Commit graph

612 commits

Author SHA1 Message Date
Matthias Pfefferle
46f376e05e fix tests 2023-06-15 12:24:13 +02:00
Matthias Pfefferle
37c61fbf07 fix queries 2023-06-15 12:17:48 +02:00
Matthias Pfefferle
4414121502 add missing user_id 2023-06-15 12:13:30 +02:00
Matthias Pfefferle
fcf6740d36 fix query 2023-06-15 11:53:07 +02:00
Matthias Pfefferle
9036b644d1 add user connection 2023-06-15 11:48:43 +02:00
Matthias Pfefferle
fc0fc295bb fix follower creation 2023-06-15 11:48:09 +02:00
Matthias Pfefferle
8b7744a5ea fix queries 2023-06-15 11:47:50 +02:00
Matthias Pfefferle
7ed998d81f fix follower table 2023-06-15 11:45:25 +02:00
Matt Wiebe
87de87b2a5 Followers: use custom post types and postmeta to store 2023-06-12 11:38:15 -05:00
Matthias Pfefferle
bfe5381d99
Merge pull request #299 from mediaformat/signature_verification
Signature verification
2023-06-01 11:21:33 +02:00
Matthias Pfefferle
00e56ca112 always use is_activitypub_request to check if it is an AP request 2023-06-01 11:17:08 +02:00
Matthias Pfefferle
00dd5d2c52 some phpdoc 2023-06-01 11:05:47 +02:00
Matthias Pfefferle
b834666eda add missing slash 2023-06-01 10:44:05 +02:00
Matthias Pfefferle
9118e50623 fix signature verification path 2023-06-01 10:25:18 +02:00
Matthias Pfefferle
c1bf6691c1 fix route issues 2023-06-01 10:13:49 +02:00
Matthias Pfefferle
96881b940a some refactorings and fixed the tests 2023-06-01 09:49:40 +02:00
Django Doucet
73cd19ec20 added test and pre_get_remote_key filter 2023-05-31 23:23:40 -06:00
Matthias Pfefferle
758912da64 do not use cache for new followers 2023-05-31 14:03:46 +02:00
Matthias Pfefferle
084f108161 only schedule migration if DB is not on the latest version 2023-05-31 10:48:51 +02:00
Matthias Pfefferle
c04cf3fc7e move schedule to scheduler-class 2023-05-31 10:48:06 +02:00
Matthias Pfefferle
ab0f48389c deregister schedules on uninstall 2023-05-31 10:47:49 +02:00
Django Doucet
273493e768 update header parsing in get_signed_data() 2023-05-26 12:40:46 -06:00
Matthias Pfefferle
221c577826 Fix federation with pixelfed! 2023-05-25 14:03:30 +02:00
Matthias Pfefferle
27dd8217e8
Merge branch 'master' into fix/sanitization 2023-05-23 19:20:23 +02:00
Matthias Pfefferle
2117f78106 fix #321 2023-05-23 12:28:57 +02:00
Matthias Pfefferle
2aa7077ae7 add wpautop to user description
fix #279
2023-05-23 12:26:02 +02:00
Matthias Pfefferle
83991c0cd8 fix #332
and some of the feedback of @mattwiebe
2023-05-23 12:14:39 +02:00
Matthias Pfefferle
d91eaeae72 phpdoc 2023-05-23 11:26:12 +02:00
Matthias Pfefferle
3d1a0af6cb moved strip style/script 2023-05-23 11:13:17 +02:00
Matthias Pfefferle
677d507fe9 Revorked "sanitize output"
This reverts commit 77873d12b3.
