ['post' => $_POST]);
if ($dfrn_version >= 2.21) {
if ($perm === 'rw') {
$writable = 1;
} else {
$writable = 0;
}
if ($writable != $contact['writable']) {
q("UPDATE `contact` SET `writable` = %d WHERE `id` = %d",
intval($writable),
intval($contact_id)
);
}
}
header("Content-type: application/atom+xml");
$o = DFRN::feed($dfrn_id, $a->argv[1], $last_update, $direction);
echo $o;
exit();
}
function dfrn_poll_content(App $a)
{
$dfrn_id = $_GET['dfrn_id'] ?? '';
$type = ($_GET['type'] ?? '') ?: 'data';
$last_update = $_GET['last_update'] ?? '';
$destination_url = $_GET['destination_url'] ?? '';
$sec = $_GET['sec'] ?? '';
$dfrn_version = floatval(($_GET['dfrn_version'] ?? 0.0) ?: 2.0);
$quiet = !empty($_GET['quiet']);
$direction = -1;
if (strpos($dfrn_id, ':') == 1) {
$direction = intval(substr($dfrn_id, 0, 1));
$dfrn_id = substr($dfrn_id, 2);
}
if ($dfrn_id != '') {
// initial communication from external contact
$hash = Strings::getRandomHex();
$status = 0;
DBA::delete('challenge', ["`expire` < ?", time()]);
if ($type !== 'profile') {
q("INSERT INTO `challenge` ( `challenge`, `dfrn-id`, `expire` , `type`, `last_update` )
VALUES( '%s', '%s', '%s', '%s', '%s' ) ",
DBA::escape($hash),
DBA::escape($dfrn_id),
intval(time() + 60 ),
DBA::escape($type),
DBA::escape($last_update)
);
}
$sql_extra = '';
switch ($direction) {
case -1:
if ($type === 'profile') {
$sql_extra = sprintf(" AND (`dfrn-id` = '%s' OR `issued-id` = '%s') ", DBA::escape($dfrn_id), DBA::escape($dfrn_id));
} else {
$sql_extra = sprintf(" AND `issued-id` = '%s' ", DBA::escape($dfrn_id));
}
$my_id = $dfrn_id;
break;
case 0:
$sql_extra = sprintf(" AND `issued-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
$my_id = '1:' . $dfrn_id;
break;
case 1:
$sql_extra = sprintf(" AND `dfrn-id` = '%s' AND `duplex` = 1 ", DBA::escape($dfrn_id));
$my_id = '0:' . $dfrn_id;
break;
default:
DI::baseUrl()->redirect();
break; // NOTREACHED
}
$nickname = $a->argv[1];
$r = q("SELECT `contact`.*, `user`.`username`, `user`.`nickname`
FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`blocked` = 0 AND `contact`.`pending` = 0
AND `user`.`nickname` = '%s' $sql_extra LIMIT 1",
DBA::escape($nickname)
);
if (DBA::isResult($r)) {
$challenge = '';
$encrypted_id = '';
$id_str = $my_id . '.' . mt_rand(1000, 9999);
if (($r[0]['duplex'] && strlen($r[0]['pubkey'])) || !strlen($r[0]['prvkey'])) {
openssl_public_encrypt($hash, $challenge, $r[0]['pubkey']);
openssl_public_encrypt($id_str, $encrypted_id, $r[0]['pubkey']);
} else {
openssl_private_encrypt($hash, $challenge, $r[0]['prvkey']);
openssl_private_encrypt($id_str, $encrypted_id, $r[0]['prvkey']);
}
$challenge = bin2hex($challenge);
$encrypted_id = bin2hex($encrypted_id);
} else {
$status = 1;
$challenge = '';
$encrypted_id = '';
}
if (($type === 'profile') && (strlen($sec))) {
// heluecht: I don't know why we don't fail immediately when the user or contact hadn't been found.
