diff --git a/daemon.py b/daemon.py index 152285641..15ecc1c5a 100644 --- a/daemon.py +++ b/daemon.py @@ -1067,19 +1067,18 @@ class PubServer(BaseHTTPRequestHandler): # to be authorized to use an account you don't own if '/' + nickname + '/' in self.path: return True - if '/' + nickname + '?' in self.path: + elif '/' + nickname + '?' in self.path: return True - if self.path.endswith('/'+nickname): + elif self.path.endswith('/'+nickname): return True print('AUTH: nickname ' + nickname + ' was not found in path ' + self.path) return False - if self.server.debug: - print('AUTH: epicyon cookie ' + - 'authorization failed, header=' + - self.headers['Cookie'].replace('epicyon=', '') + - ' tokenStr=' + tokenStr + ' tokens=' + - str(self.server.tokensLookup)) + print('AUTH: epicyon cookie ' + + 'authorization failed, header=' + + self.headers['Cookie'].replace('epicyon=', '') + + ' tokenStr=' + tokenStr + ' tokens=' + + str(self.server.tokensLookup)) return False print('AUTH: Header cookie was not authorized') return False @@ -1644,7 +1643,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.domainFull + usersPath msg = htmlRemoveSharedItem(self.server.translate, self.server.baseDir, - actor, shareName).encode('utf-8') + actor, shareName, + callingDomain).encode('utf-8') if not msg: if callingDomain.endswith('.onion') and \ self.server.onionDomain: @@ -2387,7 +2387,8 @@ class PubServer(BaseHTTPRequestHandler): self.server.httpPrefix, self.server.domainFull, postId, postTime, - postYear, postMonth, postDay) + postYear, postMonth, postDay, + callingDomain) if not msg: actor = \ self.server.httpPrefix + '://' + \ @@ -3091,6 +3092,11 @@ class PubServer(BaseHTTPRequestHandler): # delete a post from the web interface icon if htmlGET and '?delete=' in self.path: + if not cookie: + print('ERROR: no cookie given when deleting') + self._400() + self.server.GETbusy = False + return pageNumber = 1 if '?page=' in self.path: pageNumberStr = self.path.split('?page=')[1] @@ -3159,7 +3165,7 @@ class PubServer(BaseHTTPRequestHandler): self.server.session, self.server.baseDir, deleteUrl, self.server.httpPrefix, __version__, self.server.cachedWebfingers, - self.server.personCache) + self.server.personCache, callingDomain) if deleteStr: self._set_headers('text/html', len(deleteStr), cookie, callingDomain) @@ -5787,12 +5793,9 @@ class PubServer(BaseHTTPRequestHandler): # check authorization authorized = self._isAuthorized() - if self.server.debug: - if authorized: - print('POST Authorization granted') - else: - print('POST Not authorized') - print(str(self.headers)) + if not authorized: + print('POST Not authorized') + print(str(self.headers)) # if this is a POST to the outbox then check authentication self.outboxAuthenticated = False @@ -7063,7 +7066,7 @@ class PubServer(BaseHTTPRequestHandler): maxPostsInFeed, self.server.httpPrefix, self.server.domainFull, - actorStr) + actorStr, callingDomain) if sharedItemsStr: msg = sharedItemsStr.encode('utf-8') self._login_headers('text/html', @@ -7142,6 +7145,12 @@ class PubServer(BaseHTTPRequestHandler): self._benchmarkPOSTtimings(POSTstartTime, POSTtimings, 8) # removes a post + if not authorized and self.path.endswith('/rmpost'): + print('ERROR: attempt to remove post was not authorized. ' + + self.path) + self._400() + self.server.POSTbusy = False + return if authorized and self.path.endswith('/rmpost'): pageNumber = 1 usersPath = self.path.split('/rmpost')[0] diff --git a/followingCalendar.py b/followingCalendar.py index 86ee92b67..f414634b7 100644 --- a/followingCalendar.py +++ b/followingCalendar.py @@ -15,6 +15,9 @@ def receivingCalendarEvents(baseDir: str, nickname: str, domain: str, """Returns true if receiving calendar events from the given account from following.txt """ + if followingNickname == nickname and followingDomain == domain: + # reminder post + return True calendarFilename = baseDir + '/accounts/' + \ nickname + '@' + domain + '/followingCalendar.txt' handle = followingNickname + '@' + followingDomain diff --git a/inbox.py b/inbox.py index 20496828e..c8545e49a 100644 --- a/inbox.py +++ b/inbox.py @@ -1913,13 +1913,15 @@ def inboxUpdateCalendar(baseDir: str, handle: str, postJsonObject: {}) -> None: actor = postJsonObject['actor'] actorNickname = getNicknameFromActor(actor) actorDomain, actorPort = getDomainFromActor(actor) + handleNickname = handle.split('@')[0] + handleDomain = handle.split('@')[1] if not receivingCalendarEvents(baseDir, - handle.split('@')[0], - handle.split('@')[1], - actorNickname, - actorDomain): + handleNickname, handleDomain, + actorNickname, actorDomain): return for tagDict in postJsonObject['object']['tag']: + if not tagDict.get('type'): + continue if tagDict['type'] != 'Event': continue if not tagDict.get('startTime'): diff --git a/posts.py b/posts.py index 8dd550806..dfcfc100f 100644 --- a/posts.py +++ b/posts.py @@ -1918,8 +1918,7 @@ def addToField(activityType: str, postJsonObject: {}, def sendToNamedAddresses(session, baseDir: str, - nickname: str, - domain: str, + nickname: str, domain: str, onionDomain: str, i2pDomain: str, port: int, httpPrefix: str, federationList: [], sendThreads: [], postLog: [], diff --git a/webinterface.py b/webinterface.py index d7e86d6cd..85faa020b 100644 --- a/webinterface.py +++ b/webinterface.py @@ -79,6 +79,20 @@ from petnames import getPetName from followingCalendar import receivingCalendarEvents +def getAltPath(actor: str, domainFull: str, callingDomain: str) -> str: + """Returns alternate path from the actor + eg. https://clearnetdomain/path becomes http://oniondomain/path + """ + postActor = actor + if callingDomain not in actor and domainFull in actor: + if callingDomain.endswith('.onion') or \ + callingDomain.endswith('.i2p'): + postActor = \ + 'http://' + callingDomain + actor.split(domainFull)[1] + print('Changed POST domain from ' + actor + ' to ' + postActor) + return postActor + + def getContentWarningButton(postID: str, translate: {}, content: str) -> str: """Returns the markup for a content warning button @@ -439,7 +453,8 @@ def htmlSearchSharedItems(translate: {}, pageNumber: int, resultsPerPage: int, httpPrefix: str, - domainFull: str, actor: str) -> str: + domainFull: str, actor: str, + callingDomain: str) -> str: """Search results for shared items """ iconsDir = getIconsDir(baseDir) @@ -536,9 +551,13 @@ def htmlSearchSharedItems(translate: {}, translate['Remove'] + '' sharedItemsForm += '

