aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-02-22 13:33:18 -0800
committerfriendica <info@friendica.com>2014-02-22 13:33:18 -0800
commit075b7fa9c82d5b0663528d2cf5e6f28dd1c5f4ab (patch)
treea36cf6f0ba6a92e36074c641271249c783b0376c
parent9c4c0e6d2313fc7d09e315f2bb39711af4a2774a (diff)
downloadvolse-hubzilla-075b7fa9c82d5b0663528d2cf5e6f28dd1c5f4ab.tar.gz
volse-hubzilla-075b7fa9c82d5b0663528d2cf5e6f28dd1c5f4ab.tar.bz2
volse-hubzilla-075b7fa9c82d5b0663528d2cf5e6f28dd1c5f4ab.zip
This should resolve the dav authentication loop (correctly)
-rw-r--r--include/auth.php21
-rw-r--r--include/reddav.php2
-rw-r--r--include/security.php7
-rw-r--r--mod/ping.php2
4 files changed, 23 insertions, 9 deletions
diff --git a/include/auth.php b/include/auth.php
index a3b028c73..c21705c99 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -58,14 +58,17 @@ function account_verify_password($email,$pass) {
}
-// login/logout
-
+/**
+ * Inline - not a function
+ * look for auth parameters or re-validate an existing session
+ * also handles logout
+ */
+if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
-
-if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
+ // process a logout request
if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
@@ -77,6 +80,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
goaway(z_root());
}
+ // re-validate a visitor, optionally invoke "su" if permitted to do so
+
if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
// if our authenticated guest is allowed to take control of the admin channel, make it so.
$admins = get_config('system','remote_admin');
@@ -106,9 +111,11 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
}
+ // already logged in user returning
+
if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
- // already logged in user returning
+ // first check if we're enforcing that sessions can't change IP address
$check = get_config('system','paranoia');
// extra paranoia - if the IP changed, log them out
@@ -150,6 +157,8 @@ else {
nuke_session();
}
+ // handle a fresh login request
+
if((x($_POST,'password')) && strlen($_POST['password']))
$encrypted = hash('whirlpool',trim($_POST['password']));
@@ -188,7 +197,7 @@ else {
notice( t('Failed authentication') . EOL);
}
- logger('authenticate: ' . print_r(get_app()->account,true));
+ logger('authenticate: ' . print_r(get_app()->account,true), LOGGER_DEBUG);
}
diff --git a/include/reddav.php b/include/reddav.php
index 6182aeacd..2a26ac42a 100644
--- a/include/reddav.php
+++ b/include/reddav.php
@@ -792,6 +792,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
$this->channel_id = $r[0]['channel_id'];
$this->channel_hash = $this->observer = $r[0]['channel_hash'];
$_SESSION['uid'] = $r[0]['channel_id'];
+ $_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
return true;
}
@@ -813,6 +814,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
$this->channel_id = $r[0]['channel_id'];
$this->channel_hash = $this->observer = $r[0]['channel_hash'];
$_SESSION['uid'] = $r[0]['channel_id'];
+ $_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
return true;
}
diff --git a/include/security.php b/include/security.php
index 68dd573f7..f52615357 100644
--- a/include/security.php
+++ b/include/security.php
@@ -32,9 +32,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
}
- if($login_initial)
+ if($login_initial) {
+
call_hooks('logged_in', $user_record);
-
+
+ // might want to log success here
+ }
if($return || x($_SESSION,'workflow')) {
unset($_SESSION['workflow']);
diff --git a/mod/ping.php b/mod/ping.php
index 390613d7a..b9d9a9c77 100644
--- a/mod/ping.php
+++ b/mod/ping.php
@@ -28,7 +28,7 @@ function ping_init(&$a) {
header("content-type: application/json");
- $result['invalid'] = ((local_user()) && (intval($_GET['uid'])) && (intval($_GET['uid']) != local_user()) ? 1 : 0);
+ $result['invalid'] = ((intval($_GET['uid'])) && (intval($_GET['uid']) != local_user()) ? 1 : 0);
if(x($_SESSION,'sysmsg')){
foreach ($_SESSION['sysmsg'] as $m){