diff options
Diffstat (limited to 'Zotlabs')
| -rw-r--r-- | Zotlabs/Lib/Activity.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Lib/MessageFilter.php | 4 | ||||
| -rw-r--r-- | Zotlabs/Module/Channel.php | 2 | ||||
| -rw-r--r-- | Zotlabs/Module/Home.php | 10 | ||||
| -rw-r--r-- | Zotlabs/Module/Id.php | 6 | ||||
| -rw-r--r-- | Zotlabs/Module/Item.php | 40 | ||||
| -rw-r--r-- | Zotlabs/Module/Login.php | 11 | ||||
| -rw-r--r-- | Zotlabs/Web/HTTPSig.php | 46 | ||||
| -rw-r--r-- | Zotlabs/Web/WebServer.php | 2 |
9 files changed, 90 insertions, 35 deletions
diff --git a/Zotlabs/Lib/Activity.php b/Zotlabs/Lib/Activity.php index ebf866a3b..296129ea2 100644 --- a/Zotlabs/Lib/Activity.php +++ b/Zotlabs/Lib/Activity.php @@ -3350,10 +3350,10 @@ class Activity { if (array_key_exists('startTime', $act) && strpos($act['startTime'], -1, 1) === 'Z') { $adjust = true; $event['adjust'] = 1; - $event['dtstart'] = datetime_convert('UTC', 'UTC', $event['startTime'] . (($adjust) ? '' : 'Z')); + $event['dtstart'] = datetime_convert('UTC', 'UTC', $act['startTime'] . (($adjust) ? '' : 'Z')); } if (array_key_exists('endTime', $act)) { - $event['dtend'] = datetime_convert('UTC', 'UTC', $event['endTime'] . (($adjust) ? '' : 'Z')); + $event['dtend'] = datetime_convert('UTC', 'UTC', $act['endTime'] . (($adjust) ? '' : 'Z')); } else { $event['nofinish'] = true; diff --git a/Zotlabs/Lib/MessageFilter.php b/Zotlabs/Lib/MessageFilter.php index fa3d61244..3f2db88c3 100644 --- a/Zotlabs/Lib/MessageFilter.php +++ b/Zotlabs/Lib/MessageFilter.php @@ -8,8 +8,8 @@ class MessageFilter { public static function evaluate($item, $incl, $excl) { - $text = prepare_text($item['body'],((isset($item['mimetype'])) ? $item['mimetype'] : 'text/bbcode')); - $text = html2plain(($item['title']) ? $item['title'] . ' ' . $text : $text); + $text = prepare_text($item['body'], ((isset($item['mimetype'])) ? $item['mimetype'] : 'text/bbcode')); + $text = html2plain((!empty($item['title'])) ? $item['title'] . ' ' . $text : $text); $lang = null; if ((strpos($incl, 'lang=') !== false) || (strpos($excl, 'lang=') !== false) || (strpos($incl, 'lang!=') !== false) || (strpos($excl, 'lang!=') !== false)) { diff --git a/Zotlabs/Module/Channel.php b/Zotlabs/Module/Channel.php index f73f25d5f..e35a611d0 100644 --- a/Zotlabs/Module/Channel.php +++ b/Zotlabs/Module/Channel.php @@ -85,7 +85,7 @@ class Channel extends Controller { $headers = [ 'Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($data), - '(request-target)' => strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI'] + 'Date' => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T') ]; $h = HTTPSig::create_sig($headers, $channel['channel_prvkey'], channel_url($channel)); diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php index 39a1c8ea4..0dec432d0 100644 --- a/Zotlabs/Module/Home.php +++ b/Zotlabs/Module/Home.php @@ -24,9 +24,13 @@ class Home extends Controller { $key = Config::Get('system', 'prvkey'); $ret = json_encode(Libzot::site_info()); - $headers = ['Content-Type' => 'application/x-zot+json', 'Digest' => HTTPSig::generate_digest_header($ret)]; - $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; - $h = HTTPSig::create_sig($headers, $key, z_root()); + $headers = [ + 'Content-Type' => 'application/x-zot+json', + 'Digest' => HTTPSig::generate_digest_header($ret), + 'Date' => datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T') + ]; + + $h = HTTPSig::create_sig($headers, $key, z_root()); HTTPSig::set_headers($h); echo $ret; diff --git a/Zotlabs/Module/Id.php b/Zotlabs/Module/Id.php index e08568d00..004cad6e7 100644 --- a/Zotlabs/Module/Id.php +++ b/Zotlabs/Module/Id.php @@ -6,8 +6,8 @@ namespace Zotlabs\Module; * * Controller for responding to x-zot: protocol requests * x-zot:_jkfRG85nJ-714zn-LW_VbTFW8jSjGAhAydOcJzHxqHkvEHWG2E0RbA_pbch-h4R63RG1YJZifaNzgccoLa3MQ/453c1678-1a79-4af7-ab65-6b012f6cab77 - * - */ + * + */ use Zotlabs\Lib\Activity; use Zotlabs\Lib\ActivityStreams; @@ -104,7 +104,7 @@ class Id extends Controller { $headers['Content-Type'] = 