aboutsummaryrefslogblamecommitdiffstats
path: root/Zotlabs/Module/Owa.php
blob: 85467d4f4dae7e9a90c5f12bac0aae85cf64b783 (plain) (tree) 
61f339a87


61f339a87


cf844cb27

3f784a974


cf844cb27

84c86f01c


3f784a974

84c86f01c


006a409eb

84c86f01c

006a409eb

84c86f01c

61f339a87

3f784a974

61f339a87


61f339a87

e2e7bee3c


3f784a974



3c8f8b76a

3f784a974




2bd09d3b3









3f784a974

006a409eb

2bd09d3b3





3f784a974



a0430f91b

2bd09d3b3

3f784a974

006a409eb

2bd09d3b3



3c8f8b76a



3f784a974

d00860430

3f784a974


f2258d420

3f784a974


ed4bf1c13

3f784a974


ed4bf1c13

3f784a974





ed4bf1c13

61f339a87


a0430f91b











d00860430


a0430f91b




















61f339a87


61f339a87


a0430f91b

e2e7bee3c

61f339a87


1
2

3
4

5

6
7

8

9
10

11

12
13

14

15

16

17

18

19

20
21

22

23
24

25
26
27

28

29
30
31
32

33
34
35
36
37
38
39
40
41

42

43

44
45
46
47
48

49
50
51

52

53

54

55

56
57
58

59
60
61

62

63

64
65

66

67
68

69

70
71

72

73
74
75
76
77

78

79
80

81
82
83
84
85
86
87
88
89
90
91

92
93

94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113

114
115

116
117

118

119

120
121


     

                         
                        

                           
 

                                           
                               

                                                                   
                                                 
  
                                                           
   
 
                              

                         
 

                                              


                                                                                                                               
 



                                                                                                                                          








                                                                                
                                             
                                                                                                                




                                                                                                                       


                                                             
                                                                                    
                                                                                           
                                                             
                                                                                                                                


                                                                                                                                                                                                                


                                                                             
                                         
 

                                                                         
                                                                                                                                               

                                                                                                                                                                                                      
                                                                                                                               

                                                                                           
                                                                                                                        




                                                                                                                               
                                                                                                                                             

                                                         










                                                                                                                                        

                                                                                                                                                                                   



















                                                                                                                                                                                                                      

                                         

                         
 
                                                                   

         
<?php

namespace Zotlabs\Module;

use Zotlabs\Web\HTTPSig;
use Zotlabs\Lib\Verify;
use Zotlabs\Web\Controller;

/**
 * OpenWebAuth verifier and token generator
 * See spec/OpenWebAuth/Home.md
 * Requests to this endpoint should be signed using HTTP Signatures
 * using the 'Authorization: Signature' authentication method
 * If the signature verifies a token is returned.
 *
 * This token may be exchanged for an authenticated cookie.
 */

class Owa extends Controller {

	function init() {

		$ret = [ 'success' => false ];

		if (array_key_exists('REDIRECT_REMOTE_USER',$_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION',$_SERVER))) {
			$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
		}

		if (array_key_exists('HTTP_AUTHORIZATION',$_SERVER) && substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,9) === 'Signature') {
			$sigblock = HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
			if ($sigblock) {
				$keyId = $sigblock['keyId'];
				$parsed = parse_url($keyId);
				if (str_starts_with($parsed['scheme'],'http')) {
				    unset($parsed['fragment']);
				    unset($parsed['query']);
				    $keyId = unparse_url($parsed);
				}
				else {
				    $keyId = str_replace('acct:', '', $keyId);
				}
				if ($keyId) {
					$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
						WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s')
						  AND hubloc_deleted = 0 AND xchan_pubkey != ''
						ORDER BY hubloc_id DESC",
						dbesc($keyId),
						dbesc($keyId),
						dbesc($keyId)
					);
					if (! $r) {
						$found = discover_by_webbie($keyId);
						logger('found = ' . print_r($found, true));
						if ($found) {
							$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
								WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s' OR xchan_hash = '%s') AND hubloc_deleted = 0 AND xchan_pubkey != '' ORDER BY hubloc_id DESC ",
								dbesc($keyId),
								dbesc($keyId),
								dbesc($keyId)
							);
						}
					}

					if ($r) {
						foreach ($r as $hubloc) {
							$verified = HTTPSig::verify(file_get_contents('php://input'), $hubloc['xchan_pubkey']);
							if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
								logger('OWA header: ' . print_r($verified,true),LOGGER_DATA);
								logger('OWA success: ' . $hubloc['hubloc_id_url'],LOGGER_DATA);
								$ret['success'] = true;
								$token = random_string(32);
								Verify::create('owt',0,$token,$hubloc['hubloc_id_url']);
								$result = '';
								openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
								$ret['encrypted_token'] = base64url_encode($result);
								break;
							} else {
								logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
							}
						}

						if (!$ret['success']) {

							// Possible a reinstall?
							// In this case we probably already have an old hubloc
							// but not the new one yet.

							$found = discover_by_webbie($keyId);

							if ($found) {
								$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
									WHERE (hubloc_addr = '%s' OR hubloc_id_url = '%s') AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1",
									dbesc(str_replace('acct:', '', $keyId)),
									dbesc($keyId)
								);

								if ($r) {
									$verified = HTTPSig::verify(file_get_contents('php://input'), $r[0]['xchan_pubkey']);
									if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) {
										logger('OWA header: ' . print_r($verified,true), LOGGER_DATA);
										logger('OWA success: ' . $r[0]['hubloc_id_url'], LOGGER_DATA);
										$ret['success'] = true;
										$token = random_string(32);
										Verify::create('owt', 0, $token, $r[0]['hubloc_id_url']);
										$result = '';
										openssl_public_encrypt($token, $result, $r[0]['xchan_pubkey']);
										$ret['encrypted_token'] = base64url_encode($result);
									} else {
										logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']);
									}
								}
							}
						}
					}
				}
			}
		}

		json_return_and_die($ret,'application/x-zot+json');
	}
}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-10 04:10:13 +0000