diff --git a/include/api.php b/include/api.php index 164a9de53..d1ff1458e 100644 --- a/include/api.php +++ b/include/api.php @@ -42,7 +42,6 @@ use Friendica\Model\Post; use Friendica\Model\Profile; use Friendica\Model\User; use Friendica\Model\Verb; -use Friendica\Module\Api\ApiResponse; use Friendica\Module\BaseApi; use Friendica\Network\HTTPException; use Friendica\Network\HTTPException\BadRequestException; @@ -55,11 +54,9 @@ use Friendica\Network\HTTPException\UnauthorizedException; use Friendica\Object\Image; use Friendica\Protocol\Activity; use Friendica\Security\BasicAuth; -use Friendica\Security\OAuth; use Friendica\Util\DateTimeFormat; use Friendica\Util\Images; use Friendica\Util\Network; -use Friendica\Util\Proxy; use Friendica\Util\Strings; require_once __DIR__ . '/../mod/item.php'; @@ -73,28 +70,6 @@ define('API_METHOD_DELETE', 'POST,DELETE'); define('API_LOG_PREFIX', 'API {action} - '); $API = []; -$called_api = []; - -/** - * Auth API user - * - * It is not sufficient to use local_user() to check whether someone is allowed to use the API, - * because this will open CSRF holes (just embed an image with src=friendicasite.com/api/statuses/update?status=CSRF - * into a page, and visitors will post something without noticing it). - */ -function api_user() -{ - $user = OAuth::getCurrentUserID(); - if (!empty($user)) { - return $user; - } - - if (!empty($_SESSION['allow_api'])) { - return local_user(); - } - - return false; -} /** * Get source name from API client @@ -128,19 +103,6 @@ function api_source() return "api"; } -/** - * Format date for API - * - * @param string $str Source date, as UTC - * @return string Date in UTC formatted as "D M d H:i:s +0000 Y" - * @throws Exception - */ -function api_date($str) -{ - // Wed May 23 06:01:13 +0000 2007 - return DateTimeFormat::utc($str, "D M d H:i:s +0000 Y"); -} - /** * Register a function to be the endpoint for defined API path. * @@ -171,24 +133,6 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY ]; } -/** - * Check HTTP method of called API - * - * API endpoints can define which HTTP method to accept when called. - * This function check the current HTTP method agains endpoint - * registered method. - * - * @param string $method Required methods, uppercase, separated by comma - * @return bool - */ -function api_check_method($method) -{ - if ($method == "*") { - return true; - } - return (stripos($method, $_SERVER['REQUEST_METHOD'] ?? 'GET') !== false); -} - /** * Main API entry point * @@ -201,7 +145,7 @@ function api_check_method($method) */ function api_call(App $a, App\Arguments $args = null) { - global $API, $called_api; + global $API; if ($args == null) { $args = DI::args(); @@ -224,13 +168,7 @@ function api_call(App $a, App\Arguments $args = null) try { foreach ($API as $p => $info) { if (strpos($args->getCommand(), $p) === 0) { - if (!api_check_method($info['method'])) { - throw new MethodNotAllowedException(); - } - - $called_api = explode("/", $p); - - if (!empty($info['auth']) && api_user() === false) { + if (!empty($info['auth']) && BaseApi::getCurrentUserID() === false) { BasicAuth::getCurrentUserID(true); Logger::info(API_LOG_PREFIX . 'nickname {nickname}', ['module' => 'api', 'action' => 'call', 'nickname' => $a->getLoggedInUserNickname()]); } @@ -290,7 +228,6 @@ function api_call(App $a, App\Arguments $args = null) /** * Set values for RSS template * - * @param App $a * @param array $arr Array to be passed to template * @param array $user_info User info * @return array @@ -300,10 +237,15 @@ function api_call(App $a, App\Arguments $args = null) * @throws UnauthorizedException * @todo find proper type-hints */ -function api_rss_extra(App $a, $arr, $user_info) +function api_rss_extra($arr, $user_info) { if (is_null($user_info)) { - $user_info = api_get_user(); + $uid = BaseApi::getCurrentUserID(); + if (empty($uid)) { + throw new ForbiddenException(); + } + + $user_info = DI::twitterUser()->createFromUserId($uid)->toArray(); } $arr['$user'] = $user_info; @@ -311,7 +253,7 @@ function api_rss_extra(App $a, $arr, $user_info) 'alternate' => $user_info['url'], 'self' => DI::baseUrl() . "/" . DI::args()->getQueryString(), 'base' => DI::baseUrl(), - 'updated' => api_date(null), + 'updated' => DateTimeFormat::utc(null, DateTimeFormat::API), 'atom_updated' => DateTimeFormat::utcNow(DateTimeFormat::ATOM), 'language' => $user_info['lang'], 'logo' => DI::baseUrl() . "/images/friendica-32.png", @@ -340,294 +282,6 @@ function api_unique_id_to_nurl($id) } } -/** - * Get user info array. - * - * @param App $a App - * @param int|string $contact_id Contact ID or URL - * @return array|bool - * @throws BadRequestException - * @throws ImagickException - * @throws InternalServerErrorException - * @throws UnauthorizedException - */ -function api_get_user($contact_id = null) -{ - global $called_api; - - $user = null; - $extra_query = ""; - $url = ""; - - Logger::info(API_LOG_PREFIX . 'Fetching data for user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $contact_id]); - - // Searching for contact URL - if (!is_null($contact_id) && (intval($contact_id) == 0)) { - $user = Strings::normaliseLink($contact_id); - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - - // Searching for contact id with uid = 0 - if (!is_null($contact_id) && (intval($contact_id) != 0)) { - $user = api_unique_id_to_nurl(intval($contact_id)); - - if ($user == "") { - throw new BadRequestException("User ID ".$contact_id." not found."); - } - - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - - if (is_null($user) && !empty($_GET['user_id'])) { - $user = api_unique_id_to_nurl($_GET['user_id']); - - if ($user == "") { - throw new BadRequestException("User ID ".$_GET['user_id']." not found."); - } - - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - if (is_null($user) && !empty($_GET['screen_name'])) { - $user = $_GET['screen_name']; - $extra_query = "AND `contact`.`nick` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(api_user()); - } - } - - if (is_null($user) && !empty($_GET['profileurl'])) { - $user = Strings::normaliseLink($_GET['profileurl']); - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=".intval(api_user()); - } - } - - // $called_api is the API path exploded on / and is expected to have at least 2 elements - if (is_null($user) && (DI::args()->getArgc() > (count($called_api) - 1)) && (count($called_api) > 0)) { - $argid = count($called_api); - if (!empty(DI::args()->getArgv()[$argid])) { - $data = explode(".", DI::args()->getArgv()[$argid]); - if (count($data) > 1) { - [$user, $null] = $data; - } - } - if (is_numeric($user)) { - $user = api_unique_id_to_nurl(intval($user)); - - if ($user != "") { - $url = $user; - $extra_query = "AND `contact`.`nurl` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - } else { - $extra_query = "AND `contact`.`nick` = ? "; - if (api_user() !== false) { - $extra_query .= "AND `contact`.`uid`=" . intval(api_user()); - } - } - } - - Logger::info(API_LOG_PREFIX . 'getting user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user]); - - if (!$user) { - if (api_user() === false) { - BasicAuth::getCurrentUserID(true); - return false; - } else { - $user = api_user(); - $extra_query = "AND `contact`.`uid` = ? AND `contact`.`self` "; - } - } - - Logger::info(API_LOG_PREFIX . 'found user {user}', ['module' => 'api', 'action' => 'get_user', 'user' => $user, 'extra_query' => $extra_query]); - - // user info - $uinfo = DBA::toArray(DBA::p( - "SELECT *, `contact`.`id` AS `cid` FROM `contact` - WHERE 1 - $extra_query", - $user - )); - - // Selecting the id by priority, friendica first - if (is_array($uinfo)) { - api_best_nickname($uinfo); - } - - // if the contact wasn't found, fetch it from the contacts with uid = 0 - if (!DBA::isResult($uinfo)) { - if ($url == "") { - throw new BadRequestException("User not found."); - } - - $contact = DBA::selectFirst('contact', [], ['uid' => 0, 'nurl' => Strings::normaliseLink($url)]); - - if (DBA::isResult($contact)) { - $ret = [ - 'id' => $contact["id"], - 'id_str' => (string) $contact["id"], - 'name' => $contact["name"], - 'screen_name' => (($contact['nick']) ? $contact['nick'] : $contact['name']), - 'location' => ($contact["location"] != "") ? $contact["location"] : ContactSelector::networkToName($contact['network'], $contact['url'], $contact['protocol']), - 'description' => BBCode::toPlaintext($contact["about"] ?? ''), - 'profile_image_url' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_https' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_profile_size' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_THUMB), - 'profile_image_url_large' => Contact::getAvatarUrlForUrl($contact['url'], api_user(), Proxy::SIZE_SMALL), - 'url' => $contact["url"], - 'protected' => false, - 'followers_count' => 0, - 'friends_count' => 0, - 'listed_count' => 0, - 'created_at' => api_date($contact["created"]), - 'favourites_count' => 0, - 'utc_offset' => 0, - 'time_zone' => 'UTC', - 'geo_enabled' => false, - 'verified' => false, - 'statuses_count' => 0, - 'lang' => '', - 'contributors_enabled' => false, - 'is_translator' => false, - 'is_translation_enabled' => false, - 'following' => false, - 'follow_request_sent' => false, - 'statusnet_blocking' => false, - 'notifications' => false, - 'statusnet_profile_url' => $contact["url"], - 'uid' => 0, - 'cid' => Contact::getIdForURL($contact["url"], api_user(), false), - 'pid' => Contact::getIdForURL($contact["url"], 0, false), - 'self' => 0, - 'network' => $contact["network"], - ]; - - return $ret; - } else { - throw new BadRequestException("User ".$url." not found."); - } - } - - if ($uinfo[0]['self']) { - if ($uinfo[0]['network'] == "") { - $uinfo[0]['network'] = Protocol::DFRN; - } - - $usr = DBA::selectFirst('user', ['default-location'], ['uid' => api_user()]); - $profile = DBA::selectFirst('profile', ['about'], ['uid' => api_user(), 'is-default' => true]); - } - $countitems = 0; - $countfriends = 0; - $countfollowers = 0; - $starred = 0; - - $pcontact_id = Contact::getIdForURL($uinfo[0]['url'], 0, false); - - if (!empty($profile['about'])) { - $description = $profile['about']; - } else { - $description = $uinfo[0]["about"]; - } - - if (!empty($usr['default-location'])) { - $location = $usr['default-location']; - } elseif (!empty($uinfo[0]["location"])) { - $location = $uinfo[0]["location"]; - } else { - $location = ContactSelector::networkToName($uinfo[0]['network'], $uinfo[0]['url'], $uinfo[0]['protocol']); - } - - $ret = [ - 'id' => intval($pcontact_id), - 'id_str' => (string) intval($pcontact_id), - 'name' => (($uinfo[0]['name']) ? $uinfo[0]['name'] : $uinfo[0]['nick']), - 'screen_name' => (($uinfo[0]['nick']) ? $uinfo[0]['nick'] : $uinfo[0]['name']), - 'location' => $location, - 'description' => BBCode::toPlaintext($description ?? ''), - 'profile_image_url' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_https' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_MICRO), - 'profile_image_url_profile_size' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_THUMB), - 'profile_image_url_large' => Contact::getAvatarUrlForUrl($uinfo[0]['url'], api_user(), Proxy::SIZE_SMALL), - 'url' => $uinfo[0]['url'], - 'protected' => false, - 'followers_count' => intval($countfollowers), - 'friends_count' => intval($countfriends), - 'listed_count' => 0, - 'created_at' => api_date($uinfo[0]['created']), - 'favourites_count' => intval($starred), - 'utc_offset' => "0", - 'time_zone' => 'UTC', - 'geo_enabled' => false, - 'verified' => true, - 'statuses_count' => intval($countitems), - 'lang' => '', - 'contributors_enabled' => false, - 'is_translator' => false, - 'is_translation_enabled' => false, - 'following' => (($uinfo[0]['rel'] == Contact::FOLLOWER) || ($uinfo[0]['rel'] == Contact::FRIEND)), - 'follow_request_sent' => false, - 'statusnet_blocking' => false, - 'notifications' => false, - /// @TODO old way? - //'statusnet_profile_url' => DI::baseUrl()."