diff options
| author | zotlabs <mike@macgirvin.com> | 2019-03-09 12:58:03 -0800 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2019-03-09 12:58:03 -0800 |
| commit | 51024d382172c5e2e62bacc6d9103a1caa40e4a5 (patch) | |
| tree | 37423abb2147b56945ac43a7ad0f13936890eec4 | |
| parent | 220d6ed494c1c1aa1bd1365f485e0543c2baa800 (diff) | |
| download | volse-hubzilla-51024d382172c5e2e62bacc6d9103a1caa40e4a5.tar.gz volse-hubzilla-51024d382172c5e2e62bacc6d9103a1caa40e4a5.tar.bz2 volse-hubzilla-51024d382172c5e2e62bacc6d9103a1caa40e4a5.zip | |
authenticated fetch fixes
| -rw-r--r-- | Zotlabs/Lib/ActivityStreams.php | 5 | ||||
| -rw-r--r-- | Zotlabs/Module/Item.php | 1 | ||||
| -rw-r--r-- | include/zid.php | 48 |
3 files changed, 53 insertions, 1 deletions
diff --git a/Zotlabs/Lib/ActivityStreams.php b/Zotlabs/Lib/ActivityStreams.php index a357b6d69..006744aff 100644 --- a/Zotlabs/Lib/ActivityStreams.php +++ b/Zotlabs/Lib/ActivityStreams.php @@ -319,7 +319,10 @@ class ActivityStreams { function get_compound_property($property, $base = '', $namespace = '', $first = false) { $x = $this->get_property_obj($property, $base, $namespace); if($this->is_url($x)) { - $x = $this->fetch_property($x); + $y = $this->fetch_property($x); + if (is_array($y)) { + $x = $y; + } } // verify and unpack JSalmon signature if present diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index ebcf632ef..b247df0fd 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -55,6 +55,7 @@ class Item extends Controller { $sigdata = HTTPSig::verify(EMPTY_STR); if($sigdata['portable_id'] && $sigdata['header_valid']) { $portable_id = $sigdata['portable_id']; + observer_auth($portable_id); } $item_normal = " and item.item_hidden = 0 and item.item_type = 0 and item.item_unpublished = 0 and item.item_delayed = 0 and item.item_blocked = 0 "; diff --git a/include/zid.php b/include/zid.php index a37ebe1f6..0b12689ef 100644 --- a/include/zid.php +++ b/include/zid.php @@ -352,3 +352,51 @@ function owt_init($token) { logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); } + + +function observer_auth($ob_hash) { + + if($ob_hash === false) { + return; + } + + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc", + dbesc($ob_hash), + dbesc($ob_hash), + dbesc($ob_hash) + ); + + if(! $r) { + // finger them if they can't be found. + $wf = discover_by_webbie($ob_hash); + if($wf) { + $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash + where hubloc_addr = '%s' or hubloc_id_url = '%s' or hubloc_hash = '%s' order by hubloc_id desc", + dbesc($ob_hash), + dbesc($ob_hash), + dbesc($ob_hash) + ); + } + } + if(! $r) { + logger('unable to finger ' . $ob_hash); + return; + } + + $hubloc = $r[0]; + + $_SESSION['authenticated'] = 1; + + // normal visitor (remote_channel) login session credentials + $_SESSION['visitor_id'] = $hubloc['xchan_hash']; + $_SESSION['my_url'] = $hubloc['xchan_url']; + $_SESSION['my_address'] = $hubloc['hubloc_addr']; + $_SESSION['remote_hub'] = $hubloc['hubloc_url']; + $_SESSION['DNT'] = 1; + + \App::set_observer($hubloc); + require_once('include/security.php'); + \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + +} |