From 468e976a88fe3027dde1a56b116e495f7edd7d1a Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 11 Jan 2018 12:13:57 -0800
Subject: OpenWebAuth: can fail after site re-installs; this may need to be
 pushed forward to master

---
 Zotlabs/Module/Owa.php | 22 ++++++++++++----------
 1 file changed, 12 insertions(+), 10 deletions(-)

diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index d58fd7a41..9a39fe4c0 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -31,19 +31,21 @@ class Owa extends \Zotlabs\Web\Controller {
 
 					if($keyId) {
 						$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash 
-							where hubloc_addr = '%s' limit 1",
+							where hubloc_addr = '%s' ",
 							dbesc(str_replace('acct:','',$keyId))
 						);
 						if($r) {
-							$hubloc = $r[0];
-							$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
-							if($verified && $verified['header_signed'] && $verified['header_valid']) {
-								$ret['success'] = true;
-								$token = random_string(32);
-								\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
-								$result = '';
-								openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
-								$ret['encrypted_token'] = base64url_encode($result);
+							foreach($r as $hubloc) {
+								$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);	
+								if($verified && $verified['header_signed'] && $verified['header_valid']) {
+									$ret['success'] = true;
+									$token = random_string(32);
+									\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
+									$result = '';
+									openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
+									$ret['encrypted_token'] = base64url_encode($result);
+									break;
+								}
 							}
 						}
 					}
-- 
cgit v1.2.3