aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2019-04-24 16:21:59 -0700
committerzotlabs <mike@macgirvin.com>2019-04-24 16:21:59 -0700
commitc88286556a29974ea6955a6fb683a0ff35705ea5 (patch)
treef269edece634d13bb567db01ccbfb970fa4903f4
parent831b9d443330cb806871ab06aaa977adafbe661e (diff)
downloadvolse-hubzilla-c88286556a29974ea6955a6fb683a0ff35705ea5.tar.gz
volse-hubzilla-c88286556a29974ea6955a6fb683a0ff35705ea5.tar.bz2
volse-hubzilla-c88286556a29974ea6955a6fb683a0ff35705ea5.zip
hubloc confusion during magic auth where hublocs with more than one network may exist
-rw-r--r--Zotlabs/Lib/Libzot.php6
-rw-r--r--Zotlabs/Module/Magic.php4
-rw-r--r--Zotlabs/Module/Owa.php26
-rw-r--r--include/channel.php11
-rw-r--r--include/zid.php49
-rw-r--r--include/zot.php22
6 files changed, 90 insertions, 28 deletions
diff --git a/Zotlabs/Lib/Libzot.php b/Zotlabs/Lib/Libzot.php
index 70602bbbc..9bf987027 100644
--- a/Zotlabs/Lib/Libzot.php
+++ b/Zotlabs/Lib/Libzot.php
@@ -3107,7 +3107,11 @@ class Libzot {
foreach($arr as $v) {
if($v[$check] === 'zot6') {
-
+ return $v;
+ }
+ }
+ foreach($arr as $v) {
+ if($v[$check] === 'zot') {
return $v;
}
}
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 71737eef8..e8e960574 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller {
$token = $j['token'];
}
- $x = strpbrk($dest,'?&');
- $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
+ $strp = strpbrk($dest,'?&');
+ $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
goaway($dest . $args);
}
}
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index ad57f883c..cf116a96c 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller {
$keyId = $sigblock['keyId'];
if($keyId) {
+
+ // Hubzilla connections can have both zot and zot6 hublocs
+ // The connections will usually be zot so match those first
+
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ",
dbesc(str_replace('acct:','',$keyId)),
dbesc($keyId)
);
- if(! $r) {
+
+ // If nothing was found, try searching on any network
+
+ if (! $r) {
+ $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )",
+ dbesc(str_replace('acct:','',$keyId)),
+ dbesc($keyId)
+ );
+ }
+
+ // If nothing was found on any network, use network discovery and create a new record
+
+ if (! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId));
if($found) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
@@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller {
);
}
}
- if($r) {
+
+ if ($r) {
foreach($r as $hubloc) {
$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid']) {
@@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller {
logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
$ret['success'] = true;
$token = random_string(32);
- \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']);
+ \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']);
$result = '';
openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
$ret['encrypted_token'] = base64url_encode($result);
diff --git a/include/channel.php b/include/channel.php
index 654bbdb05..47a7b5a0e 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -1812,13 +1812,16 @@ function zid_init() {
call_hooks('zid_init', $arr);
if(! local_channel()) {
- $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1",
+ $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc",
dbesc($tmp_str)
);
if(! $r) {
Master::Summon(array('Gprobe',bin2hex($tmp_str)));
}
- if($r && remote_channel() && remote_channel() === $r[0]['hubloc_hash'])
+ if($r) {
+ $r = zot_record_preferred($r);
+ }
+ if($r && remote_channel() && remote_channel() === $r['hubloc_hash'])
return;
logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str);
@@ -1826,8 +1829,8 @@ function zid_init() {
$query = App::$query_string;
$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query);
$dest = '/' . $query;
- if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
- goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest));
+ if($r && ($r['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
+ goaway($r['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest));
}
else
logger('No hubloc found.');
diff --git a/include/zid.php b/include/zid.php
index 0b12689ef..40e323db5 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -1,5 +1,7 @@
<?php
+use App;
+use Zotlabs\Lib\Verify;
function is_matrix_url($url) {
@@ -270,34 +272,45 @@ function red_zrlify_img_callback($matches) {
*/
function owt_init($token) {
- \Zotlabs\Lib\Verify::purge('owt', '3 MINUTE');
+ Verify::purge('owt', '3 MINUTE');
- $ob_hash = \Zotlabs\Lib\Verify::get_meta('owt', 0, $token);
+ $key = Verify::get_meta('owt', 0, $token);
- if($ob_hash === false) {
+ if($key === false) {
+ return;
+ }
+
+ $parts = explode(',',$key,2);
+ if(count($parts) < 2) {
return;
}
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
- where hubloc_addr = '%s' order by hubloc_id desc",
- dbesc($ob_hash)
+ where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc",
+ dbesc($parts[0]),
+ dbesc($parts[1])
);
if(! $r) {
+
// finger them if they can't be found.