'application/x-zot+json' ; $ret = json_encode($x, JSON_UNESCAPED_SLASHES); $headers['Digest'] = HTTPSig::generate_digest_header($ret); - $headers['(request-target)'] = strtolower($_SERVER['REQUEST_METHOD']) . ' ' . $_SERVER['REQUEST_URI']; + $headers['Date'] = datetime_convert('UTC','UTC', 'now', 'D, d M Y H:i:s \\G\\M\\T'); $h = HTTPSig::create_sig($headers,$chan['channel_prvkey'],channel_url($chan)); HTTPSig::set_headers($h); echo $ret; diff --git a/Zotlabs/Module/Item.php b/Zotlabs/Module/Item.php index e164d6be3..83e8d609e 100644 --- a/Zotlabs/Module/Item.php +++ b/Zotlabs/Module/Item.php @@ -176,7 +176,7 @@ class Item extends Controller { $return_path = ((!empty($_POST['return'])) ? $_POST['return'] : ''); $preview = ((!empty($_POST['preview'])) ? intval($_POST['preview']) : 0); $categories = ((!empty($_POST['category'])) ? escape_tags($_POST['category']) : ''); - $webpage = ((!empty($_POST['webpage'])) ? intval($_POST['webpage']) : 0); + $item_type = ((!empty($_POST['webpage'])) ? intval($_POST['webpage']) : ITEM_TYPE_POST); $item_obscured = ((!empty($_POST['obscured'])) ? intval($_POST['obscured']) : 0); $item_delayed = ((!empty($_POST['delayed'])) ? intval($_POST['delayed']) : 0); $pagetitle = ((!empty($_POST['pagetitle'])) ? escape_tags($_POST['pagetitle']) : ''); @@ -314,7 +314,7 @@ class Item extends Controller { } } else { - if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], ($webpage) ? 'write_pages' : 'post_wall')) { + if (!perm_is_allowed($profile_uid, $observer['xchan_hash'], (intval($item_type) === ITEM_TYPE_POST) ? 'post_wall' : 'write_pages')) { notice(t('Permission denied.') . EOL); if ($api_source) return (['success' => false, 'message' => 'permission denied']); @@ -426,16 +426,20 @@ class Item extends Controller { $view_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'], 'view_stream'); $comment_policy = \Zotlabs\Access\PermissionLimits::Get($channel['channel_id'], 'post_comments'); - $public_policy = ((!empty($_POST['public_policy'])) ? escape_tags($_POST['public_policy']) : map_scope($view_policy, true)); - if ($webpage) - $public_policy = ''; - if ($public_policy) + $public_policy = ''; + + if (intval($item_type) === ITEM_TYPE_POST) { + $public_policy = ((!empty($_POST['public_policy'])) ? escape_tags($_POST['public_policy']) : map_scope($view_policy, true)); + } + + if ($public_policy) { $private = 1; + } if ($orig_post) { $private = 0; - // webpages are allowed to change ACLs after the fact. Normal conversation items aren't. - if ($webpage) { + // Normal conversation items are not allowed to change ACL. + if (intval($item_type) !== ITEM_TYPE_POST) { $acl->set_from_array($_POST); } else { @@ -531,7 +535,7 @@ class Item extends Controller { $private = intval($parent_item['item_private']); $public_policy = $parent_item['public_policy']; $owner_hash = $parent_item['owner_xchan']; - $webpage = $parent_item['item_type']; + $item_type = $parent_item['item_type']; } @@ -592,7 +596,7 @@ class Item extends Controller { $is_group = get_pconfig($profile_uid, 'system', 'group_actor'); - if ($is_group && $walltowall && !$walltowall_comment && !$webpage) { + if ($is_group && $walltowall && !$walltowall_comment && (intval($item_type) === ITEM_TYPE_POST)) { $groupww = true; $str_contact_allow = $owner_xchan['xchan_hash']; $str_group_allow = ''; @@ -799,15 +803,13 @@ class Item extends Controller { // determine if this is a wall post + if (in_array($item_type, [ITEM_TYPE_POST, ITEM_TYPE_CARD, ITEM_TYPE_ARTICLE])) { + $item_wall = 1; + } + if ($parent) { $item_wall = $parent_item['item_wall']; } - else { - if (!$webpage) { - $item_wall = 1; - } - } - if ($moderated) { $item_blocked = ITEM_MODERATED; @@ -930,7 +932,7 @@ class Item extends Controller { $datarray['item_unseen'] = intval($item_unseen); $datarray['item_wall'] = intval($item_wall); $datarray['item_origin'] = intval($item_origin); - $datarray['item_type'] = $webpage; + $datarray['item_type'] = $item_type; $datarray['item_private'] = intval($private); $datarray['item_thread_top'] = intval($item_thread_top); $datarray['item_starred'] = intval($item_starred); @@ -1025,8 +1027,8 @@ class Item extends Controller { if (mb_strlen($datarray['title']) > 191) $datarray['title'] = mb_substr($datarray['title'], 0, 191); - if ($webpage) { - IConfig::Set($datarray, 'system', webpage_to_namespace($webpage), + if (intval($item_type) !