diff options
-rw-r--r-- | Zotlabs/Module/Magic.php | 13 | ||||
-rw-r--r-- | Zotlabs/Module/Owa.php | 36 | ||||
-rw-r--r-- | include/zid.php | 10 |
3 files changed, 25 insertions, 34 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 342c11eb9..d1550ec89 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -142,11 +142,8 @@ class Magic extends \Zotlabs\Web\Controller { $headers['X-Open-Web-Auth'] = random_string(); $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); - $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); - logger('owtfetch: ' . print_r($x,true)); - if($x['success']) { $j = json_decode($x['body'],true); if($j['success'] && $j['token']) { @@ -161,16 +158,6 @@ class Magic extends \Zotlabs\Web\Controller { $token = random_string(); -// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); -// $channel['token'] = $token; -// $channel['token_sig'] = $token_sig; - - - - - - - \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 0b625dbe5..4b0d855c5 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -1,15 +1,24 @@ <?php - namespace Zotlabs\Module; - +/** + * OpenWebAuth verifier and token generator + * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home + * Requests to this endpoint should be signed using HTTP Signatures + * using the 'Authorization: Signature' authentication method + * If the signature verifies a token is returned. + * + * This token may be exchanged for an authenticated cookie. + */ class Owa extends \Zotlabs\Web\Controller { function init() { - foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + $ret = [ 'success' => false ]; + + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { if($head !== 'HTTP_AUTHORIZATION') { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; @@ -27,31 +36,18 @@ class Owa extends \Zotlabs\Web\Controller { ); if($r) { $hubloc = $r[0]; - $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); - -logger('verified: ' . print_r($verified,true)); - + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { + $ret['success'] = true; $token = random_string(32); \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); - $x = json_encode([ 'success' => true, 'token' => $token ]); - header('Content-Type: application/x-zot+json'); - echo $x; - killme(); + $ret['token'] = $token; } } } } - $x = json_encode([ 'success' => false ]); - header('Content-Type: application/x-zot+json'); - echo $x; - killme(); } } - - $x = json_encode([ 'success' => false ]); - header('Content-Type: application/x-zot+json'); - echo $x; - killme(); + json_return_and_die($ret,'application/x-zot+json'); } } diff --git a/include/zid.php b/include/zid.php index d5d863be6..ce9f70385 100644 --- a/include/zid.php +++ b/include/zid.php @@ -296,6 +296,14 @@ function owt_init($token) { $_SESSION['DNT'] = 1; } - logger('owa success!'); + $arr = array('xchan' => $hubloc, 'url' => \App::$query_string, 'session' => $_SESSION); + call_hooks('magic_auth_success',$arr); + \App::set_observer($hubloc); + require_once('include/security.php'); + \App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); + if(! get_config('system','hide_owa_greeting')) + info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); + logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); + }
\ No newline at end of file |