aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-20 17:55:40 -0700
committerredmatrix <git@macgirvin.com>2016-07-20 17:57:17 -0700
commitbc8c74eb422387a5537eb923c90a34c1196ce568 (patch)
tree4f8ba641908fd18cc810ee0086684a4041062231 /Zotlabs/Module
parenteac35c05e9059ba57aefc878cc669eb0efbbd086 (diff)
downloadvolse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.tar.gz
volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.tar.bz2
volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.zip
sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for.
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Dav.php85
-rw-r--r--Zotlabs/Module/Login.php3
-rw-r--r--Zotlabs/Module/Openid.php2
-rw-r--r--Zotlabs/Module/Register.php2
-rw-r--r--Zotlabs/Module/Removeaccount.php3
-rw-r--r--Zotlabs/Module/Removeme.php4
6 files changed, 14 insertions, 85 deletions
diff --git a/Zotlabs/Module/Dav.php b/Zotlabs/Module/Dav.php
index ba2394388..aaf69844c 100644
--- a/Zotlabs/Module/Dav.php
+++ b/Zotlabs/Module/Dav.php
@@ -48,55 +48,13 @@ class Dav extends \Zotlabs\Web\Controller {
if (! is_dir('store'))
os_mkdir('store', STORAGE_DEFAULT_PERMISSIONS, false);
- $which = null;
if (argc() > 1)
- $which = argv(1);
+ profile_load(argv(1),0);
- $profile = 0;
-
- \App::$page['htmlhead'] .= '<link rel="alternate" type="application/atom+xml" href="' . z_root() . '/feed/' . $which . '" />' . "\r\n";
-
- if ($which)
- profile_load( $which, $profile);
-
-
-
$auth = new \Zotlabs\Storage\BasicAuth();
- $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . 'WebDAV');
-
-// $authBackend = new \Sabre\DAV\Auth\Backend\BasicCallBack(function($userName,$password) {
-// if(account_verify_password($userName,$password))
-// return true;
-// return false;
-// });
+ $auth->setRealm(ucfirst(\Zotlabs\Lib\System::get_platform_name()) . ' ' . 'WebDAV');
-// $ob_hash = get_observer_hash();
-
-// if ($ob_hash) {
-// if (local_channel()) {
-// $channel = \App::get_channel();
-// $auth->setCurrentUser($channel['channel_address']);
-// $auth->channel_id = $channel['channel_id'];
-// $auth->channel_hash = $channel['channel_hash'];
-// $auth->channel_account_id = $channel['channel_account_id'];
-// if($channel['channel_timezone'])
-// $auth->setTimezone($channel['channel_timezone']);
-// }
-// $auth->observer = $ob_hash;
-// }
-
-// if ($_GET['davguest'])
-// $_SESSION['davguest'] = true;
-
-// $_SERVER['QUERY_STRING'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['QUERY_STRING']);
-// $_SERVER['QUERY_STRING'] = strip_zids($_SERVER['QUERY_STRING']);
-// $_SERVER['QUERY_STRING'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['QUERY_STRING']);
-//
-// $_SERVER['REQUEST_URI'] = str_replace(array('?f=', '&f='), array('', ''), $_SERVER['REQUEST_URI']);
-// $_SERVER['REQUEST_URI'] = strip_zids($_SERVER['REQUEST_URI']);
-// $_SERVER['REQUEST_URI'] = preg_replace('/[\?&]davguest=(.*?)([\?&]|$)/ism', '', $_SERVER['REQUEST_URI']);
-
$rootDirectory = new \Zotlabs\Storage\Directory('/', $auth);
// A SabreDAV server-object
@@ -113,48 +71,13 @@ class Dav extends \Zotlabs\Web\Controller {
$server->addPlugin($lockPlugin);
- // The next section of code allows us to bypass prompting for http-auth if a
- // FILE is being accessed anonymously and permissions allow this. This way
- // one can create hotlinks to public media files in their cloud and anonymous
- // viewers won't get asked to login.
- // If a DIRECTORY is accessed or there are permission issues accessing the
- // file and we aren't previously authenticated via zot, prompt for HTTP-auth.
- // This will be the default case for mounting a DAV directory.
- // In order to avoid prompting for passwords for viewing a DIRECTORY, add
- // the URL query parameter 'davguest=1'.
