The project code has migrated from GitLab to Codeberg: https://codeberg.org/socialhome/federation
Any issues before October 2024 are only available in the old GitLab issue tracker.
-
This is actually both a change and a fix. AP Image objects do not define properties matching the HTML img tag alt and title properties. Image.name is used to render both alt and title, which IMHO is wrong. With this change, markdown images defining the title property will be recognized instead of being thrown away (the fix) and the title property, if defined, will have precedence over the alt property as the Image.name value (the change). Before this change, the client app would properly render the img tag from the markdown source (with distinct alt and title properties), but the Image object would not federate and hence not be displayed on other platforms (namely Mastodon).
-
Enable webfinger URI resources for both requests and responses.
-
Add
application/ld+json, application/ld+json; profile="https://www.w3.org/ns/activitystreams
to the Accept header used in utils.activitypub.retrieve_and_parse_document. -
AP Groups: Define the
Add
activity class and handle nested AP activities (in support of FEP-400e). Define theaudience
property (in support of FEP-1b12). Note: current client app doesn't fully support AP Groups yet. -
Add an
image
property tobase.Profile
in support of AP Actor (and derived objects, e.g. Person)image
property implemented asusers.Profile.picture_url
by the client app.
-
Note._find_and_mark_mentions: When an AP Mention object href can't be found in the rendered content, try the name property.
-
Ignore media objects that don't define a media type.
-
Prevent rendered content image duplication when an image is both in the AP payload rendered content and defined as an attachment that doesn't set the inlineImage property.
-
Instead of discarding the whole AP payload out when encountering an undefined or unlisted AP object, log a warning and keep going. Ensure None is returned when a nested field only contains an undefined object.
-
Accept the application/ld+json type for webfinger AP links.
-
Mark an AP mention only if profile.finger is defined.
-
Handle escape sequences for inbound markdown mentions.
-
Discard illegal characters from tag text. Previously, this was done only on tag links.
-
Do not use a Unicode character range with MENTION_PATTERN. Replaced with a complement set.
-
Handle attempts to retrieve deleted Diaspora profiles more gracefully.
- Address CVE-2024-23832 by ensuring that a pulled AP payload id netloc is the same as the request fid netloc.
-
LD signature. Relayable AP payloads signatures are checked (inbound) and signed (outbound). A missing or invalid signature on inbound payloads will trigger a fetch if the sender differs from the author (i.e., a relay).
-
The
signable
attribute has been added. It defaults toFalse
and will enforce the fetching of relayed payloads with a bad signature when set toTrue
on a given class. -
The
url
property is now set to theid
property as some platforms make use of it.
-
Re-implement dynamically generated LD contexts for outbound payloads. AP extensions are defined on a per class/property basis. For classes, a
ctx
attribute is set if required. For properties, the calamus fieldmetadata
property is used. -
For inbound payload, a cached dict of all the defined AP extensions is merged with each incoming LD context.
-
Better handle conflicting property defaults by having
get_base_attributes
return only attributes that are not empty (or bool). This helps distinguish betweenmarshmallow.missing
and empty values. -
JsonLD document caching now set in
activitypub/__init__.py
. -
Patch outbound payloads for platform that don't handle arrays compacted to a single value and
as:Public
. -
Always try to get profiles from the client app before fetching from remote. In support of this, the client app AP profiles must include the keyId and the followers URIs. As a significant side effect, profile retractions are now more likely to succeed.
-
Switch to BeautifulSoup for content parsing. The client app is now expected to provide the rendered content for outbound payloads. Mark inbound AP payload hashtag and mention links and let the client app deal with them.
-
Move process_text_links back to the client app.
-
Handle gotosocial reply collections.
-
Inbound AP share retractions (undo announce) were deserialized as a
base.Retraction
class, which would throw an error when accessing the missingsignable
attribute. To fix this, aRetraction
class was added. -
Because of the additions and changes above, a number of tests needed to be fixed.
-
HTTP signature verification now returns the signature author fid which is used as the actual sender by
message_to_object
. -
In fetch_document: if response.encoding is not set, default to utf-8.
-
Fix process_text_links that would crash on
a
tags with nohref
attribute. -
Ignore relayed AP retractions.
-
Fix AP profile processing for hubzilla, guppe and bird.makeup.
-
Unquote and normalize hashtag links.
-
Fix Peertube payload processing when the content property is missing.
-
Ensure the outbound AP profile to property is an array.
- Fix documentation builds
- Add a validation function for the Activitypub
attributedTo
property. Ensure it starts withhttp
.
-
Optimize handle_send by ensuring a payload is only sent once per recipient unique endpoint.
-
Match the Activitypub Hashtag object
href
property value against the raw content in order to make this process platform agnostic.
-
The Activitypub
url
property can now handle nested Link objects for all defined object types. -
Catch cases where an Activitypub CollectionPage
next
property points back to a Collection object. -
Make the Activitypub Follow class handle both the Undo and the Accept activities.
