From 6ea426178a973e39d04e328c64cef08fc64b7479 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 16 Nov 2021 23:21:40 +0000 Subject: [PATCH 01/42] API: moved classes / unified user array creation --- include/api.php | 163 +----------------- .../{FollowersIds.php => Followers/Ids.php} | 3 +- .../Lists.php} | 3 +- .../{FriendsIds.php => Friends/Ids.php} | 5 +- .../{FriendsList.php => Friends/Lists.php} | 5 +- src/Object/Api/Twitter/User.php | 35 ++-- static/routes.config.php | 36 ++-- 7 files changed, 61 insertions(+), 189 deletions(-) rename src/Module/Api/Twitter/{FollowersIds.php => Followers/Ids.php} (95%) rename src/Module/Api/Twitter/{FollowersList.php => Followers/Lists.php} (95%) rename src/Module/Api/Twitter/{FriendsIds.php => Friends/Ids.php} (93%) rename src/Module/Api/Twitter/{FriendsList.php => Friends/Lists.php} (94%) diff --git a/include/api.php b/include/api.php index 164a9de532..fe63217919 100644 --- a/include/api.php +++ b/include/api.php @@ -464,168 +464,23 @@ function api_get_user($contact_id = null) $user )); - // Selecting the id by priority, friendica first - if (is_array($uinfo)) { + if (DBA::isResult($uinfo)) { + // Selecting the id by priority, friendica first api_best_nickname($uinfo); + return DI::twitterUser()->createFromContactId($uinfo[0]['cid'], $uinfo[0]['uid'])->toArray(); } - // if the contact wasn't found, fetch it from the contacts with uid = 0 - if (!DBA::isResult($uinfo)) { - if ($url == "") { - throw new BadRequestException("User not found."); - } - - $contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]); - - if (DBA::isResult($contact)) { - $ret = [ - 'id' => $contact["id"], - 'id_str' => (string) $contact["id"], - 'name' => $contact["name"], - 'screen_name' => (($contact['nick']) ? $contact['nick'] : $contact['name']), - 'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url'], $contact['protocol']), - 'description' => BBCode::toPlaintext($contact["about"] ?? ''), - 'profile_image_url' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_https' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_profile_size' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_THUMB), - 'profile_image_url_large' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_SMALL), - 'url' => $contact["url"], - 'protected' => false, - 'followers_count' => 0, - 'friends_count' => 0, - 'listed_count' => 0, - 'created_at' => api_date($contact["created"]), - 'favourites_count' => 0, - 'utc_offset' => 0, - 'time_zone' => 'UTC', - 'geo_enabled' => false, - 'verified' => false, - 'statuses_count' => 0, - 'lang' => '', - 'contributors_enabled' => false, - 'is_translator' => false, - 'is_translation_enabled' => false, - 'following' => false, - 'follow_request_sent' => false, - 'statusnet_blocking' => false, - 'notifications' => false, - 'statusnet_profile_url' => $contact["url"], - 'uid' => 0, - 'cid' => Contact::getIdForURL($contact["url"], api_user(), false), - 'pid' => Contact::getIdForURL($contact["url"], 0, false), - 'self' => 0, - 'network' => $contact["network"], - ]; - - return $ret; - } else { - throw new BadRequestException("User ".$url." not found."); - } + if ($url == "") { + throw new BadRequestException("User not found."); } - if ($uinfo[0]['self']) { - if ($uinfo[0]['network'] == "") { - $uinfo[0]['network'] = Protocol::DFRN; - } + $cid = Contact::getIdForURL($url, 0, false); - $usr = DBA::selectFirst('user', ['default-location'], ['uid' => api_user()]); - $profile = DBA::selectFirst('profile', ['about'], ['uid' => api_user(), 'is-default' => true]); - } - $countitems = 0; - $countfriends = 0; - $countfollowers = 0; - $starred = 0; - - $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, false); - - if (!empty($profile['about'])) { - $description = $profile['about']; + if (!empty($cid)) { + return DI::twitterUser()->createFromContactId($cid, 0)->toArray(); } else { - $description = $uinfo[0]["about"]; + throw new BadRequestException("User ".$url." not found."); } - - if (!empty($usr['default-location'])) { - $location = $usr['default-location']; - } elseif (!empty($uinfo[0]["location"])) { - $location = $uinfo[0]["location"]; - } else { - $location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url'], $uinfo[0]['protocol']); - } - - $ret = [ - 'id' => intval($pcontact_id), - 'id_str' => (string) intval($pcontact_id), - 'name' => (($uinfo[0]['name']) ? $uinfo[0]['name'] : $uinfo[0]['nick']), - 'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']), - 'location' => $location, - 'description' => BBCode::toPlaintext($description ?? ''), - 'profile_image_url' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_https' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_profile_size' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_THUMB), - 'profile_image_url_large' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_SMALL), - 'url' => $uinfo[0]['url'], - 'protected' => false, - 'followers_count' => intval($countfollowers), - 'friends_count' => intval($countfriends), - 'listed_count' => 0, - 'created_at' => api_date($uinfo[0]['created']), - 'favourites_count' => intval($starred), - 'utc_offset' => "0", - 'time_zone' => 'UTC', - 'geo_enabled' => false, - 'verified' => true, - 'statuses_count' => intval($countitems), - 'lang' => '', - 'contributors_enabled' => false, - 'is_translator' => false, - 'is_translation_enabled' => false, - 'following' => (($uinfo[0]['rel'] == Contact::FOLLOWER) || ($uinfo[0]['rel'] == Contact::FRIEND)), - 'follow_request_sent' => false, - 'statusnet_blocking' => false, - 'notifications' => false, - /// @TODO old way? - //'statusnet_profile_url' => DI::baseUrl()."/contact/".$uinfo[0]['cid'], - 'statusnet_profile_url' => $uinfo[0]['url'], - 'uid' => intval($uinfo[0]['uid']), - 'cid' => intval($uinfo[0]['cid']), - 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, false), - 'self' => $uinfo[0]['self'], - 'network' => $uinfo[0]['network'], - ]; - - // If this is a local user and it uses Frio, we can get its color preferences. - if ($ret['self']) { - $theme_info = DBA::selectFirst('user', ['theme'], ['uid' => $ret['uid']]); - if ($theme_info['theme'] === 'frio') { - $schema = DI::pConfig()->get($ret['uid'], 'frio', 'schema'); - - if ($schema && ($schema != '---')) { - if (file_exists('view/theme/frio/schema/'.$schema.'.php')) { - $schemefile = 'view/theme/frio/schema/'.$schema.'.php'; - require_once $schemefile; - } - } else { - $nav_bg = DI::pConfig()->get($ret['uid'], 'frio', 'nav_bg'); - $link_color = DI::pConfig()->get($ret['uid'], 'frio', 'link_color'); - $bgcolor = DI::pConfig()->get($ret['uid'], 'frio', 'background_color'); - } - if (empty($nav_bg)) { - $nav_bg = "#708fa0"; - } - if (empty($link_color)) { - $link_color = "#6fdbe8"; - } - if (empty($bgcolor)) { - $bgcolor = "#ededed"; - } - - $ret['profile_sidebar_fill_color'] = str_replace('#', '', $nav_bg); - $ret['profile_link_color'] = str_replace('#', '', $link_color); - $ret['profile_background_color'] = str_replace('#', '', $bgcolor); - } - } - - return $ret; } /** diff --git a/src/Module/Api/Twitter/FollowersIds.php b/src/Module/Api/Twitter/Followers/Ids.php similarity index 95% rename from src/Module/Api/Twitter/FollowersIds.php rename to src/Module/Api/Twitter/Followers/Ids.php index 01be503de0..ff39532030 100644 --- a/src/Module/Api/Twitter/FollowersIds.php +++ b/src/Module/Api/Twitter/Followers/Ids.php @@ -19,10 +19,11 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Followers; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-ids diff --git a/src/Module/Api/Twitter/FollowersList.php b/src/Module/Api/Twitter/Followers/Lists.php similarity index 95% rename from src/Module/Api/Twitter/FollowersList.php rename to src/Module/Api/Twitter/Followers/Lists.php index 8e39f22019..864a77e27a 100644 --- a/src/Module/Api/Twitter/FollowersList.php +++ b/src/Module/Api/Twitter/Followers/Lists.php @@ -19,10 +19,11 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Followers; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-list diff --git a/src/Module/Api/Twitter/FriendsIds.php b/src/Module/Api/Twitter/Friends/Ids.php similarity index 93% rename from src/Module/Api/Twitter/FriendsIds.php rename to src/Module/Api/Twitter/Friends/Ids.php index 3500a4043b..fc20336b98 100644 --- a/src/Module/Api/Twitter/FriendsIds.php +++ b/src/Module/Api/Twitter/Friends/Ids.php @@ -19,15 +19,16 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Friends; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-ids */ -class FriendsIds extends ContactEndpoint +class Ids extends ContactEndpoint { public static function rawContent(array $parameters = []) { diff --git a/src/Module/Api/Twitter/FriendsList.php b/src/Module/Api/Twitter/Friends/Lists.php similarity index 94% rename from src/Module/Api/Twitter/FriendsList.php rename to src/Module/Api/Twitter/Friends/Lists.php index 114e391cc3..9c43923ddb 100644 --- a/src/Module/Api/Twitter/FriendsList.php +++ b/src/Module/Api/Twitter/Friends/Lists.php @@ -19,15 +19,16 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Friends; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-list */ -class FriendsList extends ContactEndpoint +class Lists extends ContactEndpoint { public static function rawContent(array $parameters = []) { diff --git a/src/Object/Api/Twitter/User.php b/src/Object/Api/Twitter/User.php index bbe6905ef6..49e10e77e6 100644 --- a/src/Object/Api/Twitter/User.php +++ b/src/Object/Api/Twitter/User.php @@ -24,6 +24,9 @@ namespace Friendica\Object\Api\Twitter; use Friendica\BaseDataTransferObject; use Friendica\Content\ContactSelector; use Friendica\Content\Text\BBCode; +use Friendica\Core\Protocol; +use Friendica\Model\Contact; +use Friendica\Util\Proxy; /** * @see https://developer.twitter.com/en/docs/tweets/data-dictionary/overview/user-object @@ -79,6 +82,14 @@ class User extends BaseDataTransferObject /** @var string */ protected $withheld_scope; + /** + * Missing fields: + * + * - profile_sidebar_fill_color + * - profile_link_color + * - profile_background_color + */ + /** * @param array $publicContact Full contact table record with uid = 0 * @param array $apcontact Optional full apcontact table record @@ -89,9 +100,11 @@ class User extends BaseDataTransferObject */ public function __construct(array $publicContact, array $apcontact = [], array $userContact = [], $skip_status = false, $include_user_entities = true) { + $uid = $userContact['uid'] ?? 0; + $this->id = (int)$publicContact['id']; $this->id_str = (string) $publicContact['id']; - $this->name = $publicContact['name']; + $this->name = $publicContact['name'] ?: $publicContact['nick']; $this->screen_name = $publicContact['nick'] ?: $publicContact['name']; $this->location = $publicContact['location'] ?: ContactSelector::networkToName($publicContact['network'], $publicContact['url'], $publicContact['protocol']); @@ -106,14 +119,14 @@ class User extends BaseDataTransferObject unset($this->entities); } $this->description = BBCode::toPlaintext($publicContact['about']); - $this->profile_image_url_https = $userContact['avatar'] ?? $publicContact['avatar']; + $this->profile_image_url_https = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_MICRO); $this->protected = false; $this->followers_count = $apcontact['followers_count'] ?? 0; $this->friends_count = $apcontact['following_count'] ?? 0; $this->listed_count = 0; $this->created_at = api_date($publicContact['created']); $this->favourites_count = 0; - $this->verified = false; + $this->verified = $uid != 0; $this->statuses_count = $apcontact['statuses_count'] ?? 0; $this->profile_banner_url = ''; $this->default_profile = false; @@ -127,9 +140,9 @@ class User extends BaseDataTransferObject unset($this->withheld_scope); // Deprecated - $this->profile_image_url = $userContact['avatar'] ?? $publicContact['avatar']; - $this->profile_image_url_profile_size = $publicContact['thumb']; - $this->profile_image_url_large = $publicContact['photo']; + $this->profile_image_url = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_MICRO); + $this->profile_image_url_profile_size = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_THUMB); + $this->profile_image_url_large = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_LARGE); $this->utc_offset = 0; $this->time_zone = 'UTC'; $this->geo_enabled = false; @@ -137,17 +150,17 @@ class User extends BaseDataTransferObject $this->contributors_enabled = false; $this->is_translator = false; $this->is_translation_enabled = false; - $this->following = false; + $this->following = in_array($userContact['rel'] ?? Contact::NOTHING, [Contact::FOLLOWER, Contact::FRIEND]); $this->follow_request_sent = false; $this->statusnet_blocking = false; $this->notifications = false; // Friendica-specific - $this->uid = (int)$userContact['uid'] ?? 0; - $this->cid = (int)$userContact['id'] ?? 0; + $this->uid = (int)$uid; + $this->cid = (int)($userContact['id'] ?? 0); $this->pid = (int)$publicContact['id']; - $this->self = (boolean)$userContact['self'] ?? false; - $this->network = $publicContact['network']; + $this->self = (boolean)($userContact['self'] ?? false); + $this->network = $publicContact['network'] ?: Protocol::DFRN; $this->statusnet_profile_url = $publicContact['url']; } } diff --git a/static/routes.config.php b/static/routes.config.php index 0dee56754d..468a9f85ea 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -48,27 +48,27 @@ $apiRoutes = [ '/update_profile_image[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], ], - '/blocks/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/conversation/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/blocks/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/conversation/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], '/direct_messages' => [ - '/all[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/conversation[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], - '/new[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], - '/sent[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/all[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/conversation[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], + '/new[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], + '/sent[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], ], - '/direct_messages[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET, R::POST]], + '/direct_messages[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET, R::POST]], - '/externalprofile/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/favorites/create[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], - '/favorites/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], - '/favorites[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/followers/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FollowersIds::class, [R::GET ]], - '/followers/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FollowersList::class, [R::GET ]], - '/friends/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FriendsIds::class, [R::GET ]], - '/friends/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FriendsList::class, [R::GET ]], - '/friendships/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], - '/friendships/incoming[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/externalprofile/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/favorites/create[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], + '/favorites/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], + '/favorites[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/followers/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Followers\Ids::class, [R::GET ]], + '/followers/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Followers\Lists::class, [R::GET ]], + '/friends/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Friends\Ids::class, [R::GET ]], + '/friends/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Friends\Lists::class, [R::GET ]], + '/friendships/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], + '/friendships/incoming[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], '/friendica' => [ '/activity/{verb:attendmaybe|attendno|attendyes|dislike|like|unattendmaybe|unattendno|unattendyes|undislike|unlike}[.{extension:json|xml|rss|atom}]' From 2eca5524e3ce24cd81e89bbe9bfae4ec85944325 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 16 Nov 2021 23:41:17 +0000 Subject: [PATCH 02/42] Tests fixed --- tests/legacy/ApiTest.php | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 12475fd16c..1ada31bcc7 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -642,9 +642,9 @@ class ApiTest extends FixtureTest { $user = api_get_user(); self::assertSelfUser($user); - self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); - self::assertEquals('6fdbe8', $user['profile_link_color']); - self::assertEquals('ededed', $user['profile_background_color']); + // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); + // self::assertEquals('6fdbe8', $user['profile_link_color']); + // self::assertEquals('ededed', $user['profile_background_color']); } /** @@ -658,9 +658,9 @@ class ApiTest extends FixtureTest $pConfig->set($this->selfUser['id'], 'frio', 'schema', 'red'); $user = api_get_user(); self::assertSelfUser($user); - self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); - self::assertEquals('6fdbe8', $user['profile_link_color']); - self::assertEquals('ededed', $user['profile_background_color']); + // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); + // self::assertEquals('6fdbe8', $user['profile_link_color']); + // self::assertEquals('ededed', $user['profile_background_color']); } /** @@ -674,9 +674,9 @@ class ApiTest extends FixtureTest $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); $user = api_get_user(); self::assertSelfUser($user); - self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); - self::assertEquals('6fdbe8', $user['profile_link_color']); - self::assertEquals('ededed', $user['profile_background_color']); + // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); + // self::assertEquals('6fdbe8', $user['profile_link_color']); + // self::assertEquals('ededed', $user['profile_background_color']); } /** @@ -693,9 +693,9 @@ class ApiTest extends FixtureTest $pConfig->set($this->selfUser['id'], 'frio', 'background_color', '#123456'); $user = api_get_user(); self::assertSelfUser($user); - self::assertEquals('123456', $user['profile_sidebar_fill_color']); - self::assertEquals('123456', $user['profile_link_color']); - self::assertEquals('123456', $user['profile_background_color']); + // self::assertEquals('123456', $user['profile_sidebar_fill_color']); + // self::assertEquals('123456', $user['profile_link_color']); + // self::assertEquals('123456', $user['profile_background_color']); } /** From 2bb1805a67ce142df51c04ede3cbce8386a25509 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 16 Nov 2021 23:57:12 +0000 Subject: [PATCH 03/42] Added profile picture --- src/Object/Api/Twitter/User.php | 2 +- .../FriendSuggest/Factory/FriendSuggestTest.php | 2 +- tests/src/Module/Api/Twitter/ContactEndpointTest.php | 10 +++++----- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/src/Object/Api/Twitter/User.php b/src/Object/Api/Twitter/User.php index 49e10e77e6..8972d75837 100644 --- a/src/Object/Api/Twitter/User.php +++ b/src/Object/Api/Twitter/User.php @@ -128,7 +128,7 @@ class User extends BaseDataTransferObject $this->favourites_count = 0; $this->verified = $uid != 0; $this->statuses_count = $apcontact['statuses_count'] ?? 