// Since it doesn't make sense to continue from this point on, we now fail here. This should be safe.
if (!DBA::isResult($r)) {
throw new \Friendica\Network\HTTPException\NotFoundException();
}
// URL reply
if ($dfrn_version < 2.2) {
$s = DI::httpRequest()->fetch($r[0]['poll']
. '?dfrn_id=' . $encrypted_id
. '&type=profile-check'
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
. '&challenge=' . $challenge
. '&sec=' . $sec
);
} else {
$s = DI::httpRequest()->post($r[0]['poll'], [
'dfrn_id' => $encrypted_id,
'type' => 'profile-check',
'dfrn_version' => DFRN_PROTOCOL_VERSION,
'challenge' => $challenge,
'sec' => $sec
])->getBody();
}
Logger::log("dfrn_poll: sec profile: " . $s, Logger::DATA);
if (strlen($s) && strstr($s, '<?xml')) {
$xml = XML::parseString($s);
Logger::debug(' profile: parsed', ['xml' => $xml]);
Logger::log('dfrn_poll: secure profile: challenge: ' . $xml->challenge . ' expecting ' . $hash);
Logger::log('dfrn_poll: secure profile: sec: ' . $xml->sec . ' expecting ' . $sec);
if (((int) $xml->status == 0) && ($xml->challenge == $hash) && ($xml->sec == $sec)) {
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $r[0]['id'];
$_SESSION['visitor_home'] = $r[0]['url'];
$_SESSION['visitor_handle'] = $r[0]['addr'];
$_SESSION['visitor_visiting'] = $r[0]['uid'];
$_SESSION['my_url'] = $r[0]['url'];
$_SESSION['remote_comment'] = $r[0]['subscribe'];
Session::setVisitorsContacts();
if (!$quiet) {
info(DI::l10n()->t('%1$s welcomes %2$s', $r[0]['username'], $r[0]['name']));
}
// Visitors get 1 day session.
$session_id = session_id();
$expire = time() + 86400;
q("UPDATE `session` SET `expire` = '%s' WHERE `sid` = '%s'",
DBA::escape($expire),
DBA::escape($session_id)
);
}
}
$profile = ((DBA::isResult($r) && $r[0]['nickname']) ? $r[0]['nickname'] : $nickname);
switch ($destination_url) {
case 'profile':
DI::baseUrl()->redirect('profile/' . $profile . '/profile');
break;
case 'photos':
DI::baseUrl()->redirect('photos/' . $profile);
break;
case 'status':
case '':
DI::baseUrl()->redirect('profile/' . $profile);
break;
default:
$appendix = (strstr($destination_url, '?') ? '&redir=1' : '?redir=1');
DI::baseUrl()->redirect($destination_url . $appendix);
break;
}
// NOTREACHED
} else {
// XML reply
header("Content-type: text/xml");
echo '<?xml version="1.0" encoding="UTF-8"?>' . "\r\n"
. '<dfrn_poll>' . "\r\n"
. "\t" . '<status>' . $status . '</status>' . "\r\n"
. "\t" . '<dfrn_version>' . DFRN_PROTOCOL_VERSION . '</dfrn_version>' . "\r\n"
. "\t" . '<dfrn_id>' . $encrypted_id . '</dfrn_id>' . "\r\n"
. "\t" . '<challenge>' . $challenge . '</challenge>' . "\r\n"
. '</dfrn_poll>' . "\r\n";
exit();
// NOTREACHED
}
}
throw new HTTPException\BadRequestException();
}

653
mod/dfrn_request.php
View file

@ -1,653 +0,0 @@
<?php
/**
* @copyright Copyright (C) 2010-2021, the Friendica project
*
* @license GNU AGPL version 3 or any later version
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <https://www.gnu.org/licenses/>.
*
*Handles communication associated with the issuance of friend requests.
*
* @see PDF with dfrn specs: https://github.com/friendica/friendica/blob/stable/spec/dfrn2.pdf
* You also find a graphic which describes the confirmation process at
* https://github.com/friendica/friendica/blob/stable/spec/dfrn2_contact_request.png
*/
use Friendica\App;
use Friendica\Core\Logger;
use Friendica\Core\Protocol;
use Friendica\Core\Renderer;
use Friendica\Core\Search;
use Friendica\Core\Session;
use Friendica\Core\System;
use Friendica\Database\DBA;
use Friendica\DI;
use Friendica\Model\Contact;
use Friendica\Model\Group;
use Friendica\Model\Notification;
use Friendica\Model\Profile;
use Friendica\Model\User;
use Friendica\Module\Security\Login;
use Friendica\Network\Probe;
use Friendica\Protocol\Activity;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Strings;
function dfrn_request_init(App $a)
{
if ($a->argc > 1) {
$which = $a->argv[1];
Profile::load($a, $which);
}
return;
}
/**
* Function: dfrn_request_post
*
* Purpose:
* Handles multiple scenarios.