- Switch
python-httpsig-socialhome
dependency to PyPi packaged version.
-
Activitypub payloads are now processed by calamus (https://github.com/SwissDataScienceCenter/calamus), which is a jsonld processor based on marshmallow.
-
A large number of inbound Activitypub objects and properties are deserialized, it's up to the client app to implement the corresponding behavior.
-
Unsupported objects and properties should be easy to implement. Unsupported payloads are logged as such.
-
More AP platforms are now supported (friendica, pixelfed, misskey, pleroma, gotosocial, litepub, and more). The jsonld context some platforms provide sometimes needs to be patched because of missing jsonld term definitions.
-
Peertube Video objects are translated into Posts.
-
-
For performance, requests_cache has been added. It pulls a redis configuration from django if one exists or falls back to a sqlite backend. Special case: pyld document loader has been extended to use redis directly.
-
Activitypub GET requests are now signed if the django configuration includes FEDERATION_USER which is used to fetch that user's private key.
-
Activitypub remote GET signature is now verified in order to authorize remote access to limited content.
-
Added Video and Audio objects. Inbound support only.
-
Process Activitypub reply collections. When supported by the client app, it allows for a more complete view of conversations, especially for shared content.
-
WIP: initial support for providing reponses to Activitypub collections requests. This release only responds with a count for the followers and following collections.
-
outbound.py doesn't need to set the to and cc Activitypub properties, they are now expected to be set by the client app.
-
Attempts are made to remove duplicate img tags some platforms send (friendica, for one).
-
Activitypub receivers of the followers variant are now correctly processed for all known platforms.
-
Accept images with application/octet-stream content type (with the help of the magic library).
-
user@domain is now the only format used for mentions. The client app is expected to comply. For Activitypub, this means making a webfinger request to validate the handle if the client app doesn't already know the corresponding profile.
-
Because of the change above, ensure mentions in Diaspora outbound payloads are as per their protocol spec (i.e. replacing @user@domain with @{user@domain} in the text)
-
Signatures are not verified and the corresponding payload is dropped if no public key is found.
-
Sign forwarded AP replies and shares with the target content author's private key.
-
Dropped python 3.6 support.
-
Many tests were fixed/updated.
-
Work in progress Matrix support over an appservice 😻
Currently requires Django support. Tested on Dendrite and up to version v0.3.11 only. Features so far:
- Register local users on the configured Matrix server.
- Post local user public posts into Matrix side to their profile timeline rooms and to each hashtag room.
-
Fixed image delivery between platforms that send ActivityPub payloads with a markdown
source
, caused by overenthusiastic linkifying of markdown. -
Fix a crash in
outbound.handle_send
when payload failed to be generated andparent_user
was not given.
- Start testing on Python 3.8 which is the new recommended version to use.
- Removed the network utils
fetch_host_ip_and_country
andfetch_country_by_ip
due to the library that was used starting to require an API key.
- Fix some tests for newer Python.
-
Entities with a
raw_content
field now have URL syntax mentions rendered into a link. (related issue)If Django is configured, a profile will be retrieved using the configured profile getter function and the profile name or username will be used for the link.
-
Add
process_text_links
text utility to linkify URL's in text. -
Add
find_tags
text utility to find hashtags from text. Optionally the function can also replace the tags through a givenreplacer
function. This utility is used to improve the tag extraction logic from entities text fields. (related issue) -
Outbound functions
handle_send
andhandle_create_payload
now accept an optionalpayload_logger
parameter. If given it should be a function that takes three parameters:str
ordict
payloadstr
protocol namestr
sender id
The function will be called for each generated payload.
-
Cross-protocol improvements:
- Extract Diaspora guid from ActivityPub payloads implementing the Diaspora extension.
- Add Diaspora extension and guid to outbound ActivityPub payloads, if available. For profiles, also add handle.
- Extract ActivityPub ID from Diaspora payloads if found as the
activitypub_id
property. - Add ActivityPub ID to outbound Diaspora payloads of types comment, post and profile,
if an URL given as
id
.
-
The NodeInfo2 hostmeta parser now cleans the port out of the host name.
-
URL's in outgoing text content are now linkified for the HTML representation of the content for ActivityPub payloads.
-
Don't include OStatus for Mastodon 3.0+ protocols list. (related issue)
-
Backwards incompatible: Stop markdownifying incoming ActivityPub content. Instead copy it as is to the
raw_content
attribute on the entity, setting also the_media_type
totext/html
.
-
Don't crash loudly when fetching webfinger for Diaspora that does not contain XML.
-
Add missing
response.raise_for_status()
call to thefetch_document
network helper when fetching with given URL. Error status was already being raised correctly when fetching by domain and path. -
Don't crash when parsing an invalid NodeInfo document where the usage dictionary is not following specification.
-
Ensure Pixelfed, Kroeg and Kibou instances that emulate the Mastodon API don't get identified as Mastodon instances.
