Non Interface Behavior Changes:
- Robust header detection for ActivityPub requests
- No more panic because of a Bto access after a Bcc condition
- PostOutbox Undo activities now required to have matching actors
Interface Behavior Changes:
- PostOutbox activities themselves are now passed to App.Set
- Authentication/Authorization in a SocialAPIVerifier no longer
shadowed and ignored.
- Add activities can now fetch remote objects (not permanent)
The behavior changes are justified as having been broken bugs that would
have not met a developer's expectations. So including them as part of
the next release maintains major version 0 behavior compatibility.
He who fights with monsters should be careful lest he thereby become a monster.
And if thou gaze long into an abyss, the abyss will also gaze into thee.
Also, for all tests that use tables, log the test case being executed.
That way verbose mode will indicate which test case is causing any nil
pointer dereference or other segfault interrupts. Also, it will inform
anyone who runs in verbose mode just how many tests there really are.
PostOutbox and the SocialAPI can now use either HTTP Signatures or a
custom authentication scheme, such as OAuth2.
Tests for the handler authentication and authorization need to be
written still.
This also incorporates some interface changes to permit both HTTP
Signatures and other forms of authentication and authorization when
accessing data. This means support for something like OAuth2 should be
doable in conjunction with HTTP Signatures.
Tests are broken; this commit should not be used as a build point.
Also, bugfix the time.Now calls to use the federator's clock instead.
This is how it should have been done in the beginning, but is necessary
for the tests since the HTTP Signatures by default sign the dates in the
headers. And I noticed said dates were being populated by time.Now
instead of the mock-able Clock.
We simply prevent adding a duplicate likes, liked, following, or
follower based on the IRI of the element being added to the collection.
Adds corresponding black box tests.
Note that this deduplication does not cover the inbox.
These generally include improving the handling of OrderedCollections and
IRIs. Note that improvement to setting IRI'd fetches from the
implementing application were made.
Improve the handing of AutoAccept and AutoReject follows. If there are
no owned objects in the Activity, we prevent sending the automatic reply
in case the implemented application is not checking for ownership of the
object of the original Follow activity.
Note that some other tests were impacted due to a change to keep
modifications to collections on objects/actors at parity when calling
get and set on the App.
Tests cover the usual plus the major points:
- Updating top-level fields in object
- Updating multiple objects at once
- Removing values that are a null literal in JSON
- Remove sub-fields of objects; this may not be to spec (pending
response from https://github.com/w3c/activitypub/issues/303)
Don't drink and stay up late at night trying to solve nasty problems,
one just might decide writing a from-scratch JSON parser is the right
thing to do. Instead of diving into nuances of existing solutions within
the standard library and leveraging those.
I am only committing this to history so that I can immediately delete it
afterwards. As insurance against anyone trying to glorify this work
as the product of some genius, I can point to this and say "yeah, some
genius this guy is".
Saturday-morning coffee-drinking me is laughing at Friday-night
beer-drinking me.
Note that if this project gets serious I won't pollute the git history
like this. But as the project is young enough that most won't care about
this early history, I feel like enshrining some self-deprecating humor
into deep history is OK.