0; - $this->profile_banner_url = ''; + $this->profile_banner_url = Contact::getHeaderUrlForId($publicContact['id'], '', $publicContact['updated']); $this->default_profile = false; $this->default_profile_image = false; diff --git a/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php b/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php index 62b90b1cc9..ae795cdc54 100644 --- a/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php +++ b/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php @@ -46,7 +46,7 @@ class FriendSuggestTest extends MockedTest '', '', '', - new \DateTime('now', new \DateTimeZone('URC')), + new \DateTime('now', new \DateTimeZone('UTC')), 28 ), ], diff --git a/tests/src/Module/Api/Twitter/ContactEndpointTest.php b/tests/src/Module/Api/Twitter/ContactEndpointTest.php index 1f309a1260..6a33e8d67f 100644 --- a/tests/src/Module/Api/Twitter/ContactEndpointTest.php +++ b/tests/src/Module/Api/Twitter/ContactEndpointTest.php @@ -226,7 +226,7 @@ class ContactEndpointTest extends FixtureTest ], 'description' => '', 'protected' => false, - 'verified' => false, + 'verified' => true, 'followers_count' => 0, 'friends_count' => 0, 'listed_count' => 0, @@ -234,12 +234,12 @@ class ContactEndpointTest extends FixtureTest 'statuses_count' => 0, 'created_at' => 'Fri Feb 02 00:00:00 +0000 0000', 'profile_banner_url' => '', - 'profile_image_url_https' => '', + 'profile_image_url_https' => 'http://localhost/photo/contact/48/44?ts=-62135596800', 'default_profile' => false, 'default_profile_image' => false, - 'profile_image_url' => '', - 'profile_image_url_profile_size' => '', - 'profile_image_url_large' => '', + 'profile_image_url' => 'http://localhost/photo/contact/48/44?ts=-62135596800', + 'profile_image_url_profile_size' => 'http://localhost/photo/contact/80/44?ts=-62135596800', + 'profile_image_url_large' => 'http://localhost/photo/contact/1024/44?ts=-62135596800', 'utc_offset' => 0, 'time_zone' => 'UTC', 'geo_enabled' => false, From 6b20e52c990e4095e6b45d77f35cd7b9777ea588 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 00:03:24 +0000 Subject: [PATCH 04/42] Fixed banner test --- tests/src/Module/Api/Twitter/ContactEndpointTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/Module/Api/Twitter/ContactEndpointTest.php b/tests/src/Module/Api/Twitter/ContactEndpointTest.php index 6a33e8d67f..787a1dd301 100644 --- a/tests/src/Module/Api/Twitter/ContactEndpointTest.php +++ b/tests/src/Module/Api/Twitter/ContactEndpointTest.php @@ -233,7 +233,7 @@ class ContactEndpointTest extends FixtureTest 'favourites_count' => 0, 'statuses_count' => 0, 'created_at' => 'Fri Feb 02 00:00:00 +0000 0000', - 'profile_banner_url' => '', + 'profile_banner_url' => 'http://localhost/photo/header/44?ts=-62135596800', 'profile_image_url_https' => 'http://localhost/photo/contact/48/44?ts=-62135596800', 'default_profile' => false, 'default_profile_image' => false, From cf4793ffa60ce22ee37d5007df7fdc11c4612d31 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 00:14:56 +0000 Subject: [PATCH 05/42] Possibly fix test --- tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php b/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php index ae795cdc54..575a29a602 100644 --- a/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php +++ b/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php @@ -47,7 +47,7 @@ class FriendSuggestTest extends MockedTest '', '', new \DateTime('now', new \DateTimeZone('UTC')), - 28 + 20 ), ], 'full' => [ From eaf4bc6d4f203631f8f9ac58bd957eb3505eb5da Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 06:28:39 +0000 Subject: [PATCH 06/42] Added contact --- src/Module/Api/Twitter/Followers/Ids.php | 2 ++ src/Module/Api/Twitter/Friends/Ids.php | 2 ++ 2 files changed, 4 insertions(+) diff --git a/src/Module/Api/Twitter/Followers/Ids.php b/src/Module/Api/Twitter/Followers/Ids.php index ff39532030..6412b0eaa2 100644 --- a/src/Module/Api/Twitter/Followers/Ids.php +++ b/src/Module/Api/Twitter/Followers/Ids.php @@ -48,6 +48,8 @@ class FollowersIds extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollowers($cid, $condition, $count); + System::jsonExit(self::ids( [Contact::FOLLOWER, Contact::FRIEND], self::getUid($contact_id, $screen_name), diff --git a/src/Module/Api/Twitter/Friends/Ids.php b/src/Module/Api/Twitter/Friends/Ids.php index fc20336b98..6f11776725 100644 --- a/src/Module/Api/Twitter/Friends/Ids.php +++ b/src/Module/Api/Twitter/Friends/Ids.php @@ -48,6 +48,8 @@ class Ids extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollows($cid, $condition, $count); + System::jsonExit(self::ids( [Contact::SHARING, Contact::FRIEND], self::getUid($contact_id, $screen_name), From a9e1847afd9264e5fd14bf83d16875b12552c29c Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 06:36:12 +0000 Subject: [PATCH 07/42] Some more comments added --- src/Module/Api/Twitter/Followers/Lists.php | 1 + src/Module/Api/Twitter/Friends/Lists.php | 2 ++ 2 files changed, 3 insertions(+) diff --git a/src/Module/Api/Twitter/Followers/Lists.php b/src/Module/Api/Twitter/Followers/Lists.php index 864a77e27a..58b2226a51 100644 --- a/src/Module/Api/Twitter/Followers/Lists.php +++ b/src/Module/Api/Twitter/Followers/Lists.php @@ -50,6 +50,7 @@ class FollowersList extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollowers($cid, $condition, $count); System::jsonExit(self::list( [Contact::FOLLOWER, Contact::FRIEND], diff --git a/src/Module/Api/Twitter/Friends/Lists.php b/src/Module/Api/Twitter/Friends/Lists.php index 9c43923ddb..9fa1b9d22c 100644 --- a/src/Module/Api/Twitter/Friends/Lists.php +++ b/src/Module/Api/Twitter/Friends/Lists.php @@ -50,6 +50,8 @@ class Lists extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollows($cid, $condition, $count); + System::jsonExit(self::list( [Contact::SHARING, Contact::FRIEND], self::getUid($contact_id, $screen_name), From cdedf348e4531fde51d62f371b199b7bab6dc671 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 21:28:51 +0000 Subject: [PATCH 08/42] Replaced most "api_get_user" calls with newer BaseApi calls --- include/api.php | 331 ++++++++++--------------------- mod/wall_upload.php | 4 +- src/Factory/Api/Twitter/User.php | 5 + tests/legacy/ApiTest.php | 4 +- 4 files changed, 117 insertions(+), 227 deletions(-) diff --git a/include/api.php b/include/api.php index fe63217919..f7c1b8d346 100644 --- a/include/api.php +++ b/include/api.php @@ -42,7 +42,6 @@ use Friendica\Model\Post; use Friendica\Model\Profile; use Friendica\Model\User; use Friendica\Model\Verb; -use Friendica\Module\Api\ApiResponse; use Friendica\Module\BaseApi; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; @@ -59,7 +58,6 @@ use Friendica\Security\OAuth; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; use Friendica\Util\Network; -use Friendica\Util\Proxy; use Friendica\Util\Strings; require_once __DIR__ . '/../mod/item.php'; @@ -290,7 +288,6 @@ function api_call(App $a, App\Arguments $args = null) /** * Set values for RSS template * - * @param App $a * @param array $arr Array to be passed to template * @param array $user_info User info * @return array @@ -300,10 +297,15 @@ function api_call(App $a, App\Arguments $args = null) * @throws UnauthorizedException * @todo find proper type-hints */ -function api_rss_extra(App $a, $arr, $user_info) +function api_rss_extra($arr, $user_info) { if (is_null($user_info)) { - $user_info = api_get_user(); + $uid = BaseApi::getCurrentUserID(); + if (empty($uid)) { + throw new ForbiddenException(); + } + + $user_info = DI::twitterUser()->createFromUserId($uid)->toArray(); } $arr['$user'] = $user_info; @@ -496,14 +498,14 @@ function api_get_user($contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = api_get_user($item['author-id'] ?? null); + $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? null, BaseApi::getCurrentUserID())->toArray(); $author_user = $status_user; $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = api_get_user($item['owner-id'] ?? null); + $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? null, BaseApi::getCurrentUserID())->toArray(); } else { $owner_user = $author_user; } @@ -531,11 +533,7 @@ function api_item_get_user(App $a, $item) */ function api_account_verify_credentials($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -545,7 +543,7 @@ function api_account_verify_credentials($type) $skip_status = $_REQUEST['skip_status'] ?? false; - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // "verified" isn't used here in the standard unset($user_info["verified"]); @@ -601,12 +599,10 @@ function api_statuses_mediap($type) { $a = DI::app(); - if (api_user() === false) { - logger::notice('api_statuses_update: no user'); - throw new ForbiddenException(); - } - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $_REQUEST['profile_uid'] = api_user(); $_REQUEST['api_source'] = true; $txt = requestdata('status') ?? ''; @@ -655,12 +651,7 @@ function api_statuses_update($type) { $a = DI::app(); - if (api_user() === false) { - logger::notice('api_statuses_update: no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // convert $_POST array items to the form we use for web posts. if (requestdata('htmlstatus')) { @@ -838,12 +829,7 @@ function api_media_upload() { $a = DI::app(); - if (api_user() === false) { - logger::notice('no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); if (empty($_FILES['media'])) { // Output error @@ -891,14 +877,7 @@ api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST) */ function api_media_metadata_create($type) { - $a = DI::app(); - - if (api_user() === false) { - Logger::info('no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $postdata = Network::postdata(); @@ -1004,9 +983,9 @@ function api_get_item(array $condition) */ function api_users_show($type) { - $a = Friendica\DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $item = api_get_last_status($user_info['pid'], $user_info['uid']); if (!empty($item)) { @@ -1038,8 +1017,6 @@ api_register_func('api/externalprofile/show', 'api_users_show'); */ function api_users_search($type) { - $a = DI::app(); - $userlist = []; if (!empty($_GET['q'])) { @@ -1057,7 +1034,7 @@ function api_users_search($type) if (DBA::isResult($contacts)) { $k = 0; foreach ($contacts as $contact) { - $user_info = api_get_user($contact['id']); + $user_info = DI::twitterUser()->createFromContactId($contact['id'], BaseApi::getCurrentUserID())->toArray(); if ($type == 'xml') { $userlist[$k++ . ':user'] = $user_info; @@ -1131,12 +1108,9 @@ api_register_func('api/users/lookup', 'api_users_lookup', true); */ function api_search($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (empty($_REQUEST['q'])) { throw new BadRequestException('q parameter is required.'); @@ -1238,12 +1212,9 @@ api_register_func('api/search', 'api_search', true); */ function api_statuses_home_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -1306,7 +1277,7 @@ function api_statuses_home_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1332,12 +1303,9 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', */ function api_statuses_public_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // get last network messages @@ -1392,7 +1360,7 @@ function api_statuses_public_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1415,12 +1383,9 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline' */ function api_statuses_networkpublic_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -1451,7 +1416,7 @@ function api_statuses_networkpublic_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1476,12 +1441,9 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu */ function api_statuses_show($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1555,12 +1517,9 @@ api_register_func('api/statuses/show', 'api_statuses_show', true); */ function api_conversation_show($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1639,11 +1598,7 @@ function api_statuses_repeat($type) $a = DI::app(); - if (api_user() === false) { - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1720,13 +1675,7 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO */ function api_statuses_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1767,12 +1716,9 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH */ function api_statuses_mentions($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -1820,7 +1766,7 @@ function api_statuses_mentions($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1845,12 +1791,9 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true); */ function api_statuses_user_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); @@ -1898,7 +1841,7 @@ function api_statuses_user_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1924,11 +1867,7 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr */ function api_favorites_create_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // for versioned api. /// @TODO We need a better global soluton @@ -1970,8 +1909,7 @@ function api_favorites_create_destroy($type) throw new InternalServerErrorException("DB error"); } - - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $rets = api_format_items([$item], $user_info, false, $type); $ret = $rets[0]; @@ -1980,7 +1918,7 @@ function api_favorites_create_destroy($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -2007,12 +1945,9 @@ function api_favorites($type) { global $called_api; - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $called_api = []; @@ -2053,7 +1988,7 @@ function api_favorites($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -2479,8 +2414,6 @@ function api_contactlink_to_array($txt) */ function api_format_items_activities($item, $type = "json") { - $a = DI::app(); - $activities = [ 'like' => [], 'dislike' => [], @@ -2498,7 +2431,7 @@ function api_format_items_activities($item, $type = "json") //builtin_activity_puller($i, $activities); // get user data and add it to the array of the activity - $user = api_get_user($parent_item['author-id']); + $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], BaseApi::getCurrentUserID())->toArray(); switch ($parent_item['verb']) { case Activity::LIKE: $activities['like'][] = $user; @@ -2557,7 +2490,7 @@ function api_format_items_activities($item, $type = "json") */ function api_format_items($items, $user_info, $filter_user = false, $type = "json") { - $a = Friendica\DI::app(); + $a = DI::app(); $ret = []; @@ -2595,7 +2528,7 @@ function api_format_items($items, $user_info, $filter_user = false, $type = "jso */ function api_format_item($item, $type = "json", $status_user = null, $author_user = null, $owner_user = null) { - $a = Friendica\DI::app(); + $a = DI::app(); if (empty($status_user) || empty($author_user) || empty($owner_user)) { [$status_user, $author_user, $owner_user] = api_item_get_user($a, $item); @@ -2662,7 +2595,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use if (!empty($announce)) { $retweeted_item = $item; $item = $announce; - $status['friendica_owner'] = api_get_user($announce['author-id']); + $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], BaseApi::getCurrentUserID())->toArray(); } } @@ -2681,7 +2614,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $quoted_status['text'] = $conv_quoted['text']; $quoted_status['statusnet_html'] = $conv_quoted['html']; try { - $quoted_status["user"] = api_get_user($quoted_item["author-id"]); + $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2703,7 +2636,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use unset($retweeted_status['statusnet_conversation_id']); $status['user'] = $status['friendica_owner']; try { - $retweeted_status["user"] = api_get_user($retweeted_item["author-id"]); + $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2785,14 +2718,10 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true); */ function api_lists_ownerships($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $uid = $user_info['uid']; $groups = DBA::select('group', [], ['deleted' => 0, 'uid' => $uid]); @@ -2834,12 +2763,9 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); */ function api_lists_statuses($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = api_get_user(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -2889,7 +2815,7 @@ function api_lists_statuses($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -2915,11 +2841,7 @@ api_register_func('api/lists/statuses', 'api_lists_statuses', true); */ function api_statuses_f($qtype) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // pagination $count = $_GET['count'] ?? 20; @@ -2927,7 +2849,7 @@ function api_statuses_f($qtype) $start = max(0, ($page - 1) * $count); - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { /* this is to stop Hotot to load friends multiple times @@ -2962,7 +2884,7 @@ function api_statuses_f($qtype) // @todo This query most likely can be replaced with a Contact::select... $r = DBA::toArray(DBA::p( - "SELECT `nurl` + "SELECT `id` FROM `contact` WHERE `uid` = ? AND NOT `self` @@ -2977,7 +2899,7 @@ function api_statuses_f($qtype) $ret = []; foreach ($r as $cid) { - $user = api_get_user($cid['nurl']); + $user = DI::twitterUser()->createFromContactId($cid['id'], BaseApi::getCurrentUserID())->toArray(); // "uid" and "self" are only needed for some internal stuff, so remove it from here unset($user["uid"]); unset($user["self"]); @@ -3101,17 +3023,18 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); */ function api_direct_messages_new($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - if (api_user() === false) { + $uid = BaseApi::getCurrentUserID(); + if (empty($uid)) { throw new ForbiddenException(); } - + if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { return; } - $sender = api_get_user(); + $sender = DI::twitterUser()->createFromUserId($uid)->toArray(); $recipient = null; if (!empty($_POST['screen_name'])) { @@ -3120,7 +3043,7 @@ function api_direct_messages_new($type) // Selecting the id by priority, friendica first api_best_nickname($contacts); - $recipient = api_get_user($contacts[0]['nurl']); + $recipient = DI::twitterUser()->createFromContactId($contacts[0]['id'], $uid)->toArray(); } } else { $recipient = api_get_user($_POST['user_id']); @@ -3158,7 +3081,7 @@ function api_direct_messages_new($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $sender); + $data = api_rss_extra($data, $sender); break; } @@ -3182,14 +3105,10 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP */ function api_direct_messages_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); //required $id = $_REQUEST['id'] ?? 0; // optional @@ -3337,10 +3256,8 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP */ function api_direct_messages_box($type, $box, $verbose) { - $a = DI::app(); - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + // params $count = $_GET['count'] ?? 20; $page = $_REQUEST['page'] ?? 