encrypt the owa token

author: zotlabs <mike@macgirvin.com> 2017-10-26 15:23:04 -0700
committer: zotlabs <mike@macgirvin.com> 2017-10-26 15:23:04 -0700
commit: e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe (patch)
tree: 0a9b791eb74f341badf894350109cd5bbcdfd98f /Zotlabs/Module/Magic.php
parent: 4a3149d1ba9ad08c4603b727c1e9411eaa1bbde0 (diff)
download: volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.tar.gz
volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.tar.bz2
volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.zip
1 files changed, 10 insertions, 3 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 879085f96..9ad9c951c 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -146,10 +146,17 @@ class Magic extends \Zotlabs\Web\Controller {
 
 				if($x['success']) {
 					$j = json_decode($x['body'],true);
-					if($j['success'] && $j['token']) {
-						$x = strpbrk($dest,'?&');
-						$args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : '');
+					if($j['success']) {
+						$token = '';
+						if($j['encrypted_token']) {
+							openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']);
+						}
+						else {
+							$token = $j['token'];
+						}
 						
+						$x = strpbrk($dest,'?&');
+						$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
 						goaway($dest . $args);
 					}
 				}
author	zotlabs <mike@macgirvin.com>	2017-10-26 15:23:04 -0700
committer	zotlabs <mike@macgirvin.com>	2017-10-26 15:23:04 -0700
commit	e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe (patch)
tree	0a9b791eb74f341badf894350109cd5bbcdfd98f /Zotlabs/Module/Magic.php
parent	4a3149d1ba9ad08c4603b727c1e9411eaa1bbde0 (diff)
download	volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.tar.gz volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.tar.bz2 volse-hubzilla-e5cfb8a0cdef56498aabb75fb52600ae07c4bcbe.zip