From 6143f490426144fc15cf35c0faa936f487e6c046 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 7 Sep 2017 11:28:42 +0200 Subject: fix an issue where some encoded mids were not found in /display allthough they existed --- Zotlabs/Module/Display.php | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 11c75219d..3ac0a628d 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -133,7 +133,14 @@ class Display extends \Zotlabs\Web\Controller { if((! $update) && (! $load)) { $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); - + + //if the target item is not a post (eg a like) want to address its thread parent + $mid = (($target_item['verb'] == ACTIVITY_POST) ? $item_hash : $target_item['thr_parent']); + + //if we got a decoded hash we must encode it again before handing to javascript + if($decoded) + $mid = 'b64.' . base64url_encode($mid); + $o .= '
' . "\r\n"; $o .= "\r\n"; @@ -165,8 +172,7 @@ class Display extends \Zotlabs\Web\Controller { '$dend' => '', '$dbegin' => '', '$verb' => '', - //if the target item is not a post (eg a like) want to address its thread parent - '$mid' => (($target_item['verb'] == ACTIVITY_POST) ? $item_hash : $target_item['thr_parent']) + '$mid' => $mid )); head_add_link([ @@ -323,6 +329,7 @@ class Display extends \Zotlabs\Web\Controller { $r = q("SELECT id, item_deleted FROM item WHERE mid = '%s' LIMIT 1", dbesc($item_hash) ); + if($r) { if(intval($r[0]['item_deleted'])) { notice( t('Item has been removed.') . EOL ); -- cgit v1.2.3 From 4190a40de8c3cf0c08c2b4e559231e72c1faa1cd Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 7 Sep 2017 11:35:24 +0200 Subject: typo --- Zotlabs/Module/Display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 3ac0a628d..bc597364f 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -134,7 +134,7 @@ class Display extends \Zotlabs\Web\Controller { $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); - //if the target item is not a post (eg a like) want to address its thread parent + //if the target item is not a post (eg a like) we want to address its thread parent $mid = (($target_item['verb'] == ACTIVITY_POST) ? $item_hash : $target_item['thr_parent']); //if we got a decoded hash we must encode it again before handing to javascript -- cgit v1.2.3 From 27e9b5618b5a07ebc15fa6b6b0d1d2c78ade8f46 Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 7 Sep 2017 23:20:40 +0200 Subject: use thread parent hash only for like and dislike activity. in all other cases use item hash. this will catch more situations. --- Zotlabs/Module/Display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index bc597364f..190ed3cc5 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -135,7 +135,7 @@ class Display extends \Zotlabs\Web\Controller { $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); //if the target item is not a post (eg a like) we want to address its thread parent - $mid = (($target_item['verb'] == ACTIVITY_POST) ? $item_hash : $target_item['thr_parent']); + $mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $item_hash); //if we got a decoded hash we must encode it again before handing to javascript if($decoded) -- cgit v1.2.3 From 7b3aa92b5ad09c0820db2b20bc462c975f0d3aba Mon Sep 17 00:00:00 2001 From: Mario Vavti Date: Thu, 7 Sep 2017 23:35:36 +0200 Subject: use $target_item[mid] to make item highlighting work with shortened mids --- Zotlabs/Module/Display.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Display.php b/Zotlabs/Module/Display.php index 190ed3cc5..0ea55102e 100644 --- a/Zotlabs/Module/Display.php +++ b/Zotlabs/Module/Display.php @@ -135,7 +135,7 @@ class Display extends \Zotlabs\Web\Controller { $static = ((local_channel()) ? channel_manual_conv_update(local_channel()) : 1); //if the target item is not a post (eg a like) we want to address its thread parent - $mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $item_hash); + $mid = ((($target_item['verb'] == ACTIVITY_LIKE) || ($target_item['verb'] == ACTIVITY_DISLIKE)) ? $target_item['thr_parent'] : $target_item['mid']); //if we got a decoded hash we must encode it again before handing to javascript if($decoded) -- cgit v1.2.3 From 61f339a874784d3181f4c884bab9994ec9200f50 