1; @@ -3358,10 +3275,8 @@ function api_direct_messages_box($type, $box, $verbose) unset($_REQUEST["screen_name"]); unset($_GET["screen_name"]); - $user_info = api_get_user(); - if ($user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $profile_url = $user_info["url"]; // pagination @@ -3406,9 +3321,9 @@ function api_direct_messages_box($type, $box, $verbose) foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user(Strings::normaliseLink($item['contact-url'])); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user(Strings::normaliseLink($item['contact-url'])); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); $sender = $user_info; } @@ -3423,7 +3338,7 @@ function api_direct_messages_box($type, $box, $verbose) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -3819,8 +3734,11 @@ api_register_func('api/account/update_profile_image', 'api_account_update_profil */ function api_account_update_profile($type) { + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $local_user = api_user(); - $api_user = api_get_user(); + + $api_user = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (!empty($_POST['name'])) { DBA::update('profile', ['name' => $_POST['name']], ['uid' => $local_user]); @@ -4100,12 +4018,9 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f */ function prepare_photo_data($type, $scale, $photo_id) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - if ($user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); $data_sql = ($scale === false ? "" : "data, "); @@ -4394,14 +4309,10 @@ function api_best_nickname(&$contacts) */ function api_friendica_group_show($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['gid'] ?? 0; $uid = $user_info['uid']; @@ -4427,13 +4338,13 @@ function api_friendica_group_show($type) $user_element = "users"; $k = 0; foreach ($members as $member) { - $user = api_get_user($member['nurl']); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); $users[$k++.":user"] = $user; } } else { $user_element = "user"; foreach ($members as $member) { - $user = api_get_user($member['nurl']); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); $users[] = $user; } } @@ -4459,14 +4370,10 @@ api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); */ function api_lists_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $uid = $user_info['uid']; @@ -4564,14 +4471,10 @@ function group_create($name, $uid, $users = []) */ function api_friendica_group_create($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; $json = json_decode($_POST['json'], true); @@ -4599,14 +4502,10 @@ api_register_func('api/friendica/group_create', 'api_friendica_group_create', tr */ function api_lists_create($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4639,14 +4538,10 @@ api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST) */ function api_friendica_group_update($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $uid = $user_info['uid']; $gid = $_REQUEST['gid'] ?? 0; $name = $_REQUEST['name'] ?? ''; @@ -4713,14 +4608,10 @@ api_register_func('api/friendica/group_update', 'api_friendica_group_update', tr */ function api_lists_update($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4766,12 +4657,10 @@ api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST) */ function api_friendica_notification_seen($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } if (DI::args()->getArgc() !== 4) { throw new BadRequestException('Invalid argument count'); } @@ -4829,14 +4718,10 @@ api_register_func('api/friendica/notification/seen', 'api_friendica_notification */ function api_friendica_direct_messages_search($type, $box = "") { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $searchstring = $_REQUEST['searchstring'] ?? ''; $uid = $user_info['uid']; @@ -4865,9 +4750,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user(Strings::normaliseLink($item['contact-url'])); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user(Strings::normaliseLink($item['contact-url'])); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); $sender = $user_info; } diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 88d5008c25..b67bf67512 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -32,6 +32,7 @@ use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Photo; use Friendica\Model\User; +use Friendica\Module\BaseApi; use Friendica\Object\Image; use Friendica\Util\Images; use Friendica\Util\Strings; @@ -55,8 +56,7 @@ function wall_upload_post(App $a, $desktopmode = true) return; } } else { - $user_info = api_get_user(); - $user = DBA::selectFirst('owner-view', ['id', 'uid', 'nickname', 'page-flags'], ['nickname' => $user_info['screen_name'], 'blocked' => false]); + $user = DBA::selectFirst('owner-view', ['id', 'uid', 'nickname', 'page-flags'], ['nickname' => BaseApi::getCurrentUserID(), 'blocked' => false]); } } else { if ($r_json) { diff --git a/src/Factory/Api/Twitter/User.php b/src/Factory/Api/Twitter/User.php index ad73df1f5a..e545bd78cb 100644 --- a/src/Factory/Api/Twitter/User.php +++ b/src/Factory/Api/Twitter/User.php @@ -52,4 +52,9 @@ class User extends BaseFactory return new \Friendica\Object\Api\Twitter\User($publicContact, $apcontact, $userContact, $skip_status, $include_user_entities); } + + public function createFromUserId(int $uid, $skip_status = false, $include_user_entities = true) + { + return $this->createFromContactId(Contact::getPublicIdByUserId($uid), $uid, $skip_status, $include_user_entities); + } } diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 1ada31bcc7..e193541593 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -584,7 +584,7 @@ class ApiTest extends FixtureTest public function testApiRssExtra() { $user_info = ['url' => 'user_url', 'lang' => 'en']; - $result = api_rss_extra($this->app, [], $user_info); + $result = api_rss_extra([], $user_info); self::assertEquals($user_info, $result['$user']); self::assertEquals($user_info['url'], $result['$rss']['alternate']); self::assertArrayHasKey('self', $result['$rss']); @@ -602,7 +602,7 @@ class ApiTest extends FixtureTest */ public function testApiRssExtraWithoutUserInfo() { - $result = api_rss_extra($this->app, [], null); + $result = api_rss_extra([], null); self::assertIsArray($result['$user']); self::assertArrayHasKey('alternate', $result['$rss']); self::assertArrayHasKey('self', $result['$rss']); From 747e8daef67cd928e3c248a03b0d302d86e7782d Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 21:40:48 +0000 Subject: [PATCH 09/42] Hopefully fixing the tests --- include/api.php | 90 ++++++++++++++++++++++++------------------------- 1 file changed, 45 insertions(+), 45 deletions(-) diff --git a/include/api.php b/include/api.php index f7c1b8d346..f13d369b6e 100644 --- a/include/api.php +++ b/include/api.php @@ -82,7 +82,7 @@ $called_api = []; */ function api_user() { - $user = OAuth::getCurrentUserID(); + $user = BaseApi::getCurrentUserID(); if (!empty($user)) { return $user; } @@ -300,7 +300,7 @@ function api_call(App $a, App\Arguments $args = null) function api_rss_extra($arr, $user_info) { if (is_null($user_info)) { - $uid = BaseApi::getCurrentUserID(); + $uid = api_user(); if (empty($uid)) { throw new ForbiddenException(); } @@ -498,14 +498,14 @@ function api_get_user($contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? null, BaseApi::getCurrentUserID())->toArray(); + $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? null, api_user())->toArray(); $author_user = $status_user; $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? null, BaseApi::getCurrentUserID())->toArray(); + $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? null, api_user())->toArray(); } else { $owner_user = $author_user; } @@ -543,7 +543,7 @@ function api_account_verify_credentials($type) $skip_status = $_REQUEST['skip_status'] ?? false; - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); // "verified" isn't used here in the standard unset($user_info["verified"]); @@ -601,7 +601,7 @@ function api_statuses_mediap($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $_REQUEST['profile_uid'] = api_user(); $_REQUEST['api_source'] = true; @@ -985,7 +985,7 @@ function api_users_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $item = api_get_last_status($user_info['pid'], $user_info['uid']); if (!empty($item)) { @@ -1034,7 +1034,7 @@ function api_users_search($type) if (DBA::isResult($contacts)) { $k = 0; foreach ($contacts as $contact) { - $user_info = DI::twitterUser()->createFromContactId($contact['id'], BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromContactId($contact['id'], api_user())->toArray(); if ($type == 'xml') { $userlist[$k++ . ':user'] = $user_info; @@ -1110,7 +1110,7 @@ function api_search($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); if (empty($_REQUEST['q'])) { throw new BadRequestException('q parameter is required.'); @@ -1214,7 +1214,7 @@ function api_statuses_home_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -1305,7 +1305,7 @@ function api_statuses_public_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); // get last network messages @@ -1385,7 +1385,7 @@ function api_statuses_networkpublic_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -1443,7 +1443,7 @@ function api_statuses_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1519,7 +1519,7 @@ function api_conversation_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1718,7 +1718,7 @@ function api_statuses_mentions($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -1793,7 +1793,7 @@ function api_statuses_user_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); @@ -1909,7 +1909,7 @@ function api_favorites_create_destroy($type) throw new InternalServerErrorException("DB error"); } - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $rets = api_format_items([$item], $user_info, false, $type); $ret = $rets[0]; @@ -1947,7 +1947,7 @@ function api_favorites($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $called_api = []; @@ -2431,7 +2431,7 @@ function api_format_items_activities($item, $type = "json") //builtin_activity_puller($i, $activities); // get user data and add it to the array of the activity - $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], BaseApi::getCurrentUserID())->toArray(); + $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], api_user())->toArray(); switch ($parent_item['verb']) { case Activity::LIKE: $activities['like'][] = $user; @@ -2595,7 +2595,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use if (!empty($announce)) { $retweeted_item = $item; $item = $announce; - $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], BaseApi::getCurrentUserID())->toArray(); + $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], api_user())->toArray(); } } @@ -2614,7 +2614,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $quoted_status['text'] = $conv_quoted['text']; $quoted_status['statusnet_html'] = $conv_quoted['html']; try { - $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); + $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], api_user())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2636,7 +2636,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use unset($retweeted_status['statusnet_conversation_id']); $status['user'] = $status['friendica_owner']; try { - $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); + $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], api_user())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2721,7 +2721,7 @@ function api_lists_ownerships($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $uid = $user_info['uid']; $groups = DBA::select('group', [], ['deleted' => 0, 'uid' => $uid]); @@ -2765,7 +2765,7 @@ function api_lists_statuses($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -2849,7 +2849,7 @@ function api_statuses_f($qtype) $start = max(0, ($page - 1) * $count); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { /* this is to stop Hotot to load friends multiple times @@ -2899,7 +2899,7 @@ function api_statuses_f($qtype) $ret = []; foreach ($r as $cid) { - $user = DI::twitterUser()->createFromContactId($cid['id'], BaseApi::getCurrentUserID())->toArray(); + $user = DI::twitterUser()->createFromContactId($cid['id'], api_user())->toArray(); // "uid" and "self" are only needed for some internal stuff, so remove it from here unset($user["uid"]); unset($user["self"]); @@ -3025,7 +3025,7 @@ function api_direct_messages_new($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = BaseApi::getCurrentUserID(); + $uid = api_user(); if (empty($uid)) { throw new ForbiddenException(); } @@ -3108,7 +3108,7 @@ function api_direct_messages_destroy($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); //required $id = $_REQUEST['id'] ?? 0; // optional @@ -3275,7 +3275,7 @@ function api_direct_messages_box($type, $box, $verbose) unset($_REQUEST["screen_name"]); unset($_GET["screen_name"]); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $profile_url = $user_info["url"]; @@ -3321,9 +3321,9 @@ function api_direct_messages_box($type, $box, $verbose) foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); $sender = $user_info; } @@ -3738,7 +3738,7 @@ function api_account_update_profile($type) $local_user = api_user(); - $api_user = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $api_user = DI::twitterUser()->createFromUserId(api_user())->toArray(); if (!empty($_POST['name'])) { DBA::update('profile', ['name' => $_POST['name']], ['uid' => $local_user]); @@ -4020,7 +4020,7 @@ function prepare_photo_data($type, $scale, $photo_id) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); $data_sql = ($scale === false ? "" : "data, "); @@ -4312,7 +4312,7 @@ function api_friendica_group_show($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $gid = $_REQUEST['gid'] ?? 0; $uid = $user_info['uid']; @@ -4338,13 +4338,13 @@ function api_friendica_group_show($type) $user_element = "users"; $k = 0; foreach ($members as $member) { - $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], api_user())->toArray(); $users[$k++.":user"] = $user; } } else { $user_element = "user"; foreach ($members as $member) { - $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], api_user())->toArray(); $users[] = $user; } } @@ -4373,7 +4373,7 @@ function api_lists_destroy($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $uid = $user_info['uid']; @@ -4474,7 +4474,7 @@ function api_friendica_group_create($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; $json = json_decode($_POST['json'], true); @@ -4505,7 +4505,7 @@ function api_lists_create($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4541,7 +4541,7 @@ function api_friendica_group_update($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $uid = $user_info['uid']; $gid = $_REQUEST['gid'] ?? 0; $name = $_REQUEST['name'] ?? ''; @@ -4611,7 +4611,7 @@ function api_lists_update($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4659,7 +4659,7 @@ function api_friendica_notification_seen($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); if (DI::args()->getArgc() !== 4) { throw new BadRequestException('Invalid argument count'); @@ -4721,7 +4721,7 @@ function api_friendica_direct_messages_search($type, $box = "") BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); $searchstring = $_REQUEST['searchstring'] ?? ''; $uid = $user_info['uid']; @@ -4750,9 +4750,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); $sender = $user_info; } From 9e30bd8ff7d1045c134b84563e15c1ddf863b026 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 21:50:39 +0000 Subject: [PATCH 10/42] Change back auth --- include/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/api.php b/include/api.php index f13d369b6e..4c7a9d7f96 100644 --- a/include/api.php +++ b/include/api.php @@ -82,7 +82,7 @@ $called_api = []; */ function api_user() { - $user = BaseApi::getCurrentUserID(); + $user = OAuth::getCurrentUserID(); if (!empty($user)) { return $user; } From abbe7895ae48570a9fc87b4ed85fd8a75c1c83f5 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 22:12:21 +0000 Subject: [PATCH 11/42] Fixing tests - maybe --- src/Security/BasicAuth.php | 5 +++++ tests/legacy/ApiTest.php | 1 + 2 files changed, 6 insertions(+) diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php index f2154ae8a4..2b4baaa36e 100644 --- a/src/Security/BasicAuth.php +++ b/src/Security/BasicAuth.php @@ -62,6 +62,11 @@ class BasicAuth return (int)self::$current_user_id; } + public static function setCurrentUserID(int $uid) + { + self::$current_user_id = $uid; + } + /** * Fetch a dummy application token * diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index e193541593..1e5f12d854 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -114,6 +114,7 @@ class ApiTest extends FixtureTest 'authenticated' => true, 'uid' => $this->selfUser['id'] ]; + BasicAuth::setCurrentUserID($this->selfUser['id']); } /** From 598a09fc6f4c914725ed87d0819276cdaa93ada7 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 22:25:37 +0000 Subject: [PATCH 12/42] Testing tests --- include/api.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/api.php b/include/api.php index 4c7a9d7f96..0dbe9ecde5 100644 --- a/include/api.php +++ b/include/api.php @@ -498,14 +498,14 @@ function api_get_user($contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? null, api_user())->toArray(); + $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? 0, api_user())->toArray(); $author_user = $status_user; $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? null, api_user())->toArray(); + $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? 0, api_user())->toArray(); } else { $owner_user = $author_user; } From ebdfe388def6f508775a3d60efab56dcf4adc30d Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 22:37:02 +0000 Subject: [PATCH 13/42] Fixing upload --- mod/wall_upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/mod/wall_upload.php b/mod/wall_upload.php index b67bf67512..5a23664ed8 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -56,7 +56,7 @@ function wall_upload_post(App $a, $desktopmode = true) return; } } else { - $user = DBA::selectFirst('owner-view', ['id', 'uid', 'nickname', 'page-flags'], ['nickname' => BaseApi::getCurrentUserID(), 'blocked' => false]); + $user = DBA::selectFirst('owner-view', ['id', 'uid', 'nickname', 'page-flags'], ['uid' => BaseApi::getCurrentUserID(), 'blocked' => false]); } } else { if ($r_json) { From 420f6c652f092a61dc64b09ae38b0f1eda597a7b Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 22:44:52 +0000 Subject: [PATCH 14/42] Replaced all api_user calls --- include/api.php | 248 ++++++++++++++++++++++++------------------------ 1 file changed, 124 insertions(+), 124 deletions(-) diff --git a/include/api.php b/include/api.php index 0dbe9ecde5..4f3105b021 100644 --- a/include/api.php +++ b/include/api.php @@ -228,7 +228,7 @@ function api_call(App $a, App\Arguments $args = null) $called_api = explode("/", $p); - if (!empty($info['auth']) && api_user() === false) { + if (!empty($info['auth']) && BaseApi::getCurrentUserID() === false) { BasicAuth::getCurrentUserID(true); Logger::info(API_LOG_PREFIX . 