From 6e7f82bf42a0730082e4b040794835298e93f087 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 30 Nov 2023 11:43:48 +0100 Subject: [PATCH 01/20] Activity-Type based handlers (#551) * init * save source id * fix delete and add improve undo * test new functions * add support for threaded comments * some formatting * check if URL is no longer available ...and returns either status 410 or 404. * improve delete handler * improve update handler * `object` and `actor` are already required by the inbox endpoint * fix typo * simplify queries * cosmetics * fix unit tests * schedule delete comments of deleted actor (#575) * schedule delete comments of deleted actor * phpcs --------- Co-authored-by: Django Doucet * move `get_comments_by_actor` to interactions collection * consistent wording * implement Tombstone * fix follow issue * fix inbox-create * added missing namespace * check if field is set * Fix namespacing issue * update profile and update interaction * fields are already validated by inbox * optimize avatar handling --------- Co-authored-by: Django Co-authored-by: Django Doucet --- activitypub.php | 2 +- composer.json | 3 +- includes/activity/class-activity.php | 6 + includes/activity/class-base-object.php | 4 +- includes/class-activitypub.php | 84 ++++++- includes/class-handler.php | 33 +++ includes/class-http.php | 24 +- includes/collection/class-followers.php | 191 ++------------ includes/collection/class-interactions.php | 236 ++++++++++++++++++ includes/functions.php | 141 +++++++++++ includes/handler/class-create.php | 61 +++++ includes/handler/class-delete.php | 165 ++++++++++++ includes/handler/class-follow.php | 81 ++++++ includes/handler/class-undo.php | 31 +++ includes/handler/class-update.php | 89 +++++++ includes/rest/class-inbox.php | 179 ++----------- includes/rest/class-server.php | 20 +- tests/test-class-activitypub-activity.php | 19 ++ .../test-class-activitypub-create-handler.php | 70 ++++++ ...p => test-class-activitypub-followers.php} | 2 +- tests/test-class-activitypub-interactions.php | 130 ++++++++++ tests/test-class-activitypub-rest-inbox.php | 2 +- tests/test-functions.php | 71 ++++++ 23 files changed, 1290 insertions(+), 354 deletions(-) create mode 100644 includes/class-handler.php create mode 100644 includes/collection/class-interactions.php create mode 100644 includes/handler/class-create.php create mode 100644 includes/handler/class-delete.php create mode 100644 includes/handler/class-follow.php create mode 100644 includes/handler/class-undo.php create mode 100644 includes/handler/class-update.php create mode 100644 tests/test-class-activitypub-create-handler.php rename tests/{test-class-db-activitypub-followers.php => test-class-activitypub-followers.php} (99%) create mode 100644 tests/test-class-activitypub-interactions.php diff --git a/activitypub.php b/activitypub.php index 55b8977..f109266 100644 --- a/activitypub.php +++ b/activitypub.php @@ -66,7 +66,7 @@ function plugin_init() { \add_action( 'init', array( __NAMESPACE__ . '\Migration', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Activitypub', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Activity_Dispatcher', 'init' ) ); - \add_action( 'init', array( __NAMESPACE__ . '\Collection\Followers', 'init' ) ); + \add_action( 'init', array( __NAMESPACE__ . '\Handler', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Admin', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Hashtag', 'init' ) ); \add_action( 'init', array( __NAMESPACE__ . '\Mention', 'init' ) ); diff --git a/composer.json b/composer.json index 054226f..746f86f 100644 --- a/composer.json +++ b/composer.json @@ -15,7 +15,8 @@ "yoast/phpunit-polyfills": "^2.0", "dealerdirect/phpcodesniffer-composer-installer": "^1.0.0", "sirbrillig/phpcs-variable-analysis": "^2.11", - "phpcsstandards/phpcsextra": "^1.1.0" + "phpcsstandards/phpcsextra": "^1.1.0", + "dms/phpunit-arraysubset-asserts": "^0.4.0" }, "config": { "allow-plugins": true diff --git a/includes/activity/class-activity.php b/includes/activity/class-activity.php index 6c59866..96ee095 100644 --- a/includes/activity/class-activity.php +++ b/includes/activity/class-activity.php @@ -194,6 +194,12 @@ class Activity extends Base_Object { * @return void */ public function set_object( $object ) { + // convert array to object + if ( is_array( $object ) ) { + $object = Base_Object::init_from_array( $object ); + } + + // set object $this->set( 'object', $object ); if ( ! is_object( $object ) ) { diff --git a/includes/activity/class-base-object.php b/includes/activity/class-base-object.php index a75ed16..b73c621 100644 --- a/includes/activity/class-base-object.php +++ b/includes/activity/class-base-object.php @@ -585,7 +585,7 @@ class Base_Object { foreach ( $array as $key => $value ) { $key = camel_to_snake_case( $key ); - $object->set( $key, $value ); + call_user_func( array( $object, 'set_' . $key ), $value ); } return $object; @@ -611,7 +611,7 @@ class Base_Object { foreach ( $array as $key => $value ) { if ( $value ) { $key = camel_to_snake_case( $key ); - $this->set( $key, $value ); + call_user_func( array( $this, 'set_' . $key ), $value ); } } } diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php index 24228f4..6f654c5 100644 --- a/includes/class-activitypub.php +++ b/includes/class-activitypub.php @@ -1,8 +1,12 @@ array( + 'name' => _x( 'Followers', 'post_type plural name', 'activitypub' ), + 'singular_name' => _x( 'Follower', 'post_type single name', 'activitypub' ), + ), + 'public' => false, + 'hierarchical' => false, + 'rewrite' => false, + 'query_var' => false, + 'delete_with_user' => false, + 'can_export' => true, + 'supports' => array(), + ) + ); + + register_post_meta( + Followers::POST_TYPE, + 'activitypub_inbox', + array( + 'type' => 'string', + 'single' => true, + 'sanitize_callback' => 'sanitize_url', + ) + ); + + register_post_meta( + Followers::POST_TYPE, + 'activitypub_errors', + array( + 'type' => 'string', + 'single' => false, + 'sanitize_callback' => function( $value ) { + if ( ! is_string( $value ) ) { + throw new Exception( 'Error message is no valid string' ); + } + + return esc_sql( $value ); + }, + ) + ); + + register_post_meta( + Followers::POST_TYPE, + 'activitypub_user_id', + array( + 'type' => 'string', + 'single' => false, + 'sanitize_callback' => function( $value ) { + return esc_sql( $value ); + }, + ) + ); + + register_post_meta( + Followers::POST_TYPE, + 'activitypub_actor_json', + array( + 'type' => 'string', + 'single' => true, + 'sanitize_callback' => function( $value ) { + return sanitize_text_field( $value ); + }, + ) + ); + + do_action( 'activitypub_after_register_post_type' ); + } } diff --git a/includes/class-handler.php b/includes/class-handler.php new file mode 100644 index 0000000..fcabd63 --- /dev/null +++ b/includes/class-handler.php @@ -0,0 +1,33 @@ + array( - 'name' => _x( 'Followers', 'post_type plural name', 'activitypub' ), - 'singular_name' => _x( 'Follower', 'post_type single name', 'activitypub' ), - ), - 'public' => false, - 'hierarchical' => false, - 'rewrite' => false, - 'query_var' => false, - 'delete_with_user' => false, - 'can_export' => true, - 'supports' => array(), - ) - ); - - register_post_meta( - self::POST_TYPE, - 'activitypub_inbox', - array( - 'type' => 'string', - 'single' => true, - 'sanitize_callback' => array( self::class, 'sanitize_url' ), - ) - ); - - register_post_meta( - self::POST_TYPE, - 'activitypub_errors', - array( - 'type' => 'string', - 'single' => false, - 'sanitize_callback' => function( $value ) { - if ( ! is_string( $value ) ) { - throw new Exception( 'Error message is no valid string' ); - } - - return esc_sql( $value ); - }, - ) - ); - - register_post_meta( - self::POST_TYPE, - 'activitypub_user_id', - array( - 'type' => 'string', - 'single' => false, - 'sanitize_callback' => function( $value ) { - return esc_sql( $value ); - }, - ) - ); - - register_post_meta( - self::POST_TYPE, - 'activitypub_actor_json', - array( - 'type' => 'string', - 'single' => true, - 'sanitize_callback' => function( $value ) { - return sanitize_text_field( $value ); - }, - ) - ); - - do_action( 'activitypub_after_register_post_type' ); - } - - public static function sanitize_url( $value ) { - if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) { - return null; - } - - return esc_url_raw( $value ); - } - - /** - * Handle the "Follow" Request - * - * @param array $object The JSON "Follow" Activity - * @param int $user_id The ID of the ID of the WordPress User - * - * @return void - */ - public static function handle_follow_request( $object, $user_id ) { - // save follower - $follower = self::add_follower( $user_id, $object['actor'] ); - - do_action( 'activitypub_followers_post_follow', $object['actor'], $object, $user_id, $follower ); - } - - /** - * Handle "Unfollow" requests - * - * @param array $object The JSON "Undo" Activity - * @param int $user_id The ID of the ID of the WordPress User - */ - public static function handle_undo_request( $object, $user_id ) { - if ( - isset( $object['object'] ) && - isset( $object['object']['type'] ) && - 'Follow' === $object['object']['type'] - ) { - self::remove_follower( $user_id, $object['actor'] ); - } - } - /** * Add new Follower * @@ -214,16 +80,17 @@ class Followers { } /** - * Get a Follower + * Get a Follower. * * @param int $user_id The ID of the WordPress User * @param string $actor The Actor URL * - * @return \Activitypub\Model\Follower The Follower object + * @return \Activitypub\Model\Follower|null The Follower object or null */ public static function get_follower( $user_id, $actor ) { global $wpdb; + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching $post_id = $wpdb->get_var( $wpdb->prepare( "SELECT DISTINCT p.ID FROM $wpdb->posts p INNER JOIN $wpdb->postmeta pm ON p.ID = pm.post_id WHERE p.post_type = %s AND pm.meta_key = 'activitypub_user_id' AND pm.meta_value = %d AND p.guid = %s", @@ -244,51 +111,29 @@ class Followers { } /** - * Send Accept response + * Get a Follower by Actor indepenent from the User. * - * @param string $actor The Actor URL - * @param array $object The Activity object - * @param int $user_id The ID of the WordPress User - * @param Activitypub\Model\Follower $follower The Follower object + * @param string $actor The Actor URL. * - * @return void + * @return \Activitypub\Model\Follower|null The Follower object or null */ - public static function send_follow_response( $actor, $object, $user_id, $follower ) { - if ( is_wp_error( $follower ) ) { - // it is not even possible to send a "Reject" because - // we can not get the Remote-Inbox - return; - } + public static function get_follower_by_actor( $actor ) { + global $wpdb; - // only send minimal data - $object = array_intersect_key( - $object, - array_flip( - array( - 'id', - 'type', - 'actor', - 'object', - ) + // phpcs:ignore WordPress.DB.DirectDatabaseQuery.DirectQuery, WordPress.DB.DirectDatabaseQuery.NoCaching + $post_id = $wpdb->get_var( + $wpdb->prepare( + "SELECT ID FROM $wpdb->posts WHERE guid=%s", + esc_sql( $actor ) ) ); - $user = Users::get_by_id( $user_id ); + if ( $post_id ) { + $post = get_post( $post_id ); + return Follower::init_from_cpt( $post ); + } - // get inbox - $inbox = $follower->get_shared_inbox(); - - // send "Accept" activity - $activity = new Activity(); - $activity->set_type( 'Accept' ); - $activity->set_object( $object ); - $activity->set_actor( $user->get_id() ); - $activity->set_to( $actor ); - $activity->set_id( $user->get_id() . '#follow-' . \preg_replace( '~^https?://~', '', $actor ) . '-' . \time() ); - - $activity = $activity->to_json(); - - Http::post( $inbox, $activity, $user_id ); + return null; } /** diff --git a/includes/collection/class-interactions.php b/includes/collection/class-interactions.php new file mode 100644 index 0000000..82636b5 --- /dev/null +++ b/includes/collection/class-interactions.php @@ -0,0 +1,236 @@ +comment_post_ID; + } + + // not a reply to a post or comment + if ( ! $comment_post_id ) { + return false; + } + + $meta = get_remote_metadata_by_actor( $activity['actor'] ); + + if ( ! $meta || \is_wp_error( $meta ) ) { + return false; + } + + $commentdata = array( + 'comment_post_ID' => $comment_post_id, + 'comment_author' => \esc_attr( $meta['name'] ), + 'comment_author_url' => \esc_url_raw( $meta['url'] ), + 'comment_content' => \addslashes( \wp_kses( $activity['object']['content'], 'pre_comment_content' ) ), + 'comment_type' => 'comment', + 'comment_author_email' => '', + 'comment_parent' => $parent_comment ? $parent_comment->comment_ID : 0, + 'comment_meta' => array( + 'source_id' => \esc_url_raw( $activity['object']['id'] ), + 'source_url' => \esc_url_raw( $activity['object']['url'] ), + 'protocol' => 'activitypub', + ), + ); + + if ( isset( $meta['icon']['url'] ) ) { + $commentdata['comment_meta']['avatar_url'] = \esc_url_raw( $meta['icon']['url'] ); + } + + // disable flood control + \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); + + // do not require email for AP entries + \add_filter( 'pre_option_require_name_email', '__return_false' ); + // No nonce possible for this submission route + \add_filter( + 'akismet_comment_nonce', + function() { + return 'inactive'; + } + ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); + + $comment = \wp_new_comment( $commentdata, true ); + + \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); + \remove_filter( 'pre_option_require_name_email', '__return_false' ); + + // re-add flood control + \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); + + return $comment; + } + + /** + * Update a comment + * + * @param array $activity The activity-object + * + * @return array|false The commentdata or false on failure + */ + public static function update_comment( $activity ) { + $meta = get_remote_metadata_by_actor( $activity['actor'] ); + + //Determine comment_ID + $object_comment_id = url_to_commentid( \esc_url_raw( $activity['object']['id'] ) ); + + if ( ! $object_comment_id ) { + return false; + } + + //found a local comment id + $commentdata = \get_comment( $object_comment_id, ARRAY_A ); + $commentdata['comment_author'] = \esc_attr( $meta['name'] ? $meta['name'] : $meta['preferredUsername'] ); + $commentdata['comment_content'] = \addslashes( \wp_kses( $activity['object']['content'], 'pre_comment_content' ) ); + if ( isset( $meta['icon']['url'] ) ) { + $commentdata['comment_meta']['avatar_url'] = \esc_url_raw( $meta['icon']['url'] ); + } + + // disable flood control + \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); + + // do not require email for AP entries + \add_filter( 'pre_option_require_name_email', '__return_false' ); + // No nonce possible for this submission route + \add_filter( + 'akismet_comment_nonce', + function() { + return 'inactive'; + } + ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); + + $comment = \wp_update_comment( $commentdata, true ); + + \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); + \remove_filter( 'pre_option_require_name_email', '__return_false' ); + + // re-add flood control + \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); + + return $comment; + } + + /** + * Get interaction(s) for a given URL/ID. + * + * @param strin $url The URL/ID to get interactions for. + * + * @return array The interactions as WP_Comment objects. + */ + public static function get_interaction_by_id( $url ) { + $args = array( + // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query + 'meta_query' => array( + 'relation' => 'AND', + array( + 'key' => 'protocol', + 'value' => 'activitypub', + ), + array( + 'relation' => 'OR', + array( + 'key' => 'source_url', + 'value' => $url, + ), + array( + 'key' => 'source_id', + 'value' => $url, + ), + ), + ), + ); + + $query = new WP_Comment_Query( $args ); + return $query->comments; + } + + /** + * Get interaction(s) for a given actor. + * + * @param string $actor The Actor-URL. + * + * @return array The interactions as WP_Comment objects. + */ + public static function get_interactions_by_actor( $actor ) { + $meta = get_remote_metadata_by_actor( $actor ); + + // get URL, because $actor seems to be the ID + if ( $meta && ! is_wp_error( $meta ) && isset( $meta['url'] ) ) { + $actor = $meta['url']; + } + + $args = array( + 'author_url' => $actor, + // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query + 'meta_query' => array( + array( + 'key' => 'protocol', + 'value' => 'activitypub', + 'compare' => '=', + ), + ), + ); + $comment_query = new WP_Comment_Query( $args ); + return $comment_query->comments; + } + + /** + * Adds line breaks to the list of allowed comment tags. + * + * @param array $allowedtags Allowed HTML tags. + * @param string $context Context. + * @return array Filtered tag list. + */ + public static function allowed_comment_html( $allowedtags, $context = '' ) { + if ( 'pre_comment_content' !== $context ) { + // Do nothing. + return $allowedtags; + } + + // Add `p` and `br` to the list of allowed tags. + if ( ! array_key_exists( 'br', $allowedtags ) ) { + $allowedtags['br'] = array(); + } + + if ( ! array_key_exists( 'p', $allowedtags ) ) { + $allowedtags['p'] = array(); + } + + return $allowedtags; + } +} diff --git a/includes/functions.php b/includes/functions.php index f9d602f..9b2c64d 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -2,6 +2,7 @@ namespace Activitypub; use WP_Error; +use WP_Comment_Query; use Activitypub\Http; use Activitypub\Activity\Activity; use Activitypub\Collection\Followers; @@ -486,6 +487,81 @@ function is_blog_public() { return (bool) apply_filters( 'activitypub_is_blog_public', \get_option( 'blog_public', 1 ) ); } +/** + * Sanitize a URL + * + * @param string $value The URL to sanitize + * + * @return string|null The sanitized URL or null if invalid + */ +function sanitize_url( $value ) { + if ( filter_var( $value, FILTER_VALIDATE_URL ) === false ) { + return null; + } + + return esc_url_raw( $value ); +} + +/** + * Extract recipient URLs from Activity object + * + * @param array $data + * + * @return array The list of user URLs + */ +function extract_recipients_from_activity( $data ) { + $recipient_items = array(); + + foreach ( array( 'to', 'bto', 'cc', 'bcc', 'audience' ) as $i ) { + if ( array_key_exists( $i, $data ) ) { + if ( is_array( $data[ $i ] ) ) { + $recipient = $data[ $i ]; + } else { + $recipient = array( $data[ $i ] ); + } + $recipient_items = array_merge( $recipient_items, $recipient ); + } + + if ( is_array( $data['object'] ) && array_key_exists( $i, $data['object'] ) ) { + if ( is_array( $data['object'][ $i ] ) ) { + $recipient = $data['object'][ $i ]; + } else { + $recipient = array( $data['object'][ $i ] ); + } + $recipient_items = array_merge( $recipient_items, $recipient ); + } + } + + $recipients = array(); + + // flatten array + foreach ( $recipient_items as $recipient ) { + if ( is_array( $recipient ) ) { + // check if recipient is an object + if ( array_key_exists( 'id', $recipient ) ) { + $recipients[] = $recipient['id']; + } + } else { + $recipients[] = $recipient; + } + } + + return array_unique( $recipients ); +} + +/** + * Check if passed Activity is Public + * + * @param array $data The Activity object as array + * + * @return boolean True if public, false if not + */ +function is_activity_public( $data ) { + $recipients = extract_recipients_from_activity( $data ); + + return in_array( 'https://www.w3.org/ns/activitystreams#Public', $recipients, true ); +} + /** * Get active users based on a given duration * @@ -557,3 +633,68 @@ function get_total_users() { return $users + 1; } + +/** + * Examine a comment ID and look up an existing comment it represents. + * + * @param string $id ActivityPub object ID (usually a URL) to check. + * + * @return int|boolean Comment ID, or false on failure. + */ +function object_id_to_comment( $id ) { + $comment_query = new WP_Comment_Query( + array( + 'meta_key' => 'source_id', // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_key + 'meta_value' => $id, // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_value + ) + ); + + if ( ! $comment_query->comments ) { + return false; + } + + if ( count( $comment_query->comments ) > 1 ) { + return false; + } + + return $comment_query->comments[0]; +} + +/** + * Verify if URL is a local comment, + * Or if it is a previously received remote comment + * (For threading comments locally) + * + * @param string $url The URL to check. + * + * @return int comment_ID or null if not found + */ +function url_to_commentid( $url ) { + if ( ! $url || ! filter_var( $url, FILTER_VALIDATE_URL ) ) { + return null; + } + + $args = array( + // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query + 'meta_query' => array( + 'relation' => 'OR', + array( + 'key' => 'source_url', + 'value' => $url, + ), + array( + 'key' => 'source_id', + 'value' => $url, + ), + ), + ); + + $query = new \WP_Comment_Query(); + $comments = $query->query( $args ); + + if ( $comments && is_array( $comments ) ) { + return $comments[0]->comment_ID; + } + + return null; +} diff --git a/includes/handler/class-create.php b/includes/handler/class-create.php new file mode 100644 index 0000000..2e5d76a --- /dev/null +++ b/includes/handler/class-create.php @@ -0,0 +1,61 @@ +delete(); + } + } + + /** + * Delete Reactions if Actor-URL is a Tombstone. + * + * @param array $activity The delete activity. + */ + public static function maybe_delete_interactions( $activity ) { + // verify if Actor is deleted. + if ( Http::is_tombstone( $activity['actor'] ) ) { + \wp_schedule_single_event( + \time(), + 'activitypub_delete_actor_interactions', + array( $activity['actor'] ) + ); + } + } + + /** + * Delete comments from an Actor. + * + * @param array $comments The comments to delete. + */ + public static function delete_interactions( $actor ) { + $comments = Interactions::get_interactions_by_actor( $actor ); + + if ( is_array( $comments ) ) { + foreach ( $comments as $comment ) { + wp_delete_comment( $comment->comment_ID ); + } + } + } + + /** + * Delete a Reaction if URL is a Tombstone. + * + * @param array $activity The delete activity. + * + * @return void + */ + public static function maybe_delete_interaction( $activity ) { + if ( is_array( $activity['object'] ) ) { + $id = $activity['object']['id']; + } else { + $id = $activity['object']; + } + + $comments = Interactions::get_interaction_by_id( $id ); + + if ( $comments && Http::is_tombstone( $id ) ) { + foreach ( $comments as $comment ) { + wp_delete_comment( $comment->comment_ID, true ); + } + } + } + + /** + * Defer signature verification for `Delete` requests. + * + * @param bool $defer Whether to defer signature verification. + * @param WP_REST_Request $request The request object. + * + * @return bool Whether to defer signature verification. + */ + public static function defer_signature_verification( $defer, $request ) { + $json = $request->get_json_params(); + + if ( isset( $json['type'] ) && 'Delete' === $json['type'] ) { + return true; + } + + return false; + } +} diff --git a/includes/handler/class-follow.php b/includes/handler/class-follow.php new file mode 100644 index 0000000..6855dbd --- /dev/null +++ b/includes/handler/class-follow.php @@ -0,0 +1,81 @@ +get_shared_inbox(); + + // send "Accept" activity + $activity = new Activity(); + $activity->set_type( 'Accept' ); + $activity->set_object( $object ); + $activity->set_actor( $user->get_id() ); + $activity->set_to( $actor ); + $activity->set_id( $user->get_id() . '#follow-' . \preg_replace( '~^https?://~', '', $actor ) . '-' . \time() ); + + $activity = $activity->to_json(); + + Http::post( $inbox, $activity, $user_id ); + } +} diff --git a/includes/handler/class-undo.php b/includes/handler/class-undo.php new file mode 100644 index 0000000..13c06f3 --- /dev/null +++ b/includes/handler/class-undo.php @@ -0,0 +1,31 @@ +get_json_params(); - $type = $request->get_param( 'type' ); - $type = \strtolower( $type ); + $data = $request->get_json_params(); + $activity = Activity::init_from_array( $data ); + $type = $request->get_param( 'type' ); + $type = \strtolower( $type ); - \do_action( 'activitypub_inbox', $data, $user->get__id(), $type ); - \do_action( "activitypub_inbox_{$type}", $data, $user->get__id() ); + \do_action( 'activitypub_inbox', $data, $user->get__id(), $type, $activity ); + \do_action( "activitypub_inbox_{$type}", $data, $user->get__id(), $activity ); $rest_response = new WP_REST_Response( array(), 202 ); $rest_response->header( 'Content-Type', 'application/activity+json; charset=' . get_option( 'blog_charset' ) ); @@ -151,9 +151,10 @@ class Inbox { * @return WP_REST_Response */ public static function shared_inbox_post( $request ) { - $data = $request->get_json_params(); - $type = $request->get_param( 'type' ); - $users = self::extract_recipients( $data ); + $data = $request->get_json_params(); + $activity = Activity::init_from_array( $data ); + $type = $request->get_param( 'type' ); + $users = self::get_recipients( $data ); if ( ! $users ) { return new WP_Error( @@ -181,8 +182,8 @@ class Inbox { $type = \strtolower( $type ); - \do_action( 'activitypub_inbox', $data, $user->ID, $type ); - \do_action( "activitypub_inbox_{$type}", $data, $user->ID ); + \do_action( 'activitypub_inbox', $data, $user->ID, $type, $activity ); + \do_action( "activitypub_inbox_{$type}", $data, $user->ID, $activity ); } $rest_response = new WP_REST_Response( array(), 202 ); @@ -340,121 +341,6 @@ class Inbox { return $params; } - /** - * Handles "Create" requests - * - * @param array $object The activity-object - * @param