diff options
author | redmatrix <git@macgirvin.com> | 2016-07-17 21:40:04 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-07-17 21:40:04 -0700 |
commit | de4f9d68bdaade902a8030888f9df035fa1329ec (patch) | |
tree | 5021daad0c4002ce9b7c89233b7c8446552b5a07 /include | |
parent | 191cd21028ab108c2a7f982c654601d780865eff (diff) | |
parent | 571b8cc85b3a770f16aed021bb39b889e0275ed6 (diff) | |
download | volse-hubzilla-de4f9d68bdaade902a8030888f9df035fa1329ec.tar.gz volse-hubzilla-de4f9d68bdaade902a8030888f9df035fa1329ec.tar.bz2 volse-hubzilla-de4f9d68bdaade902a8030888f9df035fa1329ec.zip |
Merge branch 'dev' into perms
Diffstat (limited to 'include')
-rw-r--r-- | include/auth.php | 76 | ||||
-rw-r--r-- | include/channel.php | 25 | ||||
-rw-r--r-- | include/perm_upgrade.php | 64 | ||||
-rw-r--r-- | include/security.php | 38 | ||||
-rw-r--r-- | include/text.php | 4 | ||||
-rw-r--r-- | include/widgets.php | 9 |
6 files changed, 190 insertions, 26 deletions
diff --git a/include/auth.php b/include/auth.php index 01fcf0094..79d04c728 100644 --- a/include/auth.php +++ b/include/auth.php @@ -36,22 +36,33 @@ function account_verify_password($email, $pass) { // you have to verify the email and then go through the account approval workflow before // letting them login. - if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED)) - return null; + // @bug there is no record here + //if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED)) + // return null; $r = q("select * from account where account_email = '%s'", dbesc($email) ); - if(! ($r && count($r))) - return null; - - foreach($r as $record) { - if(($record['account_flags'] == ACCOUNT_OK) - && (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) { - logger('password verified for ' . $email); - return $record; + if($r) { + + foreach($r as $record) { + if(($record['account_flags'] == ACCOUNT_OK) + && (hash('whirlpool', $record['account_salt'] . $pass) === $record['account_password'])) { + logger('password verified for ' . $email); + return $record; + } } } + + $x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1", + dbesc($email), + dbesc($pass) + ); + if($x) { + atoken_login($x[0]); + return $x[0]; + } + $error = 'password failed for ' . $email; logger($error); @@ -123,10 +134,18 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) && authenticate_success($x[0], true, true); } } - - $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1", - dbesc($_SESSION['visitor_id']) - ); + if(array_key_exists('atoken',$_SESSION)) { + $y = q("select * from atoken where atoken_id = %d limit 1", + intval($_SESSION['atoken']) + ); + if($y) + $r = array(atoken_xchan($y[0])); + } + else { + $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1", + dbesc($_SESSION['visitor_id']) + ); + } if($r) { App::set_observer($r[0]); } @@ -199,20 +218,27 @@ else { call_hooks('authenticate', $addon_auth); + $atoken = false; + if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) { $record = $addon_auth['user_record']; } else { - $record = App::$account = account_verify_password($_POST['username'], $_POST['password']); - - if(App::$account) { - $_SESSION['account_id'] = App::$account['account_id']; - } - else { - notice( t('Failed authentication') . EOL); + $x = account_verify_password($_POST['username'], $_POST['password']); + if(array_key_exists('atoken',$x)) + $atoken = true; + if(! $atoken) { + $record = App::$account = $x; + + if(App::$account) { + $_SESSION['account_id'] = App::$account['account_id']; + } + else { + notice( t('Failed authentication') . EOL); + } + + logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL); } - - logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL); } if((! $record) || (! count($record))) { @@ -252,7 +278,8 @@ else { // if we haven't failed up this point, log them in. $_SESSION['last_login_date'] = datetime_convert(); - authenticate_success($record, true, true); + if(! $atoken) + authenticate_success($record, true, true); } } @@ -270,6 +297,7 @@ else { * @return int|bool * Return channel_id from pconfig or false. */ + function match_openid($authid) { // Query the uid/channel_id from pconfig for a given value. $r = q("SELECT uid FROM pconfig WHERE cat = 'system' AND k = 'openid' AND v = '%s' LIMIT 1", diff --git a/include/channel.php b/include/channel.php index 28eac9d4c..0defc3863 100644 --- a/include/channel.php +++ b/include/channel.php @@ -1310,13 +1310,12 @@ function get_my_address() { * If somebody arrives at our site using a zid, add their xchan to our DB if we don't have it already. * And if they aren't already authenticated here, attempt reverse magic auth. * - * @param App &$a * * @hooks 'zid_init' * string 'zid' - their zid * string 'url' - the destination url */ -function zid_init(&$a) { +function zid_init() { $tmp_str = get_my_address(); if(validate_email($tmp_str)) { Zotlabs\Daemon\Master::Summon(array('Gprobe',bin2hex($tmp_str))); @@ -1343,6 +1342,28 @@ function zid_init(&$a) { } /** + * @brief + * + * If somebody arrives at our site using a zat, authenticate them + * + */ + +function zat_init() { + if(local_channel() || remote_channel()) + return; + + $r = q("select * from atoken where atoken_token = '%s' limit 1", + dbesc($_REQUEST['zat']) + ); + if($r) { + atoken_login($r[0]); + } + +} + + + +/** * @brief Adds a zid parameter to a url. * * @param string $s diff --git a/include/perm_upgrade.php b/include/perm_upgrade.php new file mode 100644 index 000000000..1f410f711 --- /dev/null +++ b/include/perm_upgrade.php @@ -0,0 +1,64 @@ +<?php + +function perm_limits_upgrade($channel) { + set_pconfig($channel['channel_id'],'perm_limits','view_stream',$channel['channel_r_stream']); + set_pconfig($channel['channel_id'],'perm_limits','view_profile',$channel['channel_r_profile']); + set_pconfig($channel['channel_id'],'perm_limits','view_contacts',$channel['channel_r_abook']); + set_pconfig($channel['channel_id'],'perm_limits','view_storage',$channel['channel_r_storage']); + set_pconfig($channel['channel_id'],'perm_limits','view_pages',$channel['channel_r_pages']); + set_pconfig($channel['channel_id'],'perm_limits','send_stream',$channel['channel_w_stream']); + set_pconfig($channel['channel_id'],'perm_limits','post_wall',$channel['channel_w_wall']); + set_pconfig($channel['channel_id'],'perm_limits','post_comments',$channel['channel_w_comment']); + set_pconfig($channel['channel_id'],'perm_limits','post_mail',$channel['channel_w_mail']); + set_pconfig($channel['channel_id'],'perm_limits','post_like',$channel['channel_w_like']); + set_pconfig($channel['channel_id'],'perm_limits','tag_deliver',$channel['channel_w_tagwall']); + set_pconfig($channel['channel_id'],'perm_limits','chat',$channel['channel_w_chat']); + set_pconfig($channel['channel_id'],'perm_limits','write_storage',$channel['channel_w_storage']); + set_pconfig($channel['channel_id'],'perm_limits','write_pages',$channel['channel_w_pages']); + set_pconfig($channel['channel_id'],'perm_limits','republish',$channel['channel_a_republish']); + set_pconfig($channel['channel_id'],'perm_limits','delegate',$channel['channel_a_delegate']); +} + + +function perm_abook_upgrade($abook) { + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_stream',intval(($abook['abook_their_perms'] & PERMS_R_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_profile',intval(($abook['abook_their_perms'] & PERMS_R_PROFILE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_contacts',intval(($abook['abook_their_perms'] & PERMS_R_ABOOK)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_storage',intval(($abook['abook_their_perms'] & PERMS_R_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','view_pages',intval(($abook['abook_their_perms'] & PERMS_R_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','send_stream',intval(($abook['abook_their_perms'] & PERMS_W_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_wall',intval(($abook['abook_their_perms'] & PERMS_W_WALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_comments',intval(($abook['abook_their_perms'] & PERMS_W_COMMENT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_mail',intval(($abook['abook_their_perms'] & PERMS_W_MAIL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','post_like',intval(($abook['abook_their_perms'] & PERMS_W_LIKE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','tag_deliver',intval(($abook['abook_their_perms'] & PERMS_W_TAGWALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','chat',intval(($abook['abook_their_perms'] & PERMS_W_CHAT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_storage',intval(($abook['abook_their_perms'] & PERMS_W_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','write_pages',intval(($abook['abook_their_perms'] & PERMS_W_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','republish',intval(($abook['abook_their_perms'] & PERMS_A_REPUBLISH)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'their_perms','delegate',intval(($abook['abook_their_perms'] & PERMS_A_DELEGATE)? 