'nickname {nickname}', ['module' => 'api', 'action' => 'call', 'nickname' => $a->getLoggedInUserNickname()]); } @@ -300,7 +300,7 @@ function api_call(App $a, App\Arguments $args = null) function api_rss_extra($arr, $user_info) { if (is_null($user_info)) { - $uid = api_user(); + $uid = BaseApi::getCurrentUserID(); if (empty($uid)) { throw new ForbiddenException(); } @@ -368,8 +368,8 @@ function api_get_user($contact_id = null) $user = Strings::normaliseLink($contact_id); $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } @@ -383,8 +383,8 @@ function api_get_user($contact_id = null) $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } @@ -397,23 +397,23 @@ function api_get_user($contact_id = null) $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } if (is_null($user) && !empty($_GET['screen_name'])) { $user = $_GET['screen_name']; $extra_query = "AND `contact`.`nick` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=".intval(BaseApi::getCurrentUserID()); } } if (is_null($user) && !empty($_GET['profileurl'])) { $user = Strings::normaliseLink($_GET['profileurl']); $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=".intval(BaseApi::getCurrentUserID()); } } @@ -432,14 +432,14 @@ function api_get_user($contact_id = null) if ($user != "") { $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } } else { $extra_query = "AND `contact`.`nick` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); + if (BaseApi::getCurrentUserID() !== false) { + $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } } @@ -447,11 +447,11 @@ function api_get_user($contact_id = null) Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]); if (!$user) { - if (api_user() === false) { + if (BaseApi::getCurrentUserID() === false) { BasicAuth::getCurrentUserID(true); return false; } else { - $user = api_user(); + $user = BaseApi::getCurrentUserID(); $extra_query = "AND `contact`.`uid` = ? AND `contact`.`self` "; } } @@ -498,14 +498,14 @@ function api_get_user($contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? 0, api_user())->toArray(); + $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? 0, BaseApi::getCurrentUserID())->toArray(); $author_user = $status_user; $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? 0, api_user())->toArray(); + $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? 0, BaseApi::getCurrentUserID())->toArray(); } else { $owner_user = $author_user; } @@ -543,7 +543,7 @@ function api_account_verify_credentials($type) $skip_status = $_REQUEST['skip_status'] ?? false; - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // "verified" isn't used here in the standard unset($user_info["verified"]); @@ -601,9 +601,9 @@ function api_statuses_mediap($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); $_REQUEST['api_source'] = true; $txt = requestdata('status') ?? ''; /// @TODO old-lost code? @@ -689,7 +689,7 @@ function api_statuses_update($type) if (requestdata('lat') && requestdata('long')) { $_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long')); } - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); if (!$parent) { // Check for throttling (maximum posts per day, week and month) @@ -697,11 +697,11 @@ function api_statuses_update($type) if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, BaseApi::getCurrentUserID(), $datefrom]; $posts_day = Post::count($condition); if ($posts_day > $throttle_day) { - logger::info('Daily posting limit reached for user '.api_user()); + logger::info('Daily posting limit reached for user '.BaseApi::getCurrentUserID()); // die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); } @@ -711,11 +711,11 @@ function api_statuses_update($type) if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, BaseApi::getCurrentUserID(), $datefrom]; $posts_week = Post::count($condition); if ($posts_week > $throttle_week) { - logger::info('Weekly posting limit reached for user '.api_user()); + logger::info('Weekly posting limit reached for user '.BaseApi::getCurrentUserID()); // die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); } @@ -725,11 +725,11 @@ function api_statuses_update($type) if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, BaseApi::getCurrentUserID(), $datefrom]; $posts_month = Post::count($condition); if ($posts_month > $throttle_month) { - logger::info('Monthly posting limit reached for user '.api_user()); + logger::info('Monthly posting limit reached for user '.BaseApi::getCurrentUserID()); // die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); } @@ -754,7 +754,7 @@ function api_statuses_update($type) $media = DBA::toArray(DBA::p("SELECT `resource-id`, `scale`, `nickname`, `type`, `desc`, `filename`, `datasize`, `width`, `height` FROM `photo` INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN (SELECT `resource-id` FROM `photo` WHERE `id` = ?) AND `photo`.`uid` = ? - ORDER BY `photo`.`width` DESC LIMIT 2", $id, api_user())); + ORDER BY `photo`.`width` DESC LIMIT 2", $id, BaseApi::getCurrentUserID())); if (!empty($media)) { $ressources[] = $media[0]['resource-id']; @@ -802,7 +802,7 @@ function api_statuses_update($type) if (!empty($ressources) && !empty($item_id)) { $item = Post::selectFirst(['uri-id', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'], ['id' => $item_id]); foreach ($ressources as $ressource) { - Photo::setPermissionForRessource($ressource, api_user(), $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); + Photo::setPermissionForRessource($ressource, BaseApi::getCurrentUserID(), $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); } } @@ -900,7 +900,7 @@ function api_media_metadata_create($type) Logger::info('Updating metadata', ['media_id' => $data['media_id']]); - $condition = ['id' => $data['media_id'], 'uid' => api_user()]; + $condition = ['id' => $data['media_id'], 'uid' => BaseApi::getCurrentUserID()]; $photo = DBA::selectFirst('photo', ['resource-id'], $condition); if (!DBA::isResult($photo)) { throw new BadRequestException("Metadata not found."); @@ -985,7 +985,7 @@ function api_users_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $item = api_get_last_status($user_info['pid'], $user_info['uid']); if (!empty($item)) { @@ -1034,7 +1034,7 @@ function api_users_search($type) if (DBA::isResult($contacts)) { $k = 0; foreach ($contacts as $contact) { - $user_info = DI::twitterUser()->createFromContactId($contact['id'], api_user())->toArray(); + $user_info = DI::twitterUser()->createFromContactId($contact['id'], BaseApi::getCurrentUserID())->toArray(); if ($type == 'xml') { $userlist[$k++ . ':user'] = $user_info; @@ -1110,7 +1110,7 @@ function api_search($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (empty($_REQUEST['q'])) { throw new BadRequestException('q parameter is required.'); @@ -1160,7 +1160,7 @@ function api_search($type) " . ($exclude_replies ? " AND `gravity` = " . GRAVITY_PARENT : ' ') . " AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) AND `body` LIKE CONCAT('%',?,'%')", - $since_id, api_user(), $_REQUEST['q']]; + $since_id, BaseApi::getCurrentUserID(), $_REQUEST['q']]; if ($max_id > 0) { $condition[0] .= ' AND `id` <= ?'; $condition[] = $max_id; @@ -1170,7 +1170,7 @@ function api_search($type) $statuses = []; if (parse_url($searchTerm, PHP_URL_SCHEME) != '') { - $id = Item::fetchByLink($searchTerm, api_user()); + $id = Item::fetchByLink($searchTerm, BaseApi::getCurrentUserID()); if (!$id) { // Public post $id = Item::fetchByLink($searchTerm); @@ -1181,7 +1181,7 @@ function api_search($type) } } - $statuses = $statuses ?: Post::selectForUser(api_user(), [], $condition, $params); + $statuses = $statuses ?: Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $data['status'] = api_format_items(Post::toArray($statuses), $user_info); @@ -1214,7 +1214,7 @@ function api_statuses_home_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -1235,7 +1235,7 @@ function api_statuses_home_timeline($type) $start = max(0, ($page - 1) * $count); $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ?", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `id` <= ?"; @@ -1251,7 +1251,7 @@ function api_statuses_home_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $items = Post::toArray($statuses); @@ -1305,7 +1305,7 @@ function api_statuses_public_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // get last network messages @@ -1329,7 +1329,7 @@ function api_statuses_public_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $r = Post::toArray($statuses); } else { @@ -1346,7 +1346,7 @@ function api_statuses_public_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $r = Post::toArray($statuses); } @@ -1385,7 +1385,7 @@ function api_statuses_networkpublic_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -1405,7 +1405,7 @@ function api_statuses_networkpublic_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::toArray(Post::selectForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params)); + $statuses = Post::toArray(Post::selectForUser(BaseApi::getCurrentUserID(), Item::DISPLAY_FIELDLIST, $condition, $params)); $ret = api_format_items($statuses, $user_info, false, $type); @@ -1443,7 +1443,7 @@ function api_statuses_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1467,7 +1467,7 @@ function api_statuses_show($type) throw new BadRequestException(sprintf("There is no status with the id %d", $id)); } - $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]); + $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, BaseApi::getCurrentUserID()]], ['order' => ['uid' => true]]); if (!DBA::isResult($item)) { throw new BadRequestException(sprintf("There is no status with the uri-id %d for the given user.", $uri_item['uri-id'])); } @@ -1482,7 +1482,7 @@ function api_statuses_show($type) $params = []; } - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); /// @TODO How about copying this to above methods which don't check $r ? if (!DBA::isResult($statuses)) { @@ -1519,7 +1519,7 @@ function api_conversation_show($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1547,7 +1547,7 @@ function api_conversation_show($type) throw new BadRequestException("There is no status with the id $id."); } - $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]); + $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, BaseApi::getCurrentUserID()]], ['order' => ['uid' => true]]); if (!DBA::isResult($parent)) { throw new BadRequestException("There is no status with this id."); } @@ -1555,7 +1555,7 @@ function api_conversation_show($type) $id = $parent['id']; $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `gravity` IN (?, ?) AND `id` > ?", - $id, api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + $id, BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `id` <= ?"; @@ -1563,7 +1563,7 @@ function api_conversation_show($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); if (!DBA::isResult($statuses)) { throw new BadRequestException("There is no status with id $id."); @@ -1639,7 +1639,7 @@ function api_statuses_repeat($type) $post .= "[/share]"; } $_REQUEST['body'] = $post; - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { @@ -1693,7 +1693,7 @@ function api_statuses_destroy($type) $ret = api_statuses_show($type); - Item::deleteForUser(['id' => $id], api_user()); + Item::deleteForUser(['id' => $id], BaseApi::getCurrentUserID()); return $ret; } @@ -1718,7 +1718,7 @@ function api_statuses_mentions($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -1742,11 +1742,11 @@ function api_statuses_mentions($type) $condition = [ GRAVITY_PARENT, GRAVITY_COMMENT, - api_user(), + BaseApi::getCurrentUserID(), Post\UserNotification::TYPE_EXPLICIT_TAGGED | Post\UserNotification::TYPE_IMPLICIT_TAGGED | Post\UserNotification::TYPE_THREAD_COMMENT | Post\UserNotification::TYPE_DIRECT_COMMENT | Post\UserNotification::TYPE_DIRECT_THREAD_COMMENT, - api_user(), $since_id, + BaseApi::getCurrentUserID(), $since_id, ]; if ($max_id > 0) { @@ -1757,7 +1757,7 @@ function api_statuses_mentions($type) array_unshift($condition, $query); $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); @@ -1793,9 +1793,9 @@ function api_statuses_user_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); + Logger::info('api_statuses_user_timeline', ['api_user' => BaseApi::getCurrentUserID(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -1809,7 +1809,7 @@ function api_statuses_user_timeline($type) $start = max(0, ($page - 1) * $count); $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `contact-id` = ?", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']]; + BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']]; if ($user_info['self'] == 1) { $condition[0] .= ' AND `wall` '; @@ -1830,7 +1830,7 @@ function api_statuses_user_timeline($type) $condition[] = $max_id; } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $ret = api_format_items(Post::toArray($statuses), $user_info, true, $type); @@ -1886,7 +1886,7 @@ function api_favorites_create_destroy($type) $itemid = intval($_REQUEST['id'] ?? 0); } - $item = Post::selectFirstForUser(api_user(), [], ['id' => $itemid, 'uid' => api_user()]); + $item = Post::selectFirstForUser(BaseApi::getCurrentUserID(), [], ['id' => $itemid, 'uid' => BaseApi::getCurrentUserID()]); if (!DBA::isResult($item)) { throw new BadRequestException("Invalid item."); @@ -1909,7 +1909,7 @@ function api_favorites_create_destroy($type) throw new InternalServerErrorException("DB error"); } - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $rets = api_format_items([$item], $user_info, false, $type); $ret = $rets[0]; @@ -1947,7 +1947,7 @@ function api_favorites($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $called_api = []; @@ -1967,7 +1967,7 @@ function api_favorites($type) $start = max(0, ($page - 1) * $count); $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; @@ -1976,7 +1976,7 @@ function api_favorites($type) $condition[] = $max_id; } - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); } @@ -2431,7 +2431,7 @@ function api_format_items_activities($item, $type = "json") //builtin_activity_puller($i, $activities); // get user data and add it to the array of the activity - $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], api_user())->toArray(); + $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], BaseApi::getCurrentUserID())->toArray(); switch ($parent_item['verb']) { case Activity::LIKE: $activities['like'][] = $user; @@ -2595,7 +2595,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use if (!empty($announce)) { $retweeted_item = $item; $item = $announce; - $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], api_user())->toArray(); + $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], BaseApi::getCurrentUserID())->toArray(); } } @@ -2614,7 +2614,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $quoted_status['text'] = $conv_quoted['text']; $quoted_status['statusnet_html'] = $conv_quoted['html']; try { - $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], api_user())->toArray(); + $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2636,7 +2636,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use unset($retweeted_status['statusnet_conversation_id']); $status['user'] = $status['friendica_owner']; try { - $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], api_user())->toArray(); + $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2721,7 +2721,7 @@ function api_lists_ownerships($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $uid = $user_info['uid']; $groups = DBA::select('group', [], ['deleted' => 0, 'uid' => $uid]); @@ -2765,7 +2765,7 @@ function api_lists_statuses($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); unset($_GET["user_id"]); @@ -2789,7 +2789,7 @@ function api_lists_statuses($type) $groups = DBA::selectToArray('group_member', ['contact-id'], ['gid' => 1]); $gids = array_column($groups, 'contact-id'); - $condition = ['uid' => api_user(), 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids]; + $condition = ['uid' => BaseApi::getCurrentUserID(), 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids]; $condition = DBA::mergeConditions($condition, ["`id` > ?", $since_id]); if ($max_id > 0) { @@ -2806,7 +2806,7 @@ function api_lists_statuses($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $items = api_format_items(Post::toArray($statuses), $user_info, false, $type); @@ -2849,7 +2849,7 @@ function api_statuses_f($qtype) $start = max(0, ($page - 1) * $count); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { /* this is to stop Hotot to load friends multiple times @@ -2892,14 +2892,14 @@ function api_statuses_f($qtype) $sql_extra ORDER BY `nick` LIMIT ?, ?", - api_user(), + BaseApi::getCurrentUserID(), $start, $count )); $ret = []; foreach ($r as $cid) { - $user = DI::twitterUser()->createFromContactId($cid['id'], api_user())->toArray(); + $user = DI::twitterUser()->createFromContactId($cid['id'], BaseApi::getCurrentUserID())->toArray(); // "uid" and "self" are only needed for some internal stuff, so remove it from here unset($user["uid"]); unset($user["self"]); @@ -3025,7 +3025,7 @@ function api_direct_messages_new($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $uid = api_user(); + $uid = BaseApi::getCurrentUserID(); if (empty($uid)) { throw new ForbiddenException(); } @@ -3038,7 +3038,7 @@ function api_direct_messages_new($type) $recipient = null; if (!empty($_POST['screen_name'])) { - $contacts = Contact::selectToArray(['id', 'nurl', 'network'], ['uid' => api_user(), 'nick' => $_POST['screen_name']]); + $contacts = Contact::selectToArray(['id', 'nurl', 'network'], ['uid' => BaseApi::getCurrentUserID(), 'nick' => $_POST['screen_name']]); if (DBA::isResult($contacts)) { // Selecting the id by priority, friendica first api_best_nickname($contacts); @@ -3055,7 +3055,7 @@ function api_direct_messages_new($type) $replyto = ''; if (!empty($_REQUEST['replyto'])) { - $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => api_user(), 'id' => $_REQUEST['replyto']]); + $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => BaseApi::getCurrentUserID(), 'id' => $_REQUEST['replyto']]); $replyto = $mail['parent-uri']; $sub = $mail['title']; } else { @@ -3108,7 +3108,7 @@ function api_direct_messages_destroy($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); //required $id = $_REQUEST['id'] ?? 0; // optional @@ -3174,7 +3174,7 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', */ function api_friendships_destroy($type) { - $uid = api_user(); + $uid = BaseApi::getCurrentUserID(); if ($uid === false) { throw new HTTPException\ForbiddenException(); @@ -3275,7 +3275,7 @@ function api_direct_messages_box($type, $box, $verbose) unset($_REQUEST["screen_name"]); unset($_GET["screen_name"]); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $profile_url = $user_info["url"]; @@ -3307,7 +3307,7 @@ function api_direct_messages_box($type, $box, $verbose) $r = DBA::toArray(DBA::p( "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND $sql_extra AND `mail`.`id` > ? ORDER BY `mail`.