int $user_id The id of the local blog-user - */ - public static function handle_create( $object, $user_id ) { - $meta = get_remote_metadata_by_actor( $object['actor'] ); - - if ( ! isset( $object['object']['inReplyTo'] ) ) { - return; - } - - // check if Activity is public or not - if ( ! self::is_activity_public( $object ) ) { - // @todo maybe send email - return; - } - - $comment_post_id = \url_to_postid( $object['object']['inReplyTo'] ); - - // save only replys and reactions - if ( ! $comment_post_id ) { - return false; - } - - $commentdata = array( - 'comment_post_ID' => $comment_post_id, - 'comment_author' => \esc_attr( $meta['name'] ), - 'comment_author_url' => \esc_url_raw( $object['actor'] ), - 'comment_content' => addslashes( \wp_kses( $object['object']['content'], 'pre_comment_content' ) ), - 'comment_type' => 'comment', - 'comment_author_email' => '', - 'comment_parent' => 0, - 'comment_meta' => array( - 'source_url' => \esc_url_raw( $object['object']['url'] ), - 'avatar_url' => \esc_url_raw( $meta['icon']['url'] ), - 'protocol' => 'activitypub', - ), - ); - - // disable flood control - \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); - - // do not require email for AP entries - \add_filter( 'pre_option_require_name_email', '__return_false' ); - - // No nonce possible for this submission route - \add_filter( - 'akismet_comment_nonce', - function() { - return 'inactive'; - } - ); - - \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); - - $state = \wp_new_comment( $commentdata, true ); - - \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ) ); - \remove_filter( 'pre_option_require_name_email', '__return_false' ); - - // re-add flood control - \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); - - do_action( 'activitypub_handled_create', $object, $user_id, $state, $commentdata ); - } - - /** - * Extract recipient URLs from Activity object - * - * @param array $data - * - * @return array The list of user URLs - */ - public static function extract_recipients( $data ) { - $recipient_items = array(); - - foreach ( array( 'to', 'bto', 'cc', 'bcc', 'audience' ) as $i ) { - if ( array_key_exists( $i, $data ) ) { - if ( is_array( $data[ $i ] ) ) { - $recipient = $data[ $i ]; - } else { - $recipient = array( $data[ $i ] ); - } - $recipient_items = array_merge( $recipient_items, $recipient ); - } - - if ( is_array( $data['object'] ) && array_key_exists( $i, $data['object'] ) ) { - if ( is_array( $data['object'][ $i ] ) ) { - $recipient = $data['object'][ $i ]; - } else { - $recipient = array( $data['object'][ $i ] ); - } - $recipient_items = array_merge( $recipient_items, $recipient ); - } - } - - $recipients = array(); - - // flatten array - foreach ( $recipient_items as $recipient ) { - if ( is_array( $recipient ) ) { - // check if recipient is an object - if ( array_key_exists( 'id', $recipient ) ) { - $recipients[] = $recipient['id']; - } - } else { - $recipients[] = $recipient; - } - } - - return array_unique( $recipients ); - } - /** * Get local user recipients * @@ -463,7 +349,7 @@ class Inbox { * @return array The list of local users */ public static function get_recipients( $data ) { - $recipients = self::extract_recipients( $data ); + $recipients = extract_recipients_from_activity( $data ); $users = array(); foreach ( $recipients as $recipient ) { @@ -478,41 +364,4 @@ class Inbox { return $users; } - - /** - * Check if passed Activity is Public - * - * @param array $data - * @return boolean - */ - public static function is_activity_public( $data ) { - $recipients = self::extract_recipients( $data ); - - return in_array( 'https://www.w3.org/ns/activitystreams#Public', $recipients, true ); - } - - /** - * Adds line breaks to the list of allowed comment tags. - * - * @param array $allowedtags Allowed HTML tags. - * @param string $context Context. - * @return array Filtered tag list. - */ - public static function allowed_comment_html( $allowedtags, $context = '' ) { - if ( 'pre_comment_content' !== $context ) { - // Do nothing. - return $allowedtags; - } - - // Add `p` and `br` to the list of allowed tags. - if ( ! array_key_exists( 'br', $allowedtags ) ) { - $allowedtags['br'] = array(); - } - - if ( ! array_key_exists( 'p', $allowedtags ) ) { - $allowedtags['p'] = array(); - } - - return $allowedtags; - } } diff --git a/includes/rest/class-server.php b/includes/rest/class-server.php index bf89038..1bad5a7 100644 --- a/includes/rest/class-server.php +++ b/includes/rest/class-server.php @@ -110,14 +110,20 @@ class Server { if ( 'GET' !== $request->get_method() ) { $verified_request = Signature::verify_http_signature( $request ); if ( \is_wp_error( $verified_request ) ) { - return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) ); + return new WP_Error( + 'activitypub_signature_verification', + $verified_request->get_error_message(), + array( 'status' => 401 ) + ); } - } elseif ( 'GET' === $request->get_method() ) { // GET-Requests are only signed in secure mode - if ( ACTIVITYPUB_AUTHORIZED_FETCH ) { - $verified_request = Signature::verify_http_signature( $request ); - if ( \is_wp_error( $verified_request ) ) { - return new WP_Error( 'activitypub_signature_verification', $verified_request->get_error_message(), array( 'status' => 401 ) ); - } + } elseif ( 'GET' === $request->get_method() && ACTIVITYPUB_AUTHORIZED_FETCH ) { // GET-Requests are only signed in secure mode + $verified_request = Signature::verify_http_signature( $request ); + if ( \is_wp_error( $verified_request ) ) { + return new WP_Error( + 'activitypub_signature_verification', + $verified_request->get_error_message(), + array( 'status' => 401 ) + ); } } diff --git a/tests/test-class-activitypub-activity.php b/tests/test-class-activitypub-activity.php index ba9f5a2..6ee078e 100644 --- a/tests/test-class-activitypub-activity.php +++ b/tests/test-class-activitypub-activity.php @@ -1,4 +1,6 @@ assertEquals( 'Hello world!', $object->get_content() ); $this->assertEquals( $test_array, $object->to_array() ); } + + public function test_activity_object() { + $test_array = array( + 'id' => 'https://example.com/post/123', + 'type' => 'Create', + 'object' => array( + 'id' => 'https://example.com/post/123/activity', + 'type' => 'Note', + 'content' => 'Hello world!', + ), + ); + + $activity = \Activitypub\Activity\Activity::init_from_array( $test_array ); + + $this->assertEquals( 'Hello world!', $activity->get_object()->get_content() ); + Assert::assertArraySubset( $test_array, $activity->to_array() ); + } } diff --git a/tests/test-class-activitypub-create-handler.php b/tests/test-class-activitypub-create-handler.php new file mode 100644 index 0000000..95c5025 --- /dev/null +++ b/tests/test-class-activitypub-create-handler.php @@ -0,0 +1,70 @@ +user_id = 1; + $authordata = \get_userdata( $this->user_id ); + $this->user_url = $authordata->user_url; + + $this->post_id = \wp_insert_post( + array( + 'post_author' => $this->user_id, + 'post_content' => 'test', + ) + ); + $this->post_permalink = \get_permalink( $this->post_id ); + + \add_filter( 'pre_get_remote_metadata_by_actor', array( '\Test_Activitypub_Create_Handler', 'get_remote_metadata_by_actor' ), 0, 2 ); + } + + public static function get_remote_metadata_by_actor( $value, $actor ) { + return array( + 'name' => 'Example User', + 'icon' => array( + 'url' => 'https://example.com/icon', + ), + 'url' => $actor, + 'id' => 'http://example.org/users/example', + ); + } + + public function create_test_object( $id = 'https://example.com/123' ) { + return array( + 'actor' => $this->user_url, + 'id' => 'https://example.com/id/' . microtime( true ), + 'to' => [ $this->user_url ], + 'cc' => [ 'https://www.w3.org/ns/activitystreams#Public' ], + 'object' => array( + 'id' => $id, + 'url' => 'https://example.com/example', + 'inReplyTo' => $this->post_permalink, + 'content' => 'example', + ), + ); + } + + public function test_handle_create_object_unset_rejected() { + $object = $this->create_test_object(); + unset( $object['object'] ); + $converted = Activitypub\Handler\Create::handle_create( $object, $this->user_id ); + $this->assertNull( $converted ); + } + + public function test_handle_create_non_public_rejected() { + $object = $this->create_test_object(); + $object['cc'] = []; + $converted = Activitypub\Handler\Create::handle_create( $object, $this->user_id ); + $this->assertNull( $converted ); + } + + public function test_handle_create_no_id_rejected() { + $object = $this->create_test_object(); + unset( $object['object']['id'] ); + $converted = Activitypub\Handler\Create::handle_create( $object, $this->user_id ); + $this->assertNull( $converted ); + } +} diff --git a/tests/test-class-db-activitypub-followers.php b/tests/test-class-activitypub-followers.php similarity index 99% rename from tests/test-class-db-activitypub-followers.php rename to tests/test-class-activitypub-followers.php index 8fc0068..8b00d19 100644 --- a/tests/test-class-db-activitypub-followers.php +++ b/tests/test-class-activitypub-followers.php @@ -1,5 +1,5 @@ array( 'id' => 'https://example.org/users/username', diff --git a/tests/test-class-activitypub-interactions.php b/tests/test-class-activitypub-interactions.php new file mode 100644 index 0000000..7602908 --- /dev/null +++ b/tests/test-class-activitypub-interactions.php @@ -0,0 +1,130 @@ +user_id = 1; + $authordata = \get_userdata( $this->user_id ); + $this->user_url = $authordata->user_url; + + $this->post_id = \wp_insert_post( + array( + 'post_author' => $this->user_id, + 'post_content' => 'test', + ) + ); + $this->post_permalink = \get_permalink( $this->post_id ); + + \add_filter( 'pre_get_remote_metadata_by_actor', array( '\Test_Activitypub_Interactions', 'get_remote_metadata_by_actor' ), 0, 2 ); + } + + public static function get_remote_metadata_by_actor( $value, $actor ) { + return array( + 'name' => 'Example User', + 'icon' => array( + 'url' => 'https://example.com/icon', + ), + 'url' => $actor, + 'id' => 'http://example.org/users/example', + ); + } + + public function create_test_object( $id = 'https://example.com/123' ) { + return array( + 'actor' => $this->user_url, + 'id' => 'https://example.com/id/' . microtime( true ), + 'to' => [ $this->user_url ], + 'cc' => [ 'https://www.w3.org/ns/activitystreams#Public' ], + 'object' => array( + 'id' => $id, + 'url' => 'https://example.com/example', + 'inReplyTo' => $this->post_permalink, + 'content' => 'example', + ), + ); + } + + public function test_handle_create_basic() { + $comment_id = Activitypub\Collection\Interactions::add_comment( $this->create_test_object() ); + $comment = get_comment( $comment_id, ARRAY_A ); + + $this->assertIsArray( $comment ); + $this->assertEquals( $this->post_id, $comment['comment_post_ID'] ); + $this->assertEquals( 'Example User', $comment['comment_author'] ); + $this->assertEquals( $this->user_url, $comment['comment_author_url'] ); + $this->assertEquals( 'example', $comment['comment_content'] ); + $this->assertEquals( 'comment', $comment['comment_type'] ); + $this->assertEquals( '', $comment['comment_author_email'] ); + $this->assertEquals( 0, $comment['comment_parent'] ); + $this->assertEquals( 'https://example.com/123', get_comment_meta( $comment_id, 'source_id', true ) ); + $this->assertEquals( 'https://example.com/example', get_comment_meta( $comment_id, 'source_url', true ) ); + $this->assertEquals( 'https://example.com/icon', get_comment_meta( $comment_id, 'avatar_url', true ) ); + $this->assertEquals( 'activitypub', get_comment_meta( $comment_id, 'protocol', true ) ); + } + + public function test_convert_object_to_comment_not_reply_rejected() { + $object = $this->create_test_object(); + unset( $object['object']['inReplyTo'] ); + $converted = Activitypub\Collection\Interactions::add_comment( $object ); + $this->assertFalse( $converted ); + } + + public function test_convert_object_to_comment_already_exists_rejected() { + $object = $this->create_test_object( 'https://example.com/test_convert_object_to_comment_already_exists_rejected' ); + Activitypub\Collection\Interactions::add_comment( $object ); + $converted = Activitypub\Collection\Interactions::add_comment( $object ); + $this->assertEquals( $converted->get_error_code(), 'comment_duplicate' ); + } + + public function test_convert_object_to_comment_reply_to_comment() { + $id = 'https://example.com/test_convert_object_to_comment_reply_to_comment'; + $object = $this->create_test_object( $id ); + Activitypub\Collection\Interactions::add_comment( $object ); + $comment = \Activitypub\object_id_to_comment( $id ); + + $object['object']['inReplyTo'] = $id; + $object['object']['id'] = 'https://example.com/234'; + $id = Activitypub\Collection\Interactions::add_comment( $object ); + $converted = get_comment( $id, ARRAY_A ); + + $this->assertIsArray( $converted ); + $this->assertEquals( $this->post_id, $converted['comment_post_ID'] ); + $this->assertEquals( $comment->comment_ID, $converted['comment_parent'] ); + } + + public function test_convert_object_to_comment_reply_to_non_existent_comment_rejected() { + $object = $this->create_test_object(); + $object['object']['inReplyTo'] = 'https://example.com/not_found'; + $converted = Activitypub\Collection\Interactions::add_comment( $object ); + $this->assertFalse( $converted ); + } + + public function test_handle_create_basic2() { + $id = 'https://example.com/test_handle_create_basic'; + $object = $this->create_test_object( $id ); + Activitypub\Collection\Interactions::add_comment( $object ); + $comment = \Activitypub\object_id_to_comment( $id ); + $this->assertInstanceOf( WP_Comment::class, $comment ); + } + + public function test_get_interaction_by_id() { + $id = 'https://example.com/test_get_interaction_by_id'; + $url = 'https://example.com/test_get_interaction_by_url'; + $object = $this->create_test_object( $id ); + $object['object']['url'] = $url; + + Activitypub\Collection\Interactions::add_comment( $object ); + $comment = \Activitypub\object_id_to_comment( $id ); + $interactions = Activitypub\Collection\Interactions::get_interaction_by_id( $id ); + $this->assertIsArray( $interactions ); + $this->assertEquals( $comment->comment_ID, $interactions[0]->comment_ID ); + + $comment = \Activitypub\object_id_to_comment( $id ); + $interactions = Activitypub\Collection\Interactions::get_interaction_by_id( $url ); + $this->assertIsArray( $interactions ); + $this->assertEquals( $comment->comment_ID, $interactions[0]->comment_ID ); + } +} diff --git a/tests/test-class-activitypub-rest-inbox.php b/tests/test-class-activitypub-rest-inbox.php index 58f16f3..0368d5b 100644 --- a/tests/test-class-activitypub-rest-inbox.php +++ b/tests/test-class-activitypub-rest-inbox.php @@ -5,7 +5,7 @@ class Test_Activitypub_Rest_Inbox extends WP_UnitTestCase { */ public function test_is_activity_public( $data, $check ) { - $this->assertEquals( $check, Activitypub\Rest\Inbox::is_activity_public( $data ) ); + $this->assertEquals( $check, Activitypub\is_activity_public( $data ) ); } public function the_data_provider() { diff --git a/tests/test-functions.php b/tests/test-functions.php index 68140e0..da85ef8 100644 --- a/tests/test-functions.php +++ b/tests/test-functions.php @@ -1,9 +1,80 @@ assertEquals( 'https://notiz.blog/author/matthias-pfefferle/', $metadata['url'] ); $this->assertEquals( 'pfefferle', $metadata['preferredUsername'] ); $this->assertEquals( 'Matthias Pfefferle', $metadata['name'] ); } + + public function set_up() { + $this->post_id = \wp_insert_post( + array( + 'post_author' => $this->user_id, + 'post_content' => 'test', + ) + ); + } + + public function test_object_id_to_comment_basic() { + $single_comment_source_id = 'https://example.com/single'; + $content = 'example'; + $comment_id = \wp_new_comment( + array( + 'comment_post_ID' => $this->post_id, + 'comment_author' => 'Example User', + 'comment_author_url' => 'https://example.com/user', + 'comment_content' => $content, + 'comment_type' => '', + 'comment_author_email' => '', + 'comment_parent' => 0, + 'comment_meta' => array( + 'source_id' => $single_comment_source_id, + 'source_url' => 'https://example.com/123', + 'avatar_url' => 'https://example.com/icon', + 'protocol' => 'activitypub', + ), + ), + true + ); + $query_result = \Activitypub\object_id_to_comment( $single_comment_source_id ); + $this->assertInstanceOf( WP_Comment::class, $query_result ); + $this->assertEquals( $comment_id, $query_result->comment_ID ); + $this->assertEquals( $content, $query_result->comment_content ); + } + + public function test_object_id_to_comment_none() { + $single_comment_source_id = 'https://example.com/none'; + $query_result = \Activitypub\object_id_to_comment( $single_comment_source_id ); + $this->assertFalse( $query_result ); + } + + public function test_object_id_to_comment_duplicate() { + $duplicate_comment_source_id = 'https://example.com/duplicate'; + for ( $i = 0; $i < 2; ++$i ) { + \wp_new_comment( + array( + 'comment_post_ID' => $this->post_id, + 'comment_author' => 'Example User', + 'comment_author_url' => 'https://example.com/user', + 'comment_content' => 'example', + 'comment_type' => '', + 'comment_author_email' => '', + 'comment_parent' => 0, + 'comment_meta' => array( + 'source_id' => $duplicate_comment_source_id, + 'source_url' => 'https://example.com/123', + 'avatar_url' => 'https://example.com/icon', + 'protocol' => 'activitypub', + ), + ), + true + ); + } + $query_result = \Activitypub\object_id_to_comment( $duplicate_comment_source_id ); + $this->assertFalse( $query_result ); + } } From 9bd8659e9764affb5ff4fa028e57e7aac3fa6be4 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 30 Nov 2023 13:04:21 +0100 Subject: [PATCH 02/20] updated changelog --- README.md | 6 ++++++ readme.txt | 4 +++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fd03554..45bb1bc 100644 --- a/README.md +++ b/README.md @@ -105,6 +105,12 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). +### 1.3.0 ### + +* Added: Threaded-Comments support +* Improved: alt text for avatars in Follow Me/Followers blocks +* Improved: `Delete`, `Update` and `Follow` Activities + ### 1.2.0 ### * Add: Search and order followerer lists diff --git a/readme.txt b/readme.txt index 5ffb987..72436ff 100644 --- a/readme.txt +++ b/readme.txt @@ -105,9 +105,11 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). -= 1.2.1 = += 1.3.0 = +* Added: Threaded-Comments support * Improved: alt text for avatars in Follow Me/Followers blocks +* Improved: `Delete`, `Update` and `Follow` Activities = 1.2.0 = From c3d5b4bb1a1c3bf4dd49d984c62f75659545f8e4 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 30 Nov 2023 16:41:05 +0100 Subject: [PATCH 03/20] updated readme --- README.md | 1 + readme.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 45bb1bc..97f9b76 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Added: Threaded-Comments support * Improved: alt text for avatars in Follow Me/Followers blocks * Improved: `Delete`, `Update` and `Follow` Activities +* Improved: better/more effective handling of `Delete` Activities ### 1.2.0 ### diff --git a/readme.txt b/readme.txt index 72436ff..393795b 100644 --- a/readme.txt +++ b/readme.txt @@ -110,6 +110,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Added: Threaded-Comments support * Improved: alt text for avatars in Follow Me/Followers blocks * Improved: `Delete`, `Update` and `Follow` Activities +* Improved: better/more effective handling of `Delete` Activities = 1.2.0 = From c3a18d72ddf96a145b5f52309eb8547c2eded67a Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Fri, 1 Dec 2023 07:26:29 +0000 Subject: [PATCH 04/20] Update dms/phpunit-arraysubset-asserts requirement from ^0.4.0 to ^0.5.0 (#585) --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 746f86f..604ab85 100644 --- a/composer.json +++ b/composer.json @@ -16,7 +16,7 @@ "dealerdirect/phpcodesniffer-composer-installer": "^1.0.0", "sirbrillig/phpcs-variable-analysis": "^2.11", "phpcsstandards/phpcsextra": "^1.1.0", - "dms/phpunit-arraysubset-asserts": "^0.4.0" + "dms/phpunit-arraysubset-asserts": "^0.5.0" }, "config": { "allow-plugins": true From ca9e71ffc1212c9e1ea7431eb3cbbb63add9a339 Mon Sep 17 00:00:00 2001 From: Sam Lade Date: Sat, 2 Dec 2023 09:58:19 +0000 Subject: [PATCH 05/20] Fix sending posts to at most ten instances (#588) --- includes/collection/class-followers.php | 1 + 1 file changed, 1 insertion(+) diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php index 6831f3b..8f2274d 100644 --- a/includes/collection/class-followers.php +++ b/includes/collection/class-followers.php @@ -267,6 +267,7 @@ class Followers { // get all Followers of a ID of the WordPress User $posts = new WP_Query( array( + 'nopaging' => true, 'post_type' => self::POST_TYPE, 'fields' => 'ids', // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query From 5d417d9f5c9f33df6d43833697241cce74bd5696 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Mon, 4 Dec 2023 10:02:30 +0100 Subject: [PATCH 06/20] remove paging from `get_all_followers` and add tests --- includes/collection/class-followers.php | 1 + tests/test-class-activitypub-followers.php | 76 ++++++++++++++++++++++ 2 files changed, 77 insertions(+) diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php index 8f2274d..be98a46 100644 --- a/includes/collection/class-followers.php +++ b/includes/collection/class-followers.php @@ -199,6 +199,7 @@ class Followers { */ public static function get_all_followers() { $args = array( + 'nopaging' => true, // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query 'meta_query' => array( 'relation' => 'AND', diff --git a/tests/test-class-activitypub-followers.php b/tests/test-class-activitypub-followers.php index 8b00d19..57201cb 100644 --- a/tests/test-class-activitypub-followers.php +++ b/tests/test-class-activitypub-followers.php @@ -329,6 +329,82 @@ class Test_Activitypub_Followers extends WP_UnitTestCase { $this->assertEquals( $name, $follower->get_name() ); } + public function test_get_inboxes() { + for ( $i = 0; $i < 30; $i++ ) { + $meta = array( + 'id' => 'https://example.org/users/' . $i, + 'url' => 'https://example.org/users/' . $i, + 'inbox' => 'https://example.org/users/' . $i . '/inbox', + 'name' => 'user' . $i, + 'preferredUsername' => 'user' . $i, + 'publicKey' => 'https://example.org/users/' . $i . '#main-key', + 'publicKeyPem' => $i, + ); + + $follower = new \Activitypub\Model\Follower(); + $follower->from_array( $meta ); + + $id = $follower->upsert(); + + add_post_meta( $id, 'activitypub_user_id', 1 ); + } + + $inboxes = \Activitypub\Collection\Followers::get_inboxes( 1 ); + + $this->assertCount( 30, $inboxes ); + + wp_cache_delete( sprintf( \Activitypub\Collection\Followers::CACHE_KEY_INBOXES, 1 ), 'activitypub' ); + + for ( $j = 0; $j < 5; $j++ ) { + $k = $j + 100; + $meta = array( + 'id' => 'https://example.org/users/' . $k, + 'url' => 'https://example.org/users/' . $k, + 'inbox' => 'https://example.org/users/' . $j . '/inbox', + 'name' => 'user' . $k, + 'preferredUsername' => 'user' . $k, + 'publicKey' => 'https://example.org/users/' . $k . '#main-key', + 'publicKeyPem' => $k, + ); + + $follower = new \Activitypub\Model\Follower(); + $follower->from_array( $meta ); + + $id = $follower->upsert(); + + add_post_meta( $id, 'activitypub_user_id', 1 ); + } + + $inboxes2 = \Activitypub\Collection\Followers::get_inboxes( 1 ); + + $this->assertCount( 30, $inboxes2 ); + } + + public function test_get_all_followers() { + for ( $i = 0; $i < 30; $i++ ) { + $meta = array( + 'id' => 'https://example.org/users/' . $i, + 'url' => 'https://example.org/users/' . $i, + 'inbox' => 'https://example.org/users/' . $i . '/inbox', + 'name' => 'user' . $i, + 'preferredUsername' => 'user' . $i, + 'publicKey' => 'https://example.org/users/' . $i . '#main-key', + 'publicKeyPem' => $i, + ); + + $follower = new \Activitypub\Model\Follower(); + $follower->from_array( $meta ); + + $id = $follower->upsert(); + + add_post_meta( $id, 'activitypub_user_id', 1 ); + } + + $followers = \Activitypub\Collection\Followers::get_all_followers(); + + $this->assertCount( 30, $followers ); + } + public static function http_request_host_is_external( $in, $host ) { if ( in_array( $host, array( 'example.com', 'example.org' ), true ) ) { return true; From eecdb63da309065bfbded33e1bbf8211852c599f Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Mon, 4 Dec 2023 19:09:00 +0100 Subject: [PATCH 07/20] updated changelog --- README.md | 1 + readme.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index 97f9b76..fcacdab 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Improved: alt text for avatars in Follow Me/Followers blocks * Improved: `Delete`, `Update` and `Follow` Activities * Improved: better/more effective handling of `Delete` Activities +* Fixed: removed default limit of WP_Query to send updates to all Inboxes and not only to the first 10 ### 1.2.0 ### diff --git a/readme.txt b/readme.txt index 393795b..f70b997 100644 --- a/readme.txt +++ b/readme.txt @@ -111,6 +111,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Improved: alt text for avatars in Follow Me/Followers blocks * Improved: `Delete`, `Update` and `Follow` Activities * Improved: better/more effective handling of `Delete` Activities +* Fixed: removed default limit of WP_Query to send updates to all Inboxes and not only to the first 10 = 1.2.0 = From 15179f2c5a86e1eed4405d95df018df512c1c39b Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 12:21:29 +0100 Subject: [PATCH 08/20] I think

and