/contact/".$uinfo[0]['cid'], - 'statusnet_profile_url' => $uinfo[0]['url'], - 'uid' => intval($uinfo[0]['uid']), - 'cid' => intval($uinfo[0]['cid']), - 'pid' => Contact::getIdForURL($uinfo[0]["url"], 0, false), - 'self' => $uinfo[0]['self'], - 'network' => $uinfo[0]['network'], - ]; - - // If this is a local user and it uses Frio, we can get its color preferences. - if ($ret['self']) { - $theme_info = DBA::selectFirst('user', ['theme'], ['uid' => $ret['uid']]); - if ($theme_info['theme'] === 'frio') { - $schema = DI::pConfig()->get($ret['uid'], 'frio', 'schema'); - - if ($schema && ($schema != '---')) { - if (file_exists('view/theme/frio/schema/'.$schema.'.php')) { - $schemefile = 'view/theme/frio/schema/'.$schema.'.php'; - require_once $schemefile; - } - } else { - $nav_bg = DI::pConfig()->get($ret['uid'], 'frio', 'nav_bg'); - $link_color = DI::pConfig()->get($ret['uid'], 'frio', 'link_color'); - $bgcolor = DI::pConfig()->get($ret['uid'], 'frio', 'background_color'); - } - if (empty($nav_bg)) { - $nav_bg = "#708fa0"; - } - if (empty($link_color)) { - $link_color = "#6fdbe8"; - } - if (empty($bgcolor)) { - $bgcolor = "#ededed"; - } - - $ret['profile_sidebar_fill_color'] = str_replace('#', '', $nav_bg); - $ret['profile_link_color'] = str_replace('#', '', $link_color); - $ret['profile_background_color'] = str_replace('#', '', $bgcolor); - } - } - - return $ret; -} - /** * return api-formatted array for item's author and owner * @@ -641,14 +295,20 @@ function api_get_user($contact_id = null) */ function api_item_get_user(App $a, $item) { - $status_user = api_get_user($item['author-id'] ?? null); + if (empty($item['author-id'])) { + $item['author-id'] = Contact::getPublicIdByUserId(BaseApi::getCurrentUserID()); + } + $status_user = DI::twitterUser()->createFromContactId($item['author-id'], BaseApi::getCurrentUserID())->toArray(); $author_user = $status_user; $status_user["protected"] = isset($item['private']) && ($item['private'] == Item::PRIVATE); if (($item['thr-parent'] ?? '') == ($item['uri'] ?? '')) { - $owner_user = api_get_user($item['owner-id'] ?? null); + if (empty($item['owner-id'])) { + $item['owner-id'] = Contact::getPublicIdByUserId(BaseApi::getCurrentUserID()); + } + $owner_user = DI::twitterUser()->createFromContactId($item['owner-id'], BaseApi::getCurrentUserID())->toArray(); } else { $owner_user = $author_user; } @@ -676,21 +336,17 @@ function api_item_get_user(App $a, $item) */ function api_account_verify_credentials($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false) { - throw new ForbiddenException(); - } + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); - - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); $skip_status = $_REQUEST['skip_status'] ?? false; - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // "verified" isn't used here in the standard unset($user_info["verified"]); @@ -746,13 +402,11 @@ function api_statuses_mediap($type) { $a = DI::app(); - if (api_user() === false) { - logger::notice('api_statuses_update: no user'); - throw new ForbiddenException(); - } - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - $_REQUEST['profile_uid'] = api_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); + + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); $_REQUEST['api_source'] = true; $txt = requestdata('status') ?? ''; /// @TODO old-lost code? @@ -800,12 +454,7 @@ function api_statuses_update($type) { $a = DI::app(); - if (api_user() === false) { - logger::notice('api_statuses_update: no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // convert $_POST array items to the form we use for web posts. if (requestdata('htmlstatus')) { @@ -843,7 +492,7 @@ function api_statuses_update($type) if (requestdata('lat') && requestdata('long')) { $_REQUEST['coord'] = sprintf("%s %s", requestdata('lat'), requestdata('long')); } - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); if (!$parent) { // Check for throttling (maximum posts per day, week and month) @@ -851,11 +500,11 @@ function api_statuses_update($type) if ($throttle_day > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, BaseApi::getCurrentUserID(), $datefrom]; $posts_day = Post::count($condition); if ($posts_day > $throttle_day) { - logger::info('Daily posting limit reached for user '.api_user()); + logger::info('Daily posting limit reached for user '.BaseApi::getCurrentUserID()); // die(api_error($type, DI::l10n()->t("Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); throw new TooManyRequestsException(DI::l10n()->tt("Daily posting limit of %d post reached. The post was rejected.", "Daily posting limit of %d posts reached. The post was rejected.", $throttle_day)); } @@ -865,11 +514,11 @@ function api_statuses_update($type) if ($throttle_week > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*7); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, BaseApi::getCurrentUserID(), $datefrom]; $posts_week = Post::count($condition); if ($posts_week > $throttle_week) { - logger::info('Weekly posting limit reached for user '.api_user()); + logger::info('Weekly posting limit reached for user '.BaseApi::getCurrentUserID()); // die(api_error($type, DI::l10n()->t("Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week))); throw new TooManyRequestsException(DI::l10n()->tt("Weekly posting limit of %d post reached. The post was rejected.", "Weekly posting limit of %d posts reached. The post was rejected.", $throttle_week)); } @@ -879,11 +528,11 @@ function api_statuses_update($type) if ($throttle_month > 0) { $datefrom = date(DateTimeFormat::MYSQL, time() - 24*60*60*30); - $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, api_user(), $datefrom]; + $condition = ["`gravity` = ? AND `uid` = ? AND `wall` AND `received` > ?", GRAVITY_PARENT, BaseApi::getCurrentUserID(), $datefrom]; $posts_month = Post::count($condition); if ($posts_month > $throttle_month) { - logger::info('Monthly posting limit reached for user '.api_user()); + logger::info('Monthly posting limit reached for user '.BaseApi::getCurrentUserID()); // die(api_error($type, DI::l10n()->t("Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); throw new TooManyRequestsException(DI::l10n()->t("Monthly posting limit of %d post reached. The post was rejected.", "Monthly posting limit of %d posts reached. The post was rejected.", $throttle_month)); } @@ -908,7 +557,7 @@ function api_statuses_update($type) $media = DBA::toArray(DBA::p("SELECT `resource-id`, `scale`, `nickname`, `type`, `desc`, `filename`, `datasize`, `width`, `height` FROM `photo` INNER JOIN `user` ON `user`.`uid` = `photo`.`uid` WHERE `resource-id` IN (SELECT `resource-id` FROM `photo` WHERE `id` = ?) AND `photo`.`uid` = ? - ORDER BY `photo`.`width` DESC LIMIT 2", $id, api_user())); + ORDER BY `photo`.`width` DESC LIMIT 2", $id, BaseApi::getCurrentUserID())); if (!empty($media)) { $ressources[] = $media[0]['resource-id']; @@ -947,7 +596,7 @@ function api_statuses_update($type) $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $_REQUEST['source'] = api_source(); } // call out normal post function @@ -956,7 +605,7 @@ function api_statuses_update($type) if (!empty($ressources) && !empty($item_id)) { $item = Post::selectFirst(['uri-id', 'allow_cid', 'allow_gid', 'deny_cid', 'deny_gid'], ['id' => $item_id]); foreach ($ressources as $ressource) { - Photo::setPermissionForRessource($ressource, api_user(), $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); + Photo::setPermissionForRessource($ressource, BaseApi::getCurrentUserID(), $item['allow_cid'], $item['allow_gid'], $item['deny_cid'], $item['deny_gid']); } } @@ -983,12 +632,7 @@ function api_media_upload() { $a = DI::app(); - if (api_user() === false) { - logger::notice('no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); if (empty($_FILES['media'])) { // Output error @@ -1036,14 +680,7 @@ api_register_func('api/media/upload', 'api_media_upload', true, API_METHOD_POST) */ function api_media_metadata_create($type) { - $a = DI::app(); - - if (api_user() === false) { - Logger::info('no user'); - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); $postdata = Network::postdata(); @@ -1066,7 +703,7 @@ function api_media_metadata_create($type) Logger::info('Updating metadata', ['media_id' => $data['media_id']]); - $condition = ['id' => $data['media_id'], 'uid' => api_user()]; + $condition = ['id' => $data['media_id'], 'uid' => BaseApi::getCurrentUserID()]; $photo = DBA::selectFirst('photo', ['resource-id'], $condition); if (!DBA::isResult($photo)) { throw new BadRequestException("Metadata not found."); @@ -1149,9 +786,9 @@ function api_get_item(array $condition) */ function api_users_show($type) { - $a = Friendica\DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $item = api_get_last_status($user_info['pid'], $user_info['uid']); if (!empty($item)) { @@ -1183,8 +820,6 @@ api_register_func('api/externalprofile/show', 'api_users_show'); */ function api_users_search($type) { - $a = DI::app(); - $userlist = []; if (!empty($_GET['q'])) { @@ -1202,7 +837,7 @@ function api_users_search($type) if (DBA::isResult($contacts)) { $k = 0; foreach ($contacts as $contact) { - $user_info = api_get_user($contact['id']); + $user_info = DI::twitterUser()->createFromContactId($contact['id'], BaseApi::getCurrentUserID())->toArray(); if ($type == 'xml') { $userlist[$k++ . ':user'] = $user_info; @@ -1245,7 +880,10 @@ function api_users_lookup($type) if (!empty($_REQUEST['user_id'])) { foreach (explode(',', $_REQUEST['user_id']) as $id) { if (!empty($id)) { - $users[] = api_get_user($id); + $cid = BaseApi::getContactIDForSearchterm($id); + if (!empty($cid)) { + $users[] = DI::twitterUser()->createFromContactId($cid, BaseApi::getCurrentUserID())->toArray(); + } } } } @@ -1276,12 +914,9 @@ api_register_func('api/users/lookup', 'api_users_lookup', true); */ function api_search($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (empty($_REQUEST['q'])) { throw new BadRequestException('q parameter is required.'); @@ -1308,7 +943,7 @@ function api_search($type) $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; if (preg_match('/^#(\w+)$/', $searchTerm, $matches) === 1 && isset($matches[1])) { $searchTerm = $matches[1]; - $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, local_user()]; + $condition = ["`iid` > ? AND `name` = ? AND (NOT `private` OR (`private` AND `uid` = ?))", $since_id, $searchTerm, BaseApi::getCurrentUserID()]; $tags = DBA::select('tag-search-view', ['uri-id'], $condition); $uriids = []; while ($tag = DBA::fetch($tags)) { @@ -1331,7 +966,7 @@ function api_search($type) " . ($exclude_replies ? " AND `gravity` = " . GRAVITY_PARENT : ' ') . " AND (`uid` = 0 OR (`uid` = ? AND NOT `global`)) AND `body` LIKE CONCAT('%',?,'%')", - $since_id, api_user(), $_REQUEST['q']]; + $since_id, BaseApi::getCurrentUserID(), $_REQUEST['q']]; if ($max_id > 0) { $condition[0] .= ' AND `id` <= ?'; $condition[] = $max_id; @@ -1341,7 +976,7 @@ function api_search($type) $statuses = []; if (parse_url($searchTerm, PHP_URL_SCHEME) != '') { - $id = Item::fetchByLink($searchTerm, api_user()); + $id = Item::fetchByLink($searchTerm, BaseApi::getCurrentUserID()); if (!