*
* Scenario 1:
* Clicking 'submit' on a friend request page.
*
* Scenario 2:
* Following Scenario 1, we are brought back to our home site
* in order to link our friend request with our own server cell.
* After logging in, we click 'submit' to approve the linkage.
*
* @param App $a
* @throws ImagickException
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/
function dfrn_request_post(App $a)
{
if ($a->argc != 2 || empty($a->profile)) {
Logger::log('Wrong count of argc or profiles: argc=' . $a->argc . ', profile()=' . count($a->profile ?? []));
return;
}
if (!empty($_POST['cancel'])) {
DI::baseUrl()->redirect();
}
/*
* Scenario 2: We've introduced ourself to another cell, then have been returned to our own cell
* to confirm the request, and then we've clicked submit (perhaps after logging in).
* That brings us here:
*/
if (!empty($_POST['localconfirm']) && ($_POST['localconfirm'] == 1)) {
// Ensure this is a valid request
if (local_user() && ($a->user['nickname'] == $a->argv[1]) && !empty($_POST['dfrn_url'])) {
$dfrn_url = Strings::escapeTags(trim($_POST['dfrn_url']));
$aes_allow = !empty($_POST['aes_allow']);
$confirm_key = $_POST['confirm_key'] ?? '';
$hidden = (!empty($_POST['hidden-contact']) ? intval($_POST['hidden-contact']) : 0);
$contact_record = null;
$blocked = 1;
$pending = 1;
if (!empty($dfrn_url)) {
// Lookup the contact based on their URL (which is the only unique thing we have at the moment)
$r = q("SELECT * FROM `contact` WHERE `uid` = %d AND `nurl` = '%s' AND NOT `self` LIMIT 1",
intval(local_user()),
DBA::escape(Strings::normaliseLink($dfrn_url))
);
if (DBA::isResult($r)) {
if (strlen($r[0]['dfrn-id'])) {
// We don't need to be here. It has already happened.
notice(DI::l10n()->t("This introduction has already been accepted."));
return;
} else {
$contact_record = $r[0];
}
}
if (is_array($contact_record)) {
$r = q("UPDATE `contact` SET `ret-aes` = %d, hidden = %d WHERE `id` = %d",
intval($aes_allow),
intval($hidden),
intval($contact_record['id'])
);
} else {
// Scrape the other site's profile page to pick up the dfrn links, key, fn, and photo
$parms = Probe::profile($dfrn_url);
if (!count($parms)) {
notice(DI::l10n()->t('Profile location is not valid or does not contain profile information.'));
return;
} else {
if (empty($parms['fn'])) {
notice(DI::l10n()->t('Warning: profile location has no identifiable owner name.'));
}
if (empty($parms['photo'])) {
notice(DI::l10n()->t('Warning: profile location has no profile photo.'));
}
$invalid = Probe::validDfrn($parms);
if ($invalid) {
notice(DI::l10n()->tt("%d required parameter was not found at the given location", "%d required parameters were not found at the given location", $invalid));
return;
}
}
$dfrn_request = $parms['dfrn-request'];
$photo = $parms["photo"];
// Escape the entire array
DBA::escapeArray($parms);
// Create a contact record on our site for the other person
$r = q("INSERT INTO `contact` ( `uid`, `created`,`url`, `nurl`, `addr`, `name`, `nick`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `network`, `aes_allow`, `hidden`, `blocked`, `pending`)
VALUES ( %d, '%s', '%s', '%s', '%s', '%s' , '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d, %d, %d)",
intval(local_user()),
DateTimeFormat::utcNow(),
DBA::escape($dfrn_url),
DBA::escape(Strings::normaliseLink($dfrn_url)),
$parms['addr'],
$parms['fn'],
$parms['nick'],
$parms['photo'],
$parms['key'],
$parms['dfrn-request'],
$parms['dfrn-confirm'],
$parms['dfrn-notify'],
$parms['dfrn-poll'],
DBA::escape(Protocol::DFRN),
intval($aes_allow),
intval($hidden),
intval($blocked),
intval($pending)
);
}
if ($r) {
info(DI::l10n()->t("Introduction complete."));
}
$r = q("SELECT `id`, `network` FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `site-pubkey` = '%s' LIMIT 1",
intval(local_user()),
DBA::escape($dfrn_url),
$parms['key'] ?? '' // Potentially missing
);
if (DBA::isResult($r)) {
Group::addMember(User::getDefaultGroup(local_user(), $r[0]["network"]), $r[0]['id']);
if (isset($photo)) {
Contact::updateAvatar($r[0]["id"], $photo, true);
}
$forward_path = "contact/" . $r[0]['id'];
} else {
$forward_path = "contact";
}
// Allow the blocked remote notification to complete
if (is_array($contact_record)) {
$dfrn_request = $contact_record['request'];
}
if (!empty($dfrn_request) && strlen($confirm_key)) {
DI::httpRequest()->fetch($dfrn_request . '?confirm_key=' . $confirm_key);
}
// (ignore reply, nothing we can do it failed)
DI::baseUrl()->redirect($forward_path);
return; // NOTREACHED
}
}
// invalid/bogus request
notice(DI::l10n()->t('Unrecoverable protocol error.'));
DI::baseUrl()->redirect();
return; // NOTREACHED
}
/*
* Otherwise:
*
* Scenario 1:
* We are the requestee. A person from a remote cell has made an introduction
* on our profile web page and clicked submit. We will use their DFRN-URL to
* figure out how to contact their cell.