are fine for all usecases --- includes/class-activitypub.php | 28 ++++++++++++++++++ includes/collection/class-interactions.php | 29 ------------------- tests/test-class-activitypub-interactions.php | 22 ++++++++++++++ 3 files changed, 50 insertions(+), 29 deletions(-) diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php index 6f654c5..e9498d1 100644 --- a/includes/class-activitypub.php +++ b/includes/class-activitypub.php @@ -39,6 +39,8 @@ class Activitypub { \add_action( 'in_plugin_update_message-' . ACTIVITYPUB_PLUGIN_BASENAME, array( self::class, 'plugin_update_message' ) ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 15, 2 ); + // register several post_types self::register_post_types(); } @@ -335,6 +337,32 @@ class Activitypub { ); } + /** + * Adds line breaks to the list of allowed comment tags. + * + * @param array $allowed_tags Allowed HTML tags. + * @param string $context Context. + * + * @return array Filtered tag list. + */ + public static function allowed_comment_html( $allowed_tags, $context = '' ) { + if ( 'pre_comment_content' !== $context ) { + // Do nothing. + return $allowed_tags; + } + + // Add `p` and `br` to the list of allowed tags. + if ( ! array_key_exists( 'br', $allowed_tags ) ) { + $allowed_tags['br'] = array(); + } + + if ( ! array_key_exists( 'p', $allowed_tags ) ) { + $allowed_tags['p'] = array(); + } + + return $allowed_tags; + } + /** * Register the "Followers" Taxonomy * diff --git a/includes/collection/class-interactions.php b/includes/collection/class-interactions.php index 82636b5..9ffa5da 100644 --- a/includes/collection/class-interactions.php +++ b/includes/collection/class-interactions.php @@ -82,11 +82,9 @@ class Interactions { return 'inactive'; } ); - \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); $comment = \wp_new_comment( $commentdata, true ); - \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); \remove_filter( 'pre_option_require_name_email', '__return_false' ); // re-add flood control @@ -132,11 +130,9 @@ class Interactions { return 'inactive'; } ); - \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); $comment = \wp_update_comment( $commentdata, true ); - \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); \remove_filter( 'pre_option_require_name_email', '__return_false' ); // re-add flood control @@ -208,29 +204,4 @@ class Interactions { $comment_query = new WP_Comment_Query( $args ); return $comment_query->comments; } - - /** - * Adds line breaks to the list of allowed comment tags. - * - * @param array $allowedtags Allowed HTML tags. - * @param string $context Context. - * @return array Filtered tag list. - */ - public static function allowed_comment_html( $allowedtags, $context = '' ) { - if ( 'pre_comment_content' !== $context ) { - // Do nothing. - return $allowedtags; - } - - // Add `p` and `br` to the list of allowed tags. - if ( ! array_key_exists( 'br', $allowedtags ) ) { - $allowedtags['br'] = array(); - } - - if ( ! array_key_exists( 'p', $allowedtags ) ) { - $allowedtags['p'] = array(); - } - - return $allowedtags; - } } diff --git a/tests/test-class-activitypub-interactions.php b/tests/test-class-activitypub-interactions.php index 7602908..18bc734 100644 --- a/tests/test-class-activitypub-interactions.php +++ b/tests/test-class-activitypub-interactions.php @@ -47,6 +47,21 @@ class Test_Activitypub_Interactions extends WP_UnitTestCase { ); } + public function create_test_rich_object( $id = 'https://example.com/123' ) { + return array( + 'actor' => $this->user_url, + 'id' => 'https://example.com/id/' . microtime( true ), + 'to' => [ $this->user_url ], + 'cc' => [ 'https://www.w3.org/ns/activitystreams#Public' ], + 'object' => array( + 'id' => $id, + 'url' => 'https://example.com/example', + 'inReplyTo' => $this->post_permalink, + 'content' => 'Hello
example

example

', + ), + ); + } + public function test_handle_create_basic() { $comment_id = Activitypub\Collection\Interactions::add_comment( $this->create_test_object() ); $comment = get_comment( $comment_id, ARRAY_A ); @@ -65,6 +80,13 @@ class Test_Activitypub_Interactions extends WP_UnitTestCase { $this->assertEquals( 'activitypub', get_comment_meta( $comment_id, 'protocol', true ) ); } + public function test_handle_create_rich() { + $comment_id = Activitypub\Collection\Interactions::add_comment( $this->create_test_rich_object() ); + $comment = get_comment( $comment_id, ARRAY_A ); + + $this->assertEquals( 'Hello
example

example

', $comment['comment_content'] ); + } + public function test_convert_object_to_comment_not_reply_rejected() { $object = $this->create_test_object(); unset( $object['object']['inReplyTo'] ); From 8c93d36d953ae3545e8ba3c5effcf6d4b0612454 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 12:52:28 +0100 Subject: [PATCH 09/20] fix PHPCS issue --- includes/compat.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/includes/compat.php b/includes/compat.php index 3dd405c..c0996af 100644 --- a/includes/compat.php +++ b/includes/compat.php @@ -44,6 +44,6 @@ if ( ! function_exists( 'is_countable' ) ) { * @return bool True if `$value` is countable, otherwise false. */ function is_countable( $value ) { - return is_array( $value ) || $value instanceof \Countable; + return is_array( $value ) || $value instanceof \Countable; } } From cf541b41b42b76b20d16300034209ff92026c894 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 12:52:56 +0100 Subject: [PATCH 10/20] update readme --- README.md | 1 + readme.txt | 1 + 2 files changed, 2 insertions(+) diff --git a/README.md b/README.md index fcacdab..016d0ab 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Improved: alt text for avatars in Follow Me/Followers blocks * Improved: `Delete`, `Update` and `Follow` Activities * Improved: better/more effective handling of `Delete` Activities +* Improved: allow `

` and `
` for Comments * Fixed: removed default limit of WP_Query to send updates to all Inboxes and not only to the first 10 ### 1.2.0 ### diff --git a/readme.txt b/readme.txt index f70b997..bd395c5 100644 --- a/readme.txt +++ b/readme.txt @@ -111,6 +111,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Improved: alt text for avatars in Follow Me/Followers blocks * Improved: `Delete`, `Update` and `Follow` Activities * Improved: better/more effective handling of `Delete` Activities +* Improved: allow `

` and `
` for Comments * Fixed: removed default limit of WP_Query to send updates to all Inboxes and not only to the first 10 = 1.2.0 = From db846729db63d64dab8e01a6d55d050d6cdf2d91 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 13:21:24 +0100 Subject: [PATCH 11/20] allow

and
only for Activities --- includes/class-activitypub.php | 28 -------------- includes/collection/class-interactions.php | 38 ++++++++++++++++--- tests/test-class-activitypub-interactions.php | 24 +++++++++++- 3 files changed, 55 insertions(+), 35 deletions(-) diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php index e9498d1..6f654c5 100644 --- a/includes/class-activitypub.php +++ b/includes/class-activitypub.php @@ -39,8 +39,6 @@ class Activitypub { \add_action( 'in_plugin_update_message-' . ACTIVITYPUB_PLUGIN_BASENAME, array( self::class, 'plugin_update_message' ) ); - \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 15, 2 ); - // register several post_types self::register_post_types(); } @@ -337,32 +335,6 @@ class Activitypub { ); } - /** - * Adds line breaks to the list of allowed comment tags. - * - * @param array $allowed_tags Allowed HTML tags. - * @param string $context Context. - * - * @return array Filtered tag list. - */ - public static function allowed_comment_html( $allowed_tags, $context = '' ) { - if ( 'pre_comment_content' !== $context ) { - // Do nothing. - return $allowed_tags; - } - - // Add `p` and `br` to the list of allowed tags. - if ( ! array_key_exists( 'br', $allowed_tags ) ) { - $allowed_tags['br'] = array(); - } - - if ( ! array_key_exists( 'p', $allowed_tags ) ) { - $allowed_tags['p'] = array(); - } - - return $allowed_tags; - } - /** * Register the "Followers" Taxonomy * diff --git a/includes/collection/class-interactions.php b/includes/collection/class-interactions.php index 9ffa5da..08d6062 100644 --- a/includes/collection/class-interactions.php +++ b/includes/collection/class-interactions.php @@ -55,7 +55,7 @@ class Interactions { 'comment_post_ID' => $comment_post_id, 'comment_author' => \esc_attr( $meta['name'] ), 'comment_author_url' => \esc_url_raw( $meta['url'] ), - 'comment_content' => \addslashes( \wp_kses( $activity['object']['content'], 'pre_comment_content' ) ), + 'comment_content' => \addslashes( $activity['object']['content'] ), 'comment_type' => 'comment', 'comment_author_email' => '', 'comment_parent' => $parent_comment ? $parent_comment->comment_ID : 0, @@ -72,7 +72,6 @@ class Interactions { // disable flood control \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); - // do not require email for AP entries \add_filter( 'pre_option_require_name_email', '__return_false' ); // No nonce possible for this submission route @@ -82,11 +81,12 @@ class Interactions { return 'inactive'; } ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); $comment = \wp_new_comment( $commentdata, true ); + \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); \remove_filter( 'pre_option_require_name_email', '__return_false' ); - // re-add flood control \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); @@ -113,14 +113,13 @@ class Interactions { //found a local comment id $commentdata = \get_comment( $object_comment_id, ARRAY_A ); $commentdata['comment_author'] = \esc_attr( $meta['name'] ? $meta['name'] : $meta['preferredUsername'] ); - $commentdata['comment_content'] = \addslashes( \wp_kses( $activity['object']['content'], 'pre_comment_content' ) ); + $commentdata['comment_content'] = \addslashes( $activity['object']['content'] ); if ( isset( $meta['icon']['url'] ) ) { $commentdata['comment_meta']['avatar_url'] = \esc_url_raw( $meta['icon']['url'] ); } // disable flood control \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); - // do not require email for AP entries \add_filter( 'pre_option_require_name_email', '__return_false' ); // No nonce possible for this submission route @@ -130,11 +129,12 @@ class Interactions { return 'inactive'; } ); + \add_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10, 2 ); $comment = \wp_update_comment( $commentdata, true ); + \remove_filter( 'wp_kses_allowed_html', array( self::class, 'allowed_comment_html' ), 10 ); \remove_filter( 'pre_option_require_name_email', '__return_false' ); - // re-add flood control \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); @@ -204,4 +204,30 @@ class Interactions { $comment_query = new WP_Comment_Query( $args ); return $comment_query->comments; } + + /** + * Adds line breaks to the list of allowed comment tags. + * + * @param array $allowed_tags Allowed HTML tags. + * @param string $context Context. + * + * @return array Filtered tag list. + */ + public static function allowed_comment_html( $allowed_tags, $context = '' ) { + if ( 'pre_comment_content' !== $context ) { + // Do nothing. + return $allowed_tags; + } + + // Add `p` and `br` to the list of allowed tags. + if ( ! array_key_exists( 'br', $allowed_tags ) ) { + $allowed_tags['br'] = array(); + } + + if ( ! array_key_exists( 'p', $allowed_tags ) ) { + $allowed_tags['p'] = array(); + } + + return $allowed_tags; + } } diff --git a/tests/test-class-activitypub-interactions.php b/tests/test-class-activitypub-interactions.php index 18bc734..6345095 100644 --- a/tests/test-class-activitypub-interactions.php +++ b/tests/test-class-activitypub-interactions.php @@ -82,9 +82,31 @@ class Test_Activitypub_Interactions extends WP_UnitTestCase { public function test_handle_create_rich() { $comment_id = Activitypub\Collection\Interactions::add_comment( $this->create_test_rich_object() ); - $comment = get_comment( $comment_id, ARRAY_A ); + $comment = get_comment( $comment_id, ARRAY_A ); $this->assertEquals( 'Hello
example

example

', $comment['comment_content'] ); + + $commentarray = array( + 'comment_post_ID' => $this->post_id, + 'comment_author' => 'Example User', + 'comment_author_url' => $this->user_url, + 'comment_content' => 'Hello
example

example

