aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorMario <mario@mariovavti.com>2021-12-17 19:48:09 +0100
committerMario <mario@mariovavti.com>2021-12-17 19:48:09 +0100
commitbfd3da43ac9226e53188a03ff1414a18422e91b4 (patch)
treeb183e7c1c76aa8d39310fd702985bff7945e7053 /include
parent32a9eaf3b6a68626580078a3302f8dd8e85eb165 (diff)
downloadvolse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.tar.gz
volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.tar.bz2
volse-hubzilla-bfd3da43ac9226e53188a03ff1414a18422e91b4.zip
access token refactor
Diffstat (limited to 'include')
-rw-r--r--include/channel.php24
-rw-r--r--include/connections.php13
-rw-r--r--include/import.php58
-rw-r--r--include/security.php28
-rw-r--r--include/text.php2
5 files changed, 118 insertions, 7 deletions
diff --git a/include/channel.php b/include/channel.php
index 00d973738..c80a35385 100644
--- a/include/channel.php
+++ b/include/channel.php
@@ -21,6 +21,7 @@ require_once('include/crypto.php');
require_once('include/menu.php');
require_once('include/perm_upgrade.php');
require_once('include/photo/photo_driver.php');
+require_once('include/security.php');
/**
* @brief Called when creating a new channel.
@@ -878,6 +879,14 @@ function identity_basic_export($channel_id, $sections = null, $zap_compat = fals
}
if(in_array('connections',$sections)) {
+ $r = q("select * from atoken where atoken_uid = %d",
+ intval($channel_id)
+ );
+
+ if ($r) {
+ $ret['atoken'] = $r;
+ }
+
$xchans = array();
$r = q("select * from abook where abook_channel = %d ",
intval($channel_id)
@@ -1963,11 +1972,24 @@ function zat_init() {
);
if($r) {
$xchan = atoken_xchan($r[0]);
- atoken_create_xchan($xchan);
+ //atoken_create_xchan($xchan);
atoken_login($xchan);
}
}
+function atoken_delete_and_sync($channel_id, $atoken_guid) {
+ $r = q("select * from atoken where atoken_guid = '%s' and atoken_uid = %d",
+ dbesc($atoken_guid),
+ intval($channel_id)
+ );
+
+ if ($r) {
+ $atok = $r[0];
+ $atok['deleted'] = true;
+ atoken_delete($atok['atoken_id']);
+ Libsync::build_sync_packet($channel_id, ['atoken' => [ $atok ]]);
+ }
+}
/**
* @brief Used from within PCSS themes to set theme parameters.
diff --git a/include/connections.php b/include/connections.php
index 11264e6d8..fbbf59c72 100644
--- a/include/connections.php
+++ b/include/connections.php
@@ -376,6 +376,19 @@ function contact_remove($channel_id, $abook_id) {
if(intval($abook['abook_self']))
return false;
+ // if this is an atoken, delete the atoken record
+
+ $xchan = q("select * from xchan where xchan_hash = '%s'",
+ dbesc($abook['abook_xchan'])
+ );
+
+ if (strpos($xchan['xchan_addr'],'guest:') === 0 && strpos($abook['abook_xchan'],'.')){
+ $atoken_guid = substr($abook['abook_xchan'],strrpos($abook['abook_xchan'],'.') + 1);
+ if ($atoken_guid) {
+ atoken_delete_and_sync($channel_id,$atoken_guid);
+ }
+ }
+
$r = q("select id, parent from item where (owner_xchan = '%s' or author_xchan = '%s') and uid = %d and item_retained = 0 and item_starred = 0",
dbesc($abook['abook_xchan']),
dbesc($abook['abook_xchan']),
diff --git a/include/import.php b/include/import.php
index 8707a9430..291dd2638 100644
--- a/include/import.php
+++ b/include/import.php
@@ -162,6 +162,64 @@ function import_config($channel, $configs) {
}
}
+function import_atoken($channel, $atokens) {
+ if ($channel && $atokens) {
+ foreach ($atokens as $atoken) {
+ unset($atoken['atoken_id']);
+ $atoken['atoken_aid'] = $channel['channel_account_id'];
+ $atoken['atoken_uid'] = $channel['channel_id'];
+ create_table_from_array('atoken', $atoken);
+ }
+ }
+}
+
+function sync_atoken($channel, $atokens) {
+
+ if ($channel && $atokens) {
+ foreach ($atokens as $atoken) {
+ unset($atoken['atoken_id']);
+ $atoken['atoken_aid'] = $channel['channel_account_id'];
+ $atoken['atoken_uid'] = $channel['channel_id'];
+
+ if ($atoken['deleted']) {
+ q("delete from atoken where atoken_uid = %d and atoken_guid = '%s' ",
+ intval($atoken['atoken_uid']),
+ dbesc($atoken['atoken_guid'])
+ );
+ continue;
+ }
+
+ $r = q("select * from atoken where atoken_uid = %d and atoken_guid = '%s' ",
+ intval($atoken['atoken_uid']),
+ dbesc($atoken['atoken_guid'])
+ );
+ if (! $r) {
+ create_table_from_array('atoken', $atoken);
+ }
+ else {
+ $columns = db_columns('atoken');
+ foreach ($atoken as $k => $v) {
+ if (! in_array($k,$columns)) {
+ continue;
+ }
+
+ if (in_array($k, ['atoken_guid','atoken_uid','atoken_aid'])) {
+ continue;
+ }
+
+ $r = q("UPDATE atoken SET " . TQUOT . "%s" . TQUOT . " = '%s' WHERE atoken_guid = '%s' AND atoken_uid = %d",
+ dbesc($k),
+ dbesc($v),
+ dbesc($atoken['atoken_guid']),
+ intval($channel['channel_id'])
+ );
+ }
+ }
+ }
+ }
+}
+
+
/**
* @brief Import profiles.
