Merge pull request #2274 from annando/1601-hubzilla-comments

Hubzilla comments are now federated

include/diaspora.php

@@ -826,6 +826,23 @@ function diaspora_plink($addr, $guid) {
 	return 'https://'.substr($addr,strpos($addr,'@')+1).'/posts/'.$guid;
 }
 
+function diaspora_repair_signature($signature, $handle = "", $level = 1) {
+
+	if ($signature == "")
+		return($signature);
+
+	if (base64_encode(base64_decode(base64_decode($signature))) == base64_decode($signature)) {
+		$signature = base64_decode($signature);
+		logger("Repaired double encoded signature from Diaspora/Hubzilla handle ".$handle." - level ".$level, LOGGER_DEBUG);
+
+		// Do a recursive call to be able to fix even multiple levels
+		if ($level < 10)
+			$signature = diaspora_repair_signature($signature, $handle, ++$level);
+	}
+
+	return($signature);
+}
+
 function diaspora_post($importer,$xml,$msg) {
 
 	$a = get_app();
@@ -1565,18 +1582,19 @@ function diaspora_comment($importer,$xml,$msg) {
 		//);
 	//}
 
-	if(($parent_item['origin']) && (! $parent_author_signature)) {
+	// If we are the origin of the parent we store the original signature and notify our followers
+	if($parent_item['origin']) {
+		$author_signature_base64 = base64_encode($author_signature);
+		$author_signature_base64 = diaspora_repair_signature($author_signature_base64, $diaspora_handle);
+
 		q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
 			intval($message_id),
 			dbesc($signed_data),
-			dbesc(base64_encode($author_signature)),
+			dbesc($author_signature_base64),
 			dbesc($diaspora_handle)
 		);
 
-		// if the message isn't already being relayed, notify others
-		// the existence of parent_author_signature means the parent_author or owner
-		// is already relaying.
-
+		// notify others
 		proc_run('php','include/notifier.php','comment-import',$message_id);
 	}
 
@@ -2226,21 +2244,21 @@ EOT;
 	//	);
 	//}
 
-	if(! $parent_author_signature) {
+	// If we are the origin of the parent we store the original signature and notify our followers
+	if($parent_item['origin']) {
+		$author_signature_base64 = base64_encode($author_signature);
+		$author_signature_base64 = diaspora_repair_signature($author_signature_base64, $diaspora_handle);
+
 		q("insert into sign (`iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
 			intval($message_id),
 			dbesc($signed_data),
-			dbesc(base64_encode($author_signature)),
+			dbesc($author_signature_base64),
 			dbesc($diaspora_handle)
 		);
-	}
 
-	// if the message isn't already being relayed, notify others
-	// the existence of parent_author_signature means the parent_author or owner
-	// is already relaying. The parent_item['origin'] indicates the message was created on our system
-
-	if(($parent_item['origin']) && (! $parent_author_signature))
+		// notify others
 		proc_run('php','include/notifier.php','comment-import',$message_id);
+	}
 
 	return;
 }
@@ -2336,8 +2354,7 @@ function diaspora_signed_retraction($importer,$xml,$msg) {
 			return;
 		}
 
-	}
-	else {
+	} else {
 
 		$sig_decode = base64_decode($sig);
 
@@ -2371,7 +2388,7 @@ function diaspora_signed_retraction($importer,$xml,$msg) {
 					intval($r[0]['parent'])
 				);
 				if(count($p)) {
-					if(($p[0]['origin']) && (! $parent_author_signature)) {
+					if($p[0]['origin']) {
 						q("insert into sign (`retract_iid`,`signed_text`,`signature`,`signer`) values (%d,'%s','%s','%s') ",
 							$r[0]['id'],
 							dbesc($signed_data),
@@ -2819,7 +2836,7 @@ function diaspora_send_followup($item,$owner,$contact,$public_batch = false) {
 	// sign it
 
 	if($like)
-		$signed_text = $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $positive . ';' . $myaddr;
+		$signed_text =  $positive . ';' . $item['guid'] . ';' . $target_type . ';' . $parent['guid'] . ';' . $myaddr;
 	else
 		$signed_text = $item['guid'] . ';' . $parent['guid'] . ';' . $text . ';' . $myaddr;
 

include/like.php

@@ -279,6 +279,9 @@ function store_diaspora_like_retract_sig($activity, $item, $like_item, $contact)
 		$contact_baseurl = substr($contact['url'], $contact_baseurl_start, $contact_baseurl_length);
 		$diaspora_handle = $contact['nick'] . '@' . $contact_baseurl;
 