' if not resultsExist and currPage > 1: + postActor = \ + getAltPath(actor, domainFull, + callingDomain) # previous page link, needs to be a POST sharedItemsForm += \ - '
' sharedItemsForm += \ @@ -565,9 +584,13 @@ def htmlSearchSharedItems(translate: {}, if ctr >= resultsPerPage: currPage += 1 if currPage > pageNumber: + postActor = \ + getAltPath(actor, domainFull, + callingDomain) # next page link, needs to be a POST sharedItemsForm += \ - '' sharedItemsForm += \ @@ -5047,12 +5070,17 @@ def htmlPostReplies(recentPostsCache: {}, maxRecentPosts: int, def htmlRemoveSharedItem(translate: {}, baseDir: str, - actor: str, shareName: str) -> str: + actor: str, shareName: str, + callingDomain: str) -> str: """Shows a screen asking to confirm the removal of a shared item """ itemID = getValidSharedItemID(shareName) nickname = getNicknameFromActor(actor) domain, port = getDomainFromActor(actor) + domainFull = domain + if port: + if port != 80 and port != 443: + domainFull = domain + ':' + str(port) sharesFile = baseDir + '/accounts/' + \ nickname + '@' + domain + '/shares.json' if not os.path.isfile(sharesFile): @@ -5090,7 +5118,8 @@ def htmlRemoveSharedItem(translate: {}, baseDir: str, sharesStr += \ '