', + 'comment_type' => 'comment', + 'comment_author_email' => '', + 'comment_parent' => 0, + 'comment_meta' => array( + 'source_id' => 'https://example.com/123', + 'source_url' => 'https://example.com/example', + 'protocol' => 'activitypub', + ), + ); + + \remove_action( 'check_comment_flood', 'check_comment_flood_db', 10 ); + $comment_id = wp_new_comment( $commentarray ); + \add_action( 'check_comment_flood', 'check_comment_flood_db', 10, 4 ); + $comment = get_comment( $comment_id, ARRAY_A ); + + $this->assertEquals( 'Helloexampleexample', $comment['comment_content'] ); } public function test_convert_object_to_comment_not_reply_rejected() { From 24c534961aa3205b301e0de9ffea2be16c77649d Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 13:27:14 +0100 Subject: [PATCH 12/20] add missing `nopaging` attribute --- includes/collection/class-interactions.php | 2 ++ 1 file changed, 2 insertions(+) diff --git a/includes/collection/class-interactions.php b/includes/collection/class-interactions.php index 08d6062..7a0fdcf 100644 --- a/includes/collection/class-interactions.php +++ b/includes/collection/class-interactions.php @@ -150,6 +150,7 @@ class Interactions { */ public static function get_interaction_by_id( $url ) { $args = array( + 'nopaging' => true, // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query 'meta_query' => array( 'relation' => 'AND', @@ -191,6 +192,7 @@ class Interactions { } $args = array( + 'nopaging' => true, 'author_url' => $actor, // phpcs:ignore WordPress.DB.SlowDBQuery.slow_db_query_meta_query 'meta_query' => array( From a59408d6b8a3866820a3d6e12720cdbed969dc92 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 13:39:00 +0100 Subject: [PATCH 13/20] clear inbox cache after update --- includes/class-migration.php | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/includes/class-migration.php b/includes/class-migration.php index cd13f8d..adebb7e 100644 --- a/includes/class-migration.php +++ b/includes/class-migration.php @@ -114,6 +114,9 @@ class Migration { if ( version_compare( $version_from_db, '1.0.0', '<' ) ) { self::migrate_from_0_17(); } + if ( version_compare( $version_from_db, '1.3.0', '<' ) ) { + self::migrate_from_1_2_0(); + } update_option( 'activitypub_db_version', self::get_target_version() ); @@ -176,4 +179,22 @@ class Migration { \update_option( 'activitypub_custom_post_content', $content ); } } + + /** + * Clear the cache after updating to 1.3.0 + * + * @return void + */ + private static function migrate_from_1_2_0() { + $user_ids = get_users( + array( + 'fields' => 'ID', + 'capability__in' => array( 'publish_posts' ), + ) + ); + + foreach ( $user_ids as $user_id ) { + wp_cache_delete( sprintf( Followers::CACHE_KEY_INBOXES, $user_id ), 'activitypub' ); + } + } } From ef96008cb39eb197825c80580084b145c56bea72 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 13:39:14 +0100 Subject: [PATCH 14/20] prepare 1.3.0 --- activitypub.php | 2 +- readme.txt | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/activitypub.php b/activitypub.php index f109266..abab5f0 100644 --- a/activitypub.php +++ b/activitypub.php @@ -3,7 +3,7 @@ * Plugin Name: ActivityPub * Plugin URI: https://github.com/pfefferle/wordpress-activitypub/ * Description: The ActivityPub protocol is a decentralized social networking protocol based upon the ActivityStreams 2.0 data format. - * Version: 1.2.0 + * Version: 1.3.0 * Author: Matthias Pfefferle & Automattic * Author URI: https://automattic.com/ * License: MIT diff --git a/readme.txt b/readme.txt index bd395c5..b7c9b67 100644 --- a/readme.txt +++ b/readme.txt @@ -3,7 +3,7 @@ Contributors: automattic, pfefferle, mediaformat, mattwiebe, akirk, jeherve, nur Tags: OStatus, fediverse, activitypub, activitystream Requires at least: 4.7 Tested up to: 6.4 -Stable tag: 1.2.0 +Stable tag: 1.3.0 Requires PHP: 5.6 License: MIT License URI: http://opensource.org/licenses/MIT From 93b2f1ee7d1d740ff9f0821deca0a69664cbf928 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 5 Dec 2023 18:59:00 +0100 Subject: [PATCH 15/20] Normalize attributes that can have mixed value types (#586) * fix #571 * support empty values * fix phpcs issues * test for `null` * use `object_to_uri` on followers list --- includes/class-blocks.php | 6 ++- includes/compat.php | 29 +++++++++++++ includes/functions.php | 37 ++++++++++++++++ includes/rest/class-inbox.php | 15 ++----- includes/table/class-followers.php | 4 +- tests/test-functions.php | 69 ++++++++++++++++++++++++++++++ 6 files changed, 145 insertions(+), 15 deletions(-) diff --git a/includes/class-blocks.php b/includes/class-blocks.php index 02f9659..267ebee 100644 --- a/includes/class-blocks.php +++ b/includes/class-blocks.php @@ -3,7 +3,9 @@ namespace Activitypub; use Activitypub\Collection\Followers; use Activitypub\Collection\Users as User_Collection; -use Activitypub\is_user_type_disabled; + +use function Activitypub\object_to_uri; +use function Activitypub\is_user_type_disabled; class Blocks { public static function init() { @@ -140,7 +142,7 @@ class Blocks { return sprintf( $template, - esc_url( $data['url'] ), + esc_url( object_to_uri( $data['url'] ) ), esc_attr( $data['name'] ), esc_attr( $data['icon']['url'] ), esc_html( $data['name'] ), diff --git a/includes/compat.php b/includes/compat.php index c0996af..d1047df 100644 --- a/includes/compat.php +++ b/includes/compat.php @@ -47,3 +47,32 @@ if ( ! function_exists( 'is_countable' ) ) { return is_array( $value ) || $value instanceof \Countable; } } + +/** + * Polyfill for `array_is_list()` function added in PHP 7.3. + * + * @param array $array The array to check. + * + * @return bool True if `$array` is a list, otherwise false. + */ +if ( ! function_exists( 'array_is_list' ) ) { + function array_is_list( $array ) { + if ( ! is_array( $array ) ) { + return false; + } + + if ( array_values( $array ) === $array ) { + return true; + } + + $next_key = -1; + + foreach ( $array as $k => $v ) { + if ( ++$next_key !== $k ) { + return false; + } + } + + return true; + } +} diff --git a/includes/functions.php b/includes/functions.php index 9b2c64d..1140724 100644 --- a/includes/functions.php +++ b/includes/functions.php @@ -698,3 +698,40 @@ function url_to_commentid( $url ) { return null; } + +/** + * Get the URI of an ActivityPub object + * + * @param array $object The ActivityPub object + * + * @return string The URI of the ActivityPub object + */ +function object_to_uri( $object ) { + // check if it is already simple + if ( ! $object || is_string( $object ) ) { + return $object; + } + + // check if it is a list, then take first item + // this plugin does not support collections + if ( array_is_list( $object ) ) { + $object = $object[0]; + } + + // check if it is simplified now + if ( is_string( $object ) ) { + return $object; + } + + // return part of Object that makes most sense + switch ( $object['type'] ) { + case 'Link': + $object = $object['href']; + break; + default: + $object = $object['id']; + break; + } + + return $object; +} diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index d38ffb5..bdca0f4 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -8,6 +8,7 @@ use Activitypub\Activity\Activity; use Activitypub\Collection\Users as User_Collection; use function Activitypub\get_context; +use function Activitypub\object_to_uri; use function Activitypub\url_to_authorid; use function Activitypub\get_rest_url_by_path; use function Activitypub\get_remote_metadata_by_actor; @@ -237,14 +238,7 @@ class Inbox { $params['actor'] = array( 'required' => true, 'sanitize_callback' => function( $param, $request, $key ) { - if ( \is_array( $param ) ) { - if ( isset( $param['id'] ) ) { - $param = $param['id']; - } else { - $param = $param['url']; - } - } - return \esc_url_raw( $param ); + return object_to_uri( $param ); }, ); @@ -286,10 +280,7 @@ class Inbox { 'required' => true, //'type' => array( 'object', 'string' ), 'sanitize_callback' => function( $param, $request, $key ) { - if ( ! \is_string( $param ) ) { - $param = $param['id']; - } - return \esc_url_raw( $param ); + return object_to_uri( $param ); }, ); diff --git a/includes/table/class-followers.php b/includes/table/class-followers.php index 3045ddd..df9747b 100644 --- a/includes/table/class-followers.php +++ b/includes/table/class-followers.php @@ -5,6 +5,8 @@ use WP_List_Table; use Activitypub\Collection\Users; use Activitypub\Collection\Followers as FollowerCollection; +use function Activitypub\object_to_uri; + if ( ! \class_exists( '\WP_List_Table' ) ) { require_once ABSPATH . 'wp-admin/includes/class-wp-list-table.php'; } @@ -101,7 +103,7 @@ class Followers extends WP_List_Table { 'icon' => esc_attr( $follower->get_icon_url() ), 'post_title' => esc_attr( $follower->get_name() ), 'username' => esc_attr( $follower->get_preferred_username() ), - 'url' => esc_attr( $follower->get_url() ), + 'url' => esc_attr( object_to_uri( $follower->get_url() ) ), 'identifier' => esc_attr( $follower->get_id() ), 'published' => esc_attr( $follower->get_published() ), 'modified' => esc_attr( $follower->get_updated() ), diff --git a/tests/test-functions.php b/tests/test-functions.php index da85ef8..4ee049c 100644 --- a/tests/test-functions.php +++ b/tests/test-functions.php @@ -77,4 +77,73 @@ class Test_Functions extends ActivityPub_TestCase_Cache_HTTP { $query_result = \Activitypub\object_id_to_comment( $duplicate_comment_source_id ); $this->assertFalse( $query_result ); } + + /** + * @dataProvider object_to_uri_provider + */ + public function test_object_to_uri( $input, $output ) { + $this->assertEquals( $output, \Activitypub\object_to_uri( $input ) ); + } + + public function object_to_uri_provider() { + return array( + array( null, null ), + array( 'https://example.com', 'https://example.com' ), + array( array( 'https://example.com' ), 'https://example.com' ), + array( + array( + 'https://example.com', + 'https://example.org', + ), + 'https://example.com', + ), + array( + array( + 'type' => 'Link', + 'href' => 'https://example.com', + ), + 'https://example.com', + ), + array( + array( + array( + 'type' => 'Link', + 'href' => 'https://example.com', + ), + array( + 'type' => 'Link', + 'href' => 'https://example.org', + ), + ), + 'https://example.com', + ), + array( + array( + 'type' => 'Actor', + 'id' => 'https://example.com', + ), + 'https://example.com', + ), + array( + array( + array( + 'type' => 'Actor', + 'id' => 'https://example.com', + ), + array( + 'type' => 'Actor', + 'id' => 'https://example.org', + ), + ), + 'https://example.com', + ), + array( + array( + 'type' => 'Activity', + 'id' => 'https://example.com', + ), + 'https://example.com', + ), + ); + } } From e5fe4f20b77a31f3efcff368c85f7ff2c324a427 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Thu, 7 Dec 2023 12:30:44 +0100 Subject: [PATCH 16/20] some phpcs fixes (#590) * some phpcs fixes * add default $hashalg --- activitypub.php | 2 +- build/follow-me/index.asset.php | 2 +- build/follow-me/view.asset.php | 2 +- build/followers/index.asset.php | 2 +- build/followers/view.asset.php | 2 +- includes/class-activitypub.php | 6 +++--- includes/class-admin.php | 2 +- includes/class-blocks.php | 2 +- includes/class-signature.php | 3 ++- includes/collection/class-followers.php | 2 +- includes/collection/class-interactions.php | 4 ++-- includes/rest/class-followers.php | 2 +- includes/rest/class-inbox.php | 14 +++++++------- tests/class-activitypub-testcase-cache-http.php | 2 +- .../test-class-activitypub-activity-dispatcher.php | 4 ++-- tests/test-class-activitypub-activity.php | 2 +- tests/test-class-activitypub-followers.php | 2 +- ...ctivitypub-rest-post-signature-verification.php | 2 +- 18 files changed, 29 insertions(+), 28 deletions(-) diff --git a/activitypub.php b/activitypub.php index abab5f0..55d040b 100644 --- a/activitypub.php +++ b/activitypub.php @@ -171,7 +171,7 @@ function plugin_settings_link( $actions ) { */ add_action( 'bp_include', - function() { + function () { require_once __DIR__ . '/integration/class-buddypress.php'; Integration\Buddypress::init(); }, diff --git a/build/follow-me/index.asset.php b/build/follow-me/index.asset.php index 760f433..c6138c7 100644 --- a/build/follow-me/index.asset.php +++ b/build/follow-me/index.asset.php @@ -1 +1 @@ - array('wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives'), 'version' => '6aeec6336fd28aa836a7'); + array( 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-compose', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives' ), 'version' => '6aeec6336fd28aa836a7' ); diff --git a/build/follow-me/view.asset.php b/build/follow-me/view.asset.php index 76495ef..1c33822 100644 --- a/build/follow-me/view.asset.php +++ b/build/follow-me/view.asset.php @@ -1 +1 @@ - array('wp-api-fetch', 'wp-components', 'wp-compose', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-primitives'), 'version' => '5b48281e37700a970a66'); + array( 'wp-api-fetch', 'wp-components', 'wp-compose', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-primitives' ), 'version' => '5b48281e37700a970a66' ); diff --git a/build/followers/index.asset.php b/build/followers/index.asset.php index 324ac5e..fec0ba9 100644 --- a/build/followers/index.asset.php +++ b/build/followers/index.asset.php @@ -1 +1 @@ - array('react', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives', 'wp-url'), 