2023-05-23 11:10:05 +02:00
Matthias Pfefferle
750d071c8d
Merge branch 'master' into signature_verification 2023-05-22 14:50:49 +02:00
Matthias Pfefferle
b8ee030d78
Merge pull request #324 from Automattic/add/caching
Introduce Caching
2023-05-22 14:34:49 +02:00
Matthias Pfefferle
d2b7c287fc code doc 2023-05-22 13:35:46 +02:00
Matthias Pfefferle
ec4e22f570 fix routing checks 2023-05-22 13:34:14 +02:00
Matthias Pfefferle
467a349b16 some small improvements 2023-05-22 11:31:46 +02:00
Matthias Pfefferle
68002db291 prevent sweeping of followers taxonomies
thanks @akirk

b0db9db87e
2023-05-22 10:58:13 +02:00
Matthias Pfefferle
e04ccdc961 fix missing namespace 2023-05-19 18:06:39 +02:00
Matthias Pfefferle
a1753242f3 fix missing namespace 2023-05-19 18:03:05 +02:00
Matthias Pfefferle
e48ce0ebce I would remove the settings for now 2023-05-19 17:16:19 +02:00
Matthias Pfefferle
92712e1d4a
Merge branch 'master' into signature_verification 2023-05-19 12:01:53 +02:00
Matthias Pfefferle
dd486e552f some code cleanups 2023-05-19 12:00:11 +02:00
Django Doucet
f4aadc00fc phpcs 2023-05-18 00:10:03 -06:00
Django Doucet
ed77ffce26 update rest paths to namespace 2023-05-18 00:03:11 -06:00
Matthias Pfefferle
cfb162c620
Merge branch 'master' into signature_verification 2023-05-17 09:59:02 +02:00
Matthias Pfefferle
c34fb74b41 coding style 2023-05-17 09:03:26 +02:00
Matthias Pfefferle
60fc581e1d coding style 2023-05-17 09:02:37 +02:00
Matthias Pfefferle
4b294bb8a6
Merge branch 'master' into signature_verification 2023-05-16 08:15:35 +02:00
Matthias Pfefferle
9cd2a04955 re-added some namespace consts 2023-05-16 08:14:04 +02:00
Django Doucet
e79f2e8991 fix keyId url 2023-05-16 00:11:27 -06:00
Matthias Pfefferle
2e537e423c
Merge branch 'master' into add/rest-namespace-constant 2023-05-16 08:10:06 +02:00
Matthias Pfefferle
ec23742b9a
Merge pull request #318 from Automattic/schedule
update scheduler for followers
2023-05-16 08:08:42 +02:00
Django Doucet
12724a3681 Switch secure_mode to a filter 2023-05-16 00:07:15 -06:00
Matthias Pfefferle
8b9026ab5e fix get_post_content_template function 2023-05-15 10:55:07 +02:00
Matthias Pfefferle
7456d36834 use const instead of -1 2023-05-15 10:48:34 +02:00
Matt Wiebe
31e7e44642 remove filter 2023-05-12 18:25:49 -05:00
Matt Wiebe
ec00ace234 add a activitypub_rest_url filter 2023-05-12 16:55:04 -05:00
Matthias Pfefferle
c99daa3e72
Merge branch 'master' into add/rest-namespace-constant 2023-05-12 22:44:41 +02:00
Matt Wiebe
5a91fdcf0a remove debug log 2023-05-12 15:43:04 -05:00
Matt Wiebe
3fa5e4f37e now with more use 2023-05-12 15:31:53 -05:00
Matt Wiebe
314ccf43a6 add a get_rest_url_by_path helper function, and use it 2023-05-12 15:24:24 -05:00
Matthias Pfefferle
94e5539d75 reset errors if new is set 2023-05-12 10:23:58 +02:00
Matthias Pfefferle
7d5cfb3078 phpdoc 2023-05-12 10:17:36 +02:00
Matt Wiebe
abfa7c7969 Allow setting the REST namespace with ACTIVITYPUB_REST_NAMESPACE 2023-05-11 13:25:30 -05:00
Jeremy Herve
d16014911b
Compat: introduce a conditional to detect ActivityPub requests
This conditional could be used within the plugin, but also by third-party plugins, to detect whether a request is an ActivityPub request, without having to manually check for query vars and headers every time.
