The ActivityPub protocol handlers require access to HTTP headers,
method and url from the incoming request. Thus require passing in
a RequestType object, which has the same structure as a Django
HttpRequest for compatibility.
This is a breaking backwards compatible change requiring Diaspora
payloads be wrapped in a RequestType object.
Refs: #7
This is a more up to date fork of the former. This fixes CVE-2018-6594 found in the former.
**Deployment note.** When updating an application, you *must* uninstall `pycrypto` first, otherwise there will be a conflict if both the versions are installed at the same time. To uninstall, do `pip uninstall pycrypto`.
Release 0.17.0
Previously only `first_name` was used when creating the `Profile.name`
value. Now both `first_name` and `last_name` are used.
When creating outgoing payloads, the `Profile.name` will still be placed
in `first_name` to avoid trying to artificially split it.
Network utils has a method `fetch_host_ip_and_country` which will
fetch both. The country fetching uses the `ip-api.com` free service
to resolve country information.
We've already accepted these on incoming payloads for a long time and so do all the other platforms now, so now we always send out entities with the new property names. This can break federation with really old servers that don't understand these keys yet.
Closes#59
Change unquote method used when preparing Diaspora XML payloads for verification.
Some platforms deliver payloads not using the urlsafe base64 standard which caused problems when validating the unquoted signature. Ensure maximum compatibility by allowing non-standard urlsafe quoted payloads.
Closes#115
Also provided is a Django view and url configuration for easy addition into Django projects. Django is not a hard dependency of this library, usage of the Django view obviously requires installing Django itself. For configuration details see documentation.
Closes#108
This adds possibility for private message support.
JSON encrypted payload encryption and decryption is handled by the Diaspora `EncryptedPayload` class.
Refs: #82
The given ID will be fetched using the correct entity class specific remote endpoint, validated to be from the correct author against their public key and then an instance of the entity class will be constructed and returned.
Also related changes and refactoring:
* New Diaspora protocol helper `federation.utils.diaspora.retrieve_and_parse_content`. See notes regarding the high level fetcher above.
* New Diaspora protocol helper `federation.utils.fetch_public_key`. Given a `handle` as a parameter, will fetch the remote profile and return the `public_key` from it.
* Refactoring for Diaspora `MagicEnvelope` class.
* Diaspora procotol receive flow now uses the `MagicEnvelope` class to verify payloads.
* Diaspora protocol receive flow now fetches the sender public key over the network if a `sender_key_fetcher` function is not passed in. Previously an error would be raised.
Closes#103
Maps to a `DiasporaReshare` for the Diaspora protocol.
The `Share` entity supports all the properties that a Diaspora reshare does. Additionally two other properties are supported: `raw_content` and `entity_type`. The former can be used for a "quoted share" case where the sharer adds their own note to the share. The latter can be used to reference the type of object that was shared, to help the receiver, if it is not sharing a `Post` entity. The value must be a base entity class name.
Closes#94
Converting base entity `Profile` to `DiasporaProfile` for outbound sending missed two attributes, `image_urls` and `tag_list`. Those are now included so that the values transfer into the built payload.
Add proper checks to make sure Diaspora protocol payload handle and entity handle are the same. Even though we already verified the signature of the sender, we didn't ensure that the sender isn't trying to fake an entity authored by someone else.
The Diaspora protocol functions `message_to_objects` and `element_to_objects` now require a new parameter, the payload sender handle. These functions should normally not be needed to be used directly.
**Breaking change.** The high level `federation.outbound` functions `handle_send` and `handle_create_payload` signatures have been changed. This has been done to better represent the objects that are actually sent in and to add an optional `parent_user` object.
For both functions the `from_user` parameter has been renamed to `author_user`. Optionally a `parent_user` object can also be passed in. Both the user objects must have `private_key` and `handle` attributes. In the case that `parent_user` is given, that user will be used to sign the payload and for Diaspora relayables an extra `parent_author_signature` in the payload itself.
Store the original object when signing with parent, then use that for sending, not serializing our entity object.
This fixes relayable support broken with the new Diaspora protocol.
Jason Robinson