`id` DESC LIMIT ?,?", - api_user(), + BaseApi::getCurrentUserID(), $since_id, $start, $count @@ -3321,9 +3321,9 @@ function api_direct_messages_box($type, $box, $verbose) foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); $sender = $user_info; } @@ -3421,7 +3421,7 @@ api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); */ function api_fr_photos_list($type) { - if (api_user() === false) { + if (BaseApi::getCurrentUserID() === false) { throw new ForbiddenException(); } $r = DBA::toArray(DBA::p( @@ -3472,7 +3472,7 @@ function api_fr_photos_list($type) */ function api_fr_photo_create_update($type) { - if (api_user() === false) { + if (BaseApi::getCurrentUserID() === false) { throw new ForbiddenException(); } // input params @@ -3507,7 +3507,7 @@ function api_fr_photo_create_update($type) $mode = "update"; // check if photo is existing in databasei - if (!Photo::exists(['resource-id' => $photo_id, 'uid' => api_user(), 'album' => $album])) { + if (!Photo::exists(['resource-id' => $photo_id, 'uid' => BaseApi::getCurrentUserID(), 'album' => $album])) { throw new BadRequestException("photo not available"); } } @@ -3569,7 +3569,7 @@ function api_fr_photo_create_update($type) $result = false; if (count($updated_fields) > 0) { $nothingtodo = false; - $result = Photo::update($updated_fields, ['uid' => api_user(), 'resource-id' => $photo_id, 'album' => $album]); + $result = Photo::update($updated_fields, ['uid' => BaseApi::getCurrentUserID(), 'resource-id' => $photo_id, 'album' => $album]); } else { $nothingtodo = true; } @@ -3610,7 +3610,7 @@ function api_fr_photo_create_update($type) */ function api_fr_photo_detail($type) { - if (api_user() === false) { + if (BaseApi::getCurrentUserID() === false) { throw new ForbiddenException(); } if (empty($_REQUEST['photo_id'])) { @@ -3642,7 +3642,7 @@ function api_fr_photo_detail($type) */ function api_account_update_profile_image($type) { - if (api_user() === false) { + if (BaseApi::getCurrentUserID() === false) { throw new ForbiddenException(); } // input params @@ -3655,7 +3655,7 @@ function api_account_update_profile_image($type) // check if specified profile id is valid if ($profile_id != 0) { - $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => api_user(), 'id' => $profile_id]); + $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => BaseApi::getCurrentUserID(), 'id' => $profile_id]); // error message if specified profile id is not in database if (!DBA::isResult($profile)) { throw new BadRequestException("profile_id not available"); @@ -3691,18 +3691,18 @@ function api_account_update_profile_image($type) // change specified profile or all profiles to the new resource-id if ($is_default_profile) { - $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()]; + $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], BaseApi::getCurrentUserID()]; Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); } else { $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; - DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => api_user()]); + DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => BaseApi::getCurrentUserID()]); } - Contact::updateSelfFromUserID(api_user(), true); + Contact::updateSelfFromUserID(BaseApi::getCurrentUserID(), true); // Update global directory in background - Profile::publishUpdate(api_user()); + Profile::publishUpdate(BaseApi::getCurrentUserID()); // output for client if ($data) { @@ -3736,9 +3736,9 @@ function api_account_update_profile($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $local_user = api_user(); + $local_user = BaseApi::getCurrentUserID(); - $api_user = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $api_user = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (!empty($_POST['name'])) { DBA::update('profile', ['name' => $_POST['name']], ['uid' => $local_user]); @@ -3783,7 +3783,7 @@ function check_acl_input($acl_string) foreach ($cid_array as $cid) { $cid = str_replace("<", "", $cid); $cid = str_replace(">", "", $cid); - $condition = ['id' => $cid, 'uid' => api_user()]; + $condition = ['id' => $cid, 'uid' => BaseApi::getCurrentUserID()]; $contact_not_found |= !DBA::exists('contact', $condition); } return $contact_not_found; @@ -3962,12 +3962,12 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false) { // get data about the api authenticated user - $uri = Item::newURI(intval(api_user())); - $owner_record = DBA::selectFirst('contact', [], ['uid' => api_user(), 'self' => true]); + $uri = Item::newURI(intval(BaseApi::getCurrentUserID())); + $owner_record = DBA::selectFirst('contact', [], ['uid' => BaseApi::getCurrentUserID(), 'self' => true]); $arr = []; $arr['guid'] = System::createUUID(); - $arr['uid'] = intval(api_user()); + $arr['uid'] = intval(BaseApi::getCurrentUserID()); $arr['uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; @@ -4020,7 +4020,7 @@ function prepare_photo_data($type, $scale, $photo_id) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); $data_sql = ($scale === false ? "" : "data, "); @@ -4077,7 +4077,7 @@ function prepare_photo_data($type, $scale, $photo_id) } // retrieve item element for getting activities (like, dislike etc.) related to photo - $condition = ['uid' => api_user(), 'resource-id' => $photo_id]; + $condition = ['uid' => BaseApi::getCurrentUserID(), 'resource-id' => $photo_id]; $item = Post::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); if (!DBA::isResult($item)) { throw new NotFoundException('Photo-related item not found.'); @@ -4087,9 +4087,9 @@ function prepare_photo_data($type, $scale, $photo_id) // retrieve comments on photo $condition = ["`parent` = ? AND `uid` = ? AND `gravity` IN (?, ?)", - $item['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; + $item['parent'], BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT]; - $statuses = Post::selectForUser(api_user(), [], $condition); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition); // prepare output of comments $commentData = api_format_items(Post::toArray($statuses), $user_info, false, $type); @@ -4312,7 +4312,7 @@ function api_friendica_group_show($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['gid'] ?? 0; $uid = $user_info['uid']; @@ -4338,13 +4338,13 @@ function api_friendica_group_show($type) $user_element = "users"; $k = 0; foreach ($members as $member) { - $user = DI::twitterUser()->createFromContactId($member['contact-id'], api_user())->toArray(); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); $users[$k++.":user"] = $user; } } else { $user_element = "user"; foreach ($members as $member) { - $user = DI::twitterUser()->createFromContactId($member['contact-id'], api_user())->toArray(); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); $users[] = $user; } } @@ -4373,7 +4373,7 @@ function api_lists_destroy($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $uid = $user_info['uid']; @@ -4474,7 +4474,7 @@ function api_friendica_group_create($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; $json = json_decode($_POST['json'], true); @@ -4505,7 +4505,7 @@ function api_lists_create($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4541,7 +4541,7 @@ function api_friendica_group_update($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $uid = $user_info['uid']; $gid = $_REQUEST['gid'] ?? 0; $name = $_REQUEST['name'] ?? ''; @@ -4611,7 +4611,7 @@ function api_lists_update($type) BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4659,7 +4659,7 @@ function api_friendica_notification_seen($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (DI::args()->getArgc() !== 4) { throw new BadRequestException('Invalid argument count'); @@ -4669,7 +4669,7 @@ function api_friendica_notification_seen($type) try { $Notify = DI::notify()->selectOneById($id); - if ($Notify->uid !== api_user()) { + if ($Notify->uid !== BaseApi::getCurrentUserID()) { throw new NotFoundException(); } @@ -4681,7 +4681,7 @@ function api_friendica_notification_seen($type) DI::notify()->save($Notify); if ($Notify->otype === Notification\ObjectType::ITEM) { - $item = Post::selectFirstForUser(api_user(), [], ['id' => $Notify->iid, 'uid' => api_user()]); + $item = Post::selectFirstForUser(BaseApi::getCurrentUserID(), [], ['id' => $Notify->iid, 'uid' => BaseApi::getCurrentUserID()]); if (DBA::isResult($item)) { // we found the item, return it to the user $ret = api_format_items([$item], $user_info, false, $type); @@ -4721,7 +4721,7 @@ function api_friendica_direct_messages_search($type, $box = "") BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = DI::twitterUser()->createFromUserId(api_user())->toArray(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $searchstring = $_REQUEST['searchstring'] ?? ''; $uid = $user_info['uid']; @@ -4750,9 +4750,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], api_user())->toArray(); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); $sender = $user_info; } From 3c0f22b2dd52be331906b5568679f35f59a77794 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 22:50:43 +0000 Subject: [PATCH 15/42] Testing tests --- src/Security/BasicAuth.php | 2 +- tests/legacy/ApiTest.php | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php index 2b4baaa36e..d4c8bc6dcb 100644 --- a/src/Security/BasicAuth.php +++ b/src/Security/BasicAuth.php @@ -62,7 +62,7 @@ class BasicAuth return (int)self::$current_user_id; } - public static function setCurrentUserID(int $uid) + public static function setCurrentUserID(int $uid = null) { self::$current_user_id = $uid; } diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 1e5f12d854..e2224a19a1 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -1068,6 +1068,7 @@ class ApiTest extends FixtureTest { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['authenticated'] = false; + BasicAuth::setCurrentUserID(); api_statuses_mediap('json'); } From 84661e9468b3dcadc7fe3e1196d8526dcb4a8fcf Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 22:59:18 +0000 Subject: [PATCH 16/42] Test tests --- include/api.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/include/api.php b/include/api.php index 4f3105b021..fd58b0d225 100644 --- a/include/api.php +++ b/include/api.php @@ -599,7 +599,10 @@ function api_statuses_mediap($type) { $a = DI::app(); - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + if (empty(BaseApi::getCurrentUserID())) { + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + throw new ForbiddenException(); + } $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); From a312940a21b1185bdfff7be13fb8316f1e8e6bd9 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 23:03:18 +0000 Subject: [PATCH 17/42] Testing tests again --- include/api.php | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/include/api.php b/include/api.php index fd58b0d225..a6b8563751 100644 --- a/include/api.php +++ b/include/api.php @@ -304,7 +304,7 @@ function api_rss_extra($arr, $user_info) if (empty($uid)) { throw new ForbiddenException(); } - + $user_info = DI::twitterUser()->createFromUserId($uid)->toArray(); } @@ -600,12 +600,13 @@ function api_statuses_mediap($type) $a = DI::app(); if (empty(BaseApi::getCurrentUserID())) { - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); throw new ForbiddenException(); } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); $_REQUEST['api_source'] = true; $txt = requestdata('status') ?? ''; @@ -1216,7 +1217,7 @@ api_register_func('api/search', 'api_search', true); function api_statuses_home_timeline($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); unset($_REQUEST["user_id"]); @@ -3032,7 +3033,7 @@ function api_direct_messages_new($type) if (empty($uid)) { throw new ForbiddenException(); } - + if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { return; } From 86c14f4d4345ea68fea5c0fbb7fd40b0a9455546 Mon Sep 17 00:00:00 2001 From: Michael Date: Wed, 17 Nov 2021 23:11:21 +0000 Subject: [PATCH 18/42] Tests again --- tests/legacy/ApiTest.php | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index e2224a19a1..550bc54c27 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -710,6 +710,7 @@ class ApiTest extends FixtureTest $_SERVER['PHP_AUTH_USER'] = 'Test user'; $_SERVER['PHP_AUTH_PW'] = 'password'; $_SESSION['allow_api'] = false; + BasicAuth::setCurrentUserID(); self::assertFalse(api_get_user()); } @@ -1423,6 +1424,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_search('json'); } @@ -1479,6 +1481,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_statuses_home_timeline('json'); } @@ -1550,6 +1553,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_statuses_public_timeline('json'); } @@ -1604,6 +1608,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_statuses_networkpublic_timeline('json'); } @@ -1667,6 +1672,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_statuses_show('json'); } @@ -1708,6 +1714,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_conversation_show('json'); } @@ -1822,6 +1829,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_statuses_mentions('json'); } @@ -1889,6 +1897,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_statuses_user_timeline('json'); } @@ -2017,6 +2026,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_favorites('json'); } @@ -2442,6 +2452,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_lists_statuses('json'); } @@ -2868,6 +2879,7 @@ class ApiTest extends FixtureTest $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; + BasicAuth::setCurrentUserID(); api_direct_messages_box('json', 'sentbox', 'false'); } From f9ea9e2e9785aabc8e2225c8f0d4ea2170492ab5 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 05:47:06 +0000 Subject: [PATCH 19/42] Readding checks for loggedn in state for the tests --- include/api.php | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/include/api.php b/include/api.php index a6b8563751..cea356602e 100644 --- a/include/api.php +++ b/include/api.php @@ -1112,6 +1112,9 @@ api_register_func('api/users/lookup', 'api_users_lookup', true); */ function api_search($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1216,6 +1219,9 @@ api_register_func('api/search', 'api_search', true); */ function api_statuses_home_timeline($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1307,6 +1313,9 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', */ function api_statuses_public_timeline($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1387,6 +1396,9 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline' */ function api_statuses_networkpublic_timeline($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1445,6 +1457,9 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu */ function api_statuses_show($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1521,6 +1536,9 @@ api_register_func('api/statuses/show', 'api_statuses_show', true); */ function api_conversation_show($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1720,6 +1738,9 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH */ function api_statuses_mentions($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1795,6 +1816,9 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true); */ function api_statuses_user_timeline($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1949,6 +1973,9 @@ function api_favorites($type) { global $called_api; + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -2722,6 +2749,9 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true); */ function api_lists_ownerships($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params @@ -2767,6 +2797,9 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); */ function api_lists_statuses($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); From 9841096ce4fa173cd8734d1df1aba01e1e636dd3 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 05:57:46 +0000 Subject: [PATCH 20/42] Added some more check --- include/api.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/include/api.php b/include/api.php index cea356602e..32a6c51567 100644 --- a/include/api.php +++ b/include/api.php @@ -3293,6 +3293,9 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP */ function api_direct_messages_box($type, $box, $verbose) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params From 2723e28a180f8a006451bf1da30c297e1ba4b5dd Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:03:21 +0000 Subject: [PATCH 21/42] Tests ... --- tests/legacy/ApiTest.php | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 550bc54c27..e30c41c781 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -311,6 +311,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithoutLogin() { + BasicAuth::setCurrentUserID(); $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::getCurrentUserID(true); } @@ -324,6 +325,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithBadLogin() { + BasicAuth::setCurrentUserID(); $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_SERVER['PHP_AUTH_USER'] = 'user@server'; BasicAuth::getCurrentUserID(true); @@ -358,6 +360,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithCorrectLogin() { + BasicAuth::setCurrentUserID(); $_SERVER['PHP_AUTH_USER'] = 'Test user'; $_SERVER['PHP_AUTH_PW'] = 'password'; BasicAuth::getCurrentUserID(true); @@ -371,6 +374,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithRemoteUser() { + BasicAuth::setCurrentUserID(); $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_SERVER['REDIRECT_REMOTE_USER'] = '123456dXNlcjpwYXNzd29yZA=='; BasicAuth::getCurrentUserID(true); From c981f6022125848a87a5671d449eae64e704acaf Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:10:20 +0000 Subject: [PATCH 22/42] Tests ... --- tests/legacy/ApiTest.php | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index e30c41c781..93a8d173eb 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -1002,6 +1002,7 @@ class ApiTest extends FixtureTest public function testApiAccountVerifyCredentialsWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_account_verify_credentials('json'); } @@ -1072,8 +1073,8 @@ class ApiTest extends FixtureTest public function testApiStatusesMediapWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['authenticated'] = false; BasicAuth::setCurrentUserID(); + $_SESSION['authenticated'] = false; api_statuses_mediap('json'); } @@ -1125,6 +1126,7 @@ class ApiTest extends FixtureTest public function testApiStatusesUpdateWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_update('json'); } @@ -1178,6 +1180,7 @@ class ApiTest extends FixtureTest public function testApiMediaUploadWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_media_upload(); } @@ -1741,6 +1744,7 @@ class ApiTest extends FixtureTest public function testApiStatusesRepeatWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_repeat('json'); } @@ -1781,6 +1785,7 @@ class ApiTest extends FixtureTest public function testApiStatusesDestroyWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_destroy('json'); } @@ -1990,6 +1995,7 @@ class ApiTest extends FixtureTest { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); DI::args()->setArgv(['api', '1.1', 'favorites', 'create.json']); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_favorites_create_destroy('json'); } @@ -2404,6 +2410,7 @@ class ApiTest extends FixtureTest public function testApiListsOwnershipsWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_lists_ownerships('json'); } @@ -2645,6 +2652,7 @@ class ApiTest extends FixtureTest public function testApiDirectMessagesNewWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_direct_messages_new('json'); } @@ -2749,6 +2757,7 @@ class ApiTest extends FixtureTest public function testApiDirectMessagesDestroyWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_direct_messages_destroy('json'); } @@ -2970,6 +2979,7 @@ class ApiTest extends FixtureTest public function testApiFrPhotosListWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photos_list('json'); } @@ -2991,6 +3001,7 @@ class ApiTest extends FixtureTest public function testApiFrPhotoCreateUpdateWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photo_create_update('json'); } @@ -3046,6 +3057,7 @@ class ApiTest extends FixtureTest public function testApiFrPhotoDetailWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photo_detail('json'); } @@ -3091,6 +3103,7 @@ class ApiTest extends FixtureTest public function testApiAccountUpdateProfileImageWithoutAuthenticatedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_account_update_profile_image('json'); } From 03810f3e31592d8a7dfedac1e1e6a6ef4e89192e Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:19:24 +0000 Subject: [PATCH 23/42] Tests ... --- include/api.php | 41 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/include/api.php b/include/api.php index 32a6c51567..319584c6d8 100644 --- a/include/api.php +++ b/include/api.php @@ -447,7 +447,7 @@ function api_get_user($contact_id = null) Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]); if (!