*
* Scrape the originating DFRN-URL for everything we need. Create a contact record
* and an introduction to show our user next time he/she logs in.
* Finally redirect back to the requestor so that their site can record the request.
* If our user (the requestee) later confirms this request, a record of it will need
* to exist on the requestor's cell in order for the confirmation process to complete..
*
* It's possible that neither the requestor or the requestee are logged in at the moment,
* and the requestor does not yet have any credentials to the requestee profile.
*
* Who is the requestee? We've already loaded their profile which means their nickname should be
* in $a->argv[1] and we should have their complete info in $a->profile.
*
*/
if (empty($a->profile['uid'])) {
notice(DI::l10n()->t('Profile unavailable.'));
return;
}
$nickname = $a->profile['nickname'];
$uid = $a->profile['uid'];
$maxreq = intval($a->profile['maxreq']);
$contact_record = null;
$failed = false;
$parms = null;
$blocked = 1;
$pending = 1;
if (!empty($_POST['dfrn_url'])) {
// Block friend request spam
if ($maxreq) {
$r = q("SELECT * FROM `intro` WHERE `datetime` > '%s' AND `uid` = %d",
DBA::escape(DateTimeFormat::utc('now - 24 hours')),
intval($uid)
);
if (DBA::isResult($r) && count($r) > $maxreq) {
notice(DI::l10n()->t('%s has received too many connection requests today.', $a->profile['name']));
notice(DI::l10n()->t('Spam protection measures have been invoked.'));
notice(DI::l10n()->t('Friends are advised to please try again in 24 hours.'));
return;
}
}
/* Cleanup old introductions that remain blocked.
* Also remove the contact record, but only if there is no existing relationship
*/
$r = q("SELECT `intro`.*, `intro`.`id` AS `iid`, `contact`.`id` AS `cid`, `contact`.`rel`
FROM `intro` LEFT JOIN `contact` on `intro`.`contact-id` = `contact`.`id`
WHERE `intro`.`blocked` = 1 AND `contact`.`self` = 0
AND `intro`.`datetime` < UTC_TIMESTAMP() - INTERVAL 30 MINUTE "
);
if (DBA::isResult($r)) {
foreach ($r as $rr) {
if (!$rr['rel']) {
DBA::delete('contact', ['id' => $rr['cid'], 'self' => false]);
}
DBA::delete('intro', ['id' => $rr['iid']]);
}
}
$url = trim($_POST['dfrn_url']);
if (!strlen($url)) {
notice(DI::l10n()->t("Invalid locator"));
return;
}
$hcard = '';
// Detect the network
$data = Contact::getByURL($url);
$network = $data["network"];
// Canonicalize email-style profile locator
$url = Probe::webfingerDfrn($data['url'] ?? $url, $hcard);
if (substr($url, 0, 5) === 'stat:') {
// Every time we detect the remote subscription we define this as OStatus.
// We do this even if it is not OStatus.