-
Loosen validation of
TargetIDMixin
, it now requires one of the target attributes to be set, not justtarget_id
. This fixes follows over the Diaspora protocol which broke with stricter send validation added in 0.19.0. -
Fix some edge case crashes of
handle_send
when there are Diaspora protocol receivers. -
Fix reading
sharedInbox
from remote ActivityPub profiles. This caused public payloads not to be deduplicated when sending public payloads to remote ActivityPub servers. Refetching profiles should now fix this. (related issue) -
Don't always crash generating payloads if Django is installed but not configured.
-
Don't try to relay AP payloads to Diaspora receivers and vice versa, for now, until cross-protocol relaying is supported.
-
Fix some characters stopping tags being identified (related issue)
-
Fix tags separated by slashes being identified (related issue)
- The fetcher
retrieve_remote_profile
now also supports handle based fetching for the ActivityPub protocol.
- All outgoing entities are now validated before sending. This stops the sending of invalid entities to the network, for example a Share of a Post from ActivityPub to the Diaspora protocol network.
-
Allow ActivityPub HTTP Signature verification to pass if signature is at most 24 hours old.
Previously requirement was 30 seconds, which caused loss of messages where signature validation didn't happen immediately, but in a background worker which didn't immediately process the job.
-
Improve performance of generating ActivityPub payloads for a large number of receivers in
handle_send
. -
Fail early in outbound
handle_send
if a payload cannot be generated for a payload which doesn't depend on recipient attributes.
- Removed possibility to deactivate ActivityPub support. It is now always enabled by default.
-
Base entities
Post
,Comment
andImage
now accept anurl
parameter. This will be used when serializing the entities to AS2 for ActivityPub. -
RFC7033 webfinger generator now has compatibility to platforms using it with ActivityPub. It now lists
aliases
pointing to the ActivityPub entity ID and profile URL. Also there is arel=self
to point to theapplication/activity+json
AS2 document location. -
Added a Django view decorator that makes any Profile or Post view ActivityPub compatible. Right now basic AS2 serialization is supported when the view is called using the supported content types in the Accept header. If the content types are not in the header, the view will render normally.
When used, a few extra settings must be given in the Django
FEDERATION
configuration dictionary.get_object_function
should contain the Python path to a function that takes a request object and returns an object matching the ActivityPub ID for the request orNone
.process_payload_function
should contain the Python path to a function that takes in a request object. It should returnTrue
if successful (or placed in queue for processing later) orFalse
in case of any errors.
-
Added network utility
network.fetch_host_ip
to fetch IP by hostname. -
Entities of type
Profile
now have a dictionary ofinboxes
, with two elements,private
andpublic
. These should be URL's indicating where to send payloads for the recipient.ActivityPub profiles will parse these values from incoming profile documents. Diaspora entities will default to the inboxes in the specification.
-
Added support for Diaspora
Comment
entitythread_parent_guid
attribute. -
Added
root_target_id
androot_target_guid
toComment
base entity. This allows referring to a parent object up the hierarchy chain for threaded comments. -
The high level fetcher
retrieve_remote_content
now supports ActivityPub ID's. -
All ActivityPub payloads are added a
pyfed: https://docs.jasonrobinson.me/ns/python-federation
context to identify payloads sent by this library. -
Entities with
raw_content
now also contain a_media_type
andrendered_content
.The default
_media_type
istext/markdown
except for ActivityPub originating posts it defaults totext/html
. If the ActivityPub payload contains asource
, that mediaType will be used instead. -
Host meta fetchers now support NodeInfo 2.1
-
Backwards incompatible. Lowest compatible Python version is now 3.6.
-
Backwards incompatible. Internal refactoring to allow adding ActivityPub support as the second supported protocol. Highlights of changes below.
-
Reversal of all the work previously done to use Diaspora URL format identifiers. Working with the Diaspora protocol now always requires using handles and GUID's as before the changes introduced in v0.15.0. It ended up impossible to construct a Diaspora URL in all cases in a way that apps only need to store one identifier.
