aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs
diff options
context:
space:
mode:
authorMario Vavti <mario@mariovavti.com>2017-09-08 09:22:36 +0200
committerMario Vavti <mario@mariovavti.com>2017-09-08 09:22:36 +0200
commit108bb7649bb61bee65d9923c9080c3af8e715bc4 (patch)
tree4b96649d85d098de8e723df85b409cb0a43832d1 /Zotlabs
parent7b3aa92b5ad09c0820db2b20bc462c975f0d3aba (diff)
parent1104e2652f15aaa405208b6dec9e439fb8c39537 (diff)
downloadvolse-hubzilla-108bb7649bb61bee65d9923c9080c3af8e715bc4.tar.gz
volse-hubzilla-108bb7649bb61bee65d9923c9080c3af8e715bc4.tar.bz2
volse-hubzilla-108bb7649bb61bee65d9923c9080c3af8e715bc4.zip
Merge remote-tracking branch 'mike/master' into dev
Diffstat (limited to 'Zotlabs')
-rw-r--r--Zotlabs/Module/Magic.php35
-rw-r--r--Zotlabs/Module/Owa.php57
-rw-r--r--Zotlabs/Module/Rmagic.php4
-rw-r--r--Zotlabs/Module/Wfinger.php42
-rw-r--r--Zotlabs/Web/HTTPSig.php8
-rw-r--r--Zotlabs/Web/WebServer.php6
-rw-r--r--Zotlabs/Zot/Finger.php2
-rw-r--r--Zotlabs/Zot/Verify.php16
8 files changed, 162 insertions, 8 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index bf3198067..342c11eb9 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller {
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
+ $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
$parsed = parse_url($dest);
@@ -132,12 +133,44 @@ class Magic extends \Zotlabs\Web\Controller {
if(local_channel()) {
$channel = \App::get_channel();
+ // OpenWebAuth
+
+ if($owa) {
+
+ $headers = [];
+ $headers['Accept'] = 'application/x-zot+json' ;
+ $headers['X-Open-Web-Auth'] = random_string();
+ $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
+ 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
+
+ $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]);
+
+ logger('owtfetch: ' . print_r($x,true));
+
+ if($x['success']) {
+ $j = json_decode($x['body'],true);
+ if($j['success'] && $j['token']) {
+ $x = strpbrk($dest,'?&');
+ $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : '');
+ goaway($dest . $args);
+ }
+ }
+ goaway($dest);
+ }
+
+
$token = random_string();
+
// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
-
// $channel['token'] = $token;
// $channel['token_sig'] = $token_sig;
+
+
+
+
+
+
\Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']);
$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel))
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
new file mode 100644
index 000000000..0b625dbe5
--- /dev/null
+++ b/Zotlabs/Module/Owa.php
@@ -0,0 +1,57 @@
+<?php
+
+
+namespace Zotlabs\Module;
+
+
+
+class Owa extends \Zotlabs\Web\Controller {
+
+ function init() {
+ foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+
+ if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
+ if($head !== 'HTTP_AUTHORIZATION') {
+ $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
+ continue;
+ }
+
+ $sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
+ if($sigblock) {
+ $keyId = $sigblock['keyId'];
+
+ if($keyId) {
+ $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
+ where hubloc_addr = '%s' limit 1",
+ dbesc(str_replace('acct:','',$keyId))
+ );
+ if($r) {
+ $hubloc = $r[0];
+ $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
+
+logger('verified: ' . print_r($verified,true));
+
+ if($verified && $verified['header_signed'] && $verified['header_valid']) {
+ $token = random_string(32);
+ \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
+ $x = json_encode([ 'success' => true, 'token' => $token ]);
+ header('Content-Type: application/x-zot+json');
+ echo $x;
+ killme();
+ }
+ }
+ }
+ }
+ $x = json_encode([ 'success' => false ]);
+ header('Content-Type: application/x-zot+json');
+ echo $x;
+ killme();
+ }
+ }
+
+ $x = json_encode([ 'success' => false ]);
+ header('Content-Type: application/x-zot+json');
+ echo $x;
+ killme();
+ }
+}
diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php
index 9fcc72441..0c4eb9ae4 100644
--- a/Zotlabs/Module/Rmagic.php
+++ b/Zotlabs/Module/Rmagic.php
@@ -18,7 +18,7 @@ class Rmagic extends \Zotlabs\Web\Controller {
if($r[0]['hubloc_url'] === z_root())
goaway(z_root() . '/login');
$dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string);
- goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest);
+ goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest);
}
}
}
@@ -63,7 +63,7 @@ class Rmagic extends \Zotlabs\Web\Controller {
else
$dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string));
- goaway($url . '/magic' . '?f=&dest=' . $dest);
+ goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest);
}
}
}
diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php
index 07a7b7735..d0c4d73d2 100644