// we only need to pass this through another section of the code.
if ($network != Protocol::DIASPORA) {
$network = Protocol::OSTATUS;
}
$url = substr($url, 5);
} else {
$network = Protocol::DFRN;
}
Logger::log('dfrn_request: url: ' . $url . ',network=' . $network, Logger::DEBUG);
if ($network === Protocol::DFRN) {
$ret = q("SELECT * FROM `contact` WHERE `uid` = %d AND `url` = '%s' AND `self` = 0 LIMIT 1",
intval($uid),
DBA::escape($url)
);
if (DBA::isResult($ret)) {
if (strlen($ret[0]['issued-id'])) {
notice(DI::l10n()->t('You have already introduced yourself here.'));
return;
} elseif ($ret[0]['rel'] == Contact::FRIEND) {
notice(DI::l10n()->t('Apparently you are already friends with %s.', $a->profile['name']));
return;
} else {
$contact_record = $ret[0];
$parms = ['dfrn-request' => $ret[0]['request']];
}
}
$issued_id = Strings::getRandomHex();
if (is_array($contact_record)) {
// There is a contact record but no issued-id, so this
// is a reciprocal introduction from a known contact
$r = q("UPDATE `contact` SET `issued-id` = '%s' WHERE `id` = %d",
DBA::escape($issued_id),
intval($contact_record['id'])
);
} else {
$url = Network::isUrlValid($url);
if (!$url) {
notice(DI::l10n()->t('Invalid profile URL.'));
DI::baseUrl()->redirect(DI::args()->getCommand());
return; // NOTREACHED
}
if (!Network::isUrlAllowed($url)) {
notice(DI::l10n()->t('Disallowed profile URL.'));
DI::baseUrl()->redirect(DI::args()->getCommand());
return; // NOTREACHED
}
if (Network::isUrlBlocked($url)) {
notice(DI::l10n()->t('Blocked domain'));
DI::baseUrl()->redirect(DI::args()->getCommand());
return; // NOTREACHED
}
$parms = Probe::profile(($hcard) ? $hcard : $url);
if (!count($parms)) {
notice(DI::l10n()->t('Profile location is not valid or does not contain profile information.'));
DI::baseUrl()->redirect(DI::args()->getCommand());
} else {
if (empty($parms['fn'])) {
notice(DI::l10n()->t('Warning: profile location has no identifiable owner name.'));
}
if (empty($parms['photo'])) {
notice(DI::l10n()->t('Warning: profile location has no profile photo.'));
}
$invalid = Probe::validDfrn($parms);
if ($invalid) {
notice(DI::l10n()->tt("%d required parameter was not found at the given location", "%d required parameters were not found at the given location", $invalid));
return;
}
}
$parms['url'] = $url;
$parms['issued-id'] = $issued_id;
$photo = $parms["photo"];
DBA::escapeArray($parms);
$r = q("INSERT INTO `contact` ( `uid`, `created`, `url`, `nurl`, `addr`, `name`, `nick`, `issued-id`, `photo`, `site-pubkey`,
`request`, `confirm`, `notify`, `poll`, `network`, `blocked`, `pending` )
VALUES ( %d, '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', '%s', %d, %d )",
intval($uid),
DBA::escape(DateTimeFormat::utcNow()),
$parms['url'],
DBA::escape(Strings::normaliseLink($url)),
$parms['addr'],
$parms['fn'],
$parms['nick'],
$parms['issued-id'],
$parms['photo'],
$parms['key'],
$parms['dfrn-request'],
$parms['dfrn-confirm'],
$parms['dfrn-notify'],
$parms['dfrn-poll'],
DBA::escape(Protocol::DFRN),
intval($blocked),
intval($pending)
);
// find the contact record we just created
if ($r) {
$r = q("SELECT `id` FROM `contact`
WHERE `uid` = %d AND `url` = '%s' AND `issued-id` = '%s' LIMIT 1",
intval($uid),
$parms['url'],
$parms['issued-id']
);
if (DBA::isResult($r)) {
$contact_record = $r[0];
Contact::updateAvatar($contact_record["id"], $photo, true);
}
}
}
if ($r === false) {
notice(DI::l10n()->t('Failed to update contact record.'));
return;
}
$hash = Strings::getRandomHex() . (string) time(); // Generate a confirm_key
if (is_array($contact_record)) {
q("INSERT INTO `intro` ( `uid`, `contact-id`, `blocked`, `knowyou`, `note`, `hash`, `datetime`)
VALUES ( %d, %d, 1, %d, '%s', '%s', '%s' )",
intval($uid),
intval($contact_record['id']),
intval(!empty($_POST['knowyou'])),
DBA::escape(Strings::escapeTags(trim($_POST['dfrn-request-message'] ?? ''))),
DBA::escape($hash),
DBA::escape(DateTimeFormat::utcNow())
);
}
// This notice will only be seen by the requestor if the requestor and requestee are on the same server.
if (!$failed) {
info(DI::l10n()->t('Your introduction has been sent.'));
}
// "Homecoming" - send the requestor back to their site to record the introduction.