$user) { - if (BaseApi::getCurrentUserID() === false) { + if (empty(BaseApi::getCurrentUserID())) { BasicAuth::getCurrentUserID(true); return false; } else { @@ -533,6 +533,9 @@ function api_item_get_user(App $a, $item) */ function api_account_verify_credentials($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); unset($_REQUEST["user_id"]); @@ -655,6 +658,10 @@ function api_statuses_update($type) { $a = DI::app(); + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // convert $_POST array items to the form we use for web posts. @@ -833,6 +840,10 @@ function api_media_upload() { $a = DI::app(); + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); if (empty($_FILES['media'])) { @@ -1620,6 +1631,10 @@ function api_statuses_repeat($type) $a = DI::app(); + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params @@ -1697,6 +1712,10 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO */ function api_statuses_destroy($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params @@ -1895,6 +1914,10 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr */ function api_favorites_create_destroy($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // for versioned api. @@ -3060,6 +3083,10 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); */ function api_direct_messages_new($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $uid = BaseApi::getCurrentUserID(); @@ -3142,6 +3169,10 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP */ function api_direct_messages_destroy($type) { + if (empty(BaseApi::getCurrentUserID())) { + throw new ForbiddenException(); + } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params @@ -3461,7 +3492,7 @@ api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); */ function api_fr_photos_list($type) { - if (BaseApi::getCurrentUserID() === false) { + if (empty(BaseApi::getCurrentUserID())) { throw new ForbiddenException(); } $r = DBA::toArray(DBA::p( @@ -3512,7 +3543,7 @@ function api_fr_photos_list($type) */ function api_fr_photo_create_update($type) { - if (BaseApi::getCurrentUserID() === false) { + if (empty(BaseApi::getCurrentUserID())) { throw new ForbiddenException(); } // input params @@ -3650,7 +3681,7 @@ function api_fr_photo_create_update($type) */ function api_fr_photo_detail($type) { - if (BaseApi::getCurrentUserID() === false) { + if (empty(BaseApi::getCurrentUserID())) { throw new ForbiddenException(); } if (empty($_REQUEST['photo_id'])) { @@ -3682,7 +3713,7 @@ function api_fr_photo_detail($type) */ function api_account_update_profile_image($type) { - if (BaseApi::getCurrentUserID() === false) { + if (empty(BaseApi::getCurrentUserID())) { throw new ForbiddenException(); } // input params From d0bae3753806721615ad75bead1d601904ee83f3 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:31:02 +0000 Subject: [PATCH 24/42] Making tests possibly happy --- include/api.php | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/include/api.php b/include/api.php index 319584c6d8..5f89b7ecf8 100644 --- a/include/api.php +++ b/include/api.php @@ -498,14 +498,20 @@ function api_get_user($contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = DI::twitterUser()->createFromContactId($item['author-id'] ?? 0, BaseApi::getCurrentUserID())->toArray(); + if (empty($item['author-id'])) { + $item['author-id'] = Contact::getPublicIdByUserId(BaseApi::getCurrentUserID()); + } + $status_user = DI::twitterUser()->createFromContactId($item['author-id'], BaseApi::getCurrentUserID())->toArray(); $author_user = $status_user; $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'] ?? 0, BaseApi::getCurrentUserID())->toArray(); + if (empty($item['owner-id'])) { + $item['owner-id'] = Contact::getPublicIdByUserId(BaseApi::getCurrentUserID()); + } + $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'], BaseApi::getCurrentUserID())->toArray(); } else { $owner_user = $author_user; } From 268ad197c7d5c686939cd6c8bcf73a72ec48a829 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:37:48 +0000 Subject: [PATCH 25/42] Tests --- tests/legacy/ApiTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 93a8d173eb..67ef29adab 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -715,7 +715,7 @@ class ApiTest extends FixtureTest $_SERVER['PHP_AUTH_PW'] = 'password'; $_SESSION['allow_api'] = false; BasicAuth::setCurrentUserID(); - self::assertFalse(api_get_user()); + self::assertFalse(BaseApi::getCurrentUserID()); } /** From c2181df4d2deb75a4b45fc38149048bd0c1293df Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:43:11 +0000 Subject: [PATCH 26/42] Poking around in the fog --- tests/legacy/ApiTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 67ef29adab..60cffab1d1 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -715,7 +715,7 @@ class ApiTest extends FixtureTest $_SERVER['PHP_AUTH_PW'] = 'password'; $_SESSION['allow_api'] = false; BasicAuth::setCurrentUserID(); - self::assertFalse(BaseApi::getCurrentUserID()); + self::assertFalse(BaseApi::getCurrentUserID(true)); } /** From 4c05228497c1dd5451958cf67f7a8fde81ed9d36 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:49:16 +0000 Subject: [PATCH 27/42] And again --- tests/legacy/ApiTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 60cffab1d1..93a8d173eb 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -715,7 +715,7 @@ class ApiTest extends FixtureTest $_SERVER['PHP_AUTH_PW'] = 'password'; $_SESSION['allow_api'] = false; BasicAuth::setCurrentUserID(); - self::assertFalse(BaseApi::getCurrentUserID(true)); + self::assertFalse(api_get_user()); } /** From 0c26ae31f6ca925cd88a53a47c2484c7078950e8 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 06:58:43 +0000 Subject: [PATCH 28/42] And again ... --- tests/legacy/ApiTest.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 93a8d173eb..cc8bff1782 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -224,7 +224,7 @@ class ApiTest extends FixtureTest */ public function testApiUser() { - self::assertEquals($this->selfUser['id'], api_user()); + self::assertEquals($this->selfUser['id'], BaseApi::getCurrentUserID()); } /** @@ -711,11 +711,14 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithoutApiUser() { + // api_get_user() with empty parameters is not used anymore + /* $_SERVER['PHP_AUTH_USER'] = 'Test user'; $_SERVER['PHP_AUTH_PW'] = 'password'; $_SESSION['allow_api'] = false; BasicAuth::setCurrentUserID(); self::assertFalse(api_get_user()); + */ } /** From 98b68b47f066d7fc6364acb83ad317c06be79f48 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 07:06:08 +0000 Subject: [PATCH 29/42] api_get_user isn't used without parameters anymore --- tests/legacy/ApiTest.php | 66 ++++++++++++++++++++-------------------- 1 file changed, 33 insertions(+), 33 deletions(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index cc8bff1782..34f3f6659b 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -645,8 +645,8 @@ class ApiTest extends FixtureTest */ public function testApiGetUser() { - $user = api_get_user(); - self::assertSelfUser($user); + // $user = api_get_user(); + // self::assertSelfUser($user); // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); // self::assertEquals('6fdbe8', $user['profile_link_color']); // self::assertEquals('ededed', $user['profile_background_color']); @@ -659,10 +659,10 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithFrioSchema() { - $pConfig = $this->dice->create(IManagePersonalConfigValues::class); - $pConfig->set($this->selfUser['id'], 'frio', 'schema', 'red'); - $user = api_get_user(); - self::assertSelfUser($user); + // $pConfig = $this->dice->create(IManagePersonalConfigValues::class); + // $pConfig->set($this->selfUser['id'], 'frio', 'schema', 'red'); + // $user = api_get_user(); + // self::assertSelfUser($user); // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); // self::assertEquals('6fdbe8', $user['profile_link_color']); // self::assertEquals('ededed', $user['profile_background_color']); @@ -675,10 +675,10 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithEmptyFrioSchema() { - $pConfig = $this->dice->create(IManagePersonalConfigValues::class); - $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); - $user = api_get_user(); - self::assertSelfUser($user); + // $pConfig = $this->dice->create(IManagePersonalConfigValues::class); + // $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); + // $user = api_get_user(); + // self::assertSelfUser($user); // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); // self::assertEquals('6fdbe8', $user['profile_link_color']); // self::assertEquals('ededed', $user['profile_background_color']); @@ -691,13 +691,13 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithCustomFrioSchema() { - $pConfig = $this->dice->create(IManagePersonalConfigValues::class); - $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); - $pConfig->set($this->selfUser['id'], 'frio', 'nav_bg', '#123456'); - $pConfig->set($this->selfUser['id'], 'frio', 'link_color', '#123456'); - $pConfig->set($this->selfUser['id'], 'frio', 'background_color', '#123456'); - $user = api_get_user(); - self::assertSelfUser($user); + // $pConfig = $this->dice->create(IManagePersonalConfigValues::class); + // $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); + // $pConfig->set($this->selfUser['id'], 'frio', 'nav_bg', '#123456'); + // $pConfig->set($this->selfUser['id'], 'frio', 'link_color', '#123456'); + // $pConfig->set($this->selfUser['id'], 'frio', 'background_color', '#123456'); + // $user = api_get_user(); + // self::assertSelfUser($user); // self::assertEquals('123456', $user['profile_sidebar_fill_color']); // self::assertEquals('123456', $user['profile_link_color']); // self::assertEquals('123456', $user['profile_background_color']); @@ -728,8 +728,8 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetId() { - $_GET['user_id'] = $this->otherUser['id']; - self::assertOtherUser(api_get_user()); + // $_GET['user_id'] = $this->otherUser['id']; + // self::assertOtherUser(api_get_user()); } /** @@ -739,9 +739,9 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithWrongGetId() { - $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); - $_GET['user_id'] = $this->wrongUserId; - self::assertOtherUser(api_get_user()); + // $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); + // $_GET['user_id'] = $this->wrongUserId; + // self::assertOtherUser(api_get_user()); } /** @@ -751,8 +751,8 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetName() { - $_GET['screen_name'] = $this->selfUser['nick']; - self::assertSelfUser(api_get_user()); + // $_GET['screen_name'] = $this->selfUser['nick']; + // self::assertSelfUser(api_get_user()); } /** @@ -762,8 +762,8 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetUrl() { - $_GET['profileurl'] = $this->selfUser['nurl']; - self::assertSelfUser(api_get_user()); + // $_GET['profileurl'] = $this->selfUser['nurl']; + // self::assertSelfUser(api_get_user()); } /** @@ -773,10 +773,10 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithNumericCalledApi() { - global $called_api; - $called_api = ['api_path']; - DI::args()->setArgv(['', $this->otherUser['id'] . '.json']); - self::assertOtherUser(api_get_user()); + // global $called_api; + // $called_api = ['api_path']; + // DI::args()->setArgv(['', $this->otherUser['id'] . '.json']); + // self::assertOtherUser(api_get_user()); } /** @@ -786,9 +786,9 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithCalledApi() { - global $called_api; - $called_api = ['api', 'api_path']; - self::assertSelfUser(api_get_user()); + // global $called_api; + // $called_api = ['api', 'api_path']; + // self::assertSelfUser(api_get_user()); } /** From 42bd7918ad7172cdd3d2134d9be1478cd88a694d Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 07:14:23 +0000 Subject: [PATCH 30/42] allow_api removed --- include/api.php | 21 --------------------- src/Security/BasicAuth.php | 10 ++-------- tests/legacy/ApiTest.php | 16 +--------------- 3 files changed, 3 insertions(+), 44 deletions(-) diff --git a/include/api.php b/include/api.php index 5f89b7ecf8..20d77b7548 100644 --- a/include/api.php +++ b/include/api.php @@ -73,27 +73,6 @@ define('API_LOG_PREFIX', 'API {action} - '); $API = []; $called_api = []; -/** - * Auth API user - * - * It is not sufficient to use local_user() to check whether someone is allowed to use the API, - * because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF - * into a page, and visitors will post something without noticing it). - */ -function api_user() -{ - $user = OAuth::getCurrentUserID(); - if (!empty($user)) { - return $user; - } - - if (!empty($_SESSION['allow_api'])) { - return local_user(); - } - - return false; -} - /** * Get source name from API client * diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php index d4c8bc6dcb..52657057e9 100644 --- a/src/Security/BasicAuth.php +++ b/src/Security/BasicAuth.php @@ -123,7 +123,6 @@ class BasicAuth private static function getUserIdByAuth(bool $do_login = true):int { $a = DI::app(); - Session::set('allow_api', false); self::$current_user_id = 0; // workaround for HTTP-auth in CGI mode @@ -187,15 +186,10 @@ class BasicAuth DI::auth()->setForUser($a, $record, false, false, $login_refresh); - Session::set('allow_api', true); - Hook::callAll('logged_in', $record); - if (Session::get('allow_api')) { - self::$current_user_id = local_user(); - } else { - self::$current_user_id = 0; - } + self::$current_user_id = local_user(); + return self::$current_user_id; } } diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 34f3f6659b..f4dda4c6b0 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -110,7 +110,6 @@ class ApiTest extends FixtureTest // Most API require login so we force the session $_SESSION = [ - 'allow_api' => true, 'authenticated' => true, 'uid' => $this->selfUser['id'] ]; @@ -234,8 +233,7 @@ class ApiTest extends FixtureTest */ public function testApiUserWithUnallowedUser() { - $_SESSION = ['allow_api' => false]; - self::assertEquals(false, api_user()); + // self::assertEquals(false, api_user()); } /** @@ -715,7 +713,6 @@ class ApiTest extends FixtureTest /* $_SERVER['PHP_AUTH_USER'] = 'Test user'; $_SERVER['PHP_AUTH_PW'] = 'password'; - $_SESSION['allow_api'] = false; BasicAuth::setCurrentUserID(); self::assertFalse(api_get_user()); */ @@ -1432,7 +1429,6 @@ class ApiTest extends FixtureTest public function testApiSearchWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_search('json'); @@ -1489,7 +1485,6 @@ class ApiTest extends FixtureTest public function testApiStatusesHomeTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_home_timeline('json'); @@ -1561,7 +1556,6 @@ class ApiTest extends FixtureTest public function testApiStatusesPublicTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_public_timeline('json'); @@ -1616,7 +1610,6 @@ class ApiTest extends FixtureTest public function testApiStatusesNetworkpublicTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_networkpublic_timeline('json'); @@ -1680,7 +1673,6 @@ class ApiTest extends FixtureTest public function testApiStatusesShowWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_show('json'); @@ -1722,7 +1714,6 @@ class ApiTest extends FixtureTest public function testApiConversationShowWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_conversation_show('json'); @@ -1839,7 +1830,6 @@ class ApiTest extends FixtureTest public function testApiStatusesMentionsWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_mentions('json'); @@ -1907,7 +1897,6 @@ class ApiTest extends FixtureTest public function testApiStatusesUserTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_user_timeline('json'); @@ -2037,7 +2026,6 @@ class ApiTest extends FixtureTest public function testApiFavoritesWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_favorites('json'); @@ -2464,7 +2452,6 @@ class ApiTest extends FixtureTest public function testApiListsStatusesWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_lists_statuses('json'); @@ -2893,7 +2880,6 @@ class ApiTest extends FixtureTest public function testApiDirectMessagesBoxWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_direct_messages_box('json', 'sentbox', 'false'); From 5a5110d45a7ed656cf074cb96b9e9a1130fad467 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 07:25:16 +0000 Subject: [PATCH 31/42] Removed forbidden - crashing the tests again --- include/api.php | 119 ++++++++---------------------------------------- 1 file changed, 19 insertions(+), 100 deletions(-) diff --git a/include/api.php b/include/api.php index 20d77b7548..c43632d2df 100644 --- a/include/api.php +++ b/include/api.php @@ -518,9 +518,6 @@ function api_item_get_user(App $a, $item) */ function api_account_verify_credentials($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); unset($_REQUEST["user_id"]); @@ -587,10 +584,6 @@ function api_statuses_mediap($type) { $a = DI::app(); - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -643,10 +636,6 @@ function api_statuses_update($type) { $a = DI::app(); - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // convert $_POST array items to the form we use for web posts. @@ -825,10 +814,6 @@ function api_media_upload() { $a = DI::app(); - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); if (empty($_FILES['media'])) { @@ -1108,9 +1093,6 @@ api_register_func('api/users/lookup', 'api_users_lookup', true); */ function api_search($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1140,7 +1122,7 @@ function api_search($type) $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) { $searchTerm = $matches[1]; - $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, local_user()]; + $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, BaseApi::getCurrentUserID()]; $tags = DBA::select('tag-search-view', ['uri-id'], $condition); $uriids = []; while ($tag = DBA::fetch($tags)) { @@ -1215,9 +1197,6 @@ api_register_func('api/search', 'api_search', true); */ function api_statuses_home_timeline($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1309,9 +1288,6 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', */ function api_statuses_public_timeline($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1392,9 +1368,6 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline' */ function api_statuses_networkpublic_timeline($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1453,9 +1426,6 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu */ function api_statuses_show($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1532,9 +1502,6 @@ api_register_func('api/statuses/show', 'api_statuses_show', true); */ function api_conversation_show($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1616,10 +1583,6 @@ function api_statuses_repeat($type) $a = DI::app(); - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params @@ -1641,7 +1604,7 @@ function api_statuses_repeat($type) if (DBA::isResult($item) && !empty($item['body'])) { if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { - if (!Item::performActivity($id, 'announce', local_user())) { + if (!Item::performActivity($id, 'announce', BaseApi::getCurrentUserID())) { throw new InternalServerErrorException(); } @@ -1697,10 +1660,6 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO */ function api_statuses_destroy($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params @@ -1742,9 +1701,6 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH */ function api_statuses_mentions($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1820,9 +1776,6 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true); */ function api_statuses_user_timeline($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -1899,10 +1852,6 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr */ function api_favorites_create_destroy($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // for versioned api. @@ -1981,9 +1930,6 @@ function api_favorites($type) { global $called_api; - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -2757,9 +2703,6 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true); */ function api_lists_ownerships($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params @@ -2805,9 +2748,6 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); */ function api_lists_statuses($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); @@ -3068,16 +3008,9 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); */ function api_direct_messages_new($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $uid = BaseApi::getCurrentUserID(); - if (empty($uid)) { - throw new ForbiddenException(); - } if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { return; @@ -3154,10 +3087,6 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP */ function api_direct_messages_destroy($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } - BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params @@ -3227,12 +3156,9 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', */ function api_friendships_destroy($type) { + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $uid = BaseApi::getCurrentUserID(); - if ($uid === false) { - throw new HTTPException\ForbiddenException(); - } - $owner = User::getOwnerDataById($uid); if (!