2023-05-11 19:53:53 +02:00
Matthias Pfefferle
77873d12b3 sanitize output 2023-05-11 14:20:35 +02:00
Matthias Pfefferle
f196047901 remove casts
after feedback from @akirk
2023-05-11 11:02:06 +02:00
Matthias Pfefferle
b803914180 removed output formatting 2023-05-11 09:46:26 +02:00
Matthias Pfefferle
47b1b10955 Fix migration script 2023-05-11 09:45:01 +02:00
Django Doucet
fc1b89561e If WP_REST_Request set actor for get_remote_key() 2023-05-10 19:46:52 -06:00
Matthias Pfefferle
26a1dc9be5 use time() instead of strtotime( 'now' ) 2023-05-10 18:52:13 +02:00
Matthias Pfefferle
6fce2c30d2
Update includes/class-scheduler.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-05-10 18:47:46 +02:00
Matthias Pfefferle
9da559be6a
Update includes/collection/class-followers.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-05-10 18:45:32 +02:00
Matthias Pfefferle
463bff834b delete if response code is 410 or 404 2023-05-10 17:21:59 +02:00
Matthias Pfefferle
154b0018af PHPDoc 2023-05-10 15:36:45 +02:00
Matthias Pfefferle
df02d2202e PHPDoc 2023-05-10 15:02:01 +02:00
Matthias Pfefferle
2570928b00 PHPDoc 2023-05-10 14:55:10 +02:00
Matthias Pfefferle
17b66cb23d implement cleanup_followers and update_followers 2023-05-10 14:18:56 +02:00
Matthias Pfefferle
74be5d6b51 implemented feedback of @akirk 2023-05-10 09:04:33 +02:00
Matthias Pfefferle
ca8aff1823 cast to bool, to be sure that '0' is false 2023-05-09 12:25:25 +02:00
Matthias Pfefferle
b88c5f606d fixed copy/paste issue 2023-05-09 12:17:48 +02:00
Matthias Pfefferle
c872cb69d0 remove var_dump :( 2023-05-09 12:13:35 +02:00
Matthias Pfefferle
180e882c4a generate key if not existent 2023-05-09 12:12:05 +02:00
Matthias Pfefferle
96953dfc7e fail early and always return $response as fallback 2023-05-09 11:57:43 +02:00
Matthias Pfefferle
c42edfce68 use WP_Error 2023-05-09 11:51:53 +02:00
Matthias Pfefferle
378f5dacdc fix issue with missing array 2023-05-09 11:32:26 +02:00
Matthias Pfefferle
4abd5aefb4 cache inbox list 2023-05-09 10:28:23 +02:00
Matthias Pfefferle
f64a765129 phpdoc fixes 2023-05-09 10:08:51 +02:00
Matthias Pfefferle
6d96daa635 fix NodeInfo check 2023-05-08 21:05:20 +02:00
Django Doucet
abedf014ae remove redundant 2023-05-05 23:56:39 -06:00
Django Doucet
afafdf1543 Add get_remote_key method 2023-05-05 23:54:29 -06:00
Django Doucet
dc8e1e0f3e fix request-target route,
remove $actor from verify_http_signature
2023-05-05 23:50:49 -06:00
Django Doucet
0d5c249eaf remove user_id variable from activitypub_safe_remote_get_response 2023-05-05 23:44:55 -06:00
Django Doucet
f79200ef27 make webfinger route available unsigned 2023-05-05 23:44:15 -06:00
Django Doucet
b0edf9a765 removing logging 2023-05-05 14:43:05 -06:00
Django Doucet
3d4ae84573 Add secure mode to content negotiated requests 2023-05-05 14:40:30 -06:00
Django Doucet
9202c19730 Add secure mode to REST get requests 2023-05-05 14:39:33 -06:00
Django Doucet
6c95a23d10 phpcbf 2023-05-05 13:45:38 -06:00
Django Doucet
0b4bada2b6 enable secure mode 2023-05-05 13:24:59 -06:00
Django Doucet
656a2b0f44 remove unneeded filter 2023-05-05 13:22:47 -06:00
Django Doucet
14f3c3985b code style 2023-05-05 13:00:21 -06:00
Django Doucet
9d30f2c1dd phpcbf 2023-05-05 12:55:12 -06:00
Django Doucet
c5ca061805 Add helper format_server_request 2023-05-05 12:53:43 -06:00
Django Doucet
35496f5026 get_public_key support application actor 2023-05-05 12:52:24 -06:00
Django Doucet
e827221ee6 service actor as application actor 2023-05-05 12:09:12 -06:00
Django Doucet
27636b62d5 Add Service actor for signing get requests 2023-05-05 12:02:12 -06:00
Django
2bebc88b78
fix undefined get_remote_metadata_by_actor
Not tested
2023-05-05 11:47:52 -06:00
Django Doucet
3a0fef27e0 Merge branch 'master' into signature_verification 2023-05-05 09:54:16 -06:00
Django Doucet
6b68f0763d hold off secure mode 2023-05-05 07:49:27 -06:00
Matthias Pfefferle
6ba8156e50 fix #320 2023-05-05 14:40:17 +02:00
Matthias Pfefferle
8aa3f53dbd no need to use Followers any more 2023-05-05 10:22:01 +02:00
Matthias Pfefferle
e57dd0590d
Merge branch 'master' into signature_verification 2023-05-05 10:15:26 +02:00
Matthias Pfefferle
77112c441f formatting 2023-05-05 09:57:47 +02:00
Jeremy Herve
a914495215
Profile settings: use string instead of constant
Follow-up from #304

Since we do not use a constant anywhere else just yet, let's keep using a string in the settings page.