'version' => '59d9702e06860a6d13e4'); + array( 'react', 'wp-api-fetch', 'wp-block-editor', 'wp-blocks', 'wp-components', 'wp-data', 'wp-element', 'wp-i18n', 'wp-primitives', 'wp-url' ), 'version' => '59d9702e06860a6d13e4' ); diff --git a/build/followers/view.asset.php b/build/followers/view.asset.php index ba6c322..305d9f5 100644 --- a/build/followers/view.asset.php +++ b/build/followers/view.asset.php @@ -1 +1 @@ - array('react', 'wp-api-fetch', 'wp-components', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-url'), 'version' => '04e51e7562fe28b0b2c3'); + array( 'react', 'wp-api-fetch', 'wp-components', 'wp-dom-ready', 'wp-element', 'wp-i18n', 'wp-url' ), 'version' => '04e51e7562fe28b0b2c3' ); diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php index 6f654c5..8fbdbbf 100644 --- a/includes/class-activitypub.php +++ b/includes/class-activitypub.php @@ -374,7 +374,7 @@ class Activitypub { array( 'type' => 'string', 'single' => false, - 'sanitize_callback' => function( $value ) { + 'sanitize_callback' => function ( $value ) { if ( ! is_string( $value ) ) { throw new Exception( 'Error message is no valid string' ); } @@ -390,7 +390,7 @@ class Activitypub { array( 'type' => 'string', 'single' => false, - 'sanitize_callback' => function( $value ) { + 'sanitize_callback' => function ( $value ) { return esc_sql( $value ); }, ) @@ -402,7 +402,7 @@ class Activitypub { array( 'type' => 'string', 'single' => true, - 'sanitize_callback' => function( $value ) { + 'sanitize_callback' => function ( $value ) { return sanitize_text_field( $value ); }, ) diff --git a/includes/class-admin.php b/includes/class-admin.php index f8afc8d..7acfff9 100644 --- a/includes/class-admin.php +++ b/includes/class-admin.php @@ -172,7 +172,7 @@ class Admin { 'description' => \esc_html__( 'The Identifier of the Blog-User', 'activitypub' ), 'show_in_rest' => true, 'default' => Blog_User::get_default_username(), - 'sanitize_callback' => function( $value ) { + 'sanitize_callback' => function ( $value ) { // hack to allow dots in the username $parts = explode( '.', $value ); $sanitized = array(); diff --git a/includes/class-blocks.php b/includes/class-blocks.php index 267ebee..c127795 100644 --- a/includes/class-blocks.php +++ b/includes/class-blocks.php @@ -96,7 +96,7 @@ class Blocks { $attrs['followerData']['total'] = $follower_data['total']; $attrs['followerData']['followers'] = array_map( - function( $follower ) { + function ( $follower ) { return self::filter_array_by_keys( $follower->to_array(), array( 'icon', 'name', 'preferredUsername', 'url' ) diff --git a/includes/class-signature.php b/includes/class-signature.php index d021cf0..e59a1f9 100644 --- a/includes/class-signature.php +++ b/includes/class-signature.php @@ -292,7 +292,8 @@ class Signature { if ( is_array( $headers['digest'] ) ) { $headers['digest'] = $headers['digest'][0]; } - $digest = explode( '=', $headers['digest'], 2 ); + $hashalg = 'sha256'; + $digest = explode( '=', $headers['digest'], 2 ); if ( 'SHA-256' === $digest[0] ) { $hashalg = 'sha256'; } diff --git a/includes/collection/class-followers.php b/includes/collection/class-followers.php index be98a46..b51224f 100644 --- a/includes/collection/class-followers.php +++ b/includes/collection/class-followers.php @@ -182,7 +182,7 @@ class Followers { $query = new WP_Query( $args ); $total = $query->found_posts; $followers = array_map( - function( $post ) { + function ( $post ) { return Follower::init_from_cpt( $post ); }, $query->get_posts() diff --git a/includes/collection/class-interactions.php b/includes/collection/class-interactions.php index 7a0fdcf..87e4334 100644 --- a/includes/collection/class-interactions.php +++ b/includes/collection/class-interactions.php @@ -77,7 +77,7 @@ class Interactions { // No nonce possible for this submission route \add_filter( 'akismet_comment_nonce', - function() { + function () { return 'inactive'; } ); @@ -125,7 +125,7 @@ class Interactions { // No nonce possible for this submission route \add_filter( 'akismet_comment_nonce', - function() { + function () { return 'inactive'; } ); diff --git a/includes/rest/class-followers.php b/includes/rest/class-followers.php index 71e4840..75a1f24 100644 --- a/includes/rest/class-followers.php +++ b/includes/rest/class-followers.php @@ -94,7 +94,7 @@ class Followers { // phpcs:ignore $json->orderedItems = array_map( - function( $item ) use ( $context ) { + function ( $item ) use ( $context ) { if ( 'full' === $context ) { return $item->to_array(); } diff --git a/includes/rest/class-inbox.php b/includes/rest/class-inbox.php index bdca0f4..938ca90 100644 --- a/includes/rest/class-inbox.php +++ b/includes/rest/class-inbox.php @@ -237,7 +237,7 @@ class Inbox { $params['actor'] = array( 'required' => true, - 'sanitize_callback' => function( $param, $request, $key ) { + 'sanitize_callback' => function ( $param, $request, $key ) { return object_to_uri( $param ); }, ); @@ -246,7 +246,7 @@ class Inbox { 'required' => true, //'type' => 'enum', //'enum' => array( 'Create' ), - //'sanitize_callback' => function( $param, $request, $key ) { + //'sanitize_callback' => function ( $param, $request, $key ) { // return \strtolower( $param ); //}, ); @@ -279,7 +279,7 @@ class Inbox { $params['actor'] = array( 'required' => true, //'type' => array( 'object', 'string' ), - 'sanitize_callback' => function( $param, $request, $key ) { + 'sanitize_callback' => function ( $param, $request, $key ) { return object_to_uri( $param ); }, ); @@ -288,7 +288,7 @@ class Inbox { 'required' => true, //'type' => 'enum', //'enum' => array( 'Create' ), - //'sanitize_callback' => function( $param, $request, $key ) { + //'sanitize_callback' => function ( $param, $request, $key ) { // return \strtolower( $param ); //}, ); @@ -300,7 +300,7 @@ class Inbox { $params['to'] = array( 'required' => false, - 'sanitize_callback' => function( $param, $request, $key ) { + 'sanitize_callback' => function ( $param, $request, $key ) { if ( \is_string( $param ) ) { $param = array( $param ); } @@ -310,7 +310,7 @@ class Inbox { ); $params['cc'] = array( - 'sanitize_callback' => function( $param, $request, $key ) { + 'sanitize_callback' => function ( $param, $request, $key ) { if ( \is_string( $param ) ) { $param = array( $param ); } @@ -320,7 +320,7 @@ class Inbox { ); $params['bcc'] = array( - 'sanitize_callback' => function( $param, $request, $key ) { + 'sanitize_callback' => function ( $param, $request, $key ) { if ( \is_string( $param ) ) { $param = array( $param ); } diff --git a/tests/class-activitypub-testcase-cache-http.php b/tests/class-activitypub-testcase-cache-http.php index b8b0e43..a75c092 100644 --- a/tests/class-activitypub-testcase-cache-http.php +++ b/tests/class-activitypub-testcase-cache-http.php @@ -12,7 +12,7 @@ class ActivityPub_TestCase_Cache_HTTP extends \WP_UnitTestCase { add_filter( 'rest_url', - function() { + function () { return get_option( 'home' ) . '/wp-json/'; } ); diff --git a/tests/test-class-activitypub-activity-dispatcher.php b/tests/test-class-activitypub-activity-dispatcher.php index b7534a0..c42d391 100644 --- a/tests/test-class-activitypub-activity-dispatcher.php +++ b/tests/test-class-activitypub-activity-dispatcher.php @@ -70,7 +70,7 @@ class Test_Activitypub_Activity_Dispatcher extends ActivityPub_TestCase_Cache_HT add_filter( 'activitypub_extract_mentions', - function( $mentions ) { + function ( $mentions ) { $mentions[] = 'https://example.com/alex'; return $mentions; }, @@ -134,7 +134,7 @@ class Test_Activitypub_Activity_Dispatcher extends ActivityPub_TestCase_Cache_HT add_filter( 'activitypub_is_user_type_disabled', - function( $value, $type ) { + function ( $value, $type ) { if ( 'blog' === $type ) { return false; } else { diff --git a/tests/test-class-activitypub-activity.php b/tests/test-class-activitypub-activity.php index 6ee078e..4a524fa 100644 --- a/tests/test-class-activitypub-activity.php +++ b/tests/test-class-activitypub-activity.php @@ -12,7 +12,7 @@ class Test_Activitypub_Activity extends WP_UnitTestCase { add_filter( 'activitypub_extract_mentions', - function( $mentions ) { + function ( $mentions ) { $mentions['@alex'] = 'https://example.com/alex'; return $mentions; }, diff --git a/tests/test-class-activitypub-followers.php b/tests/test-class-activitypub-followers.php index 57201cb..8d5fb32 100644 --- a/tests/test-class-activitypub-followers.php +++ b/tests/test-class-activitypub-followers.php @@ -76,7 +76,7 @@ class Test_Activitypub_Followers extends WP_UnitTestCase { $this->assertEquals( 3, \count( $db_followers ) ); $db_followers = array_map( - function( $item ) { + function ( $item ) { return $item->get_url(); }, $db_followers diff --git a/tests/test-class-activitypub-rest-post-signature-verification.php b/tests/test-class-activitypub-rest-post-signature-verification.php index 2d1c2f9..7fa60a3 100644 --- a/tests/test-class-activitypub-rest-post-signature-verification.php +++ b/tests/test-class-activitypub-rest-post-signature-verification.php @@ -55,7 +55,7 @@ class Test_Activitypub_Signature_Verification extends WP_UnitTestCase { public function test_rest_activity_signature() { add_filter( 'pre_get_remote_metadata_by_actor', - function( $json, $actor ) { + function ( $json, $actor ) { $user = Activitypub\Collection\Users::get_by_id( 1 ); $public_key = Activitypub\Signature::get_public_key_for( $user->get__id() ); // return ActivityPub Profile with signature From 431c4a26767ac88d7d230b4ca87879a74d5c2779 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Mon, 11 Dec 2023 10:28:41 +0100 Subject: [PATCH 17/20] WebFinger: Add support for URLs (#594) * add support for URLs * phpcs * simplify vars --- includes/collection/class-users.php | 114 +++++++++++++++--- includes/rest/class-webfinger.php | 2 +- integration/class-webfinger.php | 6 +- ...est-class-activitypub-users-collection.php | 43 +++++++ 4 files changed, 142 insertions(+), 23 deletions(-) create mode 100644 tests/test-class-activitypub-users-collection.php diff --git a/includes/collection/class-users.php b/includes/collection/class-users.php index f6e35a6..ad94297 100644 --- a/includes/collection/class-users.php +++ b/includes/collection/class-users.php @@ -7,6 +7,7 @@ use Activitypub\Model\User; use Activitypub\Model\Blog_User; use Activitypub\Model\Application_User; +use function Activitypub\url_to_authorid; use function Activitypub\is_user_disabled; class Users { @@ -103,6 +104,8 @@ class Users { return self::get_by_id( $user->results[0] ); } + $username = str_replace( array( '*', '%' ), '', $username ); + // check for login or nicename. $user = new WP_User_Query( array( @@ -133,29 +136,79 @@ class Users { * @return \Acitvitypub\Model\User The User. */ public static function get_by_resource( $resource ) { - if ( \strpos( $resource, '@' ) === false ) { - return new WP_Error( - 'activitypub_unsupported_resource', - \__( 'Resource is invalid', 'activitypub' ), - array( 'status' => 400 ) - ); + $scheme = 'acct'; + $match = array(); + // try to extract the scheme and the host + if ( preg_match( '/^([a-zA-Z^:]+):(.*)$/i', $resource, $match ) ) { + // extract the scheme + $scheme = esc_attr( $match[1] ); } - $resource = \str_replace( 'acct:', '', $resource ); + switch ( $scheme ) { + // check for http(s) URIs + case 'http': + case 'https': + $url_parts = wp_parse_url( $resource ); - $resource_identifier = \substr( $resource, 0, \strrpos( $resource, '@' ) ); - $resource_host = self::normalize_host( \substr( \strrchr( $resource, '@' ), 1 ) ); - $blog_host = self::normalize_host( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) ); + // check for http(s)://blog.example.com/@username + if ( + isset( $url_parts['path'] ) && + str_starts_with( $url_parts['path'], '/@' ) + ) { + $identifier = str_replace( '/@', '', $url_parts['path'] ); + $identifier = untrailingslashit( $identifier ); - if ( $blog_host !== $resource_host ) { - return new WP_Error( - 'activitypub_wrong_host', - \__( 'Resource host does not match blog host', 'activitypub' ), - array( 'status' => 404 ) - ); + return self::get_by_username( $identifier ); + } + + // check for http(s)://blog.example.com/author/username + $user_id = url_to_authorid( $resource ); + + if ( $user_id ) { + return self::get_by_id( $user_id ); + } + + // check for http(s)://blog.example.com/ + if ( + self::normalize_url( site_url() ) === self::normalize_url( $resource ) || + self::normalize_url( home_url() ) === self::normalize_url( $resource ) + ) { + return self::get_by_id( self::BLOG_USER_ID ); + } + + return new WP_Error( + 'activitypub_no_user_found', + \__( 'User not found', 'activitypub' ), + array( 'status' => 404 ) + ); + // check for acct URIs + case 'acct': + $resource = \str_replace( 'acct:', '', $resource ); + $identifier = \substr( $resource, 0, \strrpos( $resource, '@' ) ); + $host = self::normalize_host( \substr( \strrchr( $resource, '@' ), 1 ) ); + $blog_host = self::normalize_host( \wp_parse_url( \home_url( '/' ), \PHP_URL_HOST ) ); + + if ( $blog_host !