diff options
| author | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-09-22 07:34:42 +0200 |
|---|---|---|
| committer | Haakon Meland Eriksen <haakon.eriksen@far.no> | 2015-09-22 07:34:42 +0200 |
| commit | cbd7f8906674f6373f0dc6a8f79ecfcd4ce4bd8d (patch) | |
| tree | f224e6b7737373e0a8432861154a6101da359fa2 | |
| parent | 7834274bff5e86a7a0eb646f1319b5b9e4bac96f (diff) | |
| parent | 146ff6f70308647b27374a1bba386c156498bd2e (diff) | |
| download | volse-hubzilla-cbd7f8906674f6373f0dc6a8f79ecfcd4ce4bd8d.tar.gz volse-hubzilla-cbd7f8906674f6373f0dc6a8f79ecfcd4ce4bd8d.tar.bz2 volse-hubzilla-cbd7f8906674f6373f0dc6a8f79ecfcd4ce4bd8d.zip | |
Merge remote-tracking branch 'upstream/master'
| -rwxr-xr-x | include/items.php | 12 | ||||
| -rw-r--r-- | include/zot.php | 15 | ||||
| -rw-r--r-- | mod/cloud.php | 38 | ||||
| -rw-r--r-- | mod/locs.php | 15 | ||||
| -rw-r--r-- | mod/post.php | 250 | ||||
| -rw-r--r-- | version.inc | 2 | ||||
| -rw-r--r-- | view/tpl/locmanage.tpl | 2 |
7 files changed, 188 insertions, 146 deletions
diff --git a/include/items.php b/include/items.php index 657168601..b209e55c5 100755 --- a/include/items.php +++ b/include/items.php @@ -4417,6 +4417,18 @@ function delete_item_lowlevel($item, $stage = DROPITEM_NORMAL, $force = false) { intval($item['uid']) ); + // remove delivery reports + + $c = q("select channel_hash from channel where channel_id = %d limit 1", + intval($item['uid']) + ); + if($c) { + q("delete from dreport where dreport_xchan = '%s' and dreport_mid = '%s'", + dbesc($c[0]['channel_hash']), + dbesc($item['mid']) + ); + } + // network deletion request. Keep the message structure so that we can deliver delete notifications. // Come back after several days (or perhaps a month) to do the lowlevel delete (DROPITEM_PHASE2). diff --git a/include/zot.php b/include/zot.php index 767abae38..f728d8fb9 100644 --- a/include/zot.php +++ b/include/zot.php @@ -957,6 +957,21 @@ function zot_process_response($hub, $arr, $outq) { logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA); } + if(array_key_exists('delivery_report',$x)) { + foreach($x['delivery_report'] as $xx) { + if(is_array($xx) && array_key_exists('message_id',$xx)) { + q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ", + dbesc($xx['message_id']), + dbesc($xx['location']), + dbesc($xx['recipient']), + dbesc($xx['status']), + dbesc(datetime_convert($xx['date'])), + dbesc($xx['sender']) + ); + } + } + } + // update the timestamp for this site q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'", diff --git a/mod/cloud.php b/mod/cloud.php index 7f6dc0962..efb33f935 100644 --- a/mod/cloud.php +++ b/mod/cloud.php @@ -73,6 +73,8 @@ function cloud_init(&$a) { $server->addPlugin($lockPlugin); +/* This next bit should no longer be needed... */ + // The next section of code allows us to bypass prompting for http-auth if a // FILE is being accessed anonymously and permissions allow this. This way // one can create hotlinks to public media files in their cloud and anonymous @@ -83,24 +85,24 @@ function cloud_init(&$a) { // In order to avoid prompting for passwords for viewing a DIRECTORY, add // the URL query parameter 'davguest=1'. - $isapublic_file = false; - $davguest = ((x($_SESSION, 'davguest')) ? true : false); - - if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { - try { - $x = RedFileData('/' . $a->cmd, $auth); - if($x instanceof RedDAV\RedFile) - $isapublic_file = true; - } - catch (Exception $e) { - $isapublic_file = false; - } - } - - if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { - logger('mod_cloud: auth exception'); - http_status_exit(401, 'Permission denied.'); - } +// $isapublic_file = false; +// $davguest = ((x($_SESSION, 'davguest')) ? true : false); + +// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { +// try { +// $x = RedFileData('/' . $a->cmd, $auth); +// if($x instanceof RedDAV\RedFile) +// $isapublic_file = true; +// } +// catch (Exception $e) { +// $isapublic_file = false; +// } +// } + +// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { +// logger('mod_cloud: auth exception'); +// http_status_exit(401, 'Permission denied.'); +// } require_once('include/RedDAV/RedBrowser.php'); // provide a directory view for the cloud in Hubzilla diff --git a/mod/locs.php b/mod/locs.php index 3f8bd9029..3c6a5da67 100644 --- a/mod/locs.php +++ b/mod/locs.php @@ -50,8 +50,17 @@ function locs_post(&$a) { return; } if(intval($r[0]['hubloc_primary'])) { - notice( t('Primary location cannot be removed.') . EOL); - return; + $x = q("select hubloc_id from hubloc where hubloc_primary = 1 and hubloc_hash = '%s'", + dbesc($channel['channel_hash']) + ); + if(! $x) { + notice( t('Location lookup failed.')); + return; + } + if(count($x) == 1) { + notice( t('Please select another location to become primary before removing the primary location.') . EOL); + return; + } } $r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'", @@ -91,8 +100,6 @@ function locs_content(&$a) { $r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false); } - - $o = replace_macros(get_markup_template('locmanage.tpl'), array( '$header' => t('Manage Channel Locations'), '$loc' => t('Location (address)'), diff --git a/mod/post.php b/mod/post.php index dfda7db9d..00e599b49 100644 --- a/mod/post.php +++ b/mod/post.php @@ -117,7 +117,7 @@ function post_init(&$a) { } // Try and find a hubloc for the person attempting to auth - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc", dbesc($address) ); @@ -128,7 +128,7 @@ function post_init(&$a) { $j = json_decode($ret['body'], true); if ($j) import_xchan($j); - $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", + $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc", dbesc($address) ); } @@ -144,152 +144,159 @@ function post_init(&$a) { goaway($desturl); } - logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] ); - // check credentials and access + foreach($x as $xx) { + logger('mod_zot: auth request received from ' . $xx['hubloc_addr'] ); - // If they are already authenticated and haven't changed credentials, - // we can save an expensive network round trip and improve performance. + // check credentials and access - $remote = remote_channel(); - $result = null; - $remote_service_class = ''; - $remote_level = 0; - $remote_hub = $x[0]['hubloc_url']; - $DNT = 0; + // If they are already authenticated and haven't changed credentials, + // we can save an expensive network round trip and improve performance. - // Also check that they are coming from the same site as they authenticated with originally. + $remote = remote_channel(); + $result = null; + $remote_service_class = ''; + $remote_level = 0; + $remote_hub = $xx['hubloc_url']; + $DNT = 0; - $already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); - if($delegate && $delegate !== $_SESSION['delegate_channel']) - $already_authed = false; + // Also check that they are coming from the same site as they authenticated with originally. - $j = array(); + $already_authed = ((($remote) && ($xx['hubloc_hash'] == $remote) && ($xx['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); + if($delegate && $delegate !== $_SESSION['delegate_channel']) + $already_authed = false; - if (! $already_authed) { + $j = array(); - // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key - // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender - // which can be verified - - $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); - if ($test) { - $ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL; - $ret['message'] .= 'packet contents: ' . $p . EOL; - } - - $result = zot_zot($x[0]['hubloc_callback'],$p); + if (! $already_authed) { - if (! $result['success']) { - logger('mod_zot: auth_check callback failed.'); + // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key + // The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender + // which can be verified + + $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $xx['hubloc_guid'],'guid_sig' => $xx['hubloc_guid_sig'])), $xx['hubloc_sitekey'], $sec); if ($test) { - $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; - json_return_and_die($ret); - } - - goaway($desturl); - } - $j = json_decode($result['body'], true); - if (! $j) { - logger('mod_zot: auth_check json data malformed.'); - if($test) { - $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; - json_return_and_die($ret); + $ret['message'] .