1 : 0)); + + + + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_stream',intval(($abook['abook_my_perms'] & PERMS_R_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_profile',intval(($abook['abook_my_perms'] & PERMS_R_PROFILE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_contacts',intval(($abook['abook_my_perms'] & PERMS_R_ABOOK)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_storage',intval(($abook['abook_my_perms'] & PERMS_R_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','view_pages',intval(($abook['abook_my_perms'] & PERMS_R_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','send_stream',intval(($abook['abook_my_perms'] & PERMS_W_STREAM)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_wall',intval(($abook['abook_my_perms'] & PERMS_W_WALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_comments',intval(($abook['abook_my_perms'] & PERMS_W_COMMENT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_mail',intval(($abook['abook_my_perms'] & PERMS_W_MAIL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','post_like',intval(($abook['abook_my_perms'] & PERMS_W_LIKE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','tag_deliver',intval(($abook['abook_my_perms'] & PERMS_W_TAGWALL)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','chat',intval(($abook['abook_my_perms'] & PERMS_W_CHAT)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_storage',intval(($abook['abook_my_perms'] & PERMS_W_STORAGE)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','write_pages',intval(($abook['abook_my_perms'] & PERMS_W_PAGES)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','republish',intval(($abook['abook_my_perms'] & PERMS_A_REPUBLISH)? 1 : 0)); + set_abconfig($abook['abook_channel'],$abook['abook_xchan'],'my_perms','delegate',intval(($abook['abook_my_perms'] & PERMS_A_DELEGATE)? 1 : 0)); + + +} + + + diff --git a/include/security.php b/include/security.php index 2ab6bf075..3f31c7d9b 100644 --- a/include/security.php +++ b/include/security.php @@ -82,6 +82,44 @@ function authenticate_success($user_record, $login_initial = false, $interactive /* else just return */ } +function atoken_login($atoken) { + if(! $atoken) + return false; + + $xchan = atoken_xchan($atoken); + + $_SESSION['authenticated'] = 1; + $_SESSION['visitor_id'] = $xchan['xchan_hash']; + $_SESSION['atoken'] = $atoken['atoken_id']; + + \App::set_observer($xchan); + + return [ 'atoken' => true ]; +} + + +function atoken_xchan($atoken) { + + $c = channelx_by_n($atoken['atoken_uid']); + if($c) { + return [ + 'xchan_hash' => substr($c['channel_hash'],0,16) . '.' . $atoken['atoken_name'], + 'xchan_name' => $atoken['atoken_name'], + 'xchan_addr' => t('guest:') . $atoken['atoken_name'] . '@' . \App::get_hostname(), + 'xchan_network' => 'unknown', + 'xchan_hidden' => 1, + 'xchan_photo_mimetype' => 'image/jpeg', + 'xchan_photo_l' => get_default_profile_photo(300), + 'xchan_photo_m' => get_default_profile_photo(80), + 'xchan_photo_s' => get_default_profile_photo(48) + + ]; + } + +} + + + /** * @brief Change to another channel with current logged-in account. * diff --git a/include/text.php b/include/text.php index ba7d9cc5b..af51f9963 100644 --- a/include/text.php +++ b/include/text.php @@ -774,6 +774,10 @@ function strip_zids($s) { return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s); } +function strip_zats($s) { + return preg_replace('/[\?&]zat=(.*?)(&|$)/ism','$2',$s); +} + // quick and dirty quoted_printable encoding diff --git a/include/widgets.php b/include/widgets.php index dbcaef409..3516e82da 100644 --- a/include/widgets.php +++ b/include/widgets.php @@ -609,6 +609,15 @@ function widget_settings_menu($arr) { 'selected' => ((argv(1) === 'oauth') ? 'active' : ''), ); + if(! UNO) { + $tabs[] = array( + 'label' => t('Guest Access Tokens'), + 'url' => z_root() . '/settings/tokens', + 'selected' => ((argv(1) === 'tokens') ? 'active' : ''), + ); + } + + if($role === false || $role === 'custom') { $tabs[] = array( 'label' => t('Connection Default Permissions'), |