aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module/Owa.php
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2017-09-09 20:22:45 +0200
committerMario Vavti <mario@mariovavti.com>2017-09-09 20:22:45 +0200
commitedada2b7869d9565b4534114b6ed171e588185f6 (patch)
treeccf4fe404f07dbc08634a538f5e5af91f532af67 /Zotlabs/Module/Owa.php
parentccc9cc8202b271d5b9b4126a10f997af17ade6d3 (diff)
parent84c86f01c853f87be93807b3e190f954aca2e6e6 (diff)
downloadvolse-hubzilla-edada2b7869d9565b4534114b6ed171e588185f6.tar.gz
volse-hubzilla-edada2b7869d9565b4534114b6ed171e588185f6.tar.bz2
volse-hubzilla-edada2b7869d9565b4534114b6ed171e588185f6.zip
Merge remote-tracking branch 'mike/master' into dev
Diffstat (limited to 'Zotlabs/Module/Owa.php')
-rw-r--r--Zotlabs/Module/Owa.php18
1 files changed, 9 insertions, 9 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 0b625dbe5..900ab9f85 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -1,9 +1,16 @@
<?php
-
namespace Zotlabs\Module;
-
+/**
+ * OpenWebAuth verifier and token generator
+ * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
+ * Requests to this endpoint should be signed using HTTP Signatures
+ * using the 'Authorization: Signature' authentication method
+ * If the signature verifies a token is returned.
+ *
+ * This token may be exchanged for an authenticated cookie.
+ */
class Owa extends \Zotlabs\Web\Controller {
@@ -29,8 +36,6 @@ class Owa extends \Zotlabs\Web\Controller {
$hubloc = $r[0];
$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
-logger('verified: ' . print_r($verified,true));
-
if($verified && $verified['header_signed'] && $verified['header_valid']) {
$token = random_string(32);
\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
@@ -42,13 +47,8 @@ logger('verified: ' . print_r($verified,true));
}
}
}
- $x = json_encode([ 'success' => false ]);
- header('Content-Type: application/x-zot+json');
- echo $x;
- killme();
}
}
-
$x = json_encode([ 'success' => false ]);
header('Content-Type: application/x-zot+json');
echo $x;