$id) { // Public post $id = Item::fetchByLink($searchTerm); @@ -1352,7 +987,7 @@ function api_search($type) } } - $statuses = $statuses ?: Post::selectForUser(api_user(), [], $condition, $params); + $statuses = $statuses ?: Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $data['status'] = api_format_items(Post::toArray($statuses), $user_info); @@ -1383,18 +1018,15 @@ api_register_func('api/search', 'api_search', true); */ function api_statuses_home_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); // get last network messages @@ -1409,7 +1041,7 @@ function api_statuses_home_timeline($type) $start = max(0, ($page - 1) * $count); $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ?", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `id` <= ?"; @@ -1425,7 +1057,7 @@ function api_statuses_home_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $items = Post::toArray($statuses); @@ -1451,7 +1083,7 @@ function api_statuses_home_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1477,12 +1109,9 @@ api_register_func('api/statuses/friends_timeline', 'api_statuses_home_timeline', */ function api_statuses_public_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // get last network messages @@ -1506,7 +1135,7 @@ function api_statuses_public_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $r = Post::toArray($statuses); } else { @@ -1523,7 +1152,7 @@ function api_statuses_public_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $r = Post::toArray($statuses); } @@ -1537,7 +1166,7 @@ function api_statuses_public_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1560,12 +1189,9 @@ api_register_func('api/statuses/public_timeline', 'api_statuses_public_timeline' */ function api_statuses_networkpublic_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -1585,7 +1211,7 @@ function api_statuses_networkpublic_timeline($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::toArray(Post::selectForUser(api_user(), Item::DISPLAY_FIELDLIST, $condition, $params)); + $statuses = Post::toArray(Post::selectForUser(BaseApi::getCurrentUserID(), Item::DISPLAY_FIELDLIST, $condition, $params)); $ret = api_format_items($statuses, $user_info, false, $type); @@ -1596,7 +1222,7 @@ function api_statuses_networkpublic_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1621,12 +1247,9 @@ api_register_func('api/statuses/networkpublic_timeline', 'api_statuses_networkpu */ function api_statuses_show($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1650,7 +1273,7 @@ function api_statuses_show($type) throw new BadRequestException(sprintf("There is no status with the id %d", $id)); } - $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]); + $item = Post::selectFirst(['id'], ['uri-id' => $uri_item['uri-id'], 'uid' => [0, BaseApi::getCurrentUserID()]], ['order' => ['uid' => true]]); if (!DBA::isResult($item)) { throw new BadRequestException(sprintf("There is no status with the uri-id %d for the given user.", $uri_item['uri-id'])); } @@ -1665,7 +1288,7 @@ function api_statuses_show($type) $params = []; } - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); /// @TODO How about copying this to above methods which don't check $r ? if (!DBA::isResult($statuses)) { @@ -1700,12 +1323,9 @@ api_register_func('api/statuses/show', 'api_statuses_show', true); */ function api_conversation_show($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1733,7 +1353,7 @@ function api_conversation_show($type) throw new BadRequestException("There is no status with the id $id."); } - $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, api_user()]], ['order' => ['uid' => true]]); + $parent = Post::selectFirst(['id'], ['uri-id' => $item['parent-uri-id'], 'uid' => [0, BaseApi::getCurrentUserID()]], ['order' => ['uid' => true]]); if (!DBA::isResult($parent)) { throw new BadRequestException("There is no status with this id."); } @@ -1741,7 +1361,7 @@ function api_conversation_show($type) $id = $parent['id']; $condition = ["`parent` = ? AND `uid` IN (0, ?) AND `gravity` IN (?, ?) AND `id` > ?", - $id, api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + $id, BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; if ($max_id > 0) { $condition[0] .= " AND `id` <= ?"; @@ -1749,7 +1369,7 @@ function api_conversation_show($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); if (!DBA::isResult($statuses)) { throw new BadRequestException("There is no status with id $id."); @@ -1780,15 +1400,9 @@ api_register_func('api/statusnet/conversation', 'api_conversation_show', true); */ function api_statuses_repeat($type) { - global $called_api; - $a = DI::app(); - if (api_user() === false) { - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1809,7 +1423,7 @@ function api_statuses_repeat($type) if (DBA::isResult($item) && !empty($item['body'])) { if (in_array($item['network'], [Protocol::ACTIVITYPUB, Protocol::DFRN, Protocol::TWITTER])) { - if (!Item::performActivity($id, 'announce', local_user())) { + if (!Item::performActivity($id, 'announce', BaseApi::getCurrentUserID())) { throw new InternalServerErrorException(); } @@ -1829,11 +1443,11 @@ function api_statuses_repeat($type) $post .= "[/share]"; } $_REQUEST['body'] = $post; - $_REQUEST['profile_uid'] = api_user(); + $_REQUEST['profile_uid'] = BaseApi::getCurrentUserID(); $_REQUEST['api_source'] = true; if (empty($_REQUEST['source'])) { - $_REQUEST["source"] = api_source(); + $_REQUEST['source'] = api_source(); } $item_id = item_post($a); @@ -1843,7 +1457,6 @@ function api_statuses_repeat($type) } // output the post that we just posted. - $called_api = []; return api_status_show($type, $item_id); } @@ -1865,13 +1478,7 @@ api_register_func('api/statuses/retweet', 'api_statuses_repeat', true, API_METHO */ function api_statuses_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } - - api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params $id = intval(DI::args()->getArgv()[3] ?? 0); @@ -1889,7 +1496,7 @@ function api_statuses_destroy($type) $ret = api_statuses_show($type); - Item::deleteForUser(['id' => $id], api_user()); + Item::deleteForUser(['id' => $id], BaseApi::getCurrentUserID()); return $ret; } @@ -1912,18 +1519,15 @@ api_register_func('api/statuses/destroy', 'api_statuses_destroy', true, API_METH */ function api_statuses_mentions($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); // get last network messages @@ -1941,11 +1545,11 @@ function api_statuses_mentions($type) $condition = [ GRAVITY_PARENT, GRAVITY_COMMENT, - api_user(), + BaseApi::getCurrentUserID(), Post\UserNotification::TYPE_EXPLICIT_TAGGED | Post\UserNotification::TYPE_IMPLICIT_TAGGED | Post\UserNotification::TYPE_THREAD_COMMENT | Post\UserNotification::TYPE_DIRECT_COMMENT | Post\UserNotification::TYPE_DIRECT_THREAD_COMMENT, - api_user(), $since_id, + BaseApi::getCurrentUserID(), $since_id, ]; if ($max_id > 0) { @@ -1956,7 +1560,7 @@ function api_statuses_mentions($type) array_unshift($condition, $query); $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); @@ -1965,7 +1569,7 @@ function api_statuses_mentions($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -1990,14 +1594,11 @@ api_register_func('api/statuses/replies', 'api_statuses_mentions', true); */ function api_statuses_user_timeline($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - Logger::info('api_statuses_user_timeline', ['api_user' => api_user(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); + Logger::info('api_statuses_user_timeline', ['api_user' => BaseApi::getCurrentUserID(), 'user_info' => $user_info, '_REQUEST' => $_REQUEST]); $since_id = $_REQUEST['since_id'] ?? 0; $max_id = $_REQUEST['max_id'] ?? 0; @@ -2011,7 +1612,7 @@ function api_statuses_user_timeline($type) $start = max(0, ($page - 1) * $count); $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `contact-id` = ?", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']]; + BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id, $user_info['cid']]; if ($user_info['self'] == 1) { $condition[0] .= ' AND `wall` '; @@ -2032,7 +1633,7 @@ function api_statuses_user_timeline($type) $condition[] = $max_id; } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $ret = api_format_items(Post::toArray($statuses), $user_info, true, $type); @@ -2043,7 +1644,7 @@ function api_statuses_user_timeline($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -2069,11 +1670,7 @@ api_register_func('api/statuses/user_timeline', 'api_statuses_user_timeline', tr */ function api_favorites_create_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // for versioned api. /// @TODO We need a better global soluton @@ -2092,7 +1689,7 @@ function api_favorites_create_destroy($type) $itemid = intval($_REQUEST['id'] ?? 0); } - $item = Post::selectFirstForUser(api_user(), [], ['id' => $itemid, 'uid' => api_user()]); + $item = Post::selectFirstForUser(BaseApi::getCurrentUserID(), [], ['id' => $itemid, 'uid' => BaseApi::getCurrentUserID()]); if (!DBA::isResult($item)) { throw new BadRequestException("Invalid item."); @@ -2115,8 +1712,7 @@ function api_favorites_create_destroy($type) throw new InternalServerErrorException("DB error"); } - - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $rets = api_format_items([$item], $user_info, false, $type); $ret = $rets[0]; @@ -2125,7 +1721,7 @@ function api_favorites_create_destroy($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -2150,16 +1746,9 @@ api_register_func('api/favorites/destroy', 'api_favorites_create_destroy', true, */ function api_favorites($type) { - global $called_api; + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $a = DI::app(); - $user_info = api_get_user(); - - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } - - $called_api = []; + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); // in friendica starred item are private // return favorites only for self @@ -2177,7 +1766,7 @@ function api_favorites($type) $start = max(0, ($page - 1) * $count); $condition = ["`uid` = ? AND `gravity` IN (?, ?) AND `id` > ? AND `starred`", - api_user(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; + BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT, $since_id]; $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; @@ -2186,7 +1775,7 @@ function api_favorites($type) $condition[] = $max_id; } - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $ret = api_format_items(Post::toArray($statuses), $user_info, false, $type); } @@ -2198,7 +1787,7 @@ function api_favorites($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -2225,7 +1814,7 @@ function api_format_messages($item, $recipient, $sender) 'sender_id' => $sender['id'], 'text' => "", 'recipient_id' => $recipient['id'], - 'created_at' => api_date($item['created'] ?? DateTimeFormat::utcNow()), + 'created_at' => DateTimeFormat::utc($item['created'] ?? 