--- a/Zotlabs/Module/Wfinger.php
+++ b/Zotlabs/Module/Wfinger.php
@@ -30,9 +30,15 @@ class Wfinger extends \Zotlabs\Web\Controller {
$resource = $_REQUEST['resource'];
logger('webfinger: ' . $resource,LOGGER_DEBUG);
+
+ $root_resource = false;
+
+ if(strcasecmp(rtrim($resource,'/'),z_root()) === 0)
+ $root_resource = true;
+
$r = null;
- if($resource) {
+ if(($resource) && (! $root_resource)) {
if(strpos($resource,'acct:') === 0) {
$channel = str_replace('acct:','',$resource);
@@ -60,7 +66,25 @@ class Wfinger extends \Zotlabs\Web\Controller {
header('Access-Control-Allow-Origin: *');
+
+ if($root_resource) {
+ $result['subject'] = $resource;
+ $result['properties'] = [
+ 'https://w3id.org/security/v1#publicKeyPem' => get_config('system','pubkey')
+ ];
+ $result['links'] = [
+ [
+ 'rel' => 'http://purl.org/openwebauth/v1',
+ 'type' => 'application/x-zot+json',
+ 'href' => z_root() . '/owa',
+ ],
+ ];
+
+
+
+ }
+
if($resource && $r) {
$h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0",
@@ -84,7 +108,8 @@ class Wfinger extends \Zotlabs\Web\Controller {
$result['properties'] = [
'http://webfinger.net/ns/name' => $r[0]['channel_name'],
- 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name']
+ 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'],
+ 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey']
];
foreach($aliases as $alias)
@@ -124,6 +149,13 @@ class Wfinger extends \Zotlabs\Web\Controller {
'rel' => 'http://purl.org/zot/protocol',
'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'],
],
+
+ [
+ 'rel' => 'http://purl.org/openwebauth/v1',
+ 'type' => 'application/x-zot+json',
+ 'href' => z_root() . '/owa',
+ ],
+
[
'rel' => 'magic-public-key',
@@ -136,14 +168,16 @@ class Wfinger extends \Zotlabs\Web\Controller {
$result['zot'] = zotinfo( [ 'address' => $r[0]['xchan_addr'] ]);
}
}
- else {
+
+ if(! $result) {
header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request');
killme();
}
$arr = [ 'channel' => $r[0], 'request' => $_REQUEST, 'result' => $result ];
call_hooks('webfinger',$arr);
-
+
+
json_return_and_die($arr['result'],'application/jrd+json');
}
diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php
index 2b139a2a1..fee8aaa41 100644
--- a/Zotlabs/Web/HTTPSig.php
+++ b/Zotlabs/Web/HTTPSig.php
@@ -91,6 +91,9 @@ class HTTPSig {
if($sig_block['algorithm'] === 'rsa-sha256') {
$algorithm = 'sha256';
}
+ if($sig_block['algorithm'] === 'rsa-sha512') {
+ $algorithm = 'sha512';
+ }
if(! $key) {
$result['signer'] = $sig_block['keyId'];
@@ -113,6 +116,8 @@ class HTTPSig {
$digest = explode('=', $headers['digest']);
if($digest[0] === 'SHA-256')
$hashalg = 'sha256';
+ if($digest[0] === 'SHA-512')
+ $hashalg = 'sha512';
// The explode operation will have stripped the '=' padding, so compare against unpadded base64
if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) {
@@ -164,6 +169,9 @@ class HTTPSig {
if($alg === 'sha256') {
$algorithm = 'rsa-sha256';
}
+ if($alg === 'sha512') {
+ $algorithm = 'rsa-sha512';
+ }
$x = self::sign($request,$head,$prvkey,$alg);
diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php
index a66384c40..8431a2e0e 100644
--- a/Zotlabs/Web/WebServer.php
+++ b/Zotlabs/Web/WebServer.php
@@ -70,6 +70,12 @@ class WebServer {
}
}
+ if((x($_REQUEST,'owt')) && (! \App::$install)) {
+ $token = $_REQUEST['owt'];
+ \App::$query_string = strip_query_param(\App::$query_string,'owt');
+ owt_init($token);
+ }
+
if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login'))
require('include/auth.php');
diff --git a/Zotlabs/Zot/Finger.php b/Zotlabs/Zot/Finger.php
index dab7d9e01..348171bdc 100644
--- a/Zotlabs/Zot/Finger.php
+++ b/Zotlabs/Zot/Finger.php
@@ -123,7 +123,7 @@ class Finger {
$x = json_decode($result['body'], true);
$verify = \Zotlabs\Web\HTTPSig::verify($result,(($x) ? $x['key'] : ''));
-
+
if($x && (! $verify['header_valid'])) {
$signed_token = ((is_array($x) && array_key_exists('signed_token', $x)) ? $x['signed_token'] : null);
if($signed_token) {
diff --git a/Zotlabs/Zot/Verify.php b/Zotlabs/Zot/Verify.php
index 06bd3188c..1d9e6de3f 100644
--- a/Zotlabs/Zot/Verify.php
+++ b/Zotlabs/Zot/Verify.php
@@ -31,6 +31,22 @@ class Verify {
return false;
}
+
+ function get_meta($type,$channel_id,$token) {
+ $r = q("select id, meta from verify where vtype = '%s' and channel = %d and token = '%s' limit 1",
+ dbesc($type),
+ intval($channel_id),
+ dbesc($token)
+ );
+ if($r) {
+ q("delete from verify where id = %d",
+ intval($r[0]['id'])
+ );
+ return $r[0]['meta'];
+ }
+ return false;
+ }
+
function purge($type,$interval) {
q("delete from verify where vtype = '%s' and created < %s - INTERVAL %s",
dbesc($type),