diff --git a/CHANGELOG b/CHANGELOG index b90ae34c9..23c1be7d5 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,3 +1,14 @@ +Hubzilla 4.0.3 (2019-04-26) + - Add attachments to zot6 event objects + - Add zot6 to federated transports + - Update import/export to handle zot6 hublocs and xchans + - Update fix_system_urls() to handle zot6 hublocs + - Fix infinite loop using postgres as backend + - Fix magic auth in combination with zot6 + - Fix check for required PHP version + - Diaspora: favour diaspora protocol identities over others with same hubloc or xchan address + + Hubzilla 4.0.2 (2019-04-08) - Port cdav calendar to fullcalendar version 4 - Fix perms_pending not evaluated correctly diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 70602bbbc..9bf987027 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -3107,7 +3107,11 @@ class Libzot { foreach($arr as $v) { if($v[$check] === 'zot6') { - + return $v; + } + } + foreach($arr as $v) { + if($v[$check] === 'zot') { return $v; } } diff --git a/Zotlabs/Module/Import.php b/Zotlabs/Module/Import.php index a48c690a7..18cb5560e 100644 --- a/Zotlabs/Module/Import.php +++ b/Zotlabs/Module/Import.php @@ -280,8 +280,9 @@ class Import extends \Zotlabs\Web\Controller { // replace any existing xchan we may have on this site if we're seizing control - $r = q("delete from xchan where xchan_hash = '%s'", - dbesc($channel['channel_hash']) + $r = q("delete from xchan where ( xchan_hash = '%s' or xchan_hash = '%s' ) ", + dbesc($channel['channel_hash']), + dbesc($channel['channel_portable_id']) ); $r = xchan_store_lowlevel( @@ -303,6 +304,30 @@ class Import extends \Zotlabs\Web\Controller { 'xchan_name_date' => datetime_convert() ] ); + + if($channel['channel_portable_id']) { + $r = xchan_store_lowlevel( + [ + 'xchan_hash' => \Zotlabs\Lib\Libzot::make_xchan_hash($channel['channel_guid'],$channel['channel_pubkey']), + 'xchan_guid' => $channel['channel_guid'], + 'xchan_guid_sig' => 'sha256.' . $channel['channel_guid_sig'], + 'xchan_pubkey' => $channel['channel_pubkey'], + 'xchan_photo_l' => z_root() . "/photo/profile/l/" . $channel['channel_id'], + 'xchan_photo_m' => z_root() . "/photo/profile/m/" . $channel['channel_id'], + 'xchan_photo_s' => z_root() . "/photo/profile/s/" . $channel['channel_id'], + 'xchan_addr' => channel_reddress($channel), + 'xchan_url' => z_root() . '/channel/' . $channel['channel_address'], + 'xchan_connurl' => z_root() . '/poco/' . $channel['channel_address'], + 'xchan_follow' => z_root() . '/follow?f=&url=%s', + 'xchan_name' => $channel['channel_name'], + 'xchan_network' => 'zot6', + 'xchan_photo_date' => datetime_convert(), + 'xchan_name_date' => datetime_convert() + ] + ); + } + + } logger('import step 6'); @@ -312,10 +337,20 @@ class Import extends \Zotlabs\Web\Controller { if($xchans) { foreach($xchans as $xchan) { - $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); - if($xchan['xchan_network'] === 'zot' && $hash !== $xchan['xchan_hash']) { - logger('forged xchan: ' . print_r($xchan,true)); - continue; + if($xchan['xchan_network'] === 'zot') { + $hash = make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_guid_sig']); + if($hash !== $xchan['xchan_hash']) { + logger('forged xchan: ' . print_r($xchan,true)); + continue; + } + } + + if($xchan['xchan_network'] === 'zot6') { + $zhash = \Zotlabs\Lib\Libzot::make_xchan_hash($xchan['xchan_guid'],$xchan['xchan_pubkey']); + if($zhash !== $xchan['xchan_hash']) { + logger('forged xchan: ' . print_r($xchan,true)); + continue; + } } if(! array_key_exists('xchan_hidden',$xchan)) { diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 71737eef8..e8e960574 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller { $token = $j['token']; } - $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + $strp = strpbrk($dest,'?&'); + $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index ad57f883c..cf116a96c 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { + + // Hubzilla connections can have both zot and zot6 hublocs + // The connections will usually be zot so match those first + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ", dbesc(str_replace('acct:','',$keyId)), dbesc($keyId) ); - if(! $r) { + + // If nothing was found, try searching on any network + + if (! $r) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) + ); + } + + // If nothing was found on any network, use network discovery and create a new record + + if (! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if($found) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash @@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller { ); } } - if($r) { + + if ($r) { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { @@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller { logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); $ret['success'] = true; $token = random_string(32); - \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); + \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']); $result = ''; openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); $ret['encrypted_token'] = base64url_encode($result); diff --git a/Zotlabs/Module/Setup.php b/Zotlabs/Module/Setup.php index c809ff5ec..541e4fa21 100644 --- a/Zotlabs/Module/Setup.php +++ b/Zotlabs/Module/Setup.php @@ -377,7 +377,7 @@ class Setup extends \Zotlabs\Web\Controller { if(version_compare(PHP_VERSION, '7.1') < 0) { $help .= t('PHP version 7.1 or greater is required.'); - $this->check_add($checks, t('PHP version'), false, false, $help); + $this->check_add($checks, t('PHP version'), false, true, $help); } if(strlen($phpath)) { diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 03275abbc..a19bdbedc 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -128,7 +128,7 @@ class Wfinger extends \Zotlabs\Web\Controller { 'http://webfinger.net/ns/name' => $r[0]['channel_name'], 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'], - 'http://purl.org/zot/federation' => 'zot' + 'http://purl.org/zot/federation' => 'zot,zot6' ]; foreach($aliases as $alias) diff --git a/boot.php b/boot.php index 6b342e5d6..5e653e20f 100755 --- a/boot.php +++ b/boot.php @@ -50,7 +50,7 @@ require_once('include/attach.php'); require_once('include/bbcode.php'); define ( 'PLATFORM_NAME', 'hubzilla' ); -define ( 'STD_VERSION', '4.0.2' ); +define ( 'STD_VERSION', '4.0.3' ); define ( 'ZOT_REVISION', '6.0a' ); define ( 'DB_UPDATE_VERSION', 1231 ); @@ -1507,12 +1507,13 @@ function fix_system_urls($oldurl, $newurl) { dbesc($rv['xchan_hash']) ); - $y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s'", + $y = q("update hubloc set hubloc_addr = '%s', hubloc_url = '%s', hubloc_id_url = '%s', hubloc_url_sig = '%s', hubloc_host = '%s', hubloc_callback = '%s' where hubloc_hash = '%s' and hubloc_url = '%s'", dbesc($channel_address . '@' . $rhs), dbesc($newurl), - dbesc(base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))), + dbesc(str_replace($oldurl,$newurl,$rv['hubloc_id_url'])), + dbesc(($rv['hubloc_network'] === 'zot6') ? \Zotlabs\Lib\Libzot::sign($newurl,$c[0]['channel_prvkey']) : base64url_encode(rsa_sign($newurl,$c[0]['channel_prvkey']))), dbesc($newhost), - dbesc($newurl . '/post'), + dbesc(($rv['hubloc_network'] === 'zot6') ? $newurl . '/zot' : $newurl . '/post'), dbesc($rv['xchan_hash']), dbesc($oldurl) ); diff --git a/include/channel.php b/include/channel.php index 654bbdb05..e4b6df47b 100644 --- a/include/channel.php +++ b/include/channel.php @@ -873,6 +873,13 @@ function identity_basic_export($channel_id, $sections = null) { $ret['abook'][$x]['abconfig'] = $abconfig; translate_abook_perms_outbound($ret['abook'][$x]); } + + // pick up the zot6 xchan and hublocs also + + if($ret['channel']['channel_portable_id']) { + $xchans[] = $ret['channel']['channel_portable_id']; + } + stringify_array_elms($xchans); } @@ -1812,13 +1819,16 @@ function zid_init() { call_hooks('zid_init', $arr); if(! local_channel()) { - $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc", dbesc($tmp_str) ); if(! $r) { Master::Summon(array('Gprobe',bin2hex($tmp_str))); } - if($r && remote_channel() && remote_channel() === $r[0]['hubloc_hash']) + if($r) { + $r = zot_record_preferred($r); + } + if($r && remote_channel() && remote_channel() === $r['hubloc_hash']) return; logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str); @@ -1826,8 +1836,8 @@ function zid_init() { $query = App::$query_string; $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $dest = '/' . $query; - if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); + if($r && ($r['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { + goaway($r['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); } else logger('No hubloc found.'); diff --git a/include/dba/dba_pdo.php b/include/dba/dba_pdo.php index 5002f53e7..ef8063428 100755 --- a/include/dba/dba_pdo.php +++ b/include/dba/dba_pdo.php @@ -161,23 +161,17 @@ class dba_pdo extends dba_driver { } function unescapebin($str) { - if($this->driver_dbtype === 'pgsql' && (! is_null($str))) { - $x = ''; - while(! feof($str)) { - $x .