Ryan Barrett
116cd55ddb
finally start actually requiring HTTP Signatures
...
fixes #315
2023-02-26 07:34:15 -06:00
Ryan Barrett
aa483ded0b
Object.type and object_ids fixes to handle missing as1
...
fixes https://console.cloud.google.com/errors/detail/CJ-U7Zq_s4bxgwE;time=P30D?project=bridgy-federated
2023-02-24 21:59:12 -06:00
Ryan Barrett
fd27dabe61
switch JSON properties to custom JSONProperty that works in web console UI
...
https://github.com/googleapis/python-ndb/issues/874#issuecomment-1442753255
2023-02-24 07:25:29 -06:00
Ryan Barrett
91a60c7e67
switch Object.as1 to be a ComputedProperty
2023-02-23 21:17:26 -06:00
Ryan Barrett
1f3bd41dc5
common.redirect_unwrap: stop following redirects when unwrapping actor URLs
2023-02-23 08:35:06 -06:00
Ryan Barrett
74b3b3b689
refactoring, move Object creation out of common.send_webmentions
...
ugh this was painful
2023-02-23 07:44:54 -06:00
Ryan Barrett
6500f71d3f
switch bluesky XRPCs to serve from datastore
...
fixes #421
2023-02-23 07:39:50 -06:00
Ryan Barrett
3d3335e860
AP => webmention repost bug fix, merge follower and wm domains
2023-02-23 07:39:26 -06:00
Ryan Barrett
4982906ed8
AP => webmention, reposts: handle loading original federated posts
...
bug fix for 72eb26e248
2023-02-21 21:57:38 -06:00
Ryan Barrett
72eb26e248
AP => webmention, bug fix for sending webmentions for reposts
...
thanks to @tantek for reporting!
2023-02-21 21:19:56 -06:00
Ryan Barrett
88db2afce3
follow/unfollow UI: store IndieAuth in session cookie
...
fixes #416
2023-02-17 16:12:25 -08:00
Ryan Barrett
d1691b65c5
Object post put hook: don't add fragment ids to the common.get_object cache
2023-02-16 12:21:27 -08:00
Ryan Barrett
c540a8bee8
add test that Object put hook clears common.get_object cache
2023-02-16 08:21:56 -08:00
Ryan Barrett
65bbc6751e
HTTP Signature verification: bug fix, use actual HTTP method
2023-02-16 07:34:12 -08:00
Ryan Barrett
d505b3859a
HTTP Signature verification: fetch and use keyId from signature
...
#315
2023-02-15 20:10:17 -08:00
Ryan Barrett
48a7720f88
common.get_object: normalize ids by removing fragments
...
this is still underspecified and a bit inconsistent across fediverse implementations:
https://socialhub.activitypub.rocks/t/problems-posting-to-mastodon-inbox/801/11
> The reason might also be that your IDs aren’t permanent, as in, they contain a #fragment. Posts and their corresponding Create activities are supposed to be resolvable — which means one should be able to send a GET request to the ID URL and get the object back. This can’t be done with an URL that contains a fragment as the fragment is not a part of the HTTP exchange, it’s processed on the client.
https://socialhub.activitypub.rocks/t/problems-posting-to-mastodon-inbox/801/23
> I ran into this object id #fragment problem as well. It seems because of some URL normalization, Mastodon will remove the fragment, and drop any additional posts with different fragments (because they become the same url).
https://socialhub.activitypub.rocks/t/s2s-create-activity/1647/5
https://github.com/mastodon/mastodon/issues/13879 (open!)
https://github.com/w3c/activitypub/issues/224
nothing in the http sig spec, example key ids aren't even URLs there:
https://datatracker.ietf.org/doc/html/draft-ietf-httpbis-message-signatures-16
2023-02-15 20:00:12 -08:00
Ryan Barrett
a7e96f585c
HTTP sig verification test: switch from assertLogs to mock
...
assertLogs was great, but didn't work when logging was disabled, eg by oauth_dropins.webutil.tests.__init__.py for python -m unittest discover.
I tried hard to override that and make it work, example code below, but couldn't get it to work. assertLogs() evidently needs a real handler, eg not NullHandler, but the default stderr stream handler that basicConfig() adds obviously emits to stderr.
print('@', logging.getLogger().hasHandlers())
logging_handlers = list(logging.getLogger().handlers)
logging.getLogger().handlers = []
logging_suppressed = logging.getLogger().isEnabledFor(logging.INFO)
logging.disable(logging.NOTSET)
handler = logging.NullHandler()
logging.getLogger().addHandler(handler)
activitypub.logger.disable(logging.NOTSET)
logging.getLogger().handlers = logging_handlers
logging.getLogger().removeHandler(handler)
if not logging_suppressed:
logging.disable(logging.CRITICAL + 1)
2023-02-15 14:10:25 -08:00
Ryan Barrett
e5d3f94b3e
AP signature verification: just log for now, don't fail
...
for #315
2023-02-15 14:10:25 -08:00
Ryan Barrett
63d0e59c2c
AP: verify incoming signatures!