2023-05-05 09:35:21 +02:00
Jeremy Herve
c7dc55047d
Merge pull request #309 from jeherve/update/jetpack-photon-filter 2023-05-04 18:02:10 +02:00
Matthias Pfefferle
f1eb095add
Merge branch 'master' into schedule 2023-05-04 15:18:02 +02:00
Matthias Pfefferle
cec4ed2e3f init follower update scheduler 2023-05-04 15:17:05 +02:00
Matthias Pfefferle
26e5a1d3f6
Merge branch 'master' into rewrite-followers 2023-05-04 09:33:55 +02:00
Matthias Pfefferle
e489a04880 remove unused constants 2023-05-04 09:32:52 +02:00
Matthias Pfefferle
144356bf8a remove unused second param 2023-05-04 08:50:44 +02:00
Matthias Pfefferle
f07869c7d1 be sure to always update date 2023-05-03 15:11:20 +02:00
Matthias Pfefferle
7127b0a568 oops 2023-05-03 14:54:34 +02:00
Matthias Pfefferle
72f72e79b8 use custom (more error tolerant) version for migration 2023-05-03 14:50:36 +02:00
Matthias Pfefferle
be0f25f3d3 fail if get_remote_metadata_by_actor returns error
because it is not even possible to send `Accept` or `Reject` response.
2023-05-03 14:50:16 +02:00
Matthias Pfefferle
dea5f38561 better error handling 2023-05-02 14:39:25 +02:00
Matthias Pfefferle
077c43bf95 single migration scripts should not be public 2023-05-02 14:35:53 +02:00
Matthias Pfefferle
66942e6c62 fix error detection 2023-05-02 13:54:21 +02:00
Matthias Pfefferle
958b712e5b Merge branch 'signature_verification' of https://github.com/mediaformat/wordpress-activitypub into pr/299 2023-05-02 09:50:11 +02:00
Matthias Pfefferle
857fae9db1 serve_request is not needed any more
this was only for handling the signing, so no more need for that
2023-05-02 09:50:08 +02:00
Matthias Pfefferle
654cdd4174
Update includes/class-migration.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-05-02 09:37:11 +02:00
Matthias Pfefferle
725fc0cecd fix function call 2023-05-02 09:29:29 +02:00
Matthias Pfefferle
22946ec779 change migration script to match plugin version
/cc @akirk
2023-05-02 09:27:35 +02:00
Matthias Pfefferle
be73f99b59
Update includes/class-migration.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-04-28 18:13:59 +02:00
Matthias Pfefferle
9cd33ad544
Update includes/class-migration.php
Co-authored-by: Alex Kirk <akirk@users.noreply.github.com>
2023-04-28 18:13:16 +02:00
Matthias Pfefferle
a673504d36
Merge branch 'master' into rewrite-followers 2023-04-28 17:38:30 +02:00
Matthias Pfefferle
7c47f9a07c clean up admin settings 2023-04-28 15:12:30 +02:00
Matthias Pfefferle
02e0acdf69 fix indents 2023-04-28 14:39:33 +02:00
Matthias Pfefferle
9966427fd3
Merge branch 'master' into feature/165/fediverse-biography 2023-04-28 14:36:17 +02:00
Matthias Pfefferle
f2355cd960 fix typo 2023-04-28 11:23:40 +02:00
Matthias Pfefferle
5ef41dea02 schedule migration because it takes quite some time 2023-04-28 09:54:09 +02:00
Matthias Pfefferle
fb3d6d2634 fix phpcs 2023-04-27 14:49:39 +02:00
Matthias Pfefferle
b97d364140
