aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-10-26 15:23:04 -0700
committerzotlabs <mike@macgirvin.com>2017-10-26 15:23:04 -0700
commite5cfb8a0cdef56498aabb75fb52600ae07c4bcbe (patch)
tree0a9b791eb74f341badf894350109cd5bbcdfd98f
parent4a3149d1ba9ad08c4603b727c1e9411eaa1bbde0 (diff)
downloadvolse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.tar.gz
volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.tar.bz2
volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.zip
encrypt the owa token
-rw-r--r--Zotlabs/Module/Magic.php13
-rw-r--r--Zotlabs/Module/Owa.php4
2 files changed, 13 insertions, 4 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 879085f96..9ad9c951c 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -146,10 +146,17 @@ class Magic extends \Zotlabs\Web\Controller {
if($x['success']) {
$j = json_decode($x['body'],true);
- if($j['success'] && $j['token']) {
- $x = strpbrk($dest,'?&');
- $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : '');
+ if($j['success']) {
+ $token = '';
+ if($j['encrypted_token']) {
+ openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']);
+ }
+ else {
+ $token = $j['token'];
+ }
+ $x = strpbrk($dest,'?&');
+ $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
goaway($dest . $args);
}
}
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 4b0d855c5..d58fd7a41 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -41,7 +41,9 @@ class Owa extends \Zotlabs\Web\Controller {
$ret['success'] = true;
$token = random_string(32);
\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
- $ret['token'] = $token;
+ $result = '';
+ openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
+ $ret['encrypted_token'] = base64url_encode($result);
}
}
}