/** * notify a user of subscription by another user * * This is just a wrapper around the profile-based version. * * @param User $listenee user who is being subscribed to * @param User $listener user who is subscribing * * @see mail_subscribe_notify_profile() * * @return void */ function mail_subscribe_notify($listenee, $listener) { $other = $listener->getProfile(); mail_subscribe_notify_profile($listenee, $other); }
/** * Save a subscription * * Saves the subscription from $subscriber_uri to $subscribed_user_uri. * Throws exceptions in case of error. * * @param string $subscriber_uri The OMB identifier URI specifying * the subscribing profile * * @param string $subscribed_user_uri The OMB identifier URI specifying * the subscribed profile * @param OAuthToken $token The access token * * @access public **/ public function saveSubscription($subscriber_uri, $subscribed_user_uri, $token) { $sub = new Subscription(); $subscribed = $this->_getAnyProfile($subscribed_user_uri); $subscriber = $this->_getAnyProfile($subscriber_uri); if (!$subscriber->hasRight(Right::SUBSCRIBE)) { common_log(LOG_INFO, __METHOD__ . ": remote subscriber banned ({$subscriber_uri} subbing to {$subscribed_user_uri})"); // TRANS: Error message displayed to a banned user when they try to subscribe. return _('You have been banned from subscribing.'); } $sub->subscribed = $subscribed->id; $sub->subscriber = $subscriber->id; $sub_exists = $sub->find(true); if ($sub_exists) { $orig_sub = clone $sub; } else { $sub->created = DB_DataObject_Cast::dateTime(); } $sub->token = $token->key; $sub->secret = $token->secret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); // TRANS: Exception thrown when creating a new subscription fails in OAuth store. throw new Exception(_('Could not insert new subscription.')); return; } /* Notify user, if necessary. */ if ($subscribed instanceof User) { mail_subscribe_notify_profile($subscribed, Profile::staticGet($subscriber->id)); } }
function notifyEmail() { $subscribedUser = User::getKV('id', $this->subscribed); if ($subscribedUser instanceof User) { $subscriber = Profile::getKV('id', $this->subscriber); mail_subscribe_notify_profile($subscribedUser, $subscriber); } }
function notifyEmail() { $subscribedUser = User::staticGet('id', $this->subscribed); if (!empty($subscribedUser)) { $subscriber = Profile::staticGet('id', $this->subscriber); mail_subscribe_notify_profile($subscribedUser, $subscriber); } }
function handle($args) { parent::handle($args); if (common_logged_in()) { $this->clientError(_('You can use the local subscription!')); return; } $omb = $_SESSION['oauth_authorization_request']; if (!$omb) { $this->clientError(_('Not expecting this response!')); return; } common_debug('stored request: ' . print_r($omb, true), __FILE__); common_remove_magic_from_request(); $req = OAuthRequest::from_request(); $token = $req->get_parameter('oauth_token'); # I think this is the success metric if ($token != $omb['token']) { $this->clientError(_('Not authorized.')); return; } $version = $req->get_parameter('omb_version'); if ($version != OMB_VERSION_01) { $this->clientError(_('Unknown version of OMB protocol.')); return; } $nickname = $req->get_parameter('omb_listener_nickname'); if (!$nickname) { $this->clientError(_('No nickname provided by remote server.')); return; } $profile_url = $req->get_parameter('omb_listener_profile'); if (!$profile_url) { $this->clientError(_('No profile URL returned by server.')); return; } if (!Validate::uri($profile_url, array('allowed_schemes' => array('http', 'https')))) { $this->clientError(_('Invalid profile URL returned by server.')); return; } if ($profile_url == common_local_url('showstream', array('nickname' => $nickname))) { $this->clientError(_('You can use the local subscription!')); return; } common_debug('listenee: "' . $omb['listenee'] . '"', __FILE__); $user = User::staticGet('nickname', $omb['listenee']); if (!$user) { $this->clientError(_('User being listened to doesn\'t exist.')); return; } $other = User::staticGet('uri', $omb['listener']); if ($other) { $this->clientError(_('You can use the local subscription!')); return; } $fullname = $req->get_parameter('omb_listener_fullname'); $homepage = $req->get_parameter('omb_listener_homepage'); $bio = $req->get_parameter('omb_listener_bio'); $location = $req->get_parameter('omb_listener_location'); $avatar_url = $req->get_parameter('omb_listener_avatar'); list($newtok, $newsecret) = $this->access_token($omb); if (!$newtok || !$newsecret) { $this->clientError(_('Couldn\'t convert request tokens to access tokens.')); return; } # XXX: possible attack point; subscribe and return someone else's profile URI $remote = Remote_profile::staticGet('uri', $omb['listener']); if ($remote) { $exists = true; $profile = Profile::staticGet($remote->id); $orig_remote = clone $remote; $orig_profile = clone $profile; # XXX: compare current postNotice and updateProfile URLs to the ones # stored in the DB to avoid (possibly...) above attack } else { $exists = false; $remote = new Remote_profile(); $remote->uri = $omb['listener']; $profile = new Profile(); } $profile->nickname = $nickname; $profile->profileurl = $profile_url; if (!is_null($fullname)) { $profile->fullname = $fullname; } if (!is_null($homepage)) { $profile->homepage = $homepage; } if (!is_null($bio)) { $profile->bio = $bio; } if (!is_null($location)) { $profile->location = $location; } if ($exists) { $profile->update($orig_profile); } else { $profile->created = DB_DataObject_Cast::dateTime(); # current time $id = $profile->insert(); if (!$id) { $this->serverError(_('Error inserting new profile')); return; } $remote->id = $id; } if ($avatar_url) { if (!$this->add_avatar($profile, $avatar_url)) { $this->serverError(_('Error inserting avatar')); return; } } $remote->postnoticeurl = $omb['post_notice_url']; $remote->updateprofileurl = $omb['update_profile_url']; if ($exists) { if (!$remote->update($orig_remote)) { $this->serverError(_('Error updating remote profile')); return; } } else { $remote->created = DB_DataObject_Cast::dateTime(); # current time if (!$remote->insert()) { $this->serverError(_('Error inserting remote profile')); return; } } if ($user->hasBlocked($profile)) { $this->clientError(_('That user has blocked you from subscribing.')); return; } $sub = new Subscription(); $sub->subscriber = $remote->id; $sub->subscribed = $user->id; $sub_exists = false; if ($sub->find(true)) { $sub_exists = true; $orig_sub = clone $sub; } else { $sub_exists = false; $sub->created = DB_DataObject_Cast::dateTime(); # current time } $sub->token = $newtok; $sub->secret = $newsecret; if ($sub_exists) { $result = $sub->update($orig_sub); } else { $result = $sub->insert(); } if (!$result) { common_log_db_error($sub, $sub_exists ? 'UPDATE' : 'INSERT', __FILE__); $this->clientError(_('Couldn\'t insert new subscription.')); return; } # Notify user, if necessary mail_subscribe_notify_profile($user, $profile); # Clear the data unset($_SESSION['oauth_authorization_request']); # If we show subscriptions in reverse chron order, this should # show up close to the top of the page common_redirect(common_local_url('subscribers', array('nickname' => $user->nickname))); }