aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Module
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2018-01-11 12:13:57 -0800
committerzotlabs <mike@macgirvin.com>2018-01-11 12:15:38 -0800
commit468e976a88fe3027dde1a56b116e495f7edd7d1a (patch)
tree5ec1bc57ee693aad7f028a71b4bbf882e78a4bb7 /Zotlabs/Module
parent894b3706e7e10fbcd158f4022f68ed23c1c7defa (diff)
downloadvolse-hubzilla-468e976a88fe3027dde1a56b116e495f7edd7d1a.tar.gz
volse-hubzilla-468e976a88fe3027dde1a56b116e495f7edd7d1a.tar.bz2
volse-hubzilla-468e976a88fe3027dde1a56b116e495f7edd7d1a.zip
OpenWebAuth: can fail after site re-installs; this may need to be pushed forward to master
Diffstat (limited to 'Zotlabs/Module')
-rw-r--r--Zotlabs/Module/Owa.php22
1 files changed, 12 insertions, 10 deletions
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index d58fd7a41..9a39fe4c0 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -31,19 +31,21 @@ class Owa extends \Zotlabs\Web\Controller {
if($keyId) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
- where hubloc_addr = '%s' limit 1",
+ where hubloc_addr = '%s' ",
dbesc(str_replace('acct:','',$keyId))
);
if($r) {
- $hubloc = $r[0];
- $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
- if($verified && $verified['header_signed'] && $verified['header_valid']) {
- $ret['success'] = true;
- $token = random_string(32);
- \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
- $result = '';
- openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
- $ret['encrypted_token'] = base64url_encode($result);
+ foreach($r as $hubloc) {
+ $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
+ if($verified && $verified['header_signed'] && $verified['header_valid']) {
+ $ret['success'] = true;
+ $token = random_string(32);
+ \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
+ $result = '';
+ openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
+ $ret['encrypted_token'] = base64url_encode($result);
+ break;
+ }
}
}
}