aboutsummaryrefslogtreecommitdiffstats
path: root/include/security.php
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-12-17 19:48:09 +0100
committerMario <mario@mariovavti.com>2021-12-17 19:48:09 +0100
commitbfd3da43ac9226e53188a03ff1414a18422e91b4 (patch)
treeb183e7c1c76aa8d39310fd702985bff7945e7053 /include/security.php
parent32a9eaf3b6a68626580078a3302f8dd8e85eb165 (diff)
downloadvolse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.tar.gz
volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.tar.bz2
volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.zip
access token refactor
Diffstat (limited to 'include/security.php')
-rw-r--r--include/security.php28
1 files changed, 23 insertions, 5 deletions
diff --git a/include/security.php b/include/security.php
index b6c0f1511..f02fb8023 100644
--- a/include/security.php
+++ b/include/security.php
@@ -89,8 +89,20 @@ function authenticate_success($user_record, $channel = null, $login_initial = fa
}
function atoken_login($atoken) {
- if (!$atoken)
+ if (! $atoken) {
return false;
+ }
+
+ if (App::$cmd === 'channel' && argv(1)) {
+ $channel = channelx_by_nick(argv(1));
+ if (perm_is_allowed($channel['channel_id'],$atoken['xchan_hash'],'delegate')) {
+ $_SESSION['delegate_channel'] = $channel['channel_id'];
+ $_SESSION['delegate'] = $atoken['xchan_hash'];
+ $_SESSION['account_id'] = intval($channel['channel_account_id']);
+ change_channel($channel['channel_id']);
+ return;
+ }
+ }
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $atoken['xchan_hash'];
@@ -113,11 +125,11 @@ function atoken_xchan($atoken) {
if ($c) {
return [
'atoken_id' => $atoken['atoken_id'],
- 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'],
+ 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_name' => $atoken['atoken_name'],
'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(),
'xchan_network' => 'unknown',
- 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'],
+ 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_hidden' => 1,
'xchan_photo_mimetype' => 'image/png',
'xchan_photo_l' => z_root() . '/' . get_default_profile_photo(300),
@@ -143,11 +155,17 @@ function atoken_delete($atoken_id) {
if (!$c)
return;
- $atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_name'];
+ $atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_guid'];
q("delete from atoken where atoken_id = %d",
intval($atoken_id)
);
+
+ q("delete from abook where abook_channel = %d and abook_xchan = '%s'",
+ intval($c[0]['channel_id']),
+ dbesc($atoken_xchan)
+ );
+
q("delete from abconfig where chan = %d and xchan = '%s'",
intval($c[0]['channel_id']),
dbesc($atoken_xchan)
@@ -198,7 +216,7 @@ function atoken_abook($uid, $xchan_hash) {
if (!$r)
return false;
- $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+ $x = q("select * from atoken where atoken_uid = %d and atoken_guid = '%s'",
intval($uid),
dbesc(substr($xchan_hash, 17))
);