'now', DateTimeFormat::API), 'sender_screen_name' => $sender['screen_name'], 'recipient_screen_name' => $recipient['screen_name'], 'sender' => $sender, @@ -2624,8 +2213,6 @@ function api_contactlink_to_array($txt) */ function api_format_items_activities($item, $type = "json") { - $a = DI::app(); - $activities = [ 'like' => [], 'dislike' => [], @@ -2643,7 +2230,7 @@ function api_format_items_activities($item, $type = "json") //builtin_activity_puller($i, $activities); // get user data and add it to the array of the activity - $user = api_get_user($parent_item['author-id']); + $user = DI::twitterUser()->createFromContactId($parent_item['author-id'], BaseApi::getCurrentUserID())->toArray(); switch ($parent_item['verb']) { case Activity::LIKE: $activities['like'][] = $user; @@ -2702,7 +2289,7 @@ function api_format_items_activities($item, $type = "json") */ function api_format_items($items, $user_info, $filter_user = false, $type = "json") { - $a = Friendica\DI::app(); + $a = DI::app(); $ret = []; @@ -2740,7 +2327,7 @@ function api_format_items($items, $user_info, $filter_user = false, $type = "jso */ function api_format_item($item, $type = "json", $status_user = null, $author_user = null, $owner_user = null) { - $a = Friendica\DI::app(); + $a = DI::app(); if (empty($status_user) || empty($author_user) || empty($owner_user)) { [$status_user, $author_user, $owner_user] = api_item_get_user($a, $item); @@ -2761,7 +2348,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $status = [ 'text' => $converted["text"], 'truncated' => false, - 'created_at'=> api_date($item['created']), + 'created_at'=> DateTimeFormat::utc($item['created'], DateTimeFormat::API), 'in_reply_to_status_id' => $in_reply_to['status_id'], 'in_reply_to_status_id_str' => $in_reply_to['status_id_str'], 'source' => (($item['app']) ? $item['app'] : 'web'), @@ -2807,7 +2394,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use if (!empty($announce)) { $retweeted_item = $item; $item = $announce; - $status['friendica_owner'] = api_get_user($announce['author-id']); + $status['friendica_owner'] = DI::twitterUser()->createFromContactId($announce['author-id'], BaseApi::getCurrentUserID())->toArray(); } } @@ -2826,7 +2413,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $quoted_status['text'] = $conv_quoted['text']; $quoted_status['statusnet_html'] = $conv_quoted['html']; try { - $quoted_status["user"] = api_get_user($quoted_item["author-id"]); + $quoted_status["user"] = DI::twitterUser()->createFromContactId($quoted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2848,7 +2435,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use unset($retweeted_status['statusnet_conversation_id']); $status['user'] = $status['friendica_owner']; try { - $retweeted_status["user"] = api_get_user($retweeted_item["author-id"]); + $retweeted_status["user"] = DI::twitterUser()->createFromContactId($retweeted_item['author-id'], BaseApi::getCurrentUserID())->toArray(); } catch (BadRequestException $e) { // user not found. should be found? /// @todo check if the user should be always found @@ -2860,7 +2447,7 @@ function api_format_item($item, $type = "json", $status_user = null, $author_use $retweeted_status['text'] = $rt_converted["text"]; $retweeted_status['statusnet_html'] = $rt_converted["html"]; $retweeted_status['friendica_html'] = $rt_converted["html"]; - $retweeted_status['created_at'] = api_date($retweeted_item['created']); + $retweeted_status['created_at'] = DateTimeFormat::utc($retweeted_item['created'], DateTimeFormat::API); if (!empty($quoted_status)) { $retweeted_status['quoted_status'] = $quoted_status; @@ -2930,14 +2517,10 @@ api_register_func('api/lists/subscriptions', 'api_lists_list', true); */ function api_lists_ownerships($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $uid = $user_info['uid']; $groups = DBA::select('group', [], ['deleted' => 0, 'uid' => $uid]); @@ -2979,18 +2562,15 @@ api_register_func('api/lists/ownerships', 'api_lists_ownerships', true); */ function api_lists_statuses($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); - $user_info = api_get_user(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); if (empty($_REQUEST['list_id'])) { throw new BadRequestException('list_id not specified'); @@ -3008,7 +2588,7 @@ function api_lists_statuses($type) $groups = DBA::selectToArray('group_member', ['contact-id'], ['gid' => 1]); $gids = array_column($groups, 'contact-id'); - $condition = ['uid' => api_user(), 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids]; + $condition = ['uid' => BaseApi::getCurrentUserID(), 'gravity' => [GRAVITY_PARENT, GRAVITY_COMMENT], 'group-id' => $gids]; $condition = DBA::mergeConditions($condition, ["`id` > ?", $since_id]); if ($max_id > 0) { @@ -3025,7 +2605,7 @@ function api_lists_statuses($type) } $params = ['order' => ['id' => true], 'limit' => [$start, $count]]; - $statuses = Post::selectForUser(api_user(), [], $condition, $params); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition, $params); $items = api_format_items(Post::toArray($statuses), $user_info, false, $type); @@ -3034,7 +2614,7 @@ function api_lists_statuses($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -3060,11 +2640,7 @@ api_register_func('api/lists/statuses', 'api_lists_statuses', true); */ function api_statuses_f($qtype) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // pagination $count = $_GET['count'] ?? 20; @@ -3072,7 +2648,7 @@ function api_statuses_f($qtype) $start = max(0, ($page - 1) * $count); - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (!empty($_GET['cursor']) && $_GET['cursor'] == 'undefined') { /* this is to stop Hotot to load friends multiple times @@ -3107,7 +2683,7 @@ function api_statuses_f($qtype) // @todo This query most likely can be replaced with a Contact::select... $r = DBA::toArray(DBA::p( - "SELECT `nurl` + "SELECT `id` FROM `contact` WHERE `uid` = ? AND NOT `self` @@ -3115,14 +2691,14 @@ function api_statuses_f($qtype) $sql_extra ORDER BY `nick` LIMIT ?, ?", - api_user(), + BaseApi::getCurrentUserID(), $start, $count )); $ret = []; foreach ($r as $cid) { - $user = api_get_user($cid['nurl']); + $user = DI::twitterUser()->createFromContactId($cid['id'], BaseApi::getCurrentUserID())->toArray(); // "uid" and "self" are only needed for some internal stuff, so remove it from here unset($user["uid"]); unset($user["self"]); @@ -3246,29 +2822,30 @@ api_register_func('api/friendships/incoming', 'api_friendships_incoming', true); */ function api_direct_messages_new($type) { - $a = DI::app(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - if (api_user() === false) { - throw new ForbiddenException(); - } + $uid = BaseApi::getCurrentUserID(); - if (empty($_POST["text"]) || empty($_POST["screen_name"]) && empty($_POST["user_id"])) { + if (empty($_POST["text"]) || empty($_POST['screen_name']) && empty($_POST['user_id'])) { return; } - $sender = api_get_user(); + $sender = DI::twitterUser()->createFromUserId($uid)->toArray(); $recipient = null; if (!empty($_POST['screen_name'])) { - $contacts = Contact::selectToArray(['id', 'nurl', 'network'], ['uid' => api_user(), 'nick' => $_POST['screen_name']]); + $contacts = Contact::selectToArray(['id', 'nurl', 'network'], ['uid' => BaseApi::getCurrentUserID(), 'nick' => $_POST['screen_name']]); if (DBA::isResult($contacts)) { // Selecting the id by priority, friendica first api_best_nickname($contacts); - $recipient = api_get_user($contacts[0]['nurl']); + $recipient = DI::twitterUser()->createFromContactId($contacts[0]['id'], $uid)->toArray(); } } else { - $recipient = api_get_user($_POST['user_id']); + $cid = BaseApi::getContactIDForSearchterm($_POST['user_id']); + if (!empty($cid)) { + $recipient = DI::twitterUser()->createFromContactId($cid, $uid)->toArray(); + } } if (empty($recipient)) { @@ -3277,7 +2854,7 @@ function api_direct_messages_new($type) $replyto = ''; if (!empty($_REQUEST['replyto'])) { - $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => api_user(), 'id' => $_REQUEST['replyto']]); + $mail = DBA::selectFirst('mail', ['parent-uri', 'title'], ['uid' => BaseApi::getCurrentUserID(), 'id' => $_REQUEST['replyto']]); $replyto = $mail['parent-uri']; $sub = $mail['title']; } else { @@ -3303,7 +2880,7 @@ function api_direct_messages_new($type) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $sender); + $data = api_rss_extra($data, $sender); break; } @@ -3327,14 +2904,10 @@ api_register_func('api/direct_messages/new', 'api_direct_messages_new', true, AP */ function api_direct_messages_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); //required $id = $_REQUEST['id'] ?? 0; // optional @@ -3400,11 +2973,8 @@ api_register_func('api/direct_messages/destroy', 'api_direct_messages_destroy', */ function api_friendships_destroy($type) { - $uid = api_user(); - - if ($uid === false) { - throw new HTTPException\ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + $uid = BaseApi::getCurrentUserID(); $owner = User::getOwnerDataById($uid); if (!$owner) { @@ -3482,10 +3052,8 @@ api_register_func('api/friendships/destroy', 'api_friendships_destroy', true, AP */ function api_direct_messages_box($type, $box, $verbose) { - $a = DI::app(); - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + // params $count = $_GET['count'] ?? 20; $page = $_REQUEST['page'] ?? 1; @@ -3497,16 +3065,14 @@ function api_direct_messages_box($type, $box, $verbose) $screen_name = $_REQUEST['screen_name'] ?? ''; // caller user info - unset($_REQUEST["user_id"]); - unset($_GET["user_id"]); + unset($_REQUEST['user_id']); + unset($_GET['user_id']); - unset($_REQUEST["screen_name"]); - unset($_GET["screen_name"]); + unset($_REQUEST['screen_name']); + unset($_GET['screen_name']); + + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - $user_info = api_get_user(); - if ($user_info === false) { - throw new ForbiddenException(); - } $profile_url = $user_info["url"]; // pagination @@ -3537,7 +3103,7 @@ function api_direct_messages_box($type, $box, $verbose) $r = DBA::toArray(DBA::p( "SELECT `mail`.*, `contact`.`nurl` AS `contact-url` FROM `mail`,`contact` WHERE `mail`.`contact-id` = `contact`.`id` AND `mail`.`uid` = ? AND $sql_extra AND `mail`.`id` > ? ORDER BY `mail`.`id` DESC LIMIT ?,?", - api_user(), + BaseApi::getCurrentUserID(), $since_id, $start, $count @@ -3551,9 +3117,9 @@ function api_direct_messages_box($type, $box, $verbose) foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user(Strings::normaliseLink($item['contact-url'])); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user(Strings::normaliseLink($item['contact-url'])); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); $sender = $user_info; } @@ -3568,7 +3134,7 @@ function api_direct_messages_box($type, $box, $verbose) case "atom": break; case "rss": - $data = api_rss_extra($a, $data, $user_info); + $data = api_rss_extra($data, $user_info); break; } @@ -3651,14 +3217,13 @@ api_register_func('api/direct_messages', 'api_direct_messages_inbox', true); */ function api_fr_photos_list($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + $r = DBA::toArray(DBA::p( "SELECT `resource-id`, MAX(scale) AS `scale`, `album`, `filename`, `type`, MAX(`created`) AS `created`, MAX(`edited`) AS `edited`, MAX(`desc`) AS `desc` FROM `photo` WHERE `uid` = ? AND NOT `photo-type` IN (?, ?) GROUP BY `resource-id`, `album`, `filename`, `type`", - local_user(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER + BaseApi::getCurrentUserID(), Photo::CONTACT_AVATAR, Photo::CONTACT_BANNER )); $typetoext = [ 'image/jpeg' => 'jpg', @@ -3702,9 +3267,8 @@ function api_fr_photos_list($type) */ function api_fr_photo_create_update($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + // input params $photo_id = $_REQUEST['photo_id'] ?? null; $desc = $_REQUEST['desc'] ?? null; @@ -3737,7 +3301,7 @@ function api_fr_photo_create_update($type) $mode = "update"; // check if photo is existing in databasei - if (!Photo::exists(['resource-id' => $photo_id, 'uid' => api_user(), 'album' => $album])) { + if (!Photo::exists(['resource-id' => $photo_id, 'uid' => BaseApi::getCurrentUserID(), 'album' => $album])) { throw new BadRequestException("photo not available"); } } @@ -3799,7 +3363,7 @@ function api_fr_photo_create_update($type) $result = false; if (count($updated_fields) > 0) { $nothingtodo = false; - $result = Photo::update($updated_fields, ['uid' => api_user(), 'resource-id' => $photo_id, 'album' => $album]); + $result = Photo::update($updated_fields, ['uid' => BaseApi::getCurrentUserID(), 'resource-id' => $photo_id, 'album' => $album]); } else { $nothingtodo = true; } @@ -3840,9 +3404,8 @@ function api_fr_photo_create_update($type) */ function api_fr_photo_detail($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); + if (empty($_REQUEST['photo_id'])) { throw new BadRequestException("No photo id."); } @@ -3872,9 +3435,8 @@ function api_fr_photo_detail($type) */ function api_account_update_profile_image($type) { - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + // input params $profile_id = $_REQUEST['profile_id'] ?? 