= 'auth check packet created using sitekey ' . $xx['hubloc_sitekey'] . EOL; + $ret['message'] .= 'packet contents: ' . $p . EOL; } - } - } - if ($test) { - $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; - } + $result = zot_zot($xx['hubloc_callback'],$p); - if ($already_authed || $j['success']) { - if ($j['success']) { - // legit response, but we do need to check that this wasn't answered by a man-in-middle - if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) { - logger('mod_zot: auth: final confirmation failed.'); + if (! $result['success']) { + logger('mod_zot: auth_check callback failed.'); if ($test) { - $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); - json_return_and_die($ret); + $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; + continue; + } + continue; + } + $j = json_decode($result['body'], true); + if (! $j) { + logger('mod_zot: auth_check json data malformed.'); + if($test) { + $ret['message'] .= 'json malformed: ' . $result['body'] . EOL; + continue; } - - goaway($desturl); } - if (array_key_exists('service_class',$j)) - $remote_service_class = $j['service_class']; - if (array_key_exists('level',$j)) - $remote_level = $j['level']; - if (array_key_exists('DNT',$j)) - $DNT = $j['DNT']; } - // everything is good... maybe - if(local_channel()) { - // tell them to logout if they're logged in locally as anything but the target remote account - // in which case just shut up because they don't need to be doing this at all. + if ($test) { + $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; + } - if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) { - logger('mod_zot: auth: already authenticated locally as somebody else.'); - notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); - if ($test) { - $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; - json_return_and_die($ret); + if ($already_authed || $j['success']) { + if ($j['success']) { + // legit response, but we do need to check that this wasn't answered by a man-in-middle + if (! rsa_verify($sec . $xx['xchan_hash'],base64url_decode($j['confirm']),$xx['xchan_pubkey'])) { + logger('mod_zot: auth: final confirmation failed.'); + if ($test) { + $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($xx,true); + continue; + } + + continue; } + if (array_key_exists('service_class',$j)) + $remote_service_class = $j['service_class']; + if (array_key_exists('level',$j)) + $remote_level = $j['level']; + if (array_key_exists('DNT',$j)) + $DNT = $j['DNT']; + } + // everything is good... maybe + if(local_channel()) { + + // tell them to logout if they're logged in locally as anything but the target remote account + // in which case just shut up because they don't need to be doing this at all. + + if ($a->channel['channel_hash'] != $xx['xchan_hash']) { + logger('mod_zot: auth: already authenticated locally as somebody else.'); + notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL); + if ($test) { + $ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL; + continue; + } + } + continue; } - goaway($desturl); - } - // log them in + // log them in - if ($test) { - $ret['success'] = true; - $ret['message'] .= 'Authentication Success!' . EOL; - json_return_and_die($ret); - } + if ($test) { + $ret['success'] = true; + $ret['message'] .