diff options
author | Zot <mike@macgirvin.com> | 2019-04-25 09:54:37 +0000 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2019-04-26 10:41:35 +0200 |
commit | ab8d8aa552cb8e2d39f4cfac4bfa914154e3263a (patch) | |
tree | 4c1b48e41290bf17500dd22d7bdaeb852047085c | |
parent | f955276694680695be76dc9bfcf22d19e10613be (diff) | |
download | volse-hubzilla-ab8d8aa552cb8e2d39f4cfac4bfa914154e3263a.tar.gz volse-hubzilla-ab8d8aa552cb8e2d39f4cfac4bfa914154e3263a.tar.bz2 volse-hubzilla-ab8d8aa552cb8e2d39f4cfac4bfa914154e3263a.zip |
hubloc confusion in magic auth
(cherry picked from commit 3c8f8b76aa35eed1e612cb20537b8648bef3daca)
-rw-r--r-- | Zotlabs/Lib/Libzot.php | 6 | ||||
-rw-r--r-- | Zotlabs/Module/Magic.php | 4 | ||||
-rw-r--r-- | Zotlabs/Module/Owa.php | 26 | ||||
-rw-r--r-- | include/channel.php | 11 | ||||
-rw-r--r-- | include/zid.php | 48 | ||||
-rw-r--r-- | include/zot.php | 22 |
6 files changed, 89 insertions, 28 deletions
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php index 70602bbbc..9bf987027 100644 --- a/Zotlabs/Lib/Libzot.php +++ b/Zotlabs/Lib/Libzot.php @@ -3107,7 +3107,11 @@ class Libzot { foreach($arr as $v) { if($v[$check] === 'zot6') { - + return $v; + } + } + foreach($arr as $v) { + if($v[$check] === 'zot') { return $v; } } diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 71737eef8..e8e960574 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller { $token = $j['token']; } - $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + $strp = strpbrk($dest,'?&'); + $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index ad57f883c..cf116a96c 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller { $keyId = $sigblock['keyId']; if($keyId) { + + // Hubzilla connections can have both zot and zot6 hublocs + // The connections will usually be zot so match those first + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash - where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ", dbesc(str_replace('acct:','',$keyId)), dbesc($keyId) ); - if(! $r) { + + // If nothing was found, try searching on any network + + if (! $r) { + $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash + where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", + dbesc(str_replace('acct:','',$keyId)), + dbesc($keyId) + ); + } + + // If nothing was found on any network, use network discovery and create a new record + + if (! $r) { $found = discover_by_webbie(str_replace('acct:','',$keyId)); if($found) { $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash @@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller { ); } } - if($r) { + + if ($r) { foreach($r as $hubloc) { $verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { @@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller { logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); $ret['success'] = true; $token = random_string(32); - \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); + \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']); $result = ''; openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); $ret['encrypted_token'] = base64url_encode($result); diff --git a/include/channel.php b/include/channel.php index 654bbdb05..47a7b5a0e 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1812,13 +1812,16 @@ function zid_init() { call_hooks('zid_init', $arr); if(! local_channel()) { - $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1", + $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc", dbesc($tmp_str) ); if(! $r) { Master::Summon(array('Gprobe',bin2hex($tmp_str))); } - if($r && remote_channel() && remote_channel() === $r[0]['hubloc_hash']) + if($r) { + $r = zot_record_preferred($r); + } + if($r && remote_channel() && remote_channel() === $r['hubloc_hash']) return; logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str); @@ -1826,8 +1829,8 @@ function zid_init() { $query = App::$query_string; $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $dest = '/' . $query; - if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); + if($r && ($r['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { + goaway($r['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); } else logger('No hubloc found.'); diff --git a/include/zid.php b/include/zid.php index 0b12689ef..ed79de76a 100644 --- a/include/zid.php +++ b/include/zid.php @@ -1,5 +1,6 @@ <?php +use Zotlabs\Lib\Verify; function is_matrix_url($url) { @@ -270,34 +271,45 @@ function red_zrlify_img_callback($matches) { */ function owt_init($token) { - \Zotlabs\Lib\Verify::purge('owt', '3 MINUTE'); + Verify::purge('owt', '3 MINUTE'); - $ob_hash = \Zotlabs\Lib\Verify::get_meta('owt', 0, $token); + $key = Verify::get_meta('owt', 0, $token); - if($ob_hash === false) { + if($key === false) { + return; + } + + $parts = explode(',',$key,2); + if(count($parts) < 2) { return; } $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash - where hubloc_addr = '%s' order by hubloc_id desc", - dbesc($ob_hash) + where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc", + dbesc($parts[0]), + dbesc($parts[1]) ); if(! $r) { + // finger them if they can't be found. - $j = \Zotlabs\Zot\Finger::run($ob_hash, null); + // @todo check that this is still needed. Discovery should have been performed in the Owa module. + + $j = \Zotlabs\Zot\Finger::run($parts[1], null); if ($j['success']) { import_xchan($j); $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash - where hubloc_addr = '%s' order by hubloc_id desc", - dbesc($ob_hash) + where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc", + dbesc($parts[0]), + dbesc($parts[1]) ); } } if(! $r) { - logger('owt: unable to finger ' . $ob_hash); + logger('owt: unable to finger ' . $key); return; } + $hubloc = $r[0]; $_SESSION['authenticated'] = 1; @@ -324,7 +336,7 @@ function owt_init($token) { if (! $delegate_success) { // normal visitor (remote_channel) login session credentials $_SESSION['visitor_id'] = $hubloc['xchan_hash']; - $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_url'] = $hubloc['xchan_url']; $_SESSION['my_address'] = $hubloc['hubloc_addr']; $_SESSION['remote_hub'] = $hubloc['hubloc_url']; $_SESSION['DNT'] = 1; @@ -332,7 +344,7 @@ function owt_init($token) { $arr = [ 'xchan' => $hubloc, - 'url' => \App::$query_string, + 'url' => App::$query_string, 'session' => $_SESSION ]; /** @@ -344,11 +356,11 @@ function owt_init($token) { */ call_hooks('magic_auth_success', $arr); - \App::set_observer($hubloc); + App::set_observer($hubloc); require_once('include/security.php'); - \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); if(! get_config('system', 'hide_owa_greeting')) - info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); + info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),App::get_hostname(), $hubloc['xchan_name'])); logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); } @@ -384,7 +396,9 @@ function observer_auth($ob_hash) { return; } - $hubloc = $r[0]; + // Note: this has no Libzot namespace so prefers zot over zot6 + + $hubloc = zot_record_preferred($r); $_SESSION['authenticated'] = 1; @@ -395,8 +409,8 @@ function observer_auth($ob_hash) { $_SESSION['remote_hub'] = $hubloc['hubloc_url']; $_SESSION['DNT'] = 1; - \App::set_observer($hubloc); + App::set_observer($hubloc); require_once('include/security.php'); - \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); } diff --git a/include/zot.php b/include/zot.php index 227d82a13..5ced4ee8c 100644 --- a/include/zot.php +++ b/include/zot.php @@ -5270,3 +5270,25 @@ function zot_reply_notify($data) { $ret['success'] = true; json_return_and_die($ret); } + + +function zot_record_preferred($arr, $check = 'hubloc_network') { + + if(! $arr) { + return $arr; + } + + foreach($arr as $v) { + if($v[$check] === 'zot') { + return $v; + } + } + foreach($arr as $v) { + if($v[$check] === 'zot6') { + return $v; + } + } + + return $arr[0]; + +} |