$dfrn_url = bin2hex(DI::baseUrl()->get() . '/profile/' . $nickname);
$aes_allow = ((function_exists('openssl_encrypt')) ? 1 : 0);
System::externalRedirect($parms['dfrn-request'] . "?dfrn_url=$dfrn_url"
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION
. '&confirm_key=' . $hash
. (($aes_allow) ? "&aes_allow=1" : "")
);
// NOTREACHED
// END $network === Protocol::DFRN
} elseif (($network != Protocol::PHANTOM) && ($url != "")) {
/* Substitute our user's feed URL into $url template
* Send the subscriber home to subscribe
*/
// Diaspora needs the uri in the format user@domain.tld
// Diaspora will support the remote subscription in a future version
if ($network == Protocol::DIASPORA) {
$uri = urlencode($a->profile['addr']);
} else {
$uri = urlencode($a->profile['url']);
}
$url = str_replace('{uri}', $uri, $url);
System::externalRedirect($url);
// NOTREACHED
// END $network != Protocol::PHANTOM
} else {
notice(DI::l10n()->t("Remote subscription can't be done for your network. Please subscribe directly on your system."));
return;
}
} return;
}
function dfrn_request_content(App $a)
{
if ($a->argc != 2 || empty($a->profile)) {
return "";
}
// "Homecoming". Make sure we're logged in to this site as the correct user. Then offer a confirm button
// to send us to the post section to record the introduction.
if (!empty($_GET['dfrn_url'])) {
if (!local_user()) {
info(DI::l10n()->t("Please login to confirm introduction."));
/* setup the return URL to come back to this page if they use openid */
return Login::form();
}
// Edge case, but can easily happen in the wild. This person is authenticated,
// but not as the person who needs to deal with this request.
if ($a->user['nickname'] != $a->argv[1]) {
notice(DI::l10n()->t("Incorrect identity currently logged in. Please login to <strong>this</strong> profile."));
return Login::form();
}
$dfrn_url = Strings::escapeTags(trim(hex2bin($_GET['dfrn_url'])));
$aes_allow = !empty($_GET['aes_allow']);
$confirm_key = $_GET['confirm_key'] ?? '';
// Checking fastlane for validity
if (!empty($_SESSION['fastlane']) && (Strings::normaliseLink($_SESSION["fastlane"]) == Strings::normaliseLink($dfrn_url))) {
$_POST["dfrn_url"] = $dfrn_url;
$_POST["confirm_key"] = $confirm_key;
$_POST["localconfirm"] = 1;
$_POST["hidden-contact"] = 0;
$_POST["submit"] = DI::l10n()->t('Confirm');
dfrn_request_post($a);
exit();
}
$tpl = Renderer::getMarkupTemplate("dfrn_req_confirm.tpl");
$o = Renderer::replaceMacros($tpl, [
'$dfrn_url' => $dfrn_url,
'$aes_allow' => (($aes_allow) ? '<input type="hidden" name="aes_allow" value="1" />' : "" ),
'$hidethem' => DI::l10n()->t('Hide this contact'),
'$confirm_key' => $confirm_key,
'$welcome' => DI::l10n()->t('Welcome home %s.', $a->user['username']),
'$please' => DI::l10n()->t('Please confirm your introduction/connection request to %s.', $dfrn_url),
'$submit' => DI::l10n()->t('Confirm'),
'$uid' => $_SESSION['uid'],
'$nickname' => $a->user['nickname'],
'dfrn_rawurl' => $_GET['dfrn_url']
]);
return $o;
} elseif (!empty($_GET['confirm_key'])) {
// we are the requestee and it is now safe to send our user their introduction,
// We could just unblock it, but first we have to jump through a few hoops to
// send an email, or even to find out if we need to send an email.
