aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2019-04-24 16:21:59 -0700
committerzotlabs <mike@macgirvin.com>2019-04-24 16:21:59 -0700
commitc88286556a29974ea6955a6fb683a0ff35705ea5 (patch)
treef269edece634d13bb567db01ccbfb970fa4903f4 /Zotlabs/Module
parent831b9d443330cb806871ab06aaa977adafbe661e (diff)
downloadvolse-hubzilla-c88286556a29974ea6955a6fb683a0ff35705ea5.tar.gz
volse-hubzilla-c88286556a29974ea6955a6fb683a0ff35705ea5.tar.bz2
volse-hubzilla-c88286556a29974ea6955a6fb683a0ff35705ea5.zip
hubloc confusion during magic auth where hublocs with more than one network may exist
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Magic.php4
-rw-r--r--Zotlabs/Module/Owa.php26
2 files changed, 24 insertions, 6 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 71737eef8..e8e960574 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller {
$token = $j['token'];
}
- $x = strpbrk($dest,'?&');
- $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
+ $strp = strpbrk($dest,'?&');
+ $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
goaway($dest . $args);
}
}
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index ad57f883c..cf116a96c 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller {
$keyId = $sigblock['keyId'];
if($keyId) {
+
+ // Hubzilla connections can have both zot and zot6 hublocs
+ // The connections will usually be zot so match those first
+
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ",
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ",
dbesc(str_replace('acct:','',$keyId)),
dbesc($keyId)
);
- if(! $r) {
+
+ // If nothing was found, try searching on any network
+
+ if (! $r) {
+ $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
+ where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )",
+ dbesc(str_replace('acct:','',$keyId)),
+ dbesc($keyId)
+ );
+ }
+
+ // If nothing was found on any network, use network discovery and create a new record
+
+ if (! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId));
if($found) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
@@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller {
);
}
}
- if($r) {
+
+ if ($r) {
foreach($r as $hubloc) {
$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid']) {
@@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller {
logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
$ret['success'] = true;
$token = random_string(32);
- \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']);
+ \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']);
$result = '';
openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
$ret['encrypted_token'] = base64url_encode($result);