0; @@ -3885,7 +3447,7 @@ function api_account_update_profile_image($type) // check if specified profile id is valid if ($profile_id != 0) { - $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => api_user(), 'id' => $profile_id]); + $profile = DBA::selectFirst('profile', ['is-default'], ['uid' => BaseApi::getCurrentUserID(), 'id' => $profile_id]); // error message if specified profile id is not in database if (!DBA::isResult($profile)) { throw new BadRequestException("profile_id not available"); @@ -3921,18 +3483,18 @@ function api_account_update_profile_image($type) // change specified profile or all profiles to the new resource-id if ($is_default_profile) { - $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], api_user()]; + $condition = ["`profile` AND `resource-id` != ? AND `uid` = ?", $data['photo']['id'], BaseApi::getCurrentUserID()]; Photo::update(['profile' => false, 'photo-type' => Photo::DEFAULT], $condition); } else { $fields = ['photo' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-4.' . $fileext, 'thumb' => DI::baseUrl() . '/photo/' . $data['photo']['id'] . '-5.' . $fileext]; - DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => api_user()]); + DBA::update('profile', $fields, ['id' => $_REQUEST['profile'], 'uid' => BaseApi::getCurrentUserID()]); } - Contact::updateSelfFromUserID(api_user(), true); + Contact::updateSelfFromUserID(BaseApi::getCurrentUserID(), true); // Update global directory in background - Profile::publishUpdate(api_user()); + Profile::publishUpdate(BaseApi::getCurrentUserID()); // output for client if ($data) { @@ -3964,8 +3526,11 @@ api_register_func('api/account/update_profile_image', 'api_account_update_profil */ function api_account_update_profile($type) { - $local_user = api_user(); - $api_user = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + + $local_user = BaseApi::getCurrentUserID(); + + $api_user = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); if (!empty($_POST['name'])) { DBA::update('profile', ['name' => $_POST['name']], ['uid' => $local_user]); @@ -4010,7 +3575,7 @@ function check_acl_input($acl_string) foreach ($cid_array as $cid) { $cid = str_replace("<", "", $cid); $cid = str_replace(">", "", $cid); - $condition = ['id' => $cid, 'uid' => api_user()]; + $condition = ['id' => $cid, 'uid' => BaseApi::getCurrentUserID()]; $contact_not_found |= !DBA::exists('contact', $condition); } return $contact_not_found; @@ -4112,13 +3677,13 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ // upload normal image (scales 0, 1, 2) logger::info("photo upload: starting new photo upload"); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 0, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: image upload with scale 0 (original size) failed"); } if ($width > 640 || $height > 640) { $Image->scaleDown(640); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 1, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: image upload with scale 1 (640x640) failed"); } @@ -4126,7 +3691,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 320 || $height > 320) { $Image->scaleDown(320); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 2, Photo::DEFAULT, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: image upload with scale 2 (320x320) failed"); } @@ -4138,7 +3703,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 300 || $height > 300) { $Image->scaleDown(300); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 4, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: profile image upload with scale 4 (300x300) failed"); } @@ -4146,7 +3711,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 80 || $height > 80) { $Image->scaleDown(80); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 5, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: profile image upload with scale 5 (80x80) failed"); } @@ -4154,7 +3719,7 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ if ($width > 48 || $height > 48) { $Image->scaleDown(48); - $r = Photo::store($Image, local_user(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); + $r = Photo::store($Image, BaseApi::getCurrentUserID(), $visitor, $resource_id, $filename, $album, 6, $phototype, $allow_cid, $allow_gid, $deny_cid, $deny_gid, $desc); if (!$r) { logger::notice("photo upload: profile image upload with scale 6 (48x48) failed"); } @@ -4189,12 +3754,12 @@ function save_media_to_database($mediatype, $media, $type, $album, $allow_cid, $ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $filetype, $visibility = false) { // get data about the api authenticated user - $uri = Item::newURI(intval(api_user())); - $owner_record = DBA::selectFirst('contact', [], ['uid' => api_user(), 'self' => true]); + $uri = Item::newURI(intval(BaseApi::getCurrentUserID())); + $owner_record = DBA::selectFirst('contact', [], ['uid' => BaseApi::getCurrentUserID(), 'self' => true]); $arr = []; $arr['guid'] = System::createUUID(); - $arr['uid'] = intval(api_user()); + $arr['uid'] = intval(BaseApi::getCurrentUserID()); $arr['uri'] = $uri; $arr['type'] = 'photo'; $arr['wall'] = 1; @@ -4245,12 +3810,9 @@ function post_photo_item($hash, $allow_cid, $deny_cid, $allow_gid, $deny_gid, $f */ function prepare_photo_data($type, $scale, $photo_id) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); - if ($user_info === false) { - throw new ForbiddenException(); - } + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $scale_sql = ($scale === false ? "" : sprintf("AND scale=%d", intval($scale))); $data_sql = ($scale === false ? "" : "data, "); @@ -4264,7 +3826,7 @@ function prepare_photo_data($type, $scale, $photo_id) FROM `photo` WHERE `uid` = ? AND `resource-id` = ? $scale_sql GROUP BY `resource-id`, `created`, `edited`, `title`, `desc`, `album`, `filename`, `type`, `height`, `width`, `datasize`, `profile`, `allow_cid`, `deny_cid`, `allow_gid`, `deny_gid`", - local_user(), + BaseApi::getCurrentUserID(), $photo_id )); @@ -4307,7 +3869,7 @@ function prepare_photo_data($type, $scale, $photo_id) } // retrieve item element for getting activities (like, dislike etc.) related to photo - $condition = ['uid' => api_user(), 'resource-id' => $photo_id]; + $condition = ['uid' => BaseApi::getCurrentUserID(), 'resource-id' => $photo_id]; $item = Post::selectFirst(['id', 'uid', 'uri', 'parent', 'allow_cid', 'deny_cid', 'allow_gid', 'deny_gid'], $condition); if (!DBA::isResult($item)) { throw new NotFoundException('Photo-related item not found.'); @@ -4317,9 +3879,9 @@ function prepare_photo_data($type, $scale, $photo_id) // retrieve comments on photo $condition = ["`parent` = ? AND `uid` = ? AND `gravity` IN (?, ?)", - $item['parent'], api_user(), GRAVITY_PARENT, GRAVITY_COMMENT]; + $item['parent'], BaseApi::getCurrentUserID(), GRAVITY_PARENT, GRAVITY_COMMENT]; - $statuses = Post::selectForUser(api_user(), [], $condition); + $statuses = Post::selectForUser(BaseApi::getCurrentUserID(), [], $condition); // prepare output of comments $commentData = api_format_items(Post::toArray($statuses), $user_info, false, $type); @@ -4539,14 +4101,10 @@ function api_best_nickname(&$contacts) */ function api_friendica_group_show($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['gid'] ?? 0; $uid = $user_info['uid']; @@ -4572,13 +4130,13 @@ function api_friendica_group_show($type) $user_element = "users"; $k = 0; foreach ($members as $member) { - $user = api_get_user($member['nurl']); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); $users[$k++.":user"] = $user; } } else { $user_element = "user"; foreach ($members as $member) { - $user = api_get_user($member['nurl']); + $user = DI::twitterUser()->createFromContactId($member['contact-id'], BaseApi::getCurrentUserID())->toArray(); $users[] = $user; } } @@ -4604,14 +4162,10 @@ api_register_func('api/friendica/group_show', 'api_friendica_group_show', true); */ function api_lists_destroy($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $uid = $user_info['uid']; @@ -4709,14 +4263,10 @@ function group_create($name, $uid, $users = []) */ function api_friendica_group_create($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; $json = json_decode($_POST['json'], true); @@ -4744,14 +4294,10 @@ api_register_func('api/friendica/group_create', 'api_friendica_group_create', tr */ function api_lists_create($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4784,14 +4330,10 @@ api_register_func('api/lists/create', 'api_lists_create', true, API_METHOD_POST) */ function api_friendica_group_update($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $uid = $user_info['uid']; $gid = $_REQUEST['gid'] ?? 0; $name = $_REQUEST['name'] ?? ''; @@ -4858,14 +4400,10 @@ api_register_func('api/friendica/group_update', 'api_friendica_group_update', tr */ function api_lists_update($type) { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $gid = $_REQUEST['list_id'] ?? 0; $name = $_REQUEST['name'] ?? ''; $uid = $user_info['uid']; @@ -4911,12 +4449,10 @@ api_register_func('api/lists/update', 'api_lists_update', true, API_METHOD_POST) */ function api_friendica_notification_seen($type) { - $a = DI::app(); - $user_info = api_get_user(); + BaseApi::checkAllowedScope(BaseApi::SCOPE_WRITE); + + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); - if (api_user() === false || $user_info === false) { - throw new ForbiddenException(); - } if (DI::args()->getArgc() !== 4) { throw new BadRequestException('Invalid argument count'); } @@ -4925,7 +4461,7 @@ function api_friendica_notification_seen($type) try { $Notify = DI::notify()->selectOneById($id); - if ($Notify->uid !== api_user()) { + if ($Notify->uid !