$intro = q("SELECT * FROM `intro` WHERE `hash` = '%s' LIMIT 1",
DBA::escape($_GET['confirm_key'])
);
if (DBA::isResult($intro)) {
$r = q("SELECT `contact`.*, `user`.* FROM `contact` LEFT JOIN `user` ON `contact`.`uid` = `user`.`uid`
WHERE `contact`.`id` = %d LIMIT 1",
intval($intro[0]['contact-id'])
);
$auto_confirm = false;
if (DBA::isResult($r)) {
if ($r[0]['page-flags'] != User::PAGE_FLAGS_NORMAL && $r[0]['page-flags'] != User::PAGE_FLAGS_PRVGROUP) {
$auto_confirm = true;
}
if (!$auto_confirm) {
notification([
'type' => Notification\Type::INTRO,
'otype' => Notification\ObjectType::INTRO,
'verb' => Activity::REQ_FRIEND,
'uid' => $r[0]['uid'],
'cid' => $r[0]['id'],
'link' => DI::baseUrl() . '/notifications/intros',
]);
}
if ($auto_confirm) {
require_once 'mod/dfrn_confirm.php';
$handsfree = [
'uid' => $r[0]['uid'],
'node' => $r[0]['nickname'],
'dfrn_id' => $r[0]['issued-id'],
'intro_id' => $intro[0]['id'],
'duplex' => (($r[0]['page-flags'] == User::PAGE_FLAGS_FREELOVE) ? 1 : 0),
];
dfrn_confirm_post($a, $handsfree);
}
}
if (!$auto_confirm) {
// If we are auto_confirming, this record will have already been nuked
// in dfrn_confirm_post()
q("UPDATE `intro` SET `blocked` = 0 WHERE `hash` = '%s'",
DBA::escape($_GET['confirm_key'])
);
}
}
exit();
} else {
// Normal web request. Display our user's introduction form.
if (DI::config()->get('system', 'block_public') && !Session::isAuthenticated()) {
if (!DI::config()->get('system', 'local_block')) {
notice(DI::l10n()->t('Public access denied.'));
return;
}
}
// Try to auto-fill the profile address
// At first look if an address was provided
// Otherwise take the local address
if (!empty($_GET['addr'])) {
$myaddr = hex2bin($_GET['addr']);
} elseif (!empty($_GET['address'])) {
$myaddr = $_GET['address'];
} elseif (local_user()) {
if (strlen(DI::baseUrl()->getUrlPath())) {
$myaddr = DI::baseUrl() . '/profile/' . $a->user['nickname'];
} else {
$myaddr = $a->user['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
}
} else {
// last, try a zrl
$myaddr = Profile::getMyURL();
}
$target_addr = $a->profile['nickname'] . '@' . substr(DI::baseUrl(), strpos(DI::baseUrl(), '://') + 3);
/* The auto_request form only has the profile address
* because nobody is going to read the comments and
* it doesn't matter if they know you or not.
*/
if ($a->profile['page-flags'] == User::PAGE_FLAGS_NORMAL) {
$tpl = Renderer::getMarkupTemplate('dfrn_request.tpl');
} else {
$tpl = Renderer::getMarkupTemplate('auto_request.tpl');
}
$o = Renderer::replaceMacros($tpl, [
'$header' => DI::l10n()->t('Friend/Connection Request'),
'$page_desc' => DI::l10n()->t('Enter your Webfinger address (user@domain.tld) or profile URL here. If this isn\'t supported by your system (for example it doesn\'t work with Diaspora), you have to subscribe to <strong>%s</strong> directly on your system', $target_addr),
'$invite_desc' => DI::l10n()->t('If you are not yet a member of the free social web, <a href="%s">follow this link to find a public Friendica node and join us today</a>.', Search::getGlobalDirectory() . '/servers'),
'$your_address' => DI::l10n()->t('Your Webfinger address or profile URL:'),
'$pls_answer' => DI::l10n()->t('Please answer the following:'),
'$submit' => DI::l10n()->t('Submit Request'),
'$cancel' => DI::l10n()->t('Cancel'),
'$request' => 'dfrn_request/' . $a->argv[1],
'$name' => $a->profile['name'],
'$myaddr' => $myaddr,
'$does_know_you' => ['knowyou', DI::l10n()->t('%s knows you', $a->profile['name'])],