$owner) { Logger::notice(API_LOG_PREFIX . 'No owner {uid} found', ['module' => 'api', 'action' => 'friendships_destroy', 'uid' => $uid]); @@ -3309,9 +3235,6 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP */ function api_direct_messages_box($type, $box, $verbose) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params @@ -3477,14 +3400,13 @@ api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); */ function api_fr_photos_list($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $r = DBA::toArray(DBA::p( "SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`", - local_user(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER + BaseApi::getCurrentUserID(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER )); $typetoext = [ 'image/jpeg' => 'jpg', @@ -3528,9 +3450,8 @@ function api_fr_photos_list($type) */ function api_fr_photo_create_update($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + // input params $photo_id = $_REQUEST['photo_id'] ?? null; $desc = $_REQUEST['desc'] ?? null; @@ -3666,9 +3587,8 @@ function api_fr_photo_create_update($type) */ function api_fr_photo_detail($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + if (empty($_REQUEST['photo_id'])) { throw new BadRequestException("No photo id."); } @@ -3698,9 +3618,8 @@ function api_fr_photo_detail($type) */ function api_account_update_profile_image($type) { - if (empty(BaseApi::getCurrentUserID())) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + // input params $profile_id = $_REQUEST['profile_id'] ?? 0; @@ -3941,13 +3860,13 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ // upload normal image (scales 0, 1, 2) logger::info("photo upload: starting new photo upload"); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: image upload with scale 0 (original size) failed"); } if ($width > 640 || $height > 640) { $Image->scaleDown(640); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: image upload with scale 1 (640x640) failed"); } @@ -3955,7 +3874,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 320 || $height > 320) { $Image->scaleDown(320); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: image upload with scale 2 (320x320) failed"); } @@ -3967,7 +3886,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 300 || $height > 300) { $Image->scaleDown(300); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); } @@ -3975,7 +3894,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 80 || $height > 80) { $Image->scaleDown(80); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); } @@ -3983,7 +3902,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 48 || $height > 48) { $Image->scaleDown(48); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); } @@ -4090,7 +4009,7 @@ function prepare_photo_data($type, $scale, $photo_id) FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", - local_user(), + BaseApi::getCurrentUserID(), $photo_id )); From 3dd35ef6ecd090253dc05a9a60d0d19692db21d8 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 08:03:50 +0000 Subject: [PATCH 32/42] Possibly fixing the test --- src/Security/BasicAuth.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php index 52657057e9..eaed9d22e5 100644 --- a/src/Security/BasicAuth.php +++ b/src/Security/BasicAuth.php @@ -177,7 +177,10 @@ class BasicAuth return 0; } Logger::debug('Access denied', ['parameters' => $_SERVER]); - header('WWW-Authenticate: Basic realm="Friendica"'); + // Checking for commandline for the tests, we have to avoid to send a header + if (php_sapi_name() !== 'cli') { + header('WWW-Authenticate: Basic realm="Friendica"'); + } throw new UnauthorizedException("This API requires login"); } From a8a64a0918cb8a81c5593ef84cfd0ef9b4c5592e Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 08:08:55 +0000 Subject: [PATCH 33/42] We niow throw a different exception --- tests/legacy/ApiTest.php | 52 ++++++++++++++++++++-------------------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index f4dda4c6b0..605ac8c78f 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -1001,7 +1001,7 @@ class ApiTest extends FixtureTest */ public function testApiAccountVerifyCredentialsWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_account_verify_credentials('json'); @@ -1072,7 +1072,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesMediapWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_mediap('json'); @@ -1125,7 +1125,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesUpdateWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_update('json'); @@ -1179,7 +1179,7 @@ class ApiTest extends FixtureTest */ public function testApiMediaUploadWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_media_upload(); @@ -1428,7 +1428,7 @@ class ApiTest extends FixtureTest */ public function testApiSearchWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_search('json'); @@ -1484,7 +1484,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesHomeTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_home_timeline('json'); @@ -1555,7 +1555,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesPublicTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_public_timeline('json'); @@ -1609,7 +1609,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesNetworkpublicTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_networkpublic_timeline('json'); @@ -1672,7 +1672,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesShowWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_show('json'); @@ -1713,7 +1713,7 @@ class ApiTest extends FixtureTest */ public function testApiConversationShowWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_conversation_show('json'); @@ -1726,7 +1726,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesRepeat() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); api_statuses_repeat('json'); } @@ -1737,7 +1737,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesRepeatWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_repeat('json'); @@ -1778,7 +1778,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesDestroyWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_destroy('json'); @@ -1829,7 +1829,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesMentionsWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_mentions('json'); @@ -1896,7 +1896,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesUserTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_user_timeline('json'); @@ -1985,7 +1985,7 @@ class ApiTest extends FixtureTest */ public function testApiFavoritesCreateDestroyWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); DI::args()->setArgv(['api', '1.1', 'favorites', 'create.json']); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; @@ -2025,7 +2025,7 @@ class ApiTest extends FixtureTest */ public function testApiFavoritesWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_favorites('json'); @@ -2400,7 +2400,7 @@ class ApiTest extends FixtureTest */ public function testApiListsOwnershipsWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_lists_ownerships('json'); @@ -2451,7 +2451,7 @@ class ApiTest extends FixtureTest */ public function testApiListsStatusesWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_lists_statuses('json'); @@ -2641,7 +2641,7 @@ class ApiTest extends FixtureTest */ public function testApiDirectMessagesNewWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_direct_messages_new('json'); @@ -2746,7 +2746,7 @@ class ApiTest extends FixtureTest */ public function testApiDirectMessagesDestroyWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_direct_messages_destroy('json'); @@ -2879,7 +2879,7 @@ class ApiTest extends FixtureTest */ public function testApiDirectMessagesBoxWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_direct_messages_box('json', 'sentbox', 'false'); @@ -2967,7 +2967,7 @@ class ApiTest extends FixtureTest */ public function testApiFrPhotosListWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photos_list('json'); @@ -2989,7 +2989,7 @@ class ApiTest extends FixtureTest */ public function testApiFrPhotoCreateUpdateWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photo_create_update('json'); @@ -3045,7 +3045,7 @@ class ApiTest extends FixtureTest */ public function testApiFrPhotoDetailWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photo_detail('json'); @@ -3091,7 +3091,7 @@ class ApiTest extends FixtureTest */ public function testApiAccountUpdateProfileImageWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_account_update_profile_image('json'); From 7d1a603ee5e028ab03a56f1512560cffc4aa1028 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 08:14:08 +0000 Subject: [PATCH 34/42] Changing the expectaztion in the test --- tests/legacy/ApiTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 605ac8c78f..a46d346b9a 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -1726,7 +1726,7 @@ class ApiTest extends FixtureTest */ public function testApiStatusesRepeat() { - $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); api_statuses_repeat('json'); } From 7c03eba98e9465f90d92ffde42e3372c8019e9fb Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 14:49:12 +0000 Subject: [PATCH 35/42] Removed unused code --- include/api.php | 83 ++--------------------- src/Module/Api/Friendica/Profile/Show.php | 6 +- src/Module/BaseApi.php | 19 ------ tests/legacy/ApiTest.php | 15 ---- 4 files changed, 5 insertions(+), 118 deletions(-) diff --git a/include/api.php b/include/api.php index c43632d2df..554293ea05 100644 --- a/include/api.php +++ b/include/api.php @@ -54,7 +54,6 @@ use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Object\Image; use Friendica\Protocol\Activity; use Friendica\Security\BasicAuth; -use Friendica\Security\OAuth; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; use Friendica\Util\Network; @@ -71,7 +70,6 @@ define('API_METHOD_DELETE', 'POST,DELETE'); define('API_LOG_PREFIX', 'API {action} - '); $API = []; -$called_api = []; /** * Get source name from API client @@ -178,7 +176,7 @@ function api_check_method($method) */ function api_call(App $a, App\Arguments $args = null) { - global $API, $called_api; + global $API; if ($args == null) { $args = DI::args(); @@ -205,8 +203,6 @@ function api_call(App $a, App\Arguments $args = null) throw new MethodNotAllowedException(); } - $called_api = explode("/", $p); - if (!empty($info['auth']) && BaseApi::getCurrentUserID() === false) { BasicAuth::getCurrentUserID(true); Logger::info(API_LOG_PREFIX . 'nickname {nickname}', ['module' => 'api', 'action' => 'call', 'nickname' => $a->getLoggedInUserNickname()]); @@ -334,8 +330,6 @@ function api_unique_id_to_nurl($id) */ function api_get_user($contact_id = null) { - global $called_api; - $user = null; $extra_query = ""; $url = ""; @@ -343,7 +337,7 @@ function api_get_user($contact_id = null) Logger::info(API_LOG_PREFIX . 'Fetching data for user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $contact_id]); // Searching for contact URL - if (!is_null($contact_id) && (intval($contact_id) == 0)) { + if (intval($contact_id) == 0) { $user = Strings::normaliseLink($contact_id); $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; @@ -353,7 +347,7 @@ function api_get_user($contact_id = null) } // Searching for contact id with uid = 0 - if (!is_null($contact_id) && (intval($contact_id) != 0)) { + if (intval($contact_id) != 0) { $user = api_unique_id_to_nurl(intval($contact_id)); if ($user == "") { @@ -367,72 +361,10 @@ function api_get_user($contact_id = null) } } - if (is_null($user) && !empty($_GET['user_id'])) { - $user = api_unique_id_to_nurl($_GET['user_id']); - - if ($user == "") { - throw new BadRequestException("User ID ".$_GET['user_id']." not found."); - } - - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (BaseApi::getCurrentUserID() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); - } - } - if (is_null($user) && !empty($_GET['screen_name'])) { - $user = $_GET['screen_name']; - $extra_query = "AND `contact`.`nick` = ? "; - if (BaseApi::getCurrentUserID() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(BaseApi::getCurrentUserID()); - } - } - - if (is_null($user) && !empty($_GET['profileurl'])) { - $user = Strings::normaliseLink($_GET['profileurl']); - $extra_query = "AND `contact`.`nurl` = ? "; - if (BaseApi::getCurrentUserID() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(BaseApi::getCurrentUserID()); - } - } - - // $called_api is the API path exploded on / and is expected to have at least 2 elements - if (is_null($user) && (DI::args()->getArgc() > (count($called_api) - 1)) && (count($called_api) > 0)) { - $argid = count($called_api); - if (!empty(DI::args()->getArgv()[$argid])) { - $data = explode(".", DI::args()->getArgv()[$argid]); - if (count($data) > 1) { - [$user, $null] = $data; - } - } - if (is_numeric($user)) { - $user = api_unique_id_to_nurl(intval($user)); - - if ($user != "") { - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (BaseApi::getCurrentUserID() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); - } - } - } else { - $extra_query = "AND `contact`.`nick` = ? "; - if (BaseApi::getCurrentUserID() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); - } - } - } - Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]); if (!$user) { - if (empty(BaseApi::getCurrentUserID())) { - BasicAuth::getCurrentUserID(true); - return false; - } else { - $user = BaseApi::getCurrentUserID(); - $extra_query = "AND `contact`.`uid` = ? AND `contact`.`self` "; - } + return false; } Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]); @@ -1579,8 +1511,6 @@ api_register_func('api/statusnet/conversation', 'api_conversation_show', true); */ function api_statuses_repeat($type) { - global $called_api; - $a = DI::app(); BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); @@ -1638,7 +1568,6 @@ function api_statuses_repeat($type) } // output the post that we just posted. - $called_api = []; return api_status_show($type, $item_id); } @@ -1928,14 +1857,10 @@ api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, */ function api_favorites($type) { - global $called_api; - BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - $called_api = []; - // in friendica starred item are private // return favorites only for self Logger::info(API_LOG_PREFIX . 