= fread($str,8192); + if($this->driver_dbtype === 'pgsql') { + if(gettype($str) === 'resource') { + $str = stream_get_contents($str); } - if(substr($x,0,2) === '\\x') { - $x = hex2bin(substr($x,2)); + if(substr($str,0,2) === '\\x') { + $str = hex2bin(substr($str,2)); } - return $x; - - } - else { - return $str; } + return $str; } - function getdriver() { return 'pdo'; } diff --git a/include/event.php b/include/event.php index fdb9e1415..77118c329 100644 --- a/include/event.php +++ b/include/event.php @@ -4,8 +4,11 @@ * @brief Event related functions. */ + use Sabre\VObject; +use Zotlabs\Lib\Activity; + use Ramsey\Uuid\Uuid; use Ramsey\Uuid\Exception\UnsatisfiedDependencyException; @@ -65,7 +68,7 @@ function format_event_html($ev) { } function format_event_obj($jobject) { - $event = array(); + $event = []; $object = json_decode($jobject,true); @@ -1046,6 +1049,7 @@ function event_store_item($arr, $event) { 'location' => $arr['location'], 'adjust' => $arr['adjust'], 'content' => format_event_bbcode($arr), + 'attachment' => Activity::encode_attachment($r[0]), 'author' => array( 'name' => $r[0]['xchan_name'], 'address' => $r[0]['xchan_addr'], @@ -1200,6 +1204,7 @@ function event_store_item($arr, $event) { 'location' => $arr['location'], 'adjust' => $arr['adjust'], 'content' => format_event_bbcode($arr), + 'attachment' => Activity::encode_attachment($item_arr), 'author' => array( 'name' => $x[0]['xchan_name'], 'address' => $x[0]['xchan_addr'], diff --git a/include/permissions.php b/include/permissions.php index 1dcd6accb..501b2cc77 100644 --- a/include/permissions.php +++ b/include/permissions.php @@ -157,7 +157,7 @@ function get_all_perms($uid, $observer_xchan, $check_siteblock = true, $default_ // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if($x && $x[0]['xchan_network'] === 'zot') { + if($x && in_array($x[0]['xchan_network'],[ 'zot','zot6'])) { $ret[$perm_name] = true; continue; } @@ -321,6 +321,14 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = dbesc($observer_xchan) ); if($y) { + + // This requires an explanation and the effects are subtle. + // The following line creates a fake connection, and this allows + // access tokens to have specific permissions even though they are + // not actual connections. + // The existence of this fake entry must be checked when dealing + // with connection related permissions. + $x = array(pseudo_abook($y[0])); } } @@ -349,6 +357,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return true; // If it's an unauthenticated observer, we only need to see if PERMS_PUBLIC is set + // We just did that. if(! $observer_xchan) { return false; @@ -357,7 +366,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = // If we're still here, we have an observer, check the network. if($channel_perm & PERMS_NETWORK) { - if (($x && $x[0]['xchan_network'] === 'zot') || ($y && $y[0]['xchan_network'] === 'zot')) + if ($x && in_array($x[0]['xchan_network'], ['zot','zot6'])) return true; } @@ -373,8 +382,7 @@ function perm_is_allowed($uid, $observer_xchan, $permission, $check_siteblock = return false; } - // From here on we require that the observer be a connection and - // handle whether we're allowing any, approved or specific ones + // From here on we require that the observer be a connection or pseudo connection if(! $x) { return false; diff --git a/include/zid.php b/include/zid.php index 0b12689ef..ed79de76a 100644 --- a/include/zid.php +++ b/include/zid.php @@ -1,5 +1,6 @@ $hubloc, - 'url' => \App::$query_string, + 'url' => App::$query_string, 'session' => $_SESSION ]; /** @@ -344,11 +356,11 @@ function owt_init($token) { */ call_hooks('magic_auth_success', $arr); - \App::set_observer($hubloc); + App::set_observer($hubloc); require_once('include/security.php'); - \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); if(! get_config('system', 'hide_owa_greeting')) - info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); + info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),App::get_hostname(), $hubloc['xchan_name'])); logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); } @@ -384,7 +396,9 @@ function observer_auth($ob_hash) { return; } - $hubloc = $r[0]; + // Note: this has no Libzot namespace so prefers zot over zot6 + + $hubloc = zot_record_preferred($r); $_SESSION['authenticated'] = 1; @@ -395,8 +409,8 @@ function observer_auth($ob_hash) { $_SESSION['remote_hub'] = $hubloc['hubloc_url']; $_SESSION['DNT'] = 1; - \App::set_observer($hubloc); + App::set_observer($hubloc); require_once('include/security.php'); - \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); } diff --git a/include/zot.php b/include/zot.php index 227d82a13..5ced4ee8c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -5270,3 +5270,25 @@ function zot_reply_notify($data) { $ret['success'] = true; json_return_and_die($ret); } + + +function zot_record_preferred($arr, $check = 'hubloc_network') { + + if(! $arr) { + return $arr; + } + + foreach($arr as $v) { + if($v[$check] === 'zot') { + return $v; + } + } + foreach($arr as $v) { + if($v[$check] === 'zot6') { + return $v; + } + } + + return $arr[0]; + +}