Releases: jaywink/federation
v0.16.0
[0.16.0] - 2018-07-23
Added
-
Enable generating encrypted JSON payloads with the Diaspora protocol which adds private message support. (related issue)
JSON encrypted payload encryption and decryption is handled by the Diaspora
EncryptedPayload
class. -
Add RFC3033 webfinger generator (related issue)
Also provided is a Django view and url configuration for easy addition into Django projects. Django is not a hard dependency of this library, usage of the Django view obviously requires installing Django itself. For configuration details see documentation.
-
Add fetchers and parsers for NodeInfo, NodeInfo2, StatisticsJSON and Mastodon server metainfo documents.
-
Add NodeInfo2 generator and Django view. See documentation for details. (related issue)
-
Added new network utilities to fetch IP and country information from a host.
The country information is fetched using the free
ipdata.co
service. NOTE! This service is rate limited to 1500 requests per day. -
Extract mentions from Diaspora payloads that have text content. The mentions will be available in the entity as
_mentions
which is a set of Diaspora ID's in URI format.
Changed
-
Send outbound Diaspora payloads in new format. Remove possibility to generate legacy MagicEnvelope payloads. (related issue)
-
Backwards incompatible. Refactor
handle_send
functionNow handle_send high level outbound helper function also allows delivering private payloads using the Diaspora protocol. (related issue)
The signature has changed. Parameter
recipients
should now be a list of recipients to delivery to. Each recipient should either be anid
or a tuple of(id, public key)
. If public key is provided, Diaspora protocol delivery will be made as an encrypted private delivery. -
Backwards incompatible. Change
handle_create_payload
function signature.Parameter
to_user
is nowto_user_key
and thus instead of an object containing thekey
attribute it should now be an RSA public key object instance. This simplifies things since we only need the key from the user, nothing else. -
Switch Diaspora protocol to send new style entities (related issue)
We've already accepted these on incoming payloads for a long time and so do all the other platforms now, so now we always send out entities with the new property names. This can break federation with really old servers that don't understand these keys yet.
Fixed
-
Change unquote method used when preparing Diaspora XML payloads for verification (related issue)
Some platforms deliver payloads not using the urlsafe base64 standard which caused problems when validating the unquoted signature. Ensure maximum compatibility by allowing non-standard urlsafe quoted payloads.
-
Fix for empty values in Diaspora protocol entities sometimes ending up as
None
instead of empty string when processing incoming payloads. -
Fix validation of
Retraction
with entity typeShare
-
Allow port in Diaspora handles as per the protocol specification
Previously handles were validated like emails.
-
Fix Diaspora
Profile
mapping regardinglast_name
propertyPreviously only
first_name
was used when creating theProfile.name
value. Now bothfirst_name
andlast_name
are used.When creating outgoing payloads, the
Profile.name
will still be placed infirst_name
to avoid trying to artificially split it.
v0.15.0
[0.15.0] - 2018-02-12
Added
-
Added base entity
Share
which maps to aDiasporaReshare
for the Diaspora protocol. (related issue)The
Share
entity supports all the properties that a Diaspora reshare does. Additionally two other properties are supported:raw_content
andentity_type
. The former can be used for a "quoted share" case where the sharer adds their own note to the share. The latter can be used to reference the type of object that was shared, to help the receiver, if it is not sharing aPost
entity. The value must be a base entity class name. -
Entities have two new properties:
id
andtarget_id
.Diaspora entity ID's are in the form of the Diaspora URI scheme, where it is possible to construct an ID from the entity. In the future, ActivityPub object ID's will be found in these properties.
-
New high level fetcher function
federation.fetchers.retrieve_remote_content
. (related issue)This function takes the following parameters:
id
- Object ID. For Diaspora, the only supported protocol at the moment, this is in the Diaspora URI format.sender_key_fetcher
- Optional function that takes a profilehandle
and returns a public key instr
format. If this is not given, the public key will be fetched from the remote profile over the network.
The given ID will be fetched from the remote endpoint, validated to be from the correct author against their public key and then an instance of the entity class will be constructed and returned.
-
New Diaspora protocol helpers in
federation.utils.diaspora
:retrieve_and_parse_content
. See notes regarding the high level fetcher above.fetch_public_key
. Given ahandle
as a parameter, will fetch the remote profile and return thepublic_key
from it.parse_diaspora_uri
. Parses a Diaspora URI scheme string, returns eitherNone
if parsing fails or atuple
ofhandle
,entity_type
andguid
.