Merge pull request #311 from pfefferle/ignore-www
ignore `www` subdomain when comparing hosts
2023-04-27 14:46:06 +02:00
Matthias Pfefferle
02e3488fd7 remove debugging stuff 2023-04-27 14:45:38 +02:00
Matthias Pfefferle
230aaa5b24 prepare migration 2023-04-27 14:34:54 +02:00
Matthias Pfefferle
ec822535c9 Follower object should not make any remote calls 2023-04-27 09:57:50 +02:00
Matthias Pfefferle
b8c86915b5 add missing phpdoc 2023-04-26 17:24:27 +02:00
Matthias Pfefferle
0ee1266c30 add sanitize callbacks 2023-04-26 17:23:28 +02:00
Matthias Pfefferle
4a4a06de37 get_follower requires user_id check 2023-04-26 17:22:44 +02:00
Jeremy Herve
bd75603fc7
Remove comment about Jetpack's Photon 2023-04-26 10:47:49 +02:00
Jeremy Herve
e16e119e6c
Switch to general actions and filter
As a result, we will not modify the images within the ActivityPub plugin, but the hooks will allow third-parties to do it on their end.

See discussion: https://github.com/pfefferle/wordpress-activitypub/pull/309#issuecomment-1521488186
2023-04-26 10:45:35 +02:00
Matthias Pfefferle
c70080a0c6
Merge pull request #312 from akirk/protect-img-tags
Protect img tags from replacing mentions
2023-04-26 10:11:15 +02:00
Alex Kirk
98619dc319 Protect img tags from replacing mentions 2023-04-26 10:08:22 +02:00
Matthias Pfefferle
ca646588d2 ignore www subdomain when comparing hosts
fix #290
2023-04-25 20:44:54 +02:00
Matthias Pfefferle
d1f6973d9b re-add mention functionality
not perfect but works as expected
2023-04-25 11:59:08 +02:00
Jeremy Herve
da63763ddc
Compat: only disable Jetpack's image CDN via filter
This follows the discussion in #307.

1. Do not disable Jetpack's image CDN in ActivityPub requests by default.
2. Add a new filter, activitypub_images_use_jetpack_image_cdn, that site owners can use to disable Jetpack's Image CDN if they'd like to.
3. Extract image getting into its own method for improved readability.
2023-04-25 10:54:21 +02:00
Matthias Pfefferle
764a091046 fix unit tests 2023-04-25 09:31:28 +02:00
Matthias Pfefferle
377fc94161 php doc 2023-04-25 09:09:07 +02:00
Matthias Pfefferle
84a82c2ac4 added follower model 2023-04-24 20:46:51 +02:00
Jeremy Herve
56d2b7e8be
Update to handle both old and new versions of Jetpack
See https://github.com/Automattic/jetpack/pull/30050/
2023-04-24 09:51:08 +02:00
Jeremy Herve
3f4c44db05
Compatibility: do not serve images with Jetpack CDN when active
When Jetpack's image CDN is active, core calls to retrieve images return an image served by the CDN.

Since Fediverse instances usually fetch and cache the data themselves, we do not need to use the CDN for those images when returned by the ActivityPub plugin. In fact, we really do not want that to happen, as Fediverse instances may get errors when trying to fetch images from the CDN (they may get blocked / rate-limited / ...).

Let's hook into Jetpack's CDN to avoid that.