== ITEM_TYPE_POST) { + IConfig::Set($datarray, 'system', item_type_to_namespace($item_type), (($pagetitle) ? $pagetitle : basename($datarray['mid'])), true); } elseif ($namespace) { diff --git a/Zotlabs/Module/Login.php b/Zotlabs/Module/Login.php index 269990a54..f5a83a91a 100644 --- a/Zotlabs/Module/Login.php +++ b/Zotlabs/Module/Login.php @@ -5,10 +5,17 @@ namespace Zotlabs\Module; class Login extends \Zotlabs\Web\Controller { function get() { - if(local_channel()) + if (local_channel()) { goaway(z_root()); - if(remote_channel() && $_SESSION['atoken']) + } + + if (remote_channel() && $_SESSION['atoken']) { goaway(z_root()); + } + + if (!empty($_GET['retry'])) { + notice( t('Login failed.') . EOL ); + } $o = '<div class="generic-content-wrapper">'; $o .= '<div class="section-title-wrapper">'; diff --git a/Zotlabs/Web/HTTPSig.php b/Zotlabs/Web/HTTPSig.php index 7c289ff5f..ce56ae46b 100644 --- a/Zotlabs/Web/HTTPSig.php +++ b/Zotlabs/Web/HTTPSig.php @@ -2,6 +2,7 @@ namespace Zotlabs\Web; +use App; use DateTime; use DateTimeZone; use Zotlabs\Lib\Activity; @@ -11,6 +12,7 @@ use Zotlabs\Lib\Keyutils; use Zotlabs\Lib\Webfinger; use Zotlabs\Lib\Zotfinger; use Zotlabs\Lib\Libzot; +use HttpSignature\HttpMessageSigner; /** * @brief Implements HTTP Signatures per draft-cavage-http-signatures-10. @@ -88,7 +90,7 @@ class HTTPSig { // See draft-cavage-http-signatures-10 - static function verify($data, $key = '', $keytype = '') { + public static function verify($data, $key = '', $keytype = '') { $body = $data; $headers = null; @@ -102,11 +104,49 @@ class HTTPSig { 'content_valid' => false ]; - $headers = self::find_headers($data, $body); - if (!$headers) + if (!$headers) { return $result; + } + + if (array_key_exists('signature-input', $headers) && array_key_exists('signature', $headers)) { + $found = preg_match('/keyid="(.*?)"/', $headers['signature-input'], $matches); + $keyId = ($found) ? $matches[1] : ''; + + if (!$keyId) { + return $result; + } + + $found = preg_match('/alg="(.*?)"/', $headers['signature-input'], $matches); + $alg = ($found) ? $matches[1] : null; + + $keyInfo = self::get_key($key, $keytype, $keyId); + $publicKey = $keyInfo['public_key']; + + $messageSigner = new HttpMessageSigner(); + + $messageSigner->setPublicKey($publicKey); + $messageSigner->setAlgorithm($alg); + $messageSigner->setKeyId($keyId); + + $messageSigner->setNonce(preg_match('/nonce="(.*?)"/', $headers['signature-input'], $matches) ? $matches[1] : ''); + $messageSigner->setTag(preg_match('/tag="(.*?)"/', $headers['signature-input'], $matches) ? $matches[1] : ''); + $messageSigner->setCreated(preg_match('/created=([0-9]+)/', $headers['signature-input'], $matches) ? $matches[1] : ''); + $messageSigner->setExpires(preg_match('/expires=([0-9]+)/', $headers['signature-input'], $matches) ? $matches[1] : ''); + + $verified = $messageSigner->verifyRequest(App::$request); + logger('verified (RFC9421): ' . (($verified) ? 'true' : 'false'), LOGGER_DEBUG); + + return [ + 'signer' => $keyId, + 'portable_id' => $keyInfo['portable_id'] ?? '', + 'header_signed' => true, + 'header_valid' => $verified, + 'content_signed' => array_key_exists('content-digest', $headers), + 'content_valid' => $verified + ]; + } if (is_array($body)) { btlogger('body is array:' . print_r($body, true)); diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index a59a509f2..89ef755d9 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -4,6 +4,7 @@ namespace Zotlabs\Web; use App; use Zotlabs\Lib\Text; +use GuzzleHttp\Psr7\ServerRequest; class WebServer { @@ -18,6 +19,7 @@ class WebServer { $installed = sys_boot(); + App::$request = ServerRequest::fromGlobals(); App::$language = get_best_language(); load_translation_table(App::$language, !$installed); |