-
Support fetching new style Diaspora protocol Webfinger (RFC 3033) (related issue)
The legaxy Webfinger is still used as fallback if the new Webfinger is not found.
Changed
-
Refactoring for Diaspora
MagicEnvelope
class.The class init now also allows passing in parameters to construct and verify MagicEnvelope instances. The order of init parameters has not been changed, but they are now all optional. When creating a class instance, one should always pass in the necessary parameters depnding on whether the class instance will be used for building a payload or verifying an incoming payload. See class docstring for details.
-
Diaspora procotol receive flow now uses the
MagicEnvelope
class to verify payloads. No functional changes regarding verification otherwise. -
Diaspora protocol receive flow now fetches the sender public key over the network if a
sender_key_fetcher
function is not passed in. Previously an error would be raised.Note that fetching over the network for each payload is wasteful. Implementers should instead cache public keys when possible and pass in a function to retrieve them, as before.
Fixed
-
Converting base entity
Profile
toDiasporaProfile
for outbound sending missed two attributes,image_urls
andtag_list
. Those are now included so that the values transfer into the built payload. -
Fix fallback to HTTP in the
fetch_document
network helper in the case ofConnectionError
when trying HTTPS. Thanks @autogestion. -
Ensure
handle
is always lower cased when fetching remote profile usingretrieve_remote_profile
. Warning will be logged if an upper case handle is passed in.
v0.14.1
v0.14.0
[0.14.0] - 2017-08-06
Security
-
Add proper checks to make sure Diaspora protocol payload handle and entity handle are the same. Even though we already verified the signature of the sender, we didn't ensure that the sender isn't trying to fake an entity authored by someone else.
The Diaspora protocol functions
message_to_objects
andelement_to_objects
now require a new parameter, the payload sender handle. These functions should normally not be needed to be used directly.
Changed
-
Breaking change. The high level
federation.outbound
functionshandle_send
andhandle_create_payload
signatures have been changed. This has been done to better represent the objects that are actually sent in and to add an optionalparent_user
object.For both functions the
from_user
parameter has been renamed toauthor_user
. Optionally aparent_user
object can also be passed in. Both the user objects must haveprivate_key
andhandle
attributes. In the case thatparent_user
is given, that user will be used to sign the payload and for Diaspora relayables an extraparent_author_signature
in the payload itself.
v0.13.0
[0.13.0] - 2017-07-22
Backwards incompatible changes
- When processing Diaspora payloads, entity used to get a
_source_object
stored to it. This was anetree.Element
created from the source object. Due to serialization issues in applications (for example pushing the object to a task queue or saving to database),_source_object
is now a byte string representation for the element done withetree.tostring()
.
Added
- New style Diaspora private encrypted JSON payloads are now supported in the receiving side. Outbound private Diaspora payloads are still sent as legacy encrypted payloads. (issue)
- No additional changes need to be made when calling
handle_receive
from your task processing. Just pass in the full received XML or JSON payload as a string with recipient user object as before.
- No additional changes need to be made when calling
- Add
created_at
to DiasporaComment
entity XML creator. This is required in renewed Diaspora protocol. (related issue)
Fixed
- Fix getting sender from a combination of legacy Diaspora encrypted payload and new entity names (for example
author
). This combination probably only existed in this library. - Correctly extend entity
_children
. Certain Diaspora payloads caused_children
for an entity to be written over by an empty list, causing for example status message photos to not be saved. Correctly do an extend on it. (issue) - Fix parsing Diaspora profile
tag_string
intoProfile.tag_list
if thetag_string
is an empty string. This caused the wholeProfile
object creation to fail. (issue) - Fix processing Diaspora payload if it is passed to
handle_receive
as abytes
object. (issue) - Fix broken Diaspora relayables after latest 0.2.0 protocol changes. Previously relayables worked only because they were reverse engineered from the legacy protocol. Now that XML order is not important and tag names can be different depending on which protocol version, the relayable forwarding broke. To fix, we don't regenerate the entity when forwarding it but store the original received object when generating a
parent_author_signature
(which is optional in some cases, but we generate it anyway for now). This happens in the previously existingentity.sign_with_parent()
method. In the sending part, if the original received object (now with a parent author signature) exists in the entity, we send that to the remote instead of serializing the entity to XML.- To forward a relayable you must call
entity.sign_with_parent()
before callinghandle_send
to send the entity.