2023-04-24 09:51:08 +02:00
Matthias Pfefferle
47dc2f72d1 fix "bulk replace" issue 2023-04-24 09:49:06 +02:00
Matthias Pfefferle
77415ef510 Remove "(Fediverse)" 2023-04-23 22:57:03 +02:00
Matthias Pfefferle
28c077e422 Add URL 2023-04-23 22:56:45 +02:00
Django Doucet
b641cb03f3 fix phpcs 2023-04-21 16:16:52 -06:00
Django Doucet
023ba25f38 PHPDoc 2023-04-21 15:27:02 -06:00
Django Doucet
f396c6da4e Optimize verification code and returns WP_Errors 2023-04-21 15:25:39 -06:00
Alex Kirk
4ed4d06fd5 Add comment 2023-04-21 17:41:04 +02:00
Django Doucet
7dbce74a96 ensure signature block has algorithm 2023-04-21 09:36:17 -06:00
Alex Kirk
45ae73bb06 Add Vary header 2023-04-21 17:20:48 +02:00
Django Doucet
1631f1c7dc fix rest api endpoint 2023-04-21 09:18:24 -06:00
Django Doucet
d23ff46073 fix merge omission 2023-04-21 08:45:10 -06:00
Matthias Pfefferle
ef536cc977 verify requests 2023-04-21 16:40:46 +02:00
Matthias Pfefferle
ebc9b6ac8d naming improvements 2023-04-21 16:34:47 +02:00
Matthias Pfefferle
3c86e94d9a remove followers 2023-04-21 16:25:15 +02:00
Matthias Pfefferle
32194c31df phpDoc 2023-04-21 15:57:49 +02:00
Matthias Pfefferle
734750b796 use collection also for rest endpoints 2023-04-21 15:57:41 +02:00
Matthias Pfefferle
75e9b1e281 deprecate old functions 2023-04-21 15:57:21 +02:00
Django Doucet
036ee3180b move signature verification to callback 2023-04-21 07:53:12 -06:00
Django Doucet
bb21803b18 Add Secure mode setting 2023-04-21 07:48:19 -06:00
Django Doucet
038bf25b2e remove guessing function 2023-04-21 07:48:19 -06:00
Matthias Pfefferle
7769d76849 use a taxonomy to save the list of followers 2023-04-21 14:56:22 +02:00
Matthias Pfefferle
a8b963ec26 some code cleanups 2023-04-21 08:51:38 +02:00
Matthias Pfefferle
5faddba511 this function should not work without $request 2023-04-21 08:51:25 +02:00
Matthias Pfefferle
804ef25822 count only users that can publish_posts 2023-04-21 08:42:51 +02:00
Matthias Pfefferle
5a6f8aff02
Merge branch 'master' into signature_verification 2023-04-20 22:23:15 +02:00
Matthias Pfefferle
eeb3ba2952 remove unused "use function" 2023-04-20 15:32:38 +02:00
Matthias Pfefferle
c32eec2390 some code cleanup 2023-04-20 15:22:11 +02:00
Matthias Pfefferle
cf426ab8ab
Merge pull request #265 from pfefferle/optimize-publish
optimize publishing
2023-04-20 15:04:34 +02:00
Django Doucet
590c990e21 phpcs 2023-04-14 23:59:04 -06:00
Django Doucet
30d78417d8 Fixes key retrieval 2023-04-14 23:53:43 -06:00
Matthias Pfefferle
15adf639a8
Merge pull request #302 from jeherve/fix/warning-webfinger-no-user 2023-04-10 16:41:40 +02:00
Jeremy Herve
643c47dcb7
Webfinger info: avoid PHP warning when user isn't defined
This should avoid warnings like this one:

```
PHP Warning:  Attempt to read property "user_login" on bool in /var/www/html/wp-content/plugins/activitypub/includes/class-webfinger.php on line 27
```
2023-04-10 13:10:46 +02:00
Django Doucet
e1722cd4d3 Simplify signature_algorithm 2023-04-05 13:25:39 -06:00
Django Doucet
3a0f62b092 phpcs 2023-04-04 20:36:25 -06:00
Django Doucet
9eb903ac15 phpcs compat 2023-04-04 20:33:00 -06:00
Django Doucet
502bf8b5a6 Get actor from key with non-standard uri 2023-04-04 19:58:08 -06:00
Django Doucet
d6169f4bc3 Add content-length header if present in sig headers 2023-04-02 20:38:10 -06:00
Django Doucet
2293c0b3d7 use verify_http_signature in validate_callback
rename verify_signature
2023-04-02 16:38:39 -06:00
Django Doucet
90b45438b2 cleanup 2023-04-02 00:30:17 -06:00
Django Doucet
504bbb9999 code style phpcs 2023-04-01 23:59:49 -06:00
Django Doucet
0c7cec3eba Fix signature parse verification 2023-04-01 10:17:56 -06:00