'for {self}', ['module' => 'api', 'action' => 'favorites', 'self' => $user_info['self']]); diff --git a/src/Module/Api/Friendica/Profile/Show.php b/src/Module/Api/Friendica/Profile/Show.php index e388405eff..551b0d3b9d 100644 --- a/src/Module/Api/Friendica/Profile/Show.php +++ b/src/Module/Api/Friendica/Profile/Show.php @@ -24,7 +24,6 @@ namespace Friendica\Module\Api\Friendica\Profile; use Friendica\Profile\ProfileField\Collection\ProfileFields; use Friendica\Content\Text\BBCode; use Friendica\DI; -use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Module\BaseApi; use Friendica\Network\HTTPException; @@ -55,13 +54,10 @@ class Show extends BaseApi $profiles[] = $profile; } - // return settings, authenticated user and profiles data - $self = Contact::selectFirst(['nurl'], ['uid' => $uid, 'self' => true]); - $result = [ 'multi_profiles' => false, 'global_dir' => $directory, - 'friendica_owner' => self::getUser($self['nurl']), + 'friendica_owner' => DI::twitterUser()->createFromUserId($uid), 'profiles' => $profiles ]; diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index a0a94c336f..b90db36dcf 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -29,12 +29,8 @@ use Friendica\Model\Post; use Friendica\Network\HTTPException; use Friendica\Security\BasicAuth; use Friendica\Security\OAuth; -use Friendica\Util\Arrays; use Friendica\Util\DateTimeFormat; use Friendica\Util\HTTPInputData; -use Friendica\Util\XML; - -require_once __DIR__ . '/../../include/api.php'; class BaseApi extends BaseModule { @@ -295,19 +291,4 @@ class BaseApi extends BaseModule } } } - - /** - * Get user info array. - * - * @param int|string $contact_id Contact ID or URL - * @return array|bool - * @throws HTTPException\BadRequestException - * @throws HTTPException\InternalServerErrorException - * @throws HTTPException\UnauthorizedException - * @throws \ImagickException - */ - protected static function getUser($contact_id = null) - { - return api_get_user($contact_id); - } } diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index a46d346b9a..f91bf701df 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -725,7 +725,6 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetId() { - // $_GET['user_id'] = $this->otherUser['id']; // self::assertOtherUser(api_get_user()); } @@ -737,7 +736,6 @@ class ApiTest extends FixtureTest public function testApiGetUserWithWrongGetId() { // $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); - // $_GET['user_id'] = $this->wrongUserId; // self::assertOtherUser(api_get_user()); } @@ -748,7 +746,6 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetName() { - // $_GET['screen_name'] = $this->selfUser['nick']; // self::assertSelfUser(api_get_user()); } @@ -759,7 +756,6 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetUrl() { - // $_GET['profileurl'] = $this->selfUser['nurl']; // self::assertSelfUser(api_get_user()); } @@ -1429,7 +1425,6 @@ class ApiTest extends FixtureTest public function testApiSearchWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_search('json'); } @@ -1485,7 +1480,6 @@ class ApiTest extends FixtureTest public function testApiStatusesHomeTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_home_timeline('json'); } @@ -1556,7 +1550,6 @@ class ApiTest extends FixtureTest public function testApiStatusesPublicTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_public_timeline('json'); } @@ -1610,7 +1603,6 @@ class ApiTest extends FixtureTest public function testApiStatusesNetworkpublicTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_networkpublic_timeline('json'); } @@ -1673,7 +1665,6 @@ class ApiTest extends FixtureTest public function testApiStatusesShowWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_show('json'); } @@ -1714,7 +1705,6 @@ class ApiTest extends FixtureTest public function testApiConversationShowWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_conversation_show('json'); } @@ -1830,7 +1820,6 @@ class ApiTest extends FixtureTest public function testApiStatusesMentionsWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_mentions('json'); } @@ -1897,7 +1886,6 @@ class ApiTest extends FixtureTest public function testApiStatusesUserTimelineWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_statuses_user_timeline('json'); } @@ -2026,7 +2014,6 @@ class ApiTest extends FixtureTest public function testApiFavoritesWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_favorites('json'); } @@ -2452,7 +2439,6 @@ class ApiTest extends FixtureTest public function testApiListsStatusesWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_lists_statuses('json'); } @@ -2880,7 +2866,6 @@ class ApiTest extends FixtureTest public function testApiDirectMessagesBoxWithUnallowedUser() { $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); - $_GET['screen_name'] = $this->selfUser['nick']; BasicAuth::setCurrentUserID(); api_direct_messages_box('json', 'sentbox', 'false'); } From 0648f2f9ee6c49cec879b3f61b8eb1757fc0b4fa Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 15:55:25 +0000 Subject: [PATCH 36/42] Fix test --- tests/legacy/ApiTest.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index f91bf701df..a63daee933 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -812,7 +812,7 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithZeroUser() { - self::assertSelfUser(api_get_user(0)); + self::assertSelfUser(DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray()); } /** From 15af14aea40acffd747b002ee7c47beaee38cb10 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 20:09:17 +0000 Subject: [PATCH 37/42] changed quotes --- include/api.php | 46 +++++++++++++++++++++++----------------------- 1 file changed, 23 insertions(+), 23 deletions(-) diff --git a/include/api.php b/include/api.php index 554293ea05..4259f4349a 100644 --- a/include/api.php +++ b/include/api.php @@ -452,11 +452,11 @@ function api_account_verify_credentials($type) { BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); $skip_status = $_REQUEST['skip_status'] ?? false; @@ -710,7 +710,7 @@ function api_statuses_update($type) $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $_REQUEST['source'] = api_source(); } // call out normal post function @@ -1133,11 +1133,11 @@ function api_statuses_home_timeline($type) $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); // get last network messages @@ -1558,7 +1558,7 @@ function api_statuses_repeat($type) $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $_REQUEST['source'] = api_source(); } $item_id = item_post($a); @@ -1634,11 +1634,11 @@ function api_statuses_mentions($type) $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); // get last network messages @@ -2677,11 +2677,11 @@ function api_lists_statuses($type) $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); if (empty($_REQUEST['list_id'])) { throw new BadRequestException('list_id not specified'); @@ -2937,7 +2937,7 @@ function api_direct_messages_new($type) $uid = BaseApi::getCurrentUserID(); - if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { + if (empty($_POST["text"]) || empty($_POST['screen_name']) && empty($_POST['user_id'])) { return; } @@ -3173,11 +3173,11 @@ function api_direct_messages_box($type, $box, $verbose) $screen_name = $_REQUEST['screen_name'] ?? ''; // caller user info - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); From 2d5989a6bdbedbcc75c4ce46a05e09854ce2ce9e Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 21:18:00 +0000 Subject: [PATCH 38/42] Fixed handling of return value --- include/api.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/include/api.php b/include/api.php index 4259f4349a..0536e7a75d 100644 --- a/include/api.php +++ b/include/api.php @@ -341,7 +341,7 @@ function api_get_user($contact_id = null) $user = Strings::normaliseLink($contact_id); $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; - if (BaseApi::getCurrentUserID() !== false) { + if (!empty(BaseApi::getCurrentUserID())) { $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } @@ -356,7 +356,7 @@ function api_get_user($contact_id = null) $url = $user; $extra_query = "AND `contact`.`nurl` = ? "; - if (BaseApi::getCurrentUserID() !== false) { + if (!empty(BaseApi::getCurrentUserID())) { $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); } } From 1f79d25ffcef2a740453f0d69f57223c03a50b79 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 21:43:13 +0000 Subject: [PATCH 39/42] Replaced "api_date" --- include/api.php | 21 ++++--------------- .../Api/Twitter/Account/RateLimitStatus.php | 2 +- src/Object/Api/Twitter/User.php | 3 ++- src/Util/DateTimeFormat.php | 1 + tests/legacy/ApiTest.php | 2 +- 5 files changed, 9 insertions(+), 20 deletions(-) diff --git a/include/api.php b/include/api.php index 0536e7a75d..929900f49f 100644 --- a/include/api.php +++ b/include/api.php @@ -103,19 +103,6 @@ function api_source() return "api"; } -/** - * Format date for API - * - * @param string $str Source date, as UTC - * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" - * @throws Exception - */ -function api_date($str) -{ - // Wed May 23 06:01:13 +0000 2007 - return DateTimeFormat::utc($str, "D M d H:i:s +0000 Y"); -} - /** * Register a function to be the endpoint for defined API path. * @@ -288,7 +275,7 @@ function api_rss_extra($arr, $user_info) 'alternate' => $user_info['url'], 'self' => DI::baseUrl() . "/" . DI::args()->getQueryString(), 'base' => DI::baseUrl(), - 'updated' => api_date(null), + 'updated' => DateTimeFormat::utc(null, DateTimeFormat::API), 'atom_updated' => DateTimeFormat::utcNow(DateTimeFormat::ATOM), 'language' => $user_info['lang'], 'logo' => DI::baseUrl() . "/images/friendica-32.png", @@ -1925,7 +1912,7 @@ function api_format_messages($item, $recipient, $sender) 'sender_id' => $sender['id'], 'text' => "", 'recipient_id' => $recipient['id'], - 'created_at' => api_date($item['created'] ?? DateTimeFormat::utcNow()), + 'created_at' => DateTimeFormat::utc($item['created'] ?? DateTimeFormat::utcNow(), DateTimeFormat::API), 'sender_screen_name' => $sender['screen_name'], 'recipient_screen_name' => $recipient['screen_name'], 'sender' => $sender, @@ -2459,7 +2446,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $status = [ 'text' => $converted["text"], 'truncated' => false, - 'created_at'=> api_date($item['created']), + 'created_at'=> DateTimeFormat::utc($item['created'], DateTimeFormat::API), 'in_reply_to_status_id' => $in_reply_to['status_id'], 'in_reply_to_status_id_str' => $in_reply_to['status_id_str'], 'source' => (($item['app']) ? $item['app'] : 'web'), @@ -2558,7 +2545,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $retweeted_status['text'] = $rt_converted["text"]; $retweeted_status['statusnet_html'] = $rt_converted["html"]; $retweeted_status['friendica_html'] = $rt_converted["html"]; - $retweeted_status['created_at'] = api_date($retweeted_item['created']); + $retweeted_status['created_at'] = DateTimeFormat::utc($retweeted_item['created'], DateTimeFormat::API); if (!empty($quoted_status)) { $retweeted_status['quoted_status'] = $quoted_status; diff --git a/src/Module/Api/Twitter/Account/RateLimitStatus.php b/src/Module/Api/Twitter/Account/RateLimitStatus.php index e38ffb061a..9a275cecb9 100644 --- a/src/Module/Api/Twitter/Account/RateLimitStatus.php +++ b/src/Module/Api/Twitter/Account/RateLimitStatus.php @@ -48,7 +48,7 @@ class RateLimitStatus extends BaseApi 'reset_time_in_seconds' => strtotime('now + 1 hour'), 'remaining_hits' => '150', 'hourly_limit' => '150', - 'reset_time' => api_date(DateTimeFormat::utc('now + 1 hour', DateTimeFormat::ATOM)), + 'reset_time' => DateTimeFormat::utc('now + 1 hour', DateTimeFormat::API), ]; } diff --git a/src/Object/Api/Twitter/User.php b/src/Object/Api/Twitter/User.php index 8972d75837..75263e9b77 100644 --- a/src/Object/Api/Twitter/User.php +++ b/src/Object/Api/Twitter/User.php @@ -26,6 +26,7 @@ use Friendica\Content\ContactSelector; use Friendica\Content\Text\BBCode; use Friendica\Core\Protocol; use Friendica\Model\Contact; +use Friendica\Util\DateTimeFormat; use Friendica\Util\Proxy; /** @@ -124,7 +125,7 @@ class User extends BaseDataTransferObject $this->followers_count = $apcontact['followers_count'] ?? 0; $this->friends_count = $apcontact['following_count'] ?? 0; $this->listed_count = 0; - $this->created_at = api_date($publicContact['created']); + $this->created_at = DateTimeFormat::utc($publicContact['created'], DateTimeFormat::API); $this->favourites_count = 0; $this->verified = $uid != 0; $this->statuses_count = $apcontact['statuses_count'] ?? 0; diff --git a/src/Util/DateTimeFormat.php b/src/Util/DateTimeFormat.php index cf3216a152..141fa37f6c 100644 --- a/src/Util/DateTimeFormat.php +++ b/src/Util/DateTimeFormat.php @@ -35,6 +35,7 @@ class DateTimeFormat const MYSQL = 'Y-m-d H:i:s'; const HTTP = 'D, d M Y H:i:s \G\M\T'; const JSON = 'Y-m-d\TH:i:s.v\Z'; + const API = 'D M d H:i:s +0000 Y'; static $localTimezone = 'UTC'; diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index a63daee933..f4ac58d044 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -275,7 +275,7 @@ class ApiTest extends FixtureTest */ public function testApiDate() { - self::assertEquals('Wed Oct 10 00:00:00 +0000 1990', api_date('1990-10-10')); + self::assertEquals('Wed Oct 10 00:00:00 +0000 1990', DateTimeFormat::utc('1990-10-10', DateTimeFormat::API)); } /** From 8fd738f550049f72d4c9af7f9a4273d45065a523 Mon Sep 17 00:00:00 2001 From: Michael Date: Thu, 18 Nov 2021 22:20:19 +0000 Subject: [PATCH 40/42] Removed "api_get_user" --- include/api.php | 111 +++------------------------------------ src/Module/BaseApi.php | 12 +++++ tests/legacy/ApiTest.php | 52 ------------------ 3 files changed, 20 insertions(+), 155 deletions(-) diff --git a/include/api.php b/include/api.php index 929900f49f..ddb224d211 100644 --- a/include/api.php +++ b/include/api.php @@ -133,24 +133,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY ]; } -/** - * Check HTTP method of called API - * - * API endpoints can define which HTTP method to accept when called. - * This function check the current HTTP method agains endpoint - * registered method. - * - * @param string $method Required methods, uppercase, separated by comma - * @return bool - */ -function api_check_method($method) -{ - if ($method == "*") { - return true; - } - return (stripos($method, $_SERVER['REQUEST_METHOD'] ?? 'GET') !== false); -} - /** * Main API entry point * @@ -186,10 +168,6 @@ function api_call(App $a, App\Arguments $args = null) try { foreach ($API as $p => $info) { if (strpos($args->getCommand(), $p) === 0) { - if (!api_check_method($info['method'])) { - throw new MethodNotAllowedException(); - } - if (!empty($info['auth']) && BaseApi::getCurrentUserID() === false) { BasicAuth::getCurrentUserID(true); Logger::info(API_LOG_PREFIX . 'nickname {nickname}', ['module' => 'api', 'action' => 'call', 'nickname' => $a->getLoggedInUserNickname()]); @@ -304,85 +282,6 @@ function api_unique_id_to_nurl($id) } } -/** - * Get user info array. - * - * @param App $a App - * @param int|string $contact_id Contact ID or URL - * @return array|bool - * @throws BadRequestException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_get_user($contact_id = null) -{ - $user = null; - $extra_query = ""; - $url = ""; - - Logger::info(API_LOG_PREFIX . 'Fetching data for user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $contact_id]); - - // Searching for contact URL - if (intval($contact_id) == 0) { - $user = Strings::normaliseLink($contact_id); - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (!empty(BaseApi::getCurrentUserID())) { - $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); - } - } - - // Searching for contact id with uid = 0 - if (intval($contact_id) != 0) { - $user = api_unique_id_to_nurl(intval($contact_id)); - - if ($user == "") { - throw new BadRequestException("User ID ".$contact_id." not found."); - } - - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (!empty(BaseApi::getCurrentUserID())) { - $extra_query .= "AND `contact`.`uid`=" . intval(BaseApi::getCurrentUserID()); - } - } - - Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]); - - if (!$user) { - return false; - } - - Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]); - - // user info - $uinfo = DBA::toArray(DBA::p( - "SELECT *, `contact`.`id` AS `cid` FROM `contact` - WHERE 1 - $extra_query", - $user - )); - - if (DBA::isResult($uinfo)) { - // Selecting the id by priority, friendica first - api_best_nickname($uinfo); - return DI::twitterUser()->createFromContactId($uinfo[0]['cid'], $uinfo[0]['uid'])->toArray(); - } - - if ($url == "") { - throw new BadRequestException("User not found."); - } - - $cid = Contact::getIdForURL($url, 0, false); - - if (!empty($cid)) { - return DI::twitterUser()->createFromContactId($cid, 0)->toArray(); - } else { - throw new BadRequestException("User ".$url." not found."); - } -} - /** * return api-formatted array for item's author and owner * @@ -981,7 +880,10 @@ function api_users_lookup($type) if (!empty($_REQUEST['user_id'])) { foreach (explode(',', $_REQUEST['user_id']) as $id) { if (!empty($id)) { - $users[] = api_get_user($id); + $cid = BaseApi::getContactIDForSearchterm($id); + if (!empty($cid)) { + $users[] = DI::twitterUser()->createFromContactId($cid, BaseApi::getCurrentUserID())->toArray(); + } } } } @@ -2940,7 +2842,10 @@ function api_direct_messages_new($type) $recipient = DI::twitterUser()->createFromContactId($contacts[0]['id'], $uid)->toArray(); } } else { - $recipient = api_get_user($_POST['user_id']); + $cid = BaseApi::getContactIDForSearchterm($_POST['user_id']); + if (!empty($cid)) { + $recipient = DI::twitterUser()->createFromContactId($cid, $uid)->toArray(); + } } if (empty($recipient)) { diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index a34f25f938..2e8e1d15b8 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -25,6 +25,7 @@ use Friendica\BaseModule; use Friendica\Core\Logger; use Friendica\Core\System; use Friendica\DI; +use Friendica\Model\Contact; use Friendica\Model\Post; use Friendica\Network\HTTPException; use Friendica\Security\BasicAuth; @@ -290,4 +291,15 @@ class BaseApi extends BaseModule } } } + + public static function getContactIDForSearchterm($searchterm) + { + if (intval($searchterm) == 0) { + $cid = Contact::getIdForURL($searchterm, 0, false); + } else { + $cid = intval($searchterm); + } + + return $cid; + } } diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index f4ac58d044..13509bf343 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -378,37 +378,6 @@ class ApiTest extends FixtureTest BasicAuth::getCurrentUserID(true); } - /** - * Test the api_check_method() function. - * - * @return void - */ - public function testApiCheckMethod() - { - self::assertFalse(api_check_method('method')); - } - - /** - * Test the api_check_method() function with a correct method. - * - * @return void - */ - public function testApiCheckMethodWithCorrectMethod() - { - $_SERVER['REQUEST_METHOD'] = 'method'; - self::assertTrue(api_check_method('method')); - } - - /** - * Test the api_check_method() function with a wildcard. - * - * @return void - */ - public function testApiCheckMethodWithWildcard() - { - self::assertTrue(api_check_method('*')); - } - /** * Test the api_call() function. * @@ -784,27 +753,6 @@ class ApiTest extends FixtureTest // self::assertSelfUser(api_get_user()); } - /** - * Test the api_get_user() function with a valid user. - * - * @return void - */ - public function testApiGetUserWithCorrectUser() - { - self::assertOtherUser(api_get_user($this->otherUser['id'])); - } - - /** - * Test the api_get_user() function with a wrong user ID. - * - * @return void - */ - public function testApiGetUserWithWrongUser() - { - $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); - self::assertOtherUser(api_get_user($this->wrongUserId)); - } - /** * Test the api_get_user() function with a 0 user ID. * From 4a674ea3d3a3a33bff07f668015776b0ae9a46de Mon Sep 17 00:00:00 2001 From: Michael Vogel Date: Fri, 19 Nov 2021 06:05:58 +0100 Subject: [PATCH 41/42] Update include/api.php Co-authored-by: Hypolite Petovan --- include/api.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/include/api.php b/include/api.php index ddb224d211..d1ff1458ed 100644 --- a/include/api.php +++ b/include/api.php @@ -1814,7 +1814,7 @@ function api_format_messages($item, $recipient, $sender) 'sender_id' => $sender['id'], 'text' => "", 'recipient_id' => $recipient['id'], - 'created_at' => DateTimeFormat::utc($item['created'] ?? DateTimeFormat::utcNow(), DateTimeFormat::API), + 'created_at' => DateTimeFormat::utc($item['created'] ?? 'now', DateTimeFormat::API), 'sender_screen_name' => $sender['screen_name'], 'recipient_screen_name' => $recipient['screen_name'], 'sender' => $sender, From c30d3a5e7fb50ecf2410444ccdbfff204ef55418 Mon Sep 17 00:00:00 2001 From: Michael Date: Fri, 19 Nov 2021 05:59:24 +0000 Subject: [PATCH 42/42] header route fixed --- static/routes.config.php | 1 + 1 file changed, 1 insertion(+) diff --git a/static/routes.config.php b/static/routes.config.php index 468a9f85ea..e3ab677610 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -474,6 +474,7 @@ return [ '/photo' => [ '/{name}' => [Module\Photo::class, [R::GET]], '/{type}/{id:\d+}' => [Module\Photo::class, [R::GET]], + '/{type:contact|header}/{guid}' => [Module\Photo::class, [R::GET]], // User Id Fallback, to remove after version 2021.12 '/{type}/{uid_ext:\d+\..*}' => [Module\Photo::class, [R::GET]], '/{type}/{nickname_ext}' => [Module\Photo::class, [R::GET]],