From 8343f63964c6cc992c2a8c90aa2a1080d5804323 Mon Sep 17 00:00:00 2001
From: nobody <nobody@zotlabs.com>
Date: Sun, 29 Aug 2021 04:54:50 -0700
Subject: OWA: very difficult to trace failures due to empty public key record.
 The signature might succeed because an empty key triggers an external key
 fetch. But the empty key cannot encrypt the token. This has been observed in
 the wild on a number of sites/projects.

---
 Zotlabs/Module/Owa.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Zotlabs/Module/Owa.php')

diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php
index 9a3513f34..e30aa5fb4 100644
--- a/Zotlabs/Module/Owa.php
+++ b/Zotlabs/Module/Owa.php
@@ -32,14 +32,14 @@ class Owa extends Controller {
 				$keyId = $sigblock['keyId'];
 				if ($keyId) {
 					$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-						WHERE hubloc_id_url = '%s'",
+						WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ",
 						dbesc($keyId)
 					);
 					if (! $r) {
 						$found = discover_by_webbie(str_replace('acct:','',$keyId));
 						if ($found) {
 							$r = q("SELECT * FROM hubloc LEFT JOIN xchan ON hubloc_hash = xchan_hash
-								WHERE hubloc_id_url = '%s'",
+								WHERE hubloc_id_url = '%s' AND xchan_pubkey != '' ",
 								dbesc($keyId)
 							);
 						}
-- 
cgit v1.2.3