- $j = \Zotlabs\Zot\Finger::run($ob_hash, null);
+ // @todo check that this is still needed. Discovery should have been performed in the Owa module.
+
+ $j = \Zotlabs\Zot\Finger::run($parts[1], null);
if ($j['success']) {
import_xchan($j);
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
- where hubloc_addr = '%s' order by hubloc_id desc",
- dbesc($ob_hash)
+ where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc",
+ dbesc($parts[0]),
+ dbesc($parts[1])
);
}
}
if(! $r) {
- logger('owt: unable to finger ' . $ob_hash);
+ logger('owt: unable to finger ' . $key);
return;
}
+
$hubloc = $r[0];
$_SESSION['authenticated'] = 1;
@@ -324,7 +337,7 @@ function owt_init($token) {
if (! $delegate_success) {
// normal visitor (remote_channel) login session credentials
$_SESSION['visitor_id'] = $hubloc['xchan_hash'];
- $_SESSION['my_url'] = $hubloc['xchan_url'];
+ $_SESSION['my_url'] = $hubloc['xchan_url'];
$_SESSION['my_address'] = $hubloc['hubloc_addr'];
$_SESSION['remote_hub'] = $hubloc['hubloc_url'];
$_SESSION['DNT'] = 1;
@@ -332,7 +345,7 @@ function owt_init($token) {
$arr = [
'xchan' => $hubloc,
- 'url' => \App::$query_string,
+ 'url' => App::$query_string,
'session' => $_SESSION
];
/**
@@ -344,11 +357,11 @@ function owt_init($token) {
*/
call_hooks('magic_auth_success', $arr);
- \App::set_observer($hubloc);
+ App::set_observer($hubloc);
require_once('include/security.php');
- \App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
if(! get_config('system', 'hide_owa_greeting'))
- info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name']));
+ info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),App::get_hostname(), $hubloc['xchan_name']));
logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']);
}
@@ -384,7 +397,9 @@ function observer_auth($ob_hash) {
return;
}
- $hubloc = $r[0];
+ // Note: this has no Libzot namespace so prefers zot over zot6
+
+ $hubloc = zot_record_preferred($r);
$_SESSION['authenticated'] = 1;
@@ -395,8 +410,8 @@ function observer_auth($ob_hash) {
$_SESSION['remote_hub'] = $hubloc['hubloc_url'];
$_SESSION['DNT'] = 1;
- \App::set_observer($hubloc);
+ App::set_observer($hubloc);
require_once('include/security.php');
- \App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
}
diff --git a/include/zot.php b/include/zot.php
index 9f2321bc4..983b73072 100644
--- a/include/zot.php
+++ b/include/zot.php
@@ -5286,3 +5286,25 @@ function zot_reply_notify($data) {
$ret['success'] = true;
json_return_and_die($ret);
}
+
+
+function zot_record_preferred($arr, $check = 'hubloc_network') {
+
+ if(! $arr) {
+ return $arr;
+ }
+
+ foreach($arr as $v) {
+ if($v[$check] === 'zot') {
+ return $v;
+ }
+ }
+ foreach($arr as $v) {
+ if($v[$check] === 'zot6') {
+ return $v;
+ }
+ }
+
+ return $arr[0];
+
+}