== $host ) { + return new WP_Error( + 'activitypub_wrong_host', + \__( 'Resource host does not match blog host', 'activitypub' ), + array( 'status' => 404 ) + ); + } + + // prepare wildcards https://github.com/mastodon/mastodon/issues/22213 + if ( in_array( $identifier, array( '_', '*', '' ), true ) ) { + return self::get_by_id( self::BLOG_USER_ID ); + } + + return self::get_by_username( $identifier ); + default: + return new WP_Error( + 'activitypub_wrong_scheme', + \__( 'Wrong scheme', 'activitypub' ), + array( 'status' => 404 ) + ); } - - return self::get_by_username( $resource_identifier ); } /** @@ -168,7 +221,12 @@ class Users { public static function get_by_various( $id ) { if ( is_numeric( $id ) ) { return self::get_by_id( $id ); - } elseif ( filter_var( $id, FILTER_VALIDATE_URL ) ) { + } elseif ( + // is URL + filter_var( $id, FILTER_VALIDATE_URL ) || + // is acct + str_starts_with( $id, 'acct:' ) + ) { return self::get_by_resource( $id ); } else { return self::get_by_username( $id ); @@ -176,7 +234,7 @@ class Users { } /** - * Normalize the host. + * Normalize a host. * * @param string $host The host. * @@ -186,6 +244,22 @@ class Users { return \str_replace( 'www.', '', $host ); } + /** + * Normalize a URL. + * + * @param string $url The URL. + * + * @return string The normalized URL. + */ + public static function normalize_url( $url ) { + $url = \untrailingslashit( $url ); + $url = \str_replace( 'https://', '', $url ); + $url = \str_replace( 'http://', '', $url ); + $url = \str_replace( 'www.', '', $url ); + + return $url; + } + /** * Get the User collection. * diff --git a/includes/rest/class-webfinger.php b/includes/rest/class-webfinger.php index 34ae392..52abd9f 100644 --- a/includes/rest/class-webfinger.php +++ b/includes/rest/class-webfinger.php @@ -72,7 +72,7 @@ class Webfinger { $params['resource'] = array( 'required' => true, 'type' => 'string', - 'pattern' => '^acct:(.+)@(.+)$', + 'pattern' => '^(acct:)|^(https?://)(.+)$', ); return $params; diff --git a/integration/class-webfinger.php b/integration/class-webfinger.php index c9dd565..6b3b6dd 100644 --- a/integration/class-webfinger.php +++ b/integration/class-webfinger.php @@ -53,10 +53,12 @@ class Webfinger { * @return array the jrd array */ public static function add_pseudo_user_discovery( $array, $resource ) { - if ( $array ) { + $user = Webfinger_Rest::get_profile( $resource ); + + if ( ! $user || is_wp_error( $user ) ) { return $array; } - return Webfinger_Rest::get_profile( $resource ); + return $user; } } diff --git a/tests/test-class-activitypub-users-collection.php b/tests/test-class-activitypub-users-collection.php new file mode 100644 index 0000000..a5fd60c --- /dev/null +++ b/tests/test-class-activitypub-users-collection.php @@ -0,0 +1,43 @@ +assertInstanceOf( $expected, $user ); + } + + public function the_resource_provider() { + return array( + array( 'http://example.org/?author=1', 'Activitypub\Model\User' ), + array( 'https://example.org/?author=1', 'Activitypub\Model\User' ), + array( 'http://example.org/?author=7', 'WP_Error' ), + array( 'acct:admin@example.org', 'Activitypub\Model\User' ), + array( 'acct:blog@example.org', 'Activitypub\Model\Blog_User' ), + array( 'acct:*@example.org', 'Activitypub\Model\Blog_User' ), + array( 'acct:_@example.org', 'Activitypub\Model\Blog_User' ), + array( 'acct:aksd@example.org', 'WP_Error' ), + array( 'admin@example.org', 'Activitypub\Model\User' ), + array( 'acct:application@example.org', 'Activitypub\Model\Application_User' ), + array( 'http://example.org/@admin', 'Activitypub\Model\User' ), + array( 'http://example.org/@blog', 'Activitypub\Model\Blog_User' ), + array( 'https://example.org/@blog', 'Activitypub\Model\Blog_User' ), + array( 'http://example.org/@blog/', 'Activitypub\Model\Blog_User' ), + array( 'http://example.org/', 'Activitypub\Model\Blog_User' ), + array( 'http://example.org', 'Activitypub\Model\Blog_User' ), + array( 'https://example.org/', 'Activitypub\Model\Blog_User' ), + array( 'https://example.org', 'Activitypub\Model\Blog_User' ), + array( 'http://example.org/@blog/s', 'WP_Error' ), + array( 'http://example.org/@blogs/', 'WP_Error' ), + ); + } +} From 77c508059b4eec17ef3d17c8b071486d49fa2438 Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 12 Dec 2023 13:47:01 +0100 Subject: [PATCH 18/20] Remove deprecated classes (#604) --- README.md | 8 +- includes/model/class-post.php | 131 ------------------------------ includes/peer/class-followers.php | 34 -------- readme.txt | 6 ++ 4 files changed, 13 insertions(+), 166 deletions(-) delete mode 100644 includes/model/class-post.php delete mode 100644 includes/peer/class-followers.php diff --git a/README.md b/README.md index 016d0ab..193c081 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ **Tags:** OStatus, fediverse, activitypub, activitystream **Requires at least:** 4.7 **Tested up to:** 6.4 -**Stable tag:** 1.2.0 +**Stable tag:** 1.3.0 **Requires PHP:** 5.6 **License:** MIT **License URI:** http://opensource.org/licenses/MIT @@ -105,6 +105,12 @@ Where 'blog' is the path to the subdirectory at which your blog resides. Project maintained on GitHub at [automattic/wordpress-activitypub](https://github.com/automattic/wordpress-activitypub). +### 2.0.0 ### + +* Removed: Deprecated Classes +* Fixed: Normalize attributes that can have mixed value types +* Added: URL support for WebFinger + ### 1.3.0 ### * Added: Threaded-Comments support diff --git a/includes/model/class-post.php b/includes/model/class-post.php deleted file mode 100644 index d967ad9..0000000 --- a/includes/model/class-post.php +++ /dev/null @@ -1,131 +0,0 @@ -post = $post; - $this->object = Post_Transformer::transform( $post )->to_object(); - } - - /** - * Returns the User ID. - * - * @return int the User ID. - */ - public function get_user_id() { - return apply_filters( 'activitypub_post_user_id', $this->post->post_author, $this->post ); - } - - /** - * Converts this Object into an Array. - * - * @return array the array representation of a Post. - */ - public function to_array() { - return \apply_filters( 'activitypub_post', $this->object->to_array(), $this->post ); - } - - /** - * Returns the Actor of this Object. - * - * @return string The URL of the Actor. - */ - public function get_actor() { - $user = User_Factory::get_by_id( $this->get_user_id() ); - - return $user->get_url(); - } - - /** - * Converts this Object into a JSON String - * - * @return string - */ - public function to_json() { - return \wp_json_encode( $this->to_array(), \JSON_HEX_TAG | \JSON_HEX_AMP | \JSON_HEX_QUOT ); - } - - /** - * Returns the URL of an Activity Object - * - * @return string - */ - public function get_url() { - return $this->object->get_url(); - } - - /** - * Returns the ID of an Activity Object - * - * @return string - */ - public function get_id() { - return $this->object->get_id(); - } - - /** - * Returns a list of Image Attachments - * - * @return array - */ - public function get_attachments() { - return $this->object->get_attachment(); - } - - /** - * Returns a list of Tags, used in the Post - * - * @return array - */ - public function get_tags() { - return $this->object->get_tag(); - } - - /** - * Returns the as2 object-type for a given post - * - * @return string the object-type - */ - public function get_object_type() { - return $this->object->get_type(); - } - - /** - * Returns the content for the ActivityPub Item. - * - * @return string the content - */ - public function get_content() { - return $this->object->get_content(); - } -} diff --git a/includes/peer/class-followers.php b/includes/peer/class-followers.php deleted file mode 100644 index e0e6ddb..0000000 --- a/includes/peer/class-followers.php +++ /dev/null @@ -1,34 +0,0 @@ - Date: Tue, 12 Dec 2023 13:58:44 +0100 Subject: [PATCH 19/20] Make Post-Template filterable (#597) * make template filterable prepare #596 also #519 * updated changelog --- README.md | 1 + includes/transformer/class-post.php | 27 ++++++++++++++++----------- readme.txt | 1 + 3 files changed, 18 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 193c081..2f7a22d 100644 --- a/README.md +++ b/README.md @@ -110,6 +110,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Removed: Deprecated Classes * Fixed: Normalize attributes that can have mixed value types * Added: URL support for WebFinger +* Added: Make Post-Template filterable ### 1.3.0 ### diff --git a/includes/transformer/class-post.php b/includes/transformer/class-post.php index 721bbec..061be51 100644 --- a/includes/transformer/class-post.php +++ b/includes/transformer/class-post.php @@ -559,19 +559,24 @@ class Post { * @return string The Template. */ protected function get_post_content_template() { - if ( 'excerpt' === \get_option( 'activitypub_post_content_type', 'content' ) ) { - return "[ap_excerpt]\n\n[ap_permalink type=\"html\"]"; + $type = \get_option( 'activitypub_post_content_type', 'content' ); + + switch ( $type ) { + case 'excerpt': + $template = "[ap_excerpt]\n\n[ap_permalink type=\"html\"]"; + break; + case 'title': + $template = "[ap_title]\n\n[ap_permalink type=\"html\"]"; + break; + case 'content': + $template = "[ap_content]\n\n[ap_permalink type=\"html\"]\n\n[ap_hashtags]"; + break; + default: + $template = \get_option( 'activitypub_custom_post_content', ACTIVITYPUB_CUSTOM_POST_CONTENT ); + break; } - if ( 'title' === \get_option( 'activitypub_post_content_type', 'content' ) ) { - return "[ap_title]\n\n[ap_permalink type=\"html\"]"; - } - - if ( 'content' === \get_option( 'activitypub_post_content_type', 'content' ) ) { - return "[ap_content]\n\n[ap_permalink type=\"html\"]\n\n[ap_hashtags]"; - } - - return \get_option( 'activitypub_custom_post_content', ACTIVITYPUB_CUSTOM_POST_CONTENT ); + return apply_filters( 'activitypub_object_content_template', $template, $this->wp_post ); } /** diff --git a/readme.txt b/readme.txt index 26e92f5..51235c1 100644 --- a/readme.txt +++ b/readme.txt @@ -110,6 +110,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Removed: Deprecated Classes * Fixed: Normalize attributes that can have mixed value types * Added: URL support for WebFinger +* Added: Make Post-Template filterable = 1.3.0 = From a2e5fc2021949b3ab1df64e3b34ddf1b42a51dca Mon Sep 17 00:00:00 2001 From: Matthias Pfefferle Date: Tue, 12 Dec 2023 14:01:43 +0100 Subject: [PATCH 20/20] Add CSS class for AP comments to allow custom designs (#602) * Add CSS class for AP comments to allow custom designs fix #600 * updated changelog --- README.md | 1 + includes/class-activitypub.php | 20 ++++++++++++++++++++ readme.txt | 1 + 3 files changed, 22 insertions(+) diff --git a/README.md b/README.md index 2f7a22d..e83f274 100644 --- a/README.md +++ b/README.md @@ -111,6 +111,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Fixed: Normalize attributes that can have mixed value types * Added: URL support for WebFinger * Added: Make Post-Template filterable +* Addes: CSS class for ActivityPub comments to allow custom designs ### 1.3.0 ### diff --git a/includes/class-activitypub.php b/includes/class-activitypub.php index 8fbdbbf..0ae3c36 100644 --- a/includes/class-activitypub.php +++ b/includes/class-activitypub.php @@ -39,6 +39,8 @@ class Activitypub { \add_action( 'in_plugin_update_message-' . ACTIVITYPUB_PLUGIN_BASENAME, array( self::class, 'plugin_update_message' ) ); + \add_filter( 'comment_class', array( self::class, 'comment_class' ), 10, 3 ); + // register several post_types self::register_post_types(); } @@ -410,4 +412,22 @@ class Activitypub { do_action( 'activitypub_after_register_post_type' ); } + + /** + * Filters the CSS classes to add an ActivityPub class. + * + * @param string[] $classes An array of comment classes. + * @param string[] $css_class An array of additional classes added to the list. + * @param string $comment_id The comment ID as a numeric string. + * + * @return string[] An array of classes. + */ + public static function comment_class( $classes, $css_class, $comment_id ) { + // check if ActivityPub comment + if ( 'activitypub' === get_comment_meta( $comment_id, 'protocol', true ) ) { + $classes[] = 'activitypub-comment'; + } + + return $classes; + } } diff --git a/readme.txt b/readme.txt index 51235c1..40f210a 100644 --- a/readme.txt +++ b/readme.txt @@ -111,6 +111,7 @@ Project maintained on GitHub at [automattic/wordpress-activitypub](https://githu * Fixed: Normalize attributes that can have mixed value types * Added: URL support for WebFinger * Added: Make Post-Template filterable +* Addes: CSS class for ActivityPub comments to allow custom designs = 1.3.0 =