diff options
author | zotlabs <mike@macgirvin.com> | 2017-10-26 15:23:04 -0700 |
---|---|---|
committer | Mario <mario@mariovavti.com> | 2017-11-13 09:06:44 +0100 |
commit | 1ef558d7e6dace480a2e705dd484b416ca2f02e6 (patch) | |
tree | e131bd60c44532797cc82a4a96f717006a1ee0dc /Zotlabs | |
parent | b62dee4c9076996ef015499228786fb877584588 (diff) | |
download | volse-hubzilla-1ef558d7e6dace480a2e705dd484b416ca2f02e6.tar.gz volse-hubzilla-1ef558d7e6dace480a2e705dd484b416ca2f02e6.tar.bz2 volse-hubzilla-1ef558d7e6dace480a2e705dd484b416ca2f02e6.zip |
encrypt the owa token
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Magic.php | 13 | ||||
-rw-r--r-- | Zotlabs/Module/Owa.php | 4 |
2 files changed, 13 insertions, 4 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 879085f96..9ad9c951c 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -146,10 +146,17 @@ class Magic extends \Zotlabs\Web\Controller { if($x['success']) { $j = json_decode($x['body'],true); - if($j['success'] && $j['token']) { - $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); + if($j['success']) { + $token = ''; + if($j['encrypted_token']) { + openssl_private_decrypt(base64url_decode($j['encrypted_token']),$token,$channel['channel_prvkey']); + } + else { + $token = $j['token']; + } + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 4b0d855c5..d58fd7a41 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -41,7 +41,9 @@ class Owa extends \Zotlabs\Web\Controller { $ret['success'] = true; $token = random_string(32); \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); - $ret['token'] = $token; + $result = ''; + openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); } } } |