-
The
id
and possibletarget_id
are now either URL format identifiers (ActivityPub) or a handle or GUID (Diaspora, depending on entity). Additionally a newactor_id
has been added which for ActivityPub is an URL and for Diaspora a handle. Note, Diaspora entities always have also theguid
,handle
,target_guid
andtarget_handle
as before v0.15.0, depending on the entity. When creating Diaspora entities, you must pass these in for sending to work. -
The high level
fetchers.retrieve_remote_content
signature has changed. It now expects anid
for fetching from AP protocol andhandle
,guid
andentity_type
to fetch from Diaspora. Additionally asender_key_fetcher
can be passed in as before to optimize public key fetching using a callable. -
The high level
fetchers.retrieve_remote_profile
signature has changed. It now expects as first parameter anid
which for ActivityPub objects is the URL ID and for Diaspora objects is the handle. Additionally asender_key_fetcher
can be passed in as before to optimize public key fetching using a callable. -
The generator class
RFC7033Webfinger
now expects instead of anid
thehandle
andguid
of the profile. -
NodeInfo2 parser now returns the admin user in
handle
format instead of a Diaspora format URL. -
The high level inbound and outbound functions
inbound.handle_receive
,outbound.handle_send
parameteruser
must now receive aUserType
compatible object. This must have the attributeid
, and forhandle_send
alsoprivate_key
. If Diaspora support is required then alsohandle
andguid
should exist. The type can be found as a class intypes.UserType
. -
The high level inbound function
inbound.handle_receive
first parameter has been changed torequest
which must be aRequestType
compatible object. This must have the attributebody
which corrresponds to the oldpayload
parameter. For ActivityPub inbound requests the object must also containheaders
,method
andurl
. -
The outbound function
outbound.handle_send
parameterrecipients
structure has changed. It must now be a list of dictionaries, containing at minimum the following:endpoint
for the recipient endpoint,fid
for the recipient federation ID (ActivityPub only),protocol
for the protocol to use andpublic
as a boolean whether the payload should be treated as visible to anyone.For Diaspora private deliveries, also a
public_key
is required containing the receiver public key. Note that passing in handles as recipients is not any more possible - always pass in a url forendpoint
. -
The outbound function
outbound.handle_create_payload
now requires an extra third parameter for the protocol to use. This function should rarely need to be called directly - usehandle_send
instead which can handle both ActivityPub and Diaspora protocols. -
The
Image
base entity has been made more generic.The following were removed:
remote_path
,remote_name
,linked_type
,linked_guid
,public
.The following were added:
url
,name
.
-
-
Backwards incompatible. Generator
RFC3033Webfinger
and the relatedrfc3033_webfinger_view
have been renamed toRFC7033Webfinger
andrfc7033_webfinger_view
to reflect the right RFC number. -
Network helper utility
fetch_document
can now also take a dictionary ofheaders
. They will be passed to the underlyingrequests
method call as is. -
Retraction
entity can now also have anentity_type
ofObject
. Receivers will need to find the correct object usingtarget_id
only. This is currently only relevant for ActivityPub where retraction messages do not refer to object type. -
Backwards incompatible. Inbound entities now have a list of receivers.
Entities processed by inbound mappers will now have a list of receivers in
_receivers
. This replaces the_receiving_actor_id
which was previously set for Diaspora entities. -
UserType now has a
receiver_variant
which is one ofReceiverVariant
enum.ACTOR
means this receiver is a single actor ID.FOLLOWERS
means this is the followers of the ID in the receiver.
- Ensure Diaspora mentions are extracted when they don't have a display name part.
- Backwards incompatible. Support for Legacy Diaspora payloads have been removed to reduce the amount of code needed to maintain while refactoring for ActivityPub.
-
Switch crypto library
pycrypto
topycryptodome
, which is a more up to date fork of the former. This fixes CVE-2018-6594 found in the former.Deployment note. When updating an application, you must uninstall
pycrypto
first, otherwise there will be a conflict if both the versions are installed at the same time. To uninstall, dopip uninstall pycrypto
.
-
Enable generating encrypted JSON payloads with the Diaspora protocol which adds private message support. (related issue)
JSON encrypted payload encryption and decryption is handled by the Diaspora
EncryptedPayload
class. -
Add RFC7033 webfinger generator (related issue)
Also provided is a Django view and url configuration for easy addition into Django projects. Django is not a hard dependency of this library, usage of the Django view obviously requires installing Django itself. For configuration details see documentation.
-
Add fetchers and parsers for NodeInfo, NodeInfo2, StatisticsJSON and Mastodon server metainfo documents.
-
Add NodeInfo2 generator and Django view. See documentation for details. (related issue)
-
Added new network utilities to fetch IP and country information from a host.
The country information is fetched using the free
ipdata.co
service. NOTE! This service is rate limited to 1500 requests per day. -
Extract mentions from Diaspora payloads that have text content. The mentions will be available in the entity as
_mentions
which is a set of Diaspora ID's in URI format.
-
Send outbound Diaspora payloads in new format. Remove possibility to generate legacy MagicEnvelope payloads. (related issue)
-
Backwards incompatible. Refactor
handle_send
functionNow handle_send high level outbound helper function also allows delivering private payloads using the Diaspora protocol. (related issue)
The signature has changed. Parameter
recipients
should now be a list of recipients to delivery to. Each recipient should either be anid
or a tuple of(id, public key)
. If public key is provided, Diaspora protocol delivery will be made as an encrypted private delivery. -
Backwards incompatible. Change
handle_create_payload
function signature.Parameter
to_user
is nowto_user_key
and thus instead of an object containing thekey
attribute it should now be an RSA public key object instance. This simplifies things since we only need the key from the user, nothing else. -
Switch Diaspora protocol to send new style entities (related issue)
We've already accepted these on incoming payloads for a long time and so do all the other platforms now, so now we always send out entities with the new property names. This can break federation with really old servers that don't understand these keys yet.
