aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Module/Magic.php13
-rw-r--r--Zotlabs/Module/Owa.php36
-rw-r--r--include/zid.php10
3 files changed, 25 insertions, 34 deletions
diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php
index 342c11eb9..d1550ec89 100644
--- a/Zotlabs/Module/Magic.php
+++ b/Zotlabs/Module/Magic.php
@@ -142,11 +142,8 @@ class Magic extends \Zotlabs\Web\Controller {
$headers['X-Open-Web-Auth'] = random_string();
$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
-
$x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]);
- logger('owtfetch: ' . print_r($x,true));
-
if($x['success']) {
$j = json_decode($x['body'],true);
if($j['success'] && $j['token']) {
@@ -161,16 +158,6 @@ class Magic extends \Zotlabs\Web\Controller {
$token = random_string();
-// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
-// $channel['token'] = $token;
-// $channel['token_sig'] = $token_sig;
-
-
-
-
-
-
-
\Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']);
$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel))
diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 0b625dbe5..4b0d855c5 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -1,15 +1,24 @@
<?php
-
namespace Zotlabs\Module;
-
+/**
+ * OpenWebAuth verifier and token generator
+ * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
+ * Requests to this endpoint should be signed using HTTP Signatures
+ * using the 'Authorization: Signature' authentication method
+ * If the signature verifies a token is returned.
+ *
+ * This token may be exchanged for an authenticated cookie.
+ */
class Owa extends \Zotlabs\Web\Controller {
function init() {
- foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+ $ret = [ 'success' => false ];
+
+ foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
if($head !== 'HTTP_AUTHORIZATION') {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
@@ -27,31 +36,18 @@ class Owa extends \Zotlabs\Web\Controller {
);
if($r) {
$hubloc = $r[0];
- $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
-
-logger('verified: ' . print_r($verified,true));
-
+ $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid']) {
+ $ret['success'] = true;
$token = random_string(32);
\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
- $x = json_encode([ 'success' => true, 'token' => $token ]);
- header('Content-Type: application/x-zot+json');
- echo $x;
- killme();
+ $ret['token'] = $token;
}
}
}
}
- $x = json_encode([ 'success' => false ]);
- header('Content-Type: application/x-zot+json');
- echo $x;
- killme();
}
}
-
- $x = json_encode([ 'success' => false ]);
- header('Content-Type: application/x-zot+json');
- echo $x;
- killme();
+ json_return_and_die($ret,'application/x-zot+json');
}
}
diff --git a/include/zid.php b/include/zid.php
index d5d863be6..ce9f70385 100644
--- a/include/zid.php
+++ b/include/zid.php
@@ -296,6 +296,14 @@ function owt_init($token) {
$_SESSION['DNT'] = 1;
}
- logger('owa success!');
+ $arr = array('xchan' => $hubloc, 'url' => \App::$query_string, 'session' => $_SESSION);
+ call_hooks('magic_auth_success',$arr);
+ \App::set_observer($hubloc);
+ require_once('include/security.php');
+ \App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
+ if(! get_config('system','hide_owa_greeting'))
+ info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name']));
+ logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']);
+
} \ No newline at end of file