diff options
author | zotlabs <mike@macgirvin.com> | 2017-09-03 23:50:18 -0700 |
---|---|---|
committer | zotlabs <mike@macgirvin.com> | 2017-09-03 23:50:18 -0700 |
commit | fc62f07a089daf698953e6e4197668fbf8aebef9 (patch) | |
tree | 3e6a0b53dc61008b336497eb16a693b8670b6004 /Zotlabs | |
parent | 3d0a7f4fc5eacbafa08f49118dc7e54927b4fbed (diff) | |
download | volse-hubzilla-fc62f07a089daf698953e6e4197668fbf8aebef9.tar.gz volse-hubzilla-fc62f07a089daf698953e6e4197668fbf8aebef9.tar.bz2 volse-hubzilla-fc62f07a089daf698953e6e4197668fbf8aebef9.zip |
validate the security context
Diffstat (limited to 'Zotlabs')
-rw-r--r-- | Zotlabs/Module/Magic.php | 6 | ||||
-rw-r--r-- | Zotlabs/Zot/Auth.php | 7 |
2 files changed, 10 insertions, 3 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 9ee5f9324..bf3198067 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -133,10 +133,10 @@ class Magic extends \Zotlabs\Web\Controller { $channel = \App::get_channel(); $token = random_string(); - $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); +// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); - $channel['token'] = $token; - $channel['token_sig'] = $token_sig; +// $channel['token'] = $token; +// $channel['token_sig'] = $token_sig; \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); diff --git a/Zotlabs/Zot/Auth.php b/Zotlabs/Zot/Auth.php index 92b0fff78..afb7b1535 100644 --- a/Zotlabs/Zot/Auth.php +++ b/Zotlabs/Zot/Auth.php @@ -43,6 +43,12 @@ class Auth { $this->Finalise(); } + if(strpbrk($this->sec,'.:')) { + logger('illegal security context'); + $this->Debug('illegal security context.'); + $this->Finalise(); + } + $x = $this->GetHublocs($this->address); if($x) { @@ -153,6 +159,7 @@ class Auth { dbesc($hubloc['hubloc_url']) ); + // needs a nonce!!!! $p = zot_build_packet($channel,$type = 'auth_check', array(array('guid' => $hubloc['hubloc_guid'],'guid_sig' => $hubloc['hubloc_guid_sig'])), $hubloc['hubloc_sitekey'], (($x) ? $x[0]['site_crypto'] : ''), $this->sec); |