-
-// $isapublic_file = false;
-// $davguest = ((x($_SESSION, 'davguest')) ? true : false);
-
-// if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
-// try {
-// $x = RedFileData('/' . \App::$cmd, $auth);
-// if($x instanceof \Zotlabs\Storage\File)
-// $isapublic_file = true;
-// }
-// catch (Exception $e) {
-// $isapublic_file = false;
-// }
-// }
-
-// if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
-// try {
-// $auth->Authenticate($server, t('$Projectname channel'));
-// }
-// catch (Exception $e) {
-// logger('mod_cloud: auth exception' . $e->getMessage());
-// http_status_exit($e->getHTTPCode(), $e->getMessage());
-// }
-// }
-
- // require_once('Zotlabs/Storage/Browser.php');
// provide a directory view for the cloud in Hubzilla
$browser = new \Zotlabs\Storage\Browser($auth);
$auth->setBrowserPlugin($browser);
// Experimental QuotaPlugin
- // require_once('Zotlabs/Storage/QuotaPlugin.php');
- // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
+ // require_once('Zotlabs/Storage/QuotaPlugin.php');
+ // $server->addPlugin(new \Zotlabs\Storage\QuotaPlugin($auth));
// All we need to do now, is to fire up the server
$server->exec();
diff --git a/Zotlabs/Module/Login.php b/Zotlabs/Module/Login.php
index ff75e5268..ae35b922f 100644
--- a/Zotlabs/Module/Login.php
+++ b/Zotlabs/Module/Login.php
@@ -7,6 +7,9 @@ class Login extends \Zotlabs\Web\Controller {
function get() {
if(local_channel())
goaway(z_root());
+ if(remote_channel() && $_SESSION['atoken'])
+ goaway(z_root());
+
return login((\App::$config['system']['register_policy'] == REGISTER_CLOSED) ? false : true);
}
diff --git a/Zotlabs/Module/Openid.php b/Zotlabs/Module/Openid.php
index 7a6e4a81f..8cbc6d2fd 100644
--- a/Zotlabs/Module/Openid.php
+++ b/Zotlabs/Module/Openid.php
@@ -48,7 +48,7 @@ class Openid extends \Zotlabs\Web\Controller {
$_SESSION['uid'] = $r[0]['channel_id'];
$_SESSION['account_id'] = $r[0]['channel_account_id'];
$_SESSION['authenticated'] = true;
- authenticate_success($record,true,true,true,true);
+ authenticate_success($record,$r[0],true,true,true,true);
goaway(z_root());
}
}
diff --git a/Zotlabs/Module/Register.php b/Zotlabs/Module/Register.php
index 6afa4a94c..45123b88d 100644
--- a/Zotlabs/Module/Register.php
+++ b/Zotlabs/Module/Register.php
@@ -146,7 +146,7 @@ class Register extends \Zotlabs\Web\Controller {
goaway(z_root());
}
- authenticate_success($result['account'],true,false,true);
+ authenticate_success($result['account'],null,true,false,true);
$new_channel = false;
$next_page = 'new_channel';
diff --git a/Zotlabs/Module/Removeaccount.php b/Zotlabs/Module/Removeaccount.php
index 39e06bb7f..9fac7838e 100644
--- a/Zotlabs/Module/Removeaccount.php
+++ b/Zotlabs/Module/Removeaccount.php
@@ -25,7 +25,8 @@ class Removeaccount extends \Zotlabs\Web\Controller {
$account = \App::get_account();
$account_id = get_account_id();
- if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+ $x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+ if(! ($x && $x['account']))
return;
if($account['account_password_changed'] != NULL_DATE) {
diff --git a/Zotlabs/Module/Removeme.php b/Zotlabs/Module/Removeme.php
index e611d8112..bc18fe0f8 100644
--- a/Zotlabs/Module/Removeme.php
+++ b/Zotlabs/Module/Removeme.php
@@ -24,7 +24,9 @@ class Removeme extends \Zotlabs\Web\Controller {
$account = \App::get_account();
- if(! account_verify_password($account['account_email'],$_POST['qxz_password']))
+
+ $x = account_verify_password($account['account_email'],$_POST['qxz_password']);
+ if(! ($x && $x['account']))
return;
if($account['account_password_changed'] != NULL_DATE) {