-
Change unquote method used when preparing Diaspora XML payloads for verification (related issue)
Some platforms deliver payloads not using the urlsafe base64 standard which caused problems when validating the unquoted signature. Ensure maximum compatibility by allowing non-standard urlsafe quoted payloads.
-
Fix for empty values in Diaspora protocol entities sometimes ending up as
None
instead of empty string when processing incoming payloads. -
Fix validation of
Retraction
with entity typeShare
-
Allow port in Diaspora handles as per the protocol specification
Previously handles were validated like emails.
-
Fix Diaspora
Profile
mapping regardinglast_name
propertyPreviously only
first_name
was used when creating theProfile.name
value. Now bothfirst_name
andlast_name
are used.When creating outgoing payloads, the
Profile.name
will still be placed infirst_name
to avoid trying to artificially split it.
-
Added base entity
Share
which maps to aDiasporaReshare
for the Diaspora protocol. (related issue)The
Share
entity supports all the properties that a Diaspora reshare does. Additionally two other properties are supported:raw_content
andentity_type
. The former can be used for a "quoted share" case where the sharer adds their own note to the share. The latter can be used to reference the type of object that was shared, to help the receiver, if it is not sharing aPost
entity. The value must be a base entity class name. -
Entities have two new properties:
id
andtarget_id
.Diaspora entity ID's are in the form of the Diaspora URI scheme, where it is possible to construct an ID from the entity. In the future, ActivityPub object ID's will be found in these properties.
-
New high level fetcher function
federation.fetchers.retrieve_remote_content
. (related issue)This function takes the following parameters:
id
- Object ID. For Diaspora, the only supported protocol at the moment, this is in the Diaspora URI format.sender_key_fetcher
- Optional function that takes a profilehandle
and returns a public key instr
format. If this is not given, the public key will be fetched from the remote profile over the network.
The given ID will be fetched from the remote endpoint, validated to be from the correct author against their public key and then an instance of the entity class will be constructed and returned.
-
New Diaspora protocol helpers in
federation.utils.diaspora
:retrieve_and_parse_content
. See notes regarding the high level fetcher above.fetch_public_key
. Given ahandle
as a parameter, will fetch the remote profile and return thepublic_key
from it.parse_diaspora_uri
. Parses a Diaspora URI scheme string, returns eitherNone
if parsing fails or atuple
ofhandle
,entity_type
andguid
.
-
Support fetching new style Diaspora protocol Webfinger (RFC 3033) (related issue)
The legaxy Webfinger is still used as fallback if the new Webfinger is not found.
-
Refactoring for Diaspora
MagicEnvelope
class.The class init now also allows passing in parameters to construct and verify MagicEnvelope instances. The order of init parameters has not been changed, but they are now all optional. When creating a class instance, one should always pass in the necessary parameters depnding on whether the class instance will be used for building a payload or verifying an incoming payload. See class docstring for details.
-
Diaspora procotol receive flow now uses the
MagicEnvelope
class to verify payloads. No functional changes regarding verification otherwise. -
Diaspora protocol receive flow now fetches the sender public key over the network if a
sender_key_fetcher
function is not passed in. Previously an error would be raised.Note that fetching over the network for each payload is wasteful. Implementers should instead cache public keys when possible and pass in a function to retrieve them, as before.
-
Converting base entity
Profile
toDiasporaProfile
for outbound sending missed two attributes,image_urls
andtag_list
. Those are now included so that the values transfer into the built payload. -
Fix fallback to HTTP in the
fetch_document
network helper in the case ofConnectionError
when trying HTTPS. Thanks @autogestion. -
Ensure
handle
is always lower cased when fetching remote profile usingretrieve_remote_profile
. Warning will be logged if an upper case handle is passed in.
- Fix regression in handling Diaspora relayables due to security fix in 0.14.0. Payload and entity handle need to be allowed to be different when handling relayables.
-
Add proper checks to make sure Diaspora protocol payload handle and entity handle are the same. Even though we already verified the signature of the sender, we didn't ensure that the sender isn't trying to fake an entity authored by someone else.
The Diaspora protocol functions
message_to_objects
andelement_to_objects
now require a new parameter, the payload sender handle. These functions should normally not be needed to be used directly.
-
Breaking change. The high level
federation.outbound
functionshandle_send
andhandle_create_payload
signatures have been changed. This has been done to better represent the objects that are actually sent in and to add an optionalparent_user
object.For both functions the
from_user
parameter has been renamed toauthor_user
. Optionally aparent_user
object can also be passed in. Both the user objects must haveprivate_key
andhandle
attributes. In the case thatparent_user
is given, that user will be used to sign the payload and for Diaspora relayables an extraparent_author_signature
in the payload itself.
- When processing Diaspora payloads, entity used to get a
_source_object
stored to it. This was anetree.Element
created from the source object. Due to serialization issues in applications (for example pushing the object to a task queue or saving to database),_source_object
is now a byte string representation for the element done withetree.tostring()
.
