aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Owa.php
diff options
context:
space:
mode:
authorZot <mike@macgirvin.com>2019-04-25 11:54:37 +0200
committerMario <mario@mariovavti.com>2019-04-25 11:54:37 +0200
commit3c8f8b76aa35eed1e612cb20537b8648bef3daca (patch)
treeee68e6a3ec60aeedd21fff263e826735fd51f429 /Zotlabs/Module/Owa.php
parentc123fa5422c9c2df741819c4fb9a1b19547866d4 (diff)
downloadvolse-hubzilla-3c8f8b76aa35eed1e612cb20537b8648bef3daca.tar.gz
volse-hubzilla-3c8f8b76aa35eed1e612cb20537b8648bef3daca.tar.bz2
volse-hubzilla-3c8f8b76aa35eed1e612cb20537b8648bef3daca.zip
hubloc confusion in magic auth
Diffstat (limited to 'Zotlabs/Module/Owa.php')
-rw-r--r--Zotlabs/Module/Owa.php26
1 files changed, 22 insertions, 4 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index ad57f883c..cf116a96c 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller {
$keyId = $sigblock['keyId'];
if($keyId) {
+
+ // Hubzilla connections can have both zot and zot6 hublocs
+ // The connections will usually be zot so match those first
+
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ",
dbesc(str_replace('acct:','',$keyId)),
dbesc($keyId)
);
- if(! $r) {
+
+ // If nothing was found, try searching on any network
+
+ if (! $r) {
+ $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )",
+ dbesc(str_replace('acct:','',$keyId)),
+ dbesc($keyId)
+ );
+ }
+
+ // If nothing was found on any network, use network discovery and create a new record
+
+ if (! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId));
if($found) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
@@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller {
);
}
}
- if($r) {
+
+ if ($r) {
foreach($r as $hubloc) {
$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid']) {
@@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller {
logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
$ret['success'] = true;
$token = random_string(32);
- \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']);
+ \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']);
$result = '';
openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
$ret['encrypted_token'] = base64url_encode($result);