- To forward a relayable you must call
Removed
Post.photos
entity attribute was never used by any code and has been removed. Child entities of typeImage
are stored in thePost._children
as before.- Removed deprecated user private key lookup using
user.key
in Diaspora receive processing. Passed inuser
objects must now have aprivate_key
attribute.
v0.12.0
[0.12.0] - 2017-05-22
Backwards incompatible changes
- Removed exception class
NoHeaderInMessageError
. New style Diaspora protocol does not have a custom header in the Salmon magic envelope and thus there is no need to raise this anywhere.
Added
- New style Diaspora public payloads are now supported (see here). Old style payloads are still supported. Payloads are also still sent out old style.
- Add new
Follow
base entity and support for the new Diaspora "contact" payload. The simpleFollow
maps to Diaspora contact entity with following/sharing both true or false. Sharing as a separate concept is not currently supported. - Added
_receiving_guid
to all entities. This is filled withuser.guid
ifuser
is passed tofederation.inbound.handle_receive
and it has aguid
. Normally in for example Diaspora, this will always be done in private payloads.
Fixed
- Legacy Diaspora retraction of sharing/following is now supported correctly. The end result is a
DiasporaRetraction
for entity typeProfile
. Since the payload doesn't contain the receiving user for a sharing/following retraction in legacy Diaspora protocol, we store the guid of the user in the entity as_receiving_guid
, assuming it was passed in for processing.
v0.11.0
[0.11.0] - 2017-05-08
Backwards incompatible changes
Diaspora protocol support added for comment
and like
relayable types. On inbound payloads the signature included in the payload will be verified against the sender public key. A failed verification will raise SignatureVerificationError
. For outbound entities, the author private key will be used to add a signature to the payload.
This introduces some backwards incompatible changes to the way entities are processed. Diaspora entity mappers get_outbound_entity
and entity utilities get_full_xml_representation
now requires the author private_key
as a parameter. This is required to sign outgoing Comment
and Reaction
(like) entities.
Additionally, Diaspora entity mappers message_to_objects
and element_to_objects
now take an optional sender_key_fetcher
parameter. This must be a function that when called with the sender handle will return the sender public key. This allows using locally cached public keys instead of fetching them as needed. NOTE! If the function is not given, each processed payload will fetch the public key over the network.
A failed payload signature verification now raises a SignatureVerificationError
instead of a less specific AssertionError
.
Added
- Three new attributes added to entities.
- Add protocol name to all entities to attribute
_source_protocol
. This might be useful for applications to know which protocol payload the entity was created from once multiple protocols are implemented. - Add source payload object to the entity at
_source_object
when processing it. - Add sender public key to the entity at
_sender_key
, but only if it was used for validating signatures.
- Add protocol name to all entities to attribute
- Add support for the new Diaspora payload properties coming in the next protocol version. Old XML payloads are and will be still supported.
DiasporaComment
andDiasporaLike
will get the order of elements in the XML payload as a list inxml_tags
. For implementers who want to recreate payloads for these relayables, this list should be saved for later use.- High level
federation.outbound.handle_send
helper function now allows sending entities to a list of recipients without having to deal with payload creation or caring about the protocol (in preparation of being a multi-protocol library).- The function takes three parameters,
entity
that will be sent,from_user
that is sending (note, not necessarely authoring, this user will be used to sign the payload for Diaspora for example) and a list of recipients as tuples of recipient handle/domain and optionally protocol. In the future, if protocol is not given, it will be guessed from the recipient handle, and if necessary a network lookup will be made to see what protocols the receiving identity supports. - Payloads will be delivered to each receiver only once. Currently only public messages are supported through this helper, so multiple recipients on a single domain will cause only one delivery.
- The function takes three parameters,
Changed
- Refactor processing of Diaspora payload XML into entities. Diaspora protocol is dropping the
<XML><post></post></XML>
wrapper for the payloads. Payloads with the wrapper will still be parsed as before.
v0.10.1
v0.10.0
[0.10.0] - 2017-01-28
Added
- Add support for new Diaspora protocol ISO 8601 timestamp format introduced in protocol version 0.1.6.
- Tests are now executed also against Python 3.6.
Fixes
- Don't crash
federation.utils.diaspora.retrieve_diaspora_webfinger
if XRD parse raises anxml.parsers.expat.ExpatError
.