== BaseApi::getCurrentUserID()) { throw new NotFoundException(); } @@ -4937,7 +4473,7 @@ function api_friendica_notification_seen($type) DI::notify()->save($Notify); if ($Notify->otype === Notification\ObjectType::ITEM) { - $item = Post::selectFirstForUser(api_user(), [], ['id' => $Notify->iid, 'uid' => api_user()]); + $item = Post::selectFirstForUser(BaseApi::getCurrentUserID(), [], ['id' => $Notify->iid, 'uid' => BaseApi::getCurrentUserID()]); if (DBA::isResult($item)) { // we found the item, return it to the user $ret = api_format_items([$item], $user_info, false, $type); @@ -4974,14 +4510,10 @@ api_register_func('api/friendica/notification/seen', 'api_friendica_notification */ function api_friendica_direct_messages_search($type, $box = "") { - $a = DI::app(); - - if (api_user() === false) { - throw new ForbiddenException(); - } + BaseApi::checkAllowedScope(BaseApi::SCOPE_READ); // params - $user_info = api_get_user(); + $user_info = DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray(); $searchstring = $_REQUEST['searchstring'] ?? ''; $uid = $user_info['uid']; @@ -5010,9 +4542,9 @@ function api_friendica_direct_messages_search($type, $box = "") foreach ($r as $item) { if ($box == "inbox" || $item['from-url'] != $profile_url) { $recipient = $user_info; - $sender = api_get_user(Strings::normaliseLink($item['contact-url'])); + $sender = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); } elseif ($box == "sentbox" || $item['from-url'] == $profile_url) { - $recipient = api_get_user(Strings::normaliseLink($item['contact-url'])); + $recipient = DI::twitterUser()->createFromContactId($item['contact-id'], BaseApi::getCurrentUserID())->toArray(); $sender = $user_info; } diff --git a/mod/wall_upload.php b/mod/wall_upload.php index 88d5008c2..5a23664ed 100644 --- a/mod/wall_upload.php +++ b/mod/wall_upload.php @@ -32,6 +32,7 @@ use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Photo; use Friendica\Model\User; +use Friendica\Module\BaseApi; use Friendica\Object\Image; use Friendica\Util\Images; use Friendica\Util\Strings; @@ -55,8 +56,7 @@ function wall_upload_post(App $a, $desktopmode = true) return; } } else { - $user_info = api_get_user(); - $user = DBA::selectFirst('owner-view', ['id', 'uid', 'nickname', 'page-flags'], ['nickname' => $user_info['screen_name'], 'blocked' => false]); + $user = DBA::selectFirst('owner-view', ['id', 'uid', 'nickname', 'page-flags'], ['uid' => BaseApi::getCurrentUserID(), 'blocked' => false]); } } else { if ($r_json) { diff --git a/src/Factory/Api/Twitter/User.php b/src/Factory/Api/Twitter/User.php index ad73df1f5..e545bd78c 100644 --- a/src/Factory/Api/Twitter/User.php +++ b/src/Factory/Api/Twitter/User.php @@ -52,4 +52,9 @@ class User extends BaseFactory return new \Friendica\Object\Api\Twitter\User($publicContact, $apcontact, $userContact, $skip_status, $include_user_entities); } + + public function createFromUserId(int $uid, $skip_status = false, $include_user_entities = true) + { + return $this->createFromContactId(Contact::getPublicIdByUserId($uid), $uid, $skip_status, $include_user_entities); + } } diff --git a/src/Module/Api/Friendica/Profile/Show.php b/src/Module/Api/Friendica/Profile/Show.php index fe0315a84..8f60c0f84 100644 --- a/src/Module/Api/Friendica/Profile/Show.php +++ b/src/Module/Api/Friendica/Profile/Show.php @@ -24,7 +24,6 @@ namespace Friendica\Module\Api\Friendica\Profile; use Friendica\Profile\ProfileField\Collection\ProfileFields; use Friendica\Content\Text\BBCode; use Friendica\DI; -use Friendica\Model\Contact; use Friendica\Model\Profile; use Friendica\Module\BaseApi; use Friendica\Network\HTTPException; @@ -55,13 +54,10 @@ class Show extends BaseApi $profiles[] = $profile; } - // return settings, authenticated user and profiles data - $self = Contact::selectFirst(['nurl'], ['uid' => $uid, 'self' => true]); - $result = [ 'multi_profiles' => false, 'global_dir' => $directory, - 'friendica_owner' => self::getUser($self['nurl']), + 'friendica_owner' => DI::twitterUser()->createFromUserId($uid), 'profiles' => $profiles ]; diff --git a/src/Module/Api/Twitter/Account/RateLimitStatus.php b/src/Module/Api/Twitter/Account/RateLimitStatus.php index e38ffb061..9a275cecb 100644 --- a/src/Module/Api/Twitter/Account/RateLimitStatus.php +++ b/src/Module/Api/Twitter/Account/RateLimitStatus.php @@ -48,7 +48,7 @@ class RateLimitStatus extends BaseApi 'reset_time_in_seconds' => strtotime('now + 1 hour'), 'remaining_hits' => '150', 'hourly_limit' => '150', - 'reset_time' => api_date(DateTimeFormat::utc('now + 1 hour', DateTimeFormat::ATOM)), + 'reset_time' => DateTimeFormat::utc('now + 1 hour', DateTimeFormat::API), ]; } diff --git a/src/Module/Api/Twitter/FollowersIds.php b/src/Module/Api/Twitter/Followers/Ids.php similarity index 91% rename from src/Module/Api/Twitter/FollowersIds.php rename to src/Module/Api/Twitter/Followers/Ids.php index f4287dc44..cab4c3864 100644 --- a/src/Module/Api/Twitter/FollowersIds.php +++ b/src/Module/Api/Twitter/Followers/Ids.php @@ -19,10 +19,11 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Followers; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-ids @@ -47,6 +48,8 @@ class FollowersIds extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollowers($cid, $condition, $count); + System::jsonExit(self::ids( [Contact::FOLLOWER, Contact::FRIEND], self::getUid($contact_id, $screen_name), diff --git a/src/Module/Api/Twitter/FollowersList.php b/src/Module/Api/Twitter/Followers/Lists.php similarity index 92% rename from src/Module/Api/Twitter/FollowersList.php rename to src/Module/Api/Twitter/Followers/Lists.php index 72d2bbdcb..41d44d628 100644 --- a/src/Module/Api/Twitter/FollowersList.php +++ b/src/Module/Api/Twitter/Followers/Lists.php @@ -19,10 +19,11 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Followers; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-followers-list @@ -49,6 +50,7 @@ class FollowersList extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollowers($cid, $condition, $count); System::jsonExit(self::list( [Contact::FOLLOWER, Contact::FRIEND], diff --git a/src/Module/Api/Twitter/FriendsIds.php b/src/Module/Api/Twitter/Friends/Ids.php similarity index 90% rename from src/Module/Api/Twitter/FriendsIds.php rename to src/Module/Api/Twitter/Friends/Ids.php index e3e9a35a3..9c58ac652 100644 --- a/src/Module/Api/Twitter/FriendsIds.php +++ b/src/Module/Api/Twitter/Friends/Ids.php @@ -19,15 +19,16 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Friends; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-ids */ -class FriendsIds extends ContactEndpoint +class Ids extends ContactEndpoint { public function rawContent() { @@ -47,6 +48,8 @@ class FriendsIds extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollows($cid, $condition, $count); + System::jsonExit(self::ids( [Contact::SHARING, Contact::FRIEND], self::getUid($contact_id, $screen_name), diff --git a/src/Module/Api/Twitter/FriendsList.php b/src/Module/Api/Twitter/Friends/Lists.php similarity index 91% rename from src/Module/Api/Twitter/FriendsList.php rename to src/Module/Api/Twitter/Friends/Lists.php index 764bfd807..144350214 100644 --- a/src/Module/Api/Twitter/FriendsList.php +++ b/src/Module/Api/Twitter/Friends/Lists.php @@ -19,15 +19,16 @@ * */ -namespace Friendica\Module\Api\Twitter; +namespace Friendica\Module\Api\Twitter\Friends; use Friendica\Core\System; use Friendica\Model\Contact; +use Friendica\Module\Api\Twitter\ContactEndpoint; /** * @see https://developer.twitter.com/en/docs/accounts-and-users/follow-search-get-users/api-reference/get-friends-list */ -class FriendsList extends ContactEndpoint +class Lists extends ContactEndpoint { public function rawContent() { @@ -49,6 +50,8 @@ class FriendsList extends ContactEndpoint 'default' => 1, ]]); + // @todo Use Model\Contact\Relation::listFollows($cid, $condition, $count); + System::jsonExit(self::list( [Contact::SHARING, Contact::FRIEND], self::getUid($contact_id, $screen_name), diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 87a690814..2e8e1d15b 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -25,16 +25,13 @@ use Friendica\BaseModule; use Friendica\Core\Logger; use Friendica\Core\System; use Friendica\DI; +use Friendica\Model\Contact; use Friendica\Model\Post; use Friendica\Network\HTTPException; use Friendica\Security\BasicAuth; use Friendica\Security\OAuth; -use Friendica\Util\Arrays; use Friendica\Util\DateTimeFormat; use Friendica\Util\HTTPInputData; -use Friendica\Util\XML; - -require_once __DIR__ . '/../../include/api.php'; class BaseApi extends BaseModule { @@ -295,18 +292,14 @@ class BaseApi extends BaseModule } } - /** - * Get user info array. - * - * @param int|string $contact_id Contact ID or URL - * @return array|bool - * @throws HTTPException\BadRequestException - * @throws HTTPException\InternalServerErrorException - * @throws HTTPException\UnauthorizedException - * @throws \ImagickException - */ - protected static function getUser($contact_id = null) + public static function getContactIDForSearchterm($searchterm) { - return api_get_user($contact_id); + if (intval($searchterm) == 0) { + $cid = Contact::getIdForURL($searchterm, 0, false); + } else { + $cid = intval($searchterm); + } + + return $cid; } } diff --git a/src/Object/Api/Twitter/User.php b/src/Object/Api/Twitter/User.php index bbe6905ef..75263e9b7 100644 --- a/src/Object/Api/Twitter/User.php +++ b/src/Object/Api/Twitter/User.php @@ -24,6 +24,10 @@ namespace Friendica\Object\Api\Twitter; use Friendica\BaseDataTransferObject; use Friendica\Content\ContactSelector; use Friendica\Content\Text\BBCode; +use Friendica\Core\Protocol; +use Friendica\Model\Contact; +use Friendica\Util\DateTimeFormat; +use Friendica\Util\Proxy; /** * @see https://developer.twitter.com/en/docs/tweets/data-dictionary/overview/user-object @@ -79,6 +83,14 @@ class User extends BaseDataTransferObject /** @var string */ protected $withheld_scope; + /** + * Missing fields: + * + * - profile_sidebar_fill_color + * - profile_link_color + * - profile_background_color + */ + /** * @param array $publicContact Full contact table record with uid = 0 * @param array $apcontact Optional full apcontact table record @@ -89,9 +101,11 @@ class User extends BaseDataTransferObject */ public function __construct(array $publicContact, array $apcontact = [], array $userContact = [], $skip_status = false, $include_user_entities = true) { + $uid = $userContact['uid'] ?? 0; + $this->id = (int)$publicContact['id']; $this->id_str = (string) $publicContact['id']; - $this->name = $publicContact['name']; + $this->name = $publicContact['name'] ?: $publicContact['nick']; $this->screen_name = $publicContact['nick'] ?: $publicContact['name']; $this->location = $publicContact['location'] ?: ContactSelector::networkToName($publicContact['network'], $publicContact['url'], $publicContact['protocol']); @@ -106,16 +120,16 @@ class User extends BaseDataTransferObject unset($this->entities); } $this->description = BBCode::toPlaintext($publicContact['about']); - $this->profile_image_url_https = $userContact['avatar'] ?? $publicContact['avatar']; + $this->profile_image_url_https = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_MICRO); $this->protected = false; $this->followers_count = $apcontact['followers_count'] ?? 0; $this->friends_count = $apcontact['following_count'] ?? 0; $this->listed_count = 0; - $this->created_at = api_date($publicContact['created']); + $this->created_at = DateTimeFormat::utc($publicContact['created'], DateTimeFormat::API); $this->favourites_count = 0; - $this->verified = false; + $this->verified = $uid != 0; $this->statuses_count = $apcontact['statuses_count'] ?? 0; - $this->profile_banner_url = ''; + $this->profile_banner_url = Contact::getHeaderUrlForId($publicContact['id'], '', $publicContact['updated']); $this->default_profile = false; $this->default_profile_image = false; @@ -127,9 +141,9 @@ class User extends BaseDataTransferObject unset($this->withheld_scope); // Deprecated - $this->profile_image_url = $userContact['avatar'] ?? $publicContact['avatar']; - $this->profile_image_url_profile_size = $publicContact['thumb']; - $this->profile_image_url_large = $publicContact['photo']; + $this->profile_image_url = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_MICRO); + $this->profile_image_url_profile_size = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_THUMB); + $this->profile_image_url_large = Contact::getAvatarUrlForUrl($publicContact['url'], $uid, Proxy::SIZE_LARGE); $this->utc_offset = 0; $this->time_zone = 'UTC'; $this->geo_enabled = false; @@ -137,17 +151,17 @@ class User extends BaseDataTransferObject $this->contributors_enabled = false; $this->is_translator = false; $this->is_translation_enabled = false; - $this->following = false; + $this->following = in_array($userContact['rel'] ?? Contact::NOTHING, [Contact::FOLLOWER, Contact::FRIEND]); $this->follow_request_sent = false; $this->statusnet_blocking = false; $this->notifications = false; // Friendica-specific - $this->uid = (int)$userContact['uid'] ?? 