*
diff --git a/include/security.php b/include/security.php
index b6c0f1511..f02fb8023 100644
--- a/include/security.php
+++ b/include/security.php
@@ -89,8 +89,20 @@ function authenticate_success($user_record, $channel = null, $login_initial = fa
}
function atoken_login($atoken) {
- if (!$atoken)
+ if (! $atoken) {
return false;
+ }
+
+ if (App::$cmd === 'channel' && argv(1)) {
+ $channel = channelx_by_nick(argv(1));
+ if (perm_is_allowed($channel['channel_id'],$atoken['xchan_hash'],'delegate')) {
+ $_SESSION['delegate_channel'] = $channel['channel_id'];
+ $_SESSION['delegate'] = $atoken['xchan_hash'];
+ $_SESSION['account_id'] = intval($channel['channel_account_id']);
+ change_channel($channel['channel_id']);
+ return;
+ }
+ }
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $atoken['xchan_hash'];
@@ -113,11 +125,11 @@ function atoken_xchan($atoken) {
if ($c) {
return [
'atoken_id' => $atoken['atoken_id'],
- 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'],
+ 'xchan_hash' => substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_name' => $atoken['atoken_name'],
'xchan_addr' => 'guest:' . $atoken['atoken_name'] . '@' . App::get_hostname(),
'xchan_network' => 'unknown',
- 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_name'],
+ 'xchan_url' => z_root() . '/guest/' . substr($c['channel_hash'], 0, 16) . '.' . $atoken['atoken_guid'],
'xchan_hidden' => 1,
'xchan_photo_mimetype' => 'image/png',
'xchan_photo_l' => z_root() . '/' . get_default_profile_photo(300),
@@ -143,11 +155,17 @@ function atoken_delete($atoken_id) {
if (!$c)
return;
- $atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_name'];
+ $atoken_xchan = substr($c[0]['channel_hash'], 0, 16) . '.' . $r[0]['atoken_guid'];
q("delete from atoken where atoken_id = %d",
intval($atoken_id)
);
+
+ q("delete from abook where abook_channel = %d and abook_xchan = '%s'",
+ intval($c[0]['channel_id']),
+ dbesc($atoken_xchan)
+ );
+
q("delete from abconfig where chan = %d and xchan = '%s'",
intval($c[0]['channel_id']),
dbesc($atoken_xchan)
@@ -198,7 +216,7 @@ function atoken_abook($uid, $xchan_hash) {
if (!$r)
return false;
- $x = q("select * from atoken where atoken_uid = %d and atoken_name = '%s'",
+ $x = q("select * from atoken where atoken_uid = %d and atoken_guid = '%s'",
intval($uid),
dbesc(substr($xchan_hash, 17))
);
diff --git a/include/text.php b/include/text.php
index b2b3fce6e..84f112802 100644
--- a/include/text.php
+++ b/include/text.php
@@ -1715,7 +1715,7 @@ function prepare_body(&$item,$attach = false,$opts = false) {
if ($is_photo) {
$object = json_decode($item['obj'],true);
$ptr = null;
- if (array_key_exists('url',$object) && is_array($object['url'])) {
+ if (is_array($object) && array_key_exists('url',$object) && is_array($object['url'])) {
if (array_key_exists(0,$object['url'])) {
foreach ($object['url'] as $link) {
if(array_key_exists('width',$link) && $link['width'] >= 640 && $link['width'] <= 1024) {