...
for #315
2023-02-15 14:10:25 -08:00
Ryan Barrett
47b83c4e51
common.get_object: update existing object if available
2023-02-14 15:26:25 -08:00
Ryan Barrett
f44aa3b39e
common.get_object: fall back to HTTP fetch if stored entity has no as2
...
also add more logging
2023-02-14 15:17:03 -08:00
Ryan Barrett
c2e6174330
add common.get_object()
2023-02-14 14:30:00 -08:00
Ryan Barrett
c12bb6db6d
serve AS2 /[domain] actors from datastore instead of refetching h-card
...
for #392 . not pretty, but gets the job done. more code cleanup needed eventually.
2023-02-14 08:25:41 -08:00
Ryan Barrett
d64e5e875e
test_webmention: drop unused atom test data
2023-02-14 07:40:37 -08:00
Ryan Barrett
6446c8c421
convert Object.type and .object_ids to ComputedPropertys
...
https://googleapis.dev/python/python-ndb/latest/model.html#google.cloud.ndb.model.ComputedProperty
2023-02-13 21:43:49 -08:00
Ryan Barrett
46ab1cfdf7
AP inbox: simplify already-seen-id handling
2023-02-13 19:10:01 -08:00
Ryan Barrett
c305dcc8d5
AP inbox delivery: cache activity ids that we've already seen in memory
...
for #411
2023-02-12 22:17:04 -08:00
Ryan Barrett
7a625c5a02
AP inbox delivery: short circuit out if we've already seen the activity id
...
for #411 . next is caching in memory.
2023-02-12 21:58:59 -08:00
Ryan Barrett
f39c532ad3
add User.homepage, is_homepage()
2023-02-12 12:03:27 -08:00
Ryan Barrett
bf97c1af4f
store all incoming AP activities in Objects
2023-02-11 22:53:50 -08:00
Ryan Barrett
3feb44e414
apply AP Updates to stored Objects in datastore
...
for #409
2023-02-11 22:23:01 -08:00
Ryan Barrett
7e2fbd1ed0
make AP Deletes mark stored Objects deleted
...
for #409
2023-02-11 21:47:55 -08:00
Ryan Barrett
45fc9786a2
activitypub: fetch full objects of reposts so we can render them in feeds
...
for #419
2023-02-11 19:58:07 -08:00
Ryan Barrett
6d2668e64d
serve /r/ URLs as AS2 from the datastore, don't fetch and convert on the fly
...
for #392 , #378
2023-02-11 18:35:34 -08:00
Ryan Barrett
5d455b7d18
switch webfinger to serve entirely out of Users in datastore
...
no more fetching and converting users' home pages on demand!
for #392 , helps #378
2023-02-09 20:00:58 -08:00
Ryan Barrett
f16338fc57
fix crash on followers/following pages with before/after query params
...
fixes https://console.cloud.google.com/errors/detail/CPnW-eq837TnswE;time=P30D?project=bridgy-federated , introduced in a140a60a7f
2023-02-09 08:26:30 -08:00
Ryan Barrett
d5eac953d0
more error handling for signup UI flow when user's web site fetch fails
...
fixes #400
2023-02-08 20:28:30 -08:00
Ryan Barrett
cb66a2f33b
fix delivering reposts to followers
...
evidently broken by #286 . fixes #418
2023-02-08 11:03:54 -08:00
Ryan Barrett
b739bd4cee
return 404 on requests for unknown users instead of automatically creating them
2023-02-07 18:28:52 -08:00
Ryan Barrett
b5a0386cd0
store home page URL in update profile Objects, render better in activities UI
...
fixes #407
2023-02-07 12:44:41 -08:00
Ryan Barrett
52c6aa6160
fix update profile Object id
...
use synthetic URL with #update-[timestamp] fragment, not just home page URL
2023-02-07 12:23:08 -08:00
Ryan Barrett
cb605e96c6
user page activities: if object is user, render as pretty user link
...
for #406
2023-02-06 21:28:40 -08:00
Ryan Barrett
f922ce89bb
user page: activities: render fediverse actor links as @-@
...
for #406
2023-02-06 21:08:52 -08:00
Ryan Barrett
3623df8e20
bring back default signing user for shared inbox
...
for #403 , fixes https://console.cloud.google.com/errors/detail/CIfnyvKDx8mDTA;time=P30D?project=bridgy-federated
2023-02-06 20:08:32 -08:00
Ryan Barrett
4b37674624
always sign requests with current user's key, stop defaulting to snarfed.org
...
for #403
2023-02-06 19:23:25 -08:00
Ryan Barrett
717b068193
signed_post: don't follow redirects
...
fixes https://console.cloud.google.com/errors/detail/CLuyuajU2sqLtAE;time=P30D;refresh=true?project=bridgy-federated
2023-02-06 14:44:17 -08:00
Ryan Barrett
e42c11bab2
make follow UI respect User.use_instead
...
once more, with feeling for #403
2023-02-05 20:59:39 -08:00
Ryan Barrett
a820eeb57a
Activity => Object: temporarily disable inner object rendering
...
...until we're storing inner objects everywhere.
2023-02-05 08:17:22 -08:00
Ryan Barrett
d74c00f5b6
unfollow: handle Follower.last_follow with string id instead of object
...
fixes #402
2023-02-04 21:23:04 -08:00
Ryan Barrett
2a1b199558
Activity => Object: user dashboard UI bug fixes, add missing Object index
2023-02-04 20:46:28 -08:00