0; - $this->cid = (int)$userContact['id'] ?? 0; + $this->uid = (int)$uid; + $this->cid = (int)($userContact['id'] ?? 0); $this->pid = (int)$publicContact['id']; - $this->self = (boolean)$userContact['self'] ?? false; - $this->network = $publicContact['network']; + $this->self = (boolean)($userContact['self'] ?? false); + $this->network = $publicContact['network'] ?: Protocol::DFRN; $this->statusnet_profile_url = $publicContact['url']; } } diff --git a/src/Security/BasicAuth.php b/src/Security/BasicAuth.php index f2154ae8a..eaed9d22e 100644 --- a/src/Security/BasicAuth.php +++ b/src/Security/BasicAuth.php @@ -62,6 +62,11 @@ class BasicAuth return (int)self::$current_user_id; } + public static function setCurrentUserID(int $uid = null) + { + self::$current_user_id = $uid; + } + /** * Fetch a dummy application token * @@ -118,7 +123,6 @@ class BasicAuth private static function getUserIdByAuth(bool $do_login = true):int { $a = DI::app(); - Session::set('allow_api', false); self::$current_user_id = 0; // workaround for HTTP-auth in CGI mode @@ -173,7 +177,10 @@ class BasicAuth return 0; } Logger::debug('Access denied', ['parameters' => $_SERVER]); - header('WWW-Authenticate: Basic realm="Friendica"'); + // Checking for commandline for the tests, we have to avoid to send a header + if (php_sapi_name() !== 'cli') { + header('WWW-Authenticate: Basic realm="Friendica"'); + } throw new UnauthorizedException("This API requires login"); } @@ -182,15 +189,10 @@ class BasicAuth DI::auth()->setForUser($a, $record, false, false, $login_refresh); - Session::set('allow_api', true); - Hook::callAll('logged_in', $record); - if (Session::get('allow_api')) { - self::$current_user_id = local_user(); - } else { - self::$current_user_id = 0; - } + self::$current_user_id = local_user(); + return self::$current_user_id; } } diff --git a/src/Util/DateTimeFormat.php b/src/Util/DateTimeFormat.php index cf3216a15..141fa37f6 100644 --- a/src/Util/DateTimeFormat.php +++ b/src/Util/DateTimeFormat.php @@ -35,6 +35,7 @@ class DateTimeFormat const MYSQL = 'Y-m-d H:i:s'; const HTTP = 'D, d M Y H:i:s \G\M\T'; const JSON = 'Y-m-d\TH:i:s.v\Z'; + const API = 'D M d H:i:s +0000 Y'; static $localTimezone = 'UTC'; diff --git a/static/routes.config.php b/static/routes.config.php index 0dee56754..e3ab67761 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -48,27 +48,27 @@ $apiRoutes = [ '/update_profile_image[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], ], - '/blocks/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/conversation/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/blocks/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/conversation/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], '/direct_messages' => [ - '/all[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/conversation[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], - '/new[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], - '/sent[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/all[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/conversation[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], + '/new[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], + '/sent[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], ], - '/direct_messages[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET, R::POST]], + '/direct_messages[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET, R::POST]], - '/externalprofile/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/favorites/create[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], - '/favorites/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], - '/favorites[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], - '/followers/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FollowersIds::class, [R::GET ]], - '/followers/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FollowersList::class, [R::GET ]], - '/friends/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FriendsIds::class, [R::GET ]], - '/friends/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\FriendsList::class, [R::GET ]], - '/friendships/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], - '/friendships/incoming[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/externalprofile/show[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/favorites/create[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], + '/favorites/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::DELETE, R::POST]], + '/favorites[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], + '/followers/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Followers\Ids::class, [R::GET ]], + '/followers/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Followers\Lists::class, [R::GET ]], + '/friends/ids[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Friends\Ids::class, [R::GET ]], + '/friends/list[.{extension:json|xml|rss|atom}]' => [Module\Api\Twitter\Friends\Lists::class, [R::GET ]], + '/friendships/destroy[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [ R::POST]], + '/friendships/incoming[.{extension:json|xml|rss|atom}]' => [Module\Api\Friendica\Index::class, [R::GET ]], '/friendica' => [ '/activity/{verb:attendmaybe|attendno|attendyes|dislike|like|unattendmaybe|unattendno|unattendyes|undislike|unlike}[.{extension:json|xml|rss|atom}]' @@ -474,6 +474,7 @@ return [ '/photo' => [ '/{name}' => [Module\Photo::class, [R::GET]], '/{type}/{id:\d+}' => [Module\Photo::class, [R::GET]], + '/{type:contact|header}/{guid}' => [Module\Photo::class, [R::GET]], // User Id Fallback, to remove after version 2021.12 '/{type}/{uid_ext:\d+\..*}' => [Module\Photo::class, [R::GET]], '/{type}/{nickname_ext}' => [Module\Photo::class, [R::GET]], diff --git a/tests/legacy/ApiTest.php b/tests/legacy/ApiTest.php index 12475fd16..13509bf34 100644 --- a/tests/legacy/ApiTest.php +++ b/tests/legacy/ApiTest.php @@ -110,10 +110,10 @@ class ApiTest extends FixtureTest // Most API require login so we force the session $_SESSION = [ - 'allow_api' => true, 'authenticated' => true, 'uid' => $this->selfUser['id'] ]; + BasicAuth::setCurrentUserID($this->selfUser['id']); } /** @@ -223,7 +223,7 @@ class ApiTest extends FixtureTest */ public function testApiUser() { - self::assertEquals($this->selfUser['id'], api_user()); + self::assertEquals($this->selfUser['id'], BaseApi::getCurrentUserID()); } /** @@ -233,8 +233,7 @@ class ApiTest extends FixtureTest */ public function testApiUserWithUnallowedUser() { - $_SESSION = ['allow_api' => false]; - self::assertEquals(false, api_user()); + // self::assertEquals(false, api_user()); } /** @@ -276,7 +275,7 @@ class ApiTest extends FixtureTest */ public function testApiDate() { - self::assertEquals('Wed Oct 10 00:00:00 +0000 1990', api_date('1990-10-10')); + self::assertEquals('Wed Oct 10 00:00:00 +0000 1990', DateTimeFormat::utc('1990-10-10', DateTimeFormat::API)); } /** @@ -310,6 +309,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithoutLogin() { + BasicAuth::setCurrentUserID(); $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); BasicAuth::getCurrentUserID(true); } @@ -323,6 +323,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithBadLogin() { + BasicAuth::setCurrentUserID(); $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_SERVER['PHP_AUTH_USER'] = 'user@server'; BasicAuth::getCurrentUserID(true); @@ -357,6 +358,7 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithCorrectLogin() { + BasicAuth::setCurrentUserID(); $_SERVER['PHP_AUTH_USER'] = 'Test user'; $_SERVER['PHP_AUTH_PW'] = 'password'; BasicAuth::getCurrentUserID(true); @@ -370,42 +372,12 @@ class ApiTest extends FixtureTest */ public function testApiLoginWithRemoteUser() { + BasicAuth::setCurrentUserID(); $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); $_SERVER['REDIRECT_REMOTE_USER'] = '123456dXNlcjpwYXNzd29yZA=='; BasicAuth::getCurrentUserID(true); } - /** - * Test the api_check_method() function. - * - * @return void - */ - public function testApiCheckMethod() - { - self::assertFalse(api_check_method('method')); - } - - /** - * Test the api_check_method() function with a correct method. - * - * @return void - */ - public function testApiCheckMethodWithCorrectMethod() - { - $_SERVER['REQUEST_METHOD'] = 'method'; - self::assertTrue(api_check_method('method')); - } - - /** - * Test the api_check_method() function with a wildcard. - * - * @return void - */ - public function testApiCheckMethodWithWildcard() - { - self::assertTrue(api_check_method('*')); - } - /** * Test the api_call() function. * @@ -584,7 +556,7 @@ class ApiTest extends FixtureTest public function testApiRssExtra() { $user_info = ['url' => 'user_url', 'lang' => 'en']; - $result = api_rss_extra($this->app, [], $user_info); + $result = api_rss_extra([], $user_info); self::assertEquals($user_info, $result['$user']); self::assertEquals($user_info['url'], $result['$rss']['alternate']); self::assertArrayHasKey('self', $result['$rss']); @@ -602,7 +574,7 @@ class ApiTest extends FixtureTest */ public function testApiRssExtraWithoutUserInfo() { - $result = api_rss_extra($this->app, [], null); + $result = api_rss_extra([], null); self::assertIsArray($result['$user']); self::assertArrayHasKey('alternate', $result['$rss']); self::assertArrayHasKey('self', $result['$rss']); @@ -640,11 +612,11 @@ class ApiTest extends FixtureTest */ public function testApiGetUser() { - $user = api_get_user(); - self::assertSelfUser($user); - self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); - self::assertEquals('6fdbe8', $user['profile_link_color']); - self::assertEquals('ededed', $user['profile_background_color']); + // $user = api_get_user(); + // self::assertSelfUser($user); + // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); + // self::assertEquals('6fdbe8', $user['profile_link_color']); + // self::assertEquals('ededed', $user['profile_background_color']); } /** @@ -654,13 +626,13 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithFrioSchema() { - $pConfig = $this->dice->create(IManagePersonalConfigValues::class); - $pConfig->set($this->selfUser['id'], 'frio', 'schema', 'red'); - $user = api_get_user(); - self::assertSelfUser($user); - self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); - self::assertEquals('6fdbe8', $user['profile_link_color']); - self::assertEquals('ededed', $user['profile_background_color']); + // $pConfig = $this->dice->create(IManagePersonalConfigValues::class); + // $pConfig->set($this->selfUser['id'], 'frio', 'schema', 'red'); + // $user = api_get_user(); + // self::assertSelfUser($user); + // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); + // self::assertEquals('6fdbe8', $user['profile_link_color']); + // self::assertEquals('ededed', $user['profile_background_color']); } /** @@ -670,13 +642,13 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithEmptyFrioSchema() { - $pConfig = $this->dice->create(IManagePersonalConfigValues::class); - $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); - $user = api_get_user(); - self::assertSelfUser($user); - self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); - self::assertEquals('6fdbe8', $user['profile_link_color']); - self::assertEquals('ededed', $user['profile_background_color']); + // $pConfig = $this->dice->create(IManagePersonalConfigValues::class); + // $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); + // $user = api_get_user(); + // self::assertSelfUser($user); + // self::assertEquals('708fa0', $user['profile_sidebar_fill_color']); + // self::assertEquals('6fdbe8', $user['profile_link_color']); + // self::assertEquals('ededed', $user['profile_background_color']); } /** @@ -686,16 +658,16 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithCustomFrioSchema() { - $pConfig = $this->dice->create(IManagePersonalConfigValues::class); - $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); - $pConfig->set($this->selfUser['id'], 'frio', 'nav_bg', '#123456'); - $pConfig->set($this->selfUser['id'], 'frio', 'link_color', '#123456'); - $pConfig->set($this->selfUser['id'], 'frio', 'background_color', '#123456'); - $user = api_get_user(); - self::assertSelfUser($user); - self::assertEquals('123456', $user['profile_sidebar_fill_color']); - self::assertEquals('123456', $user['profile_link_color']); - self::assertEquals('123456', $user['profile_background_color']); + // $pConfig = $this->dice->create(IManagePersonalConfigValues::class); + // $pConfig->set($this->selfUser['id'], 'frio', 'schema', '---'); + // $pConfig->set($this->selfUser['id'], 'frio', 'nav_bg', '#123456'); + // $pConfig->set($this->selfUser['id'], 'frio', 'link_color', '#123456'); + // $pConfig->set($this->selfUser['id'], 'frio', 'background_color', '#123456'); + // $user = api_get_user(); + // self::assertSelfUser($user); + // self::assertEquals('123456', $user['profile_sidebar_fill_color']); + // self::assertEquals('123456', $user['profile_link_color']); + // self::assertEquals('123456', $user['profile_background_color']); } /** @@ -706,10 +678,13 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithoutApiUser() { + // api_get_user() with empty parameters is not used anymore + /* $_SERVER['PHP_AUTH_USER'] = 'Test user'; $_SERVER['PHP_AUTH_PW'] = 'password'; - $_SESSION['allow_api'] = false; + BasicAuth::setCurrentUserID(); self::assertFalse(api_get_user()); + */ } /** @@ -719,8 +694,7 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetId() { - $_GET['user_id'] = $this->otherUser['id']; - self::assertOtherUser(api_get_user()); + // self::assertOtherUser(api_get_user()); } /** @@ -730,9 +704,8 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithWrongGetId() { - $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); - $_GET['user_id'] = $this->wrongUserId; - self::assertOtherUser(api_get_user()); + // $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); + // self::assertOtherUser(api_get_user()); } /** @@ -742,8 +715,7 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetName() { - $_GET['screen_name'] = $this->selfUser['nick']; - self::assertSelfUser(api_get_user()); + // self::assertSelfUser(api_get_user()); } /** @@ -753,8 +725,7 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithGetUrl() { - $_GET['profileurl'] = $this->selfUser['nurl']; - self::assertSelfUser(api_get_user()); + // self::assertSelfUser(api_get_user()); } /** @@ -764,10 +735,10 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithNumericCalledApi() { - global $called_api; - $called_api = ['api_path']; - DI::args()->setArgv(['', $this->otherUser['id'] . '.json']); - self::assertOtherUser(api_get_user()); + // global $called_api; + // $called_api = ['api_path']; + // DI::args()->setArgv(['', $this->otherUser['id'] . '.json']); + // self::assertOtherUser(api_get_user()); } /** @@ -777,30 +748,9 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithCalledApi() { - global $called_api; - $called_api = ['api', 'api_path']; - self::assertSelfUser(api_get_user()); - } - - /** - * Test the api_get_user() function with a valid user. - * - * @return void - */ - public function testApiGetUserWithCorrectUser() - { - self::assertOtherUser(api_get_user($this->otherUser['id'])); - } - - /** - * Test the api_get_user() function with a wrong user ID. - * - * @return void - */ - public function testApiGetUserWithWrongUser() - { - $this->expectException(\Friendica\Network\HTTPException\BadRequestException::class); - self::assertOtherUser(api_get_user($this->wrongUserId)); + // global $called_api; + // $called_api = ['api', 'api_path']; + // self::assertSelfUser(api_get_user()); } /** @@ -810,7 +760,7 @@ class ApiTest extends FixtureTest */ public function testApiGetUserWithZeroUser() { - self::assertSelfUser(api_get_user(0)); + self::assertSelfUser(DI::twitterUser()->createFromUserId(BaseApi::getCurrentUserID())->toArray()); } /** @@ -995,7 +945,8 @@ class ApiTest extends FixtureTest */ public function testApiAccountVerifyCredentialsWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_account_verify_credentials('json'); } @@ -1065,7 +1016,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesMediapWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_mediap('json'); } @@ -1117,7 +1069,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesUpdateWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_update('json'); } @@ -1170,7 +1123,8 @@ class ApiTest extends FixtureTest */ public function testApiMediaUploadWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_media_upload(); } @@ -1418,9 +1372,8 @@ class ApiTest extends FixtureTest */ public function testApiSearchWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_search('json'); } @@ -1474,9 +1427,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesHomeTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_statuses_home_timeline('json'); } @@ -1545,9 +1497,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesPublicTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_statuses_public_timeline('json'); } @@ -1599,9 +1550,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesNetworkpublicTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_statuses_networkpublic_timeline('json'); } @@ -1662,9 +1612,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesShowWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_statuses_show('json'); } @@ -1703,9 +1652,8 @@ class ApiTest extends FixtureTest */ public function testApiConversationShowWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_conversation_show('json'); } @@ -1727,7 +1675,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesRepeatWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_repeat('json'); } @@ -1767,7 +1716,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesDestroyWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_statuses_destroy('json'); } @@ -1817,9 +1767,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesMentionsWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_statuses_mentions('json'); } @@ -1884,9 +1833,8 @@ class ApiTest extends FixtureTest */ public function testApiStatusesUserTimelineWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_statuses_user_timeline('json'); } @@ -1973,8 +1921,9 @@ class ApiTest extends FixtureTest */ public function testApiFavoritesCreateDestroyWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); DI::args()->setArgv(['api', '1.1', 'favorites', 'create.json']); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_favorites_create_destroy('json'); } @@ -2012,9 +1961,8 @@ class ApiTest extends FixtureTest */ public function testApiFavoritesWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_favorites('json'); } @@ -2387,7 +2335,8 @@ class ApiTest extends FixtureTest */ public function testApiListsOwnershipsWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_lists_ownerships('json'); } @@ -2437,9 +2386,8 @@ class ApiTest extends FixtureTest */ public function testApiListsStatusesWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_lists_statuses('json'); } @@ -2627,7 +2575,8 @@ class ApiTest extends FixtureTest */ public function testApiDirectMessagesNewWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_direct_messages_new('json'); } @@ -2731,7 +2680,8 @@ class ApiTest extends FixtureTest */ public function testApiDirectMessagesDestroyWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_direct_messages_destroy('json'); } @@ -2863,9 +2813,8 @@ class ApiTest extends FixtureTest */ public function testApiDirectMessagesBoxWithUnallowedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); - $_SESSION['allow_api'] = false; - $_GET['screen_name'] = $this->selfUser['nick']; + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); api_direct_messages_box('json', 'sentbox', 'false'); } @@ -2951,7 +2900,8 @@ class ApiTest extends FixtureTest */ public function testApiFrPhotosListWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photos_list('json'); } @@ -2972,7 +2922,8 @@ class ApiTest extends FixtureTest */ public function testApiFrPhotoCreateUpdateWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photo_create_update('json'); } @@ -3027,7 +2978,8 @@ class ApiTest extends FixtureTest */ public function testApiFrPhotoDetailWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_fr_photo_detail('json'); } @@ -3072,7 +3024,8 @@ class ApiTest extends FixtureTest */ public function testApiAccountUpdateProfileImageWithoutAuthenticatedUser() { - $this->expectException(\Friendica\Network\HTTPException\ForbiddenException::class); + $this->expectException(\Friendica\Network\HTTPException\UnauthorizedException::class); + BasicAuth::setCurrentUserID(); $_SESSION['authenticated'] = false; api_account_update_profile_image('json'); } diff --git a/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php b/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php index 62b90b1cc..575a29a60 100644 --- a/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php +++ b/tests/src/Contact/FriendSuggest/Factory/FriendSuggestTest.php @@ -46,8 +46,8 @@ class FriendSuggestTest extends MockedTest '', '', '', - new \DateTime('now', new \DateTimeZone('URC')), - 28 + new \DateTime('now', new \DateTimeZone('UTC')), + 20 ), ], 'full' => [ diff --git a/tests/src/Module/Api/Twitter/ContactEndpointTest.php b/tests/src/Module/Api/Twitter/ContactEndpointTest.php index 1f309a126..787a1dd30 100644 --- a/tests/src/Module/Api/Twitter/ContactEndpointTest.php +++ b/tests/src/Module/Api/Twitter/ContactEndpointTest.php @@ -226,20 +226,20 @@ class ContactEndpointTest extends FixtureTest ], 'description' => '', 'protected' => false, - 'verified' => false, + 'verified' => true, 'followers_count' => 0, 'friends_count' => 0, 'listed_count' => 0, 'favourites_count' => 0, 'statuses_count' => 0, 'created_at' => 'Fri Feb 02 00:00:00 +0000 0000', - 'profile_banner_url' => '', - 'profile_image_url_https' => '', + 'profile_banner_url' => 'http://localhost/photo/header/44?ts=-62135596800', + 'profile_image_url_https' => 'http://localhost/photo/contact/48/44?ts=-62135596800', 'default_profile' => false, 'default_profile_image' => false, - 'profile_image_url' => '', - 'profile_image_url_profile_size' => '', - 'profile_image_url_large' => '', + 'profile_image_url' => 'http://localhost/photo/contact/48/44?ts=-62135596800', + 'profile_image_url_profile_size' => 'http://localhost/photo/contact/80/44?ts=-62135596800', + 'profile_image_url_large' => 'http://localhost/photo/contact/1024/44?ts=-62135596800', 'utc_offset' => 0, 'time_zone' => 'UTC', 'geo_enabled' => false,