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 17:56:02 -0700 Subject: owa - first commit --- Zotlabs/Module/Magic.php | 32 +++++++++++++++++++++++++- Zotlabs/Module/Owa.php | 57 +++++++++++++++++++++++++++++++++++++++++++++++ Zotlabs/Module/Rmagic.php | 4 ++-- 3 files changed, 90 insertions(+), 3 deletions(-) create mode 100644 Zotlabs/Module/Owa.php (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index bf3198067..0eb2f27a1 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller { $dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : ''); $test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0); $rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0); + $owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0); $delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : ''); $parsed = parse_url($dest); @@ -132,12 +133,41 @@ class Magic extends \Zotlabs\Web\Controller { if(local_channel()) { $channel = \App::get_channel(); + // OpenWebAuth + + if($owa) { + + $headers = []; + $headers['Accept'] = 'application/x-zot+json' ; + $headers['X-Open-Web-Auth'] = random_string(); + $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], + 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); + + $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + if($x['success']) { + $j = json_decode($x['body'],true); + if($j['success'] && $j['token']) { + $x = strpbrk($dest,'?&'); + $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + goaway($dest . $args); + } + } + goaway($dest); + } + + $token = random_string(); + // $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); - // $channel['token'] = $token; // $channel['token_sig'] = $token_sig; + + + + + + \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php new file mode 100644 index 000000000..f71099599 --- /dev/null +++ b/Zotlabs/Module/Owa.php @@ -0,0 +1,57 @@ + true, 'token' => $token ]); + header('Content-Type: application/x-zot+json'); + echo $x; + killme(); + } + } + } + } + $x = json_encode([ 'success' => false ]); + header('Content-Type: application/x-zot+json'); + echo $x; + killme(); + } + } + + $x = json_encode([ 'success' => false ]); + header('Content-Type: application/x-zot+json'); + echo $x; + killme(); + } +} diff --git a/Zotlabs/Module/Rmagic.php b/Zotlabs/Module/Rmagic.php index 9fcc72441..0c4eb9ae4 100644 --- a/Zotlabs/Module/Rmagic.php +++ b/Zotlabs/Module/Rmagic.php @@ -18,7 +18,7 @@ class Rmagic extends \Zotlabs\Web\Controller { if($r[0]['hubloc_url'] === z_root()) goaway(z_root() . '/login'); $dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string); - goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest); + goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest); } } } @@ -63,7 +63,7 @@ class Rmagic extends \Zotlabs\Web\Controller { else $dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string)); - goaway($url . '/magic' . '?f=&dest=' . $dest); + goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest); } } } -- cgit v1.2.3 From f09fe8da7814a64e653700b4fe04f165edd90045 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:14:04 -0700 Subject: add logging --- Zotlabs/Module/Magic.php | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 0eb2f27a1..3fe0e1e35 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -144,6 +144,9 @@ class Magic extends \Zotlabs\Web\Controller { 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); + + logger('owtfetch: ' . print_r($x,true)); + if($x['success']) { $j = json_decode($x['body'],true); if($j['success'] && $j['token']) { -- cgit v1.2.3 From 7e9162ef06b4719723941679e55af079421ae475 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:19:49 -0700 Subject: there's the problem --- Zotlabs/Module/Magic.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 3fe0e1e35..342c11eb9 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -151,7 +151,7 @@ class Magic extends \Zotlabs\Web\Controller { $j = json_decode($x['body'],true); if($j['success'] && $j['token']) { $x = strpbrk($dest,'?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); + $args = (($x) ? '&owt=' . $j['token'] : '?f=&owt=' . $j['token']) . (($delegate) ? '&delegate=1' : ''); goaway($dest . $args); } } -- cