From a0430f91bd72cc200165f10d3825a88efca53291 Mon Sep 17 00:00:00 2001 From: Mario Date: Fri, 30 Sep 2022 10:25:46 +0000 Subject: fix owa in case of hub reinstalls --- Zotlabs/Module/Owa.php | 39 +++++++++++++++++++++++++++++++--- Zotlabs/Module/Rmagic.php | 54 +++++++++++++++++++++++------------------------ 2 files changed, 63 insertions(+), 30 deletions(-) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index e30aa5fb4..0922eb5d4 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -32,14 +32,14 @@ class Owa extends Controller { $keyId = $sigblock['keyId']; if ($keyId) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ", + WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC", dbesc($keyId) ); if (! $r) { - $found = discover_by_webbie(str_replace('acct:','',$keyId)); + $found = discover_by_webbie($keyId); if ($found) { $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash - WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ", + WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC ", dbesc($keyId) ); } @@ -61,10 +61,43 @@ class Owa extends Controller { logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); } } + + if (!$ret['success']) { + + // Possible a reinstall? + // In this case we probably already have an old hubloc + // but not the new one yet. + + $found = discover_by_webbie($keyId); + + if ($found) { + $r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash + WHERE hubloc_id_url = '%s' AND hubloc_deleted = 0 ORDER BY hubloc_id DESC LIMIT 1", + dbesc($keyId) + ); + + if ($r) { + $verified = HTTPSig::verify(file_get_contents('php://input'), $r[0]['xchan_pubkey']); + if ($verified && $verified['header_signed'] && $verified['header_valid'] && ($verified['content_valid'] || (! $verified['content_signed']))) { + logger('OWA header: ' . print_r($verified,true), LOGGER_DATA); + logger('OWA success: ' . $r[0]['hubloc_id_url'], LOGGER_DATA); + $ret['success'] = true; + $token = random_string(32); + Verify::create('owt', 0, $token, $r[0]['hubloc_id_url']); + $result = ''; + openssl_public_encrypt($token, $result, $r[0]['xchan_pubkey']); + $ret['encrypted_token'] = base64url_encode($result); + } else { + logger('OWA fail: ' . $hubloc['hubloc_id'] . ' ' . $hubloc['hubloc_id_url']); + } + } + } + } } } } } + json_return_and_die($ret,'application/x-zot+json'); } } diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index ab9ad059e..2950dca5e 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -6,21 +6,21 @@ use Zotlabs\Lib\Libzot; class Rmagic extends \Zotlabs\Web\Controller { function init() { - + if(local_channel()) goaway(z_root()); - + $me = get_my_address(); if($me) { - $r = q("select hubloc_url from hubloc where hubloc_addr = '%s'", + $r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0", dbesc($me) - ); + ); if(! $r) { $w = discover_by_webbie($me); if($w) { - $r = q("select hubloc_url from hubloc where hubloc_addr = '%s'", + $r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0", dbesc($me) - ); + ); } } @@ -33,39 +33,39 @@ class Rmagic extends \Zotlabs\Web\Controller { } } } - + function post() { - + $address = trim($_REQUEST['address']); - + if(strpos($address,'@') === false) { $arr = array('address' => $address); - call_hooks('reverse_magic_auth', $arr); - + call_hooks('reverse_magic_auth', $arr); + // if they're still here... - notice( t('Authentication failed.') . EOL); + notice( t('Authentication failed.') . EOL); return; } else { - + // Presumed Red identity. Perform reverse magic auth - + if(strpos($address,'@') === false) { notice('Invalid address.'); return; } - + $r = null; if($address) { - $r = q("select hubloc_url from hubloc where hubloc_addr = '%s'", + $r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0", dbesc($address) - ); + ); if(! $r) { $w = discover_by_webbie($address); if($w) { - $r = q("select hubloc_url from hubloc where hubloc_addr = '%s'", + $r = q("select hubloc_url, hubloc_network from hubloc where hubloc_addr = '%s' and hubloc_deleted = 0", dbesc($address) - ); + ); } } } @@ -76,20 +76,20 @@ class Rmagic extends \Zotlabs\Web\Controller { } else { $url = 'https://' . substr($address,strpos($address,'@')+1); - } - - if($url) { - if($_SESSION['return_url']) + } + + if($url) { + if($_SESSION['return_url']) $dest = bin2hex(z_root() . '/' . str_replace('zid=','zid_=',$_SESSION['return_url'])); else $dest = bin2hex(z_root() . '/' . str_replace([ 'rmagic', 'zid=' ] ,[ '', 'zid_='],\App::$query_string)); - + goaway($url . '/magic' . '?f=&owa=1&bdest=' . $dest); } } } - - + + function get() { return replace_macros(get_markup_template('rmagic.tpl'), [ @@ -97,6 +97,6 @@ class Rmagic extends \Zotlabs\Web\Controller { '$address' => [ 'address', t('Enter your channel address (e.g. channel@example.com)'), '', '' ], '$submit' => t('Authenticate') ] - ); + ); } } -- cgit v1.2.3