' + translate['Remove'] + \ ' ' + sharedItemDisplayName + ' ?

' - sharesStr += ' ' + postActor = getAltPath(actor, domainFull, callingDomain) + sharesStr += ' ' sharesStr += ' ' sharesStr += ' ' @@ -5112,7 +5141,8 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int, translate, pageNumber: int, session, baseDir: str, messageId: str, httpPrefix: str, projectVersion: str, - wfRequest: {}, personCache: {}) -> str: + wfRequest: {}, personCache: {}, + callingDomain: str) -> str: """Shows a screen asking to confirm the deletion of a post """ if '/statuses/' not in messageId: @@ -5121,6 +5151,10 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int, actor = messageId.split('/statuses/')[0] nickname = getNicknameFromActor(actor) domain, port = getDomainFromActor(actor) + domainFull = domain + if port: + if port != 80 and port != 443: + domainFull = domain + ':' + str(port) postFilename = locatePost(baseDir, nickname, domain, messageId) if not postFilename: @@ -5157,7 +5191,10 @@ def htmlDeletePost(recentPostsCache: {}, maxRecentPosts: int, deletePostStr += \ '

' + \ translate['Delete this post?'] + '

' - deletePostStr += ' ' + + postActor = getAltPath(actor, domainFull, callingDomain) + deletePostStr += \ + ' ' deletePostStr += \ ' ' @@ -5180,7 +5217,7 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str, path: str, httpPrefix: str, domainFull: str, postId: str, postTime: str, year: int, monthNumber: int, - dayNumber: int) -> str: + dayNumber: int, callingDomain: str) -> str: """Shows a screen asking to confirm the deletion of a calendar event """ nickname = getNicknameFromActor(path) @@ -5218,7 +5255,10 @@ def htmlCalendarDeleteConfirm(translate: {}, baseDir: str, deletePostStr += '
' deletePostStr += '

' + \ translate['Delete this event'] + '

' - deletePostStr += ' ' + + postActor = getAltPath(actor, domainFull, callingDomain) + deletePostStr += \ + ' ' deletePostStr += ' ' deletePostStr += ' \n' calendarStr += '\n' calendarStr += \ - ' ' calendarStr += \ '

' + str(dayNumber) + ' ' + monthName + \ @@ -5673,7 +5717,7 @@ def htmlCalendarDay(translate: {}, deleteButtonStr = '' if postId: deleteButtonStr = \ - '\n' calendarStr += '\n' calendarStr += \ - ' ' calendarStr += \ ' ' + translate['Previous month'] + \ '\n' - calendarStr += ' ' + calendarStr += ' ' calendarStr += '

' + monthName + '

\n' calendarStr += \ - ' ' calendarStr += \ ' ' + translate['Next month'] + \ @@ -5870,7 +5918,8 @@ def htmlCalendar(translate: {}, if dayOfMonth == currDate.day: isToday = True if events.get(str(dayOfMonth)): - url = actor + '/calendar?year=' + str(year) + '?month=' + \ + url = calActor + '/calendar?year=' + \ + str(year) + '?month=' + \ str(monthNumber) + '?day=' + str(dayOfMonth) dayLink = '<a href=' + \ str(dayOfMonth) + ''