'$addnote_field' => ['dfrn-request-message', DI::l10n()->t('Add a personal note:')],
]);
return $o;
}
}

22
mod/follow.php
View file

@ -118,18 +118,13 @@ function follow_content(App $a)
$contact['url'] = $contact['addr'];
}
if (($protocol === Protocol::DFRN) && !DBA::isResult($contact)) {
$request = $contact['request'];
$tpl = Renderer::getMarkupTemplate('dfrn_request.tpl');
} else {
if (!empty($_REQUEST['auto'])) {
follow_process($a, $contact['url']);
}
$request = DI::baseUrl() . '/follow';
$tpl = Renderer::getMarkupTemplate('auto_request.tpl');
if (!empty($_REQUEST['auto'])) {
follow_process($a, $contact['url']);
}
$request = DI::baseUrl() . '/follow';
$tpl = Renderer::getMarkupTemplate('auto_request.tpl');
$owner = User::getOwnerDataById($uid);
if (empty($owner)) {
notice(DI::l10n()->t('Permission denied.'));
@ -139,9 +134,6 @@ function follow_content(App $a)
$myaddr = $owner['url'];
// Makes the connection request for friendica contacts easier
$_SESSION['fastlane'] = $contact['url'];
$o = Renderer::replaceMacros($tpl, [
'$header' => DI::l10n()->t('Connect/Follow'),
'$pls_answer' => DI::l10n()->t('Please answer the following:'),
@ -182,10 +174,6 @@ function follow_process(App $a, string $url)
{
$return_path = 'follow?url=' . urlencode($url);
// Makes the connection request for friendica contacts easier
// This is just a precaution if maybe this page is called somewhere directly via POST
$_SESSION['fastlane'] = $url;
$result = Contact::createFromProbe($a->user, $url, true);
if ($result['success'] == false) {

29
mod/redir.php
View file

@ -50,7 +50,7 @@ function redir_init(App $a) {
throw new \Friendica\Network\HTTPException\BadRequestException(DI::l10n()->t('Bad Request.'));
}
$fields = ['id', 'uid', 'nurl', 'url', 'addr', 'name', 'network', 'poll', 'issued-id', 'dfrn-id', 'duplex', 'pending'];
$fields = ['id', 'uid', 'nurl', 'url', 'addr', 'name'];
$contact = DBA::selectFirst('contact', $fields, ['id' => $cid, 'uid' => [0, local_user()]]);
if (!DBA::isResult($contact)) {
throw new \Friendica\Network\HTTPException\NotFoundException(DI::l10n()->t('Contact not found.'));
@ -99,33 +99,6 @@ function redir_init(App $a) {
}
}
// Doing remote auth with dfrn.
if (local_user() && (!empty($contact['dfrn-id']) || !empty($contact['issued-id'])) && empty($contact['pending'])) {
$dfrn_id = $orig_id = (($contact['issued-id']) ? $contact['issued-id'] : $contact['dfrn-id']);
if ($contact['duplex'] && $contact['issued-id']) {
$orig_id = $contact['issued-id'];
$dfrn_id = '1:' . $orig_id;
}
if ($contact['duplex'] && $contact['dfrn-id']) {
$orig_id = $contact['dfrn-id'];
$dfrn_id = '0:' . $orig_id;
}
$sec = Strings::getRandomHex();
$fields = ['uid' => local_user(), 'cid' => $cid, 'dfrn_id' => $dfrn_id,
'sec' => $sec, 'expire' => time() + 45];
DBA::insert('profile_check', $fields);
Logger::log('mod_redir: ' . $contact['name'] . ' ' . $sec, Logger::DEBUG);
$dest = (!empty($url) ? '&destination_url=' . $url : '');
System::externalRedirect($contact['poll'] . '?dfrn_id=' . $dfrn_id
. '&dfrn_version=' . DFRN_PROTOCOL_VERSION . '&type=profile&sec=' . $sec . $dest . $quiet);
}
if (empty($url)) {
throw new \Friendica\Network\HTTPException\BadRequestException(DI::l10n()->t('Bad Request.'));
}

3
mod/unfollow.php
View file

@ -84,9 +84,6 @@ function unfollow_content(App $a)
// NOTREACHED
}
// Makes the connection request for friendica contacts easier
$_SESSION['fastlane'] = $contact['url'];
if (!empty($_REQUEST['auto'])) {
unfollow_process($contact['url']);
}