- New style Diaspora private encrypted JSON payloads are now supported in the receiving side. Outbound private Diaspora payloads are still sent as legacy encrypted payloads. (issue)
- No additional changes need to be made when calling
handle_receive
from your task processing. Just pass in the full received XML or JSON payload as a string with recipient user object as before.
- No additional changes need to be made when calling
- Add
created_at
to DiasporaComment
entity XML creator. This is required in renewed Diaspora protocol. (related issue)
- Fix getting sender from a combination of legacy Diaspora encrypted payload and new entity names (for example
author
). This combination probably only existed in this library. - Correctly extend entity
_children
. Certain Diaspora payloads caused_children
for an entity to be written over by an empty list, causing for example status message photos to not be saved. Correctly do an extend on it. (issue) - Fix parsing Diaspora profile
tag_string
intoProfile.tag_list
if thetag_string
is an empty string. This caused the wholeProfile
object creation to fail. (issue) - Fix processing Diaspora payload if it is passed to
handle_receive
as abytes
object. (issue) - Fix broken Diaspora relayables after latest 0.2.0 protocol changes. Previously relayables worked only because they were reverse engineered from the legacy protocol. Now that XML order is not important and tag names can be different depending on which protocol version, the relayable forwarding broke. To fix, we don't regenerate the entity when forwarding it but store the original received object when generating a
parent_author_signature
(which is optional in some cases, but we generate it anyway for now). This happens in the previously existingentity.sign_with_parent()
method. In the sending part, if the original received object (now with a parent author signature) exists in the entity, we send that to the remote instead of serializing the entity to XML.- To forward a relayable you must call
entity.sign_with_parent()
before callinghandle_send
to send the entity.
- To forward a relayable you must call
Post.photos
entity attribute was never used by any code and has been removed. Child entities of typeImage
are stored in thePost._children
as before.- Removed deprecated user private key lookup using
user.key
in Diaspora receive processing. Passed inuser
objects must now have aprivate_key
attribute.
- Removed exception class
NoHeaderInMessageError
. New style Diaspora protocol does not have a custom header in the Salmon magic envelope and thus there is no need to raise this anywhere.
- New style Diaspora public payloads are now supported (see here). Old style payloads are still supported. Payloads are also still sent out old style.
- Add new
Follow
base entity and support for the new Diaspora "contact" payload. The simpleFollow
maps to Diaspora contact entity with following/sharing both true or false. Sharing as a separate concept is not currently supported. - Added
_receiving_guid
to all entities. This is filled withuser.guid
ifuser
is passed tofederation.inbound.handle_receive
and it has aguid
. Normally in for example Diaspora, this will always be done in private payloads.
- Legacy Diaspora retraction of sharing/following is now supported correctly. The end result is a
DiasporaRetraction
for entity typeProfile
. Since the payload doesn't contain the receiving user for a sharing/following retraction in legacy Diaspora protocol, we store the guid of the user in the entity as_receiving_guid
, assuming it was passed in for processing.
Diaspora protocol support added for comment
and like
relayable types. On inbound payloads the signature included in the payload will be verified against the sender public key. A failed verification will raise SignatureVerificationError
. For outbound entities, the author private key will be used to add a signature to the payload.
This introduces some backwards incompatible changes to the way entities are processed. Diaspora entity mappers get_outbound_entity
and entity utilities get_full_xml_representation
now requires the author private_key
as a parameter. This is required to sign outgoing Comment
and Reaction
(like) entities.
Additionally, Diaspora entity mappers message_to_objects
and element_to_objects
now take an optional sender_key_fetcher
parameter. This must be a function that when called with the sender handle will return the sender public key. This allows using locally cached public keys instead of fetching them as needed. NOTE! If the function is not given, each processed payload will fetch the public key over the network.
A failed payload signature verification now raises a SignatureVerificationError
instead of a less specific AssertionError
.
- Three new attributes added to entities.
- Add protocol name to all entities to attribute
_source_protocol
. This might be useful for applications to know which protocol payload the entity was created from once multiple protocols are implemented. - Add source payload object to the entity at
_source_object
when processing it. - Add sender public key to the entity at
_sender_key
, but only if it was used for validating signatures.
- Add protocol name to all entities to attribute
- Add support for the new Diaspora payload properties coming in the next protocol version. Old XML payloads are and will be still supported.
DiasporaComment
andDiasporaLike
will get the order of elements in the XML payload as a list inxml_tags
. For implementers who want to recreate payloads for these relayables, this list should be saved for later use.- High level
federation.outbound.handle_send
helper function now allows sending entities to a list of recipients without having to deal with payload creation or caring about the protocol (in preparation of being a multi-protocol library).- The function takes three parameters,
entity
that will be sent,from_user
that is sending (note, not necessarely authoring, this user will be used to sign the payload for Diaspora for example) and a list of recipients as tuples of recipient handle/domain and optionally protocol. In the future, if protocol is not given, it will be guessed from the recipient handle, and if necessary a network lookup will be made to see what protocols the receiving identity supports. - Payloads will be delivered to each receiver only once. Currently only public messages are supported through this helper, so multiple recipients on a single domain will cause only one delivery.
