We've already accepted these on incoming payloads for a long time and so do all the other platforms now, so now we always send out entities with the new property names. This can break federation with really old servers that don't understand these keys yet.
Closes#59
Change unquote method used when preparing Diaspora XML payloads for verification.
Some platforms deliver payloads not using the urlsafe base64 standard which caused problems when validating the unquoted signature. Ensure maximum compatibility by allowing non-standard urlsafe quoted payloads.
Closes#115
Also provided is a Django view and url configuration for easy addition into Django projects. Django is not a hard dependency of this library, usage of the Django view obviously requires installing Django itself. For configuration details see documentation.
Closes#108
This adds possibility for private message support.
JSON encrypted payload encryption and decryption is handled by the Diaspora `EncryptedPayload` class.
Refs: #82
The given ID will be fetched using the correct entity class specific remote endpoint, validated to be from the correct author against their public key and then an instance of the entity class will be constructed and returned.
Also related changes and refactoring:
* New Diaspora protocol helper `federation.utils.diaspora.retrieve_and_parse_content`. See notes regarding the high level fetcher above.
* New Diaspora protocol helper `federation.utils.fetch_public_key`. Given a `handle` as a parameter, will fetch the remote profile and return the `public_key` from it.
* Refactoring for Diaspora `MagicEnvelope` class.
* Diaspora procotol receive flow now uses the `MagicEnvelope` class to verify payloads.
* Diaspora protocol receive flow now fetches the sender public key over the network if a `sender_key_fetcher` function is not passed in. Previously an error would be raised.
Closes#103
Maps to a `DiasporaReshare` for the Diaspora protocol.
The `Share` entity supports all the properties that a Diaspora reshare does. Additionally two other properties are supported: `raw_content` and `entity_type`. The former can be used for a "quoted share" case where the sharer adds their own note to the share. The latter can be used to reference the type of object that was shared, to help the receiver, if it is not sharing a `Post` entity. The value must be a base entity class name.
Closes#94
Converting base entity `Profile` to `DiasporaProfile` for outbound sending missed two attributes, `image_urls` and `tag_list`. Those are now included so that the values transfer into the built payload.
Add proper checks to make sure Diaspora protocol payload handle and entity handle are the same. Even though we already verified the signature of the sender, we didn't ensure that the sender isn't trying to fake an entity authored by someone else.
The Diaspora protocol functions `message_to_objects` and `element_to_objects` now require a new parameter, the payload sender handle. These functions should normally not be needed to be used directly.
**Breaking change.** The high level `federation.outbound` functions `handle_send` and `handle_create_payload` signatures have been changed. This has been done to better represent the objects that are actually sent in and to add an optional `parent_user` object.
For both functions the `from_user` parameter has been renamed to `author_user`. Optionally a `parent_user` object can also be passed in. Both the user objects must have `private_key` and `handle` attributes. In the case that `parent_user` is given, that user will be used to sign the payload and for Diaspora relayables an extra `parent_author_signature` in the payload itself.
Store the original object when signing with parent, then use that for sending, not serializing our entity object.
This fixes relayable support broken with the new Diaspora protocol.
Diaspora photo elements are now processed correctly. Inbound parsing has been changed to also correctly add them to created entities as children, if they happen to be embedded in status messages, for example. Entity children can be iterated using the `_children` list.
Also rename the `Image.text` attribute to `Image.raw_content` to be more consistent.
Closes#62
federation.utils.diaspora.retrieve_and_parse_profile will now return None if the Profile retrieved doesn't validate. This will affect also the output of federation.fetchers.retrieve_remote_profile which is the high level function to retrieve profiles.
Closes#54
To safeguard invalid entities being passed on to library users, validate entities that are created in the message_to_objects calls. Any failures are logged as errors.
This means for Diaspora Profile messages we must fetch the remote GUID from the hcard. Diaspora Profile XML message does not contain the guid but our data structure enforces GUID as a required attribute. This ensures library users will get a full profile back always. Implement in the Diaspora entities a hook fill_extra_attributes that is called in message_to_objects.
In the future diaspora hCard is not guaranteed to contain pod url or username. Don't rely on these in the parser, instead pass handle to the hCard parser directly.
Closes#50
When sending an entity, first convert it to the correct entity using the protocol entities. If a suitable entity is not found, raise an error.
Closes#27
Relationship base entity which represents relationships between two handles. Types can be following, sharing, ignoring and blocking. The Diaspora counterpart, DiasporaRequest, which represents a sharing/following request is outwards a single entity, but incoming a double entity, handled by creating both a sharing and following version of the relationship.
Closes#26
Diaspora private messages don't have a plain text sender handle in the header. One must first
open the message (without verifying it), fetch the sender handle and then verify the content.
Closes#21
Support for generating NodeInfo documents using the generator `federation.hostmeta.generators.NodeInfo`. Strict validation is skipped by default, but can be enabled by passing in `raise_on_validate` to the `NodeInfo` class. By default a warning will be generated on documents that don't conform with the strict NodeInfo values. This can be disabled by passing in `skip_validate` to the class.
Jason Robinson