= 'Authentication Success!' . EOL; + json_return_and_die($ret); + } - $delegation_success = false; - if ($delegate) { - $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", - dbesc($delegate) - ); - if ($r && intval($r[0]['channel_id'])) { - $allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); - if ($allowed) { - $_SESSION['delegate_channel'] = $r[0]['channel_id']; - $_SESSION['delegate'] = $x[0]['xchan_hash']; - $_SESSION['account_id'] = intval($r[0]['channel_account_id']); - require_once('include/security.php'); - change_channel($r[0]['channel_id']); - $delegation_success = true; + $delegation_success = false; + if ($delegate) { + $r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", + dbesc($delegate) + ); + if ($r && intval($r[0]['channel_id'])) { + $allowed = perm_is_allowed($r[0]['channel_id'],$xx['xchan_hash'],'delegate'); + if ($allowed) { + $_SESSION['delegate_channel'] = $r[0]['channel_id']; + $_SESSION['delegate'] = $xx['xchan_hash']; + $_SESSION['account_id'] = intval($r[0]['channel_account_id']); + require_once('include/security.php'); + change_channel($r[0]['channel_id']); + $delegation_success = true; + } } } - } - $_SESSION['authenticated'] = 1; - if (! $delegation_success) { - $_SESSION['visitor_id'] = $x[0]['xchan_hash']; - $_SESSION['my_url'] = $x[0]['xchan_url']; - $_SESSION['my_address'] = $address; - $_SESSION['remote_service_class'] = $remote_service_class; - $_SESSION['remote_level'] = $remote_level; - $_SESSION['remote_hub'] = $remote_hub; - $_SESSION['DNT'] = $DNT; + $_SESSION['authenticated'] = 1; + if (! $delegation_success) { + $_SESSION['visitor_id'] = $xx['xchan_hash']; + $_SESSION['my_url'] = $xx['xchan_url']; + $_SESSION['my_address'] = $address; + $_SESSION['remote_service_class'] = $remote_service_class; + $_SESSION['remote_level'] = $remote_level; + $_SESSION['remote_hub'] = $remote_hub; + $_SESSION['DNT'] = $DNT; + } + + $arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + $a->set_observer($xx); + require_once('include/security.php'); + $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); + info(sprintf( t('Welcome %s. Remote authentication successful.'),$xx['xchan_name'])); + logger('mod_zot: auth success from ' . $xx['xchan_addr']); + } + else { + if ($test) { + $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + continue; + } + logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']); } - $arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION); - call_hooks('magic_auth_success',$arr); - $a->set_observer($x[0]); - require_once('include/security.php'); - $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); - info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name'])); - logger('mod_zot: auth success from ' . $x[0]['xchan_addr']); - } - else { - if($test) { - $ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; - json_return_and_die($ret); + if ($test) { + $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; + continue; } - logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']); } /** @@ -299,14 +306,13 @@ function post_init(&$a) { * But z_root() probably isn't where you really want to go. */ + if(strstr($desturl,z_root() . '/rmagic')) + goaway(z_root()); + if ($test) { - $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL; json_return_and_die($ret); } - if(strstr($desturl,z_root() . '/rmagic')) - goaway(z_root()); - goaway($desturl); } } diff --git a/version.inc b/version.inc index e412e1495..ecb05b628 100644 --- a/version.inc +++ b/version.inc @@ -1 +1 @@ -2015-09-20.1161 +2015-09-21.1162 diff --git a/view/tpl/locmanage.tpl b/view/tpl/locmanage.tpl index 944b3c3f4..e0232547f 100644 --- a/view/tpl/locmanage.tpl +++ b/view/tpl/locmanage.tpl @@ -19,7 +19,7 @@ function drophub(id) { {{if $hub.primary}}<button class="btn btn-std"><i class="icon-check"></i></button>{{else}}<button class="btn btn-std" onclick="primehub({{$hub.hubloc_id}}); return false;" ><i class="icon-check-empty" ></i></button>{{/if}} </td> -<td>{{if $hub.primary}}{{else}}{{if ! $hub.deleted}}<button class="btn btn-std" onclick="drophub({{$hub.hubloc_id}}); return false;"><i class="icon-trash"></i></button>{{/if}}{{/if}}</td> +<td>{{if ! $hub.deleted}}<button class="btn btn-std" onclick="drophub({{$hub.hubloc_id}}); return false;"><i class="icon-trash"></i></button>{{/if}}</td> </tr> {{/foreach}} </table> |