+		// This code could never had worked (the return values form the queries were used in a wrong way.
+		// Additionally it is needlessly complicated. Either the contact is owner or not. And we have this data already.
+/*
 		// Get contact's private key if he's a user of the local Friendica server
 		$r = q("SELECT `contact`.`uid` FROM `contact` WHERE `url` = '%s' AND `self` = 1 LIMIT 1",
 			dbesc($contact['url'])
@@ -289,9 +292,15 @@ function store_diaspora_like_retract_sig($activity, $item, $like_item, $contact)
 			$r = q("SELECT prvkey FROM user WHERE uid = %d LIMIT 1",
 				intval($contact_uid)
 			);
+*/
+		// Is the contact the owner? Then fetch the private key
+		if ($contact['self'] AND ($contact['uid'] > 0)) {
+			$r = q("SELECT prvkey FROM user WHERE uid = %d LIMIT 1",
+				intval($contact['uid'])
+			);
 
-			if( $r)
-				$authorsig = base64_encode(rsa_sign($signed_text,$r['prvkey'],'sha256'));
+			if($r)
+				$authorsig = base64_encode(rsa_sign($signed_text,$r[0]['prvkey'],'sha256'));
 		}
 
 		if(! isset($authorsig))
@@ -329,6 +338,10 @@ function store_diaspora_like_sig($activity, $post_type, $contact, $post_id) {
 		$contact_baseurl = substr($contact['url'], $contact_baseurl_start, $contact_baseurl_length);
 		$diaspora_handle = $contact['nick'] . '@' . $contact_baseurl;
 
+
+		// This code could never had worked (the return values form the queries were used in a wrong way.
+		// Additionally it is needlessly complicated. Either the contact is owner or not. And we have this data already.
+/*
 		// Get contact's private key if he's a user of the local Friendica server
 		$r = q("SELECT `contact`.`uid` FROM `contact` WHERE `url` = '%s' AND `self` = 1 LIMIT 1",
 			dbesc($contact['url'])
@@ -343,6 +356,17 @@ function store_diaspora_like_sig($activity, $post_type, $contact, $post_id) {
 			if( $r)
 				$contact_uprvkey = $r['prvkey'];
 		}
+*/
+
+		// Is the contact the owner? Then fetch the private key
+		if ($contact['self'] AND ($contact['uid'] > 0)) {
+			$r = q("SELECT prvkey FROM user WHERE uid = %d LIMIT 1",
+				intval($contact['uid'])
+			);
+
+			if($r)
+				$contact_uprvkey = $r[0]['prvkey'];
+		}
 
 		$r = q("SELECT guid, parent FROM `item` WHERE id = %d LIMIT 1",
 			intval($post_id)
@@ -353,7 +377,7 @@ function store_diaspora_like_sig($activity, $post_type, $contact, $post_id) {
 				intval($r[0]['parent'])
 			);
 			if( $p) {
-				$signed_text = $r[0]['guid'] . ';Post;' . $p[0]['guid'] . ';true;' . $diaspora_handle;
+				$signed_text = 'true;'.$r[0]['guid'].';Post;'.$p[0]['guid'].';'.$diaspora_handle;
 
 				if(isset($contact_uprvkey))
 					$authorsig = base64_encode(rsa_sign($signed_text,$contact_uprvkey,'sha256'));

include/threads.php

@@ -66,6 +66,7 @@ function add_thread($itemid, $onlyshadow = false) {
 
 			unset($item[0]['id']);
 			$item[0]['uid'] = 0;
+			$item[0]['origin'] = 0;
 			$item[0]['contact-id'] = get_contact($item[0]['author-link'], 0);
 			$public_shadow = item_store($item[0], false, false, true);