- The function takes three parameters,
- Refactor processing of Diaspora payload XML into entities. Diaspora protocol is dropping the
<XML><post></post></XML>
wrapper for the payloads. Payloads with the wrapper will still be parsed as before.
- Ensure tags are lower cased after collecting them from entity
raw_content
.
- Add support for new Diaspora protocol ISO 8601 timestamp format introduced in protocol version 0.1.6.
- Tests are now executed also against Python 3.6.
- Don't crash
federation.utils.diaspora.retrieve_diaspora_webfinger
if XRD parse raises anxml.parsers.expat.ExpatError
.
- Made
Profile.raw_content
optional. This fixes validating profiles parsed from Diaspora hCard's.
Image
no longer has atext
attribute. It is replaced byraw_content
, the same attribute asPost
andComment
have. Unlike the latter two,Image.raw_content
is not mandatory.
- Entities can now have a children. These can be accessed using the
_children
list. Acceptable children depends on the entity. Currently,Post
,Comment
andProfile
can have children of entity typeImage
. Child types are validated in the.validate()
entity method call.
- Diaspora protocol
message_to_objects
method (called through inbound high level methods) now correctly parses Diaspora<photo>
elements and createsImage
entities from them. If they are children of status messages, they will be available through thePost._children
list.
- Remove legacy splitting of payload to 60 chars when creating Diaspora payloads. Diaspora 0.6 doesn't understand these any more.
federation.utils.network.send_document
incorrectly passed inkwargs
torequests.post
, causing an error when sending custom headers.- Make sure
federation.utils.network.send_document
headers are treated case insensitive before passing then onwards torequests.post
.
The name Social-Federation was really only an early project name which stuck. Since the beginning, the main module has been federation
. It makes sense to unify these and also shorter names are generally nicer.
Mostly nothing since the module was already called federation
. Some things to note below:
- Update your requirements with the new library name
federation
. - If you hook to the old logger
social-federation
, update those to listen tofederation
, which is now the standard logger name used throughout.
federation.utils.diaspora.retrieve_and_parse_profile
will now returnNone
if theProfile
retrieved doesn't validate. This will affect also the output offederation.fetchers.retrieve_remote_profile
which is the high level function to retrieve profiles.- Remove unnecessary
protocol
parameter fromfederation.fetchers.retrieve_remote_profile
. We're miles away from including other protocols and ideally the caller shouldn't have to pass in the protocol anyway.
- Added
Retraction
entity withDiasporaRetraction
counterpart.
- Made
guid
mandatory forProfile
entity. Library users should always be able to get a full validated object as we considerguid
a core attribute of a profile. - Always validate entities created through
federation.entities.diaspora.mappers.message_to_objects
. This is the code that transforms federation messages for the Diaspora protocol to actual entity objects. Previously no validation was done and callers offederation.inbound.handle_receive
received entities that were not always valid, for example they were missing aguid
. Now validation is done in the conversion stage and errors are pushed to thefederation
logger in the event of invalid messages.- Note Diaspora Profile XML messages do not provide a GUID. This is handled internally by fetching the guid from the remote hCard so that a valid
Profile
entity can be created.
- Note Diaspora Profile XML messages do not provide a GUID. This is handled internally by fetching the guid from the remote hCard so that a valid
- Raise a warning if unknown parameters are passed to entities.
- Ensure entity required attributes are validated for
None
or empty string values. Required attributes must not only exist but also have a value. - Add validation to entities with the attribute
public
. Onlybool
values are accepted.
- Function
federation.utils.diaspora.parse_profile_from_hcard
now requires a second argument,handle
. Since in the future Diaspora hCard is not guaranteed to have username and domain, we now pass handle to the parser directly.
- New style Diaspora Magic Envelope didn't require or like payload data to be cut to 60 char lines, as the legacy protocol does. Fixed to not cut lines.
- New style Diaspora Magic Envelope support. The magic envelope can be created using the class
federation.protocols.diaspora.magic_envelope.MagicEnvelope
. By default this will not wrap the payload message in<XML><post></post></XML>
. To provide that functionality the class should be initialized withwrap_payload=True
. No changes are made to the protocol send methods yet, if you need this new magic envelope you can initialize and render it directly.
- Deprecate receiving user
key
attribute for Diaspora protocol. Instead correct attribute is nowprivate_key
for any user passed tofederation.inbound.handle_receive
. We already useprivate_key
in the message creation code so this is just to unify the user related required attributes.- DEPRECATION: There is a fallback with
key
for user objects in the receiving payload part of the Diaspora protocol until 0.8.0.
- DEPRECATION: There is a fallback with
- Loosen up hCard selectors when parsing profile from hCard document in
federation.utils.diaspora.parse_profile_from_hcard
. The selectors now match Diaspora upcoming federation documentation.
federation.outbound.handle_create_payload
parameterto_user
is now optional. Public posts don't need a recipient. This also affects Diaspora protocolbuild_send
method where the change is reflected similarly. #43- In practise this means the signature has changed for
handle_create_payload
andbuild_send
fromfrom_user, to_user, entity
toentity, from_user, to_user=None
.
- In practise this means the signature has changed for
Post.provider_display_name
is now supported in the entity outbound/inbound mappers. #44- Add utility method
federation.utils.network.send_document
which is just a wrapper aroundrequests.post
. User agent will be added to the headers and exceptions will be silently captured and returned instead. #45 - Add Diaspora entity utility
federation.entities.diaspora.utils.get_full_xml_representation
. Renders the entity XML document and wraps it in<XML><post>...</post></XML>
. #46
- Don't quote/encode
Protocol.build_send
payload. It was doing it wrongly in the first place and also it's not necessary since Diaspora 0.6 protocol changes. #41 - Fix identification of Diaspora protocol messages. This was not working in the case that the attributes in the tag were in different order. #41
- While in early stages, doing some renaming of modules to suit the longer term.
federation.controllers
has been split into two,federation.outbound
andfederation.inbound
. The following methods have new import locations:federation.controllers.handle_receive
->federation.inbound.handle_receive
federation.controllers.handle_create_payload
->federation.outbound.handle_create_payload
- Class
federation.hostmeta.generators.DiasporaHCard
now requiresguid
,public_key
andusername
for initialization. Leaving these out was a mistake in the initial implementation. Diaspora has these in at least 0.6 development branch.
Relationship
base entity which represents relationships between two handles. Types can be following, sharing, ignoring and blocking. The Diaspora counterpart,DiasporaRequest
, which represents a sharing/following request is outwards a single entity, but incoming a double entity, handled by creating both a sharing and following version of the relationship.Profile
base entity and Diaspora counterpartDiasporaProfile
. Represents a user profile.federation.utils.network.fetch_document
utility function to fetch a remote document. Returns document, status code and possible exception. Takes eitherurl
or ahost
+path
combination. Withhost
, https is first tried and optionally fall back to http.- Utility methods to retrieve Diaspora user discovery related documents. These include the host-meta, webfinger and hCard documents. The utility methods are in
federation.utils.diaspora
. - Utility to fetch remote profile,
federation.fetchers.retrieve_remote_profile
. Currently always uses Diaspora protocol. Returns aProfile
entity.
- Unlock most of the direct dependencies to a certain version range. Unlock all of test requirements to any version.
- Entities passed to
federation.controllers.handle_create_payload
are now converted from the base entity types (Post, Comment, Reaction, etc) to Diaspora entity types (DiasporaPost, DiasporaComment, DiasporaLike, etc). This ensures actual payload generation has the correct methods available (for exampleto_xml
) whatever entity is passed in.
- Fix fetching sender handle from Diaspora protocol private messages. As it is not contained in the header, it needs to be read from the message content itself.
- Fix various issues with
DiasporaHCard
template after comparing to some real world hCard templates from real pods. Old version was based on documentation in Diaspora project wiki.
- Test factories and other test files are now included in the package installation. Factories can be useful when creating project tests.
- Bump allowed
lxml
to 3.6.0 - Bump allowed
python-dateutil
to 2.5.3
- Don't raise on Post.tags if Post.raw_content is None
- Support for generating
.well-known/nodeinfo
document, which was forgotten from the 0.3.0 release. Methodfederation.hostmeta.generators.get_nodeinfo_well_known_document
does this task. It requires anurl
which should be the full base url of the host. Optionallydocument_path
can be specified, but it is optional and defaults to the one in the NodeInfo spec.
- Support for generating NodeInfo documents using the generator
federation.hostmeta.generators.NodeInfo
. Strict validation is skipped by default, but can be enabled by passing inraise_on_validate
to theNodeInfo
class. By default a warning will be generated on documents that don't conform with the strict NodeInfo values. This can be disabled by passing inskip_validate
to the class.
- Any implementations using the Diaspora protocol and
Post
entities must now useDiasporaPost
instead. See "Changed" below.
- Support for using
validate_field()
methods for entity fields and checking missing fields against_required
. To use this validation,validate()
must specifically be called for the entity instance. - Base entities
Comment
andReaction
which subclass the newParticipationMixin
. - Diaspora entity
DiasporaComment
, a variant ofComment
. - Diaspora entity
DiasporaLike
, a variant ofReaction
with thereaction = "like"
default.
- Refactored Diaspora XML generators into the Diaspora entities themselves. This introduces Diaspora versions of the base entities called
DiasporaPost
,DiasporaComment
andDiasporaLike
. Any implementations using the Diaspora protocol andPost
entities must now useDiasporaPost
instead.
- Entities which don't specifically get passed a
created_at
now get correct current time increated_at
instead of always having the time part as00:00
.
Supports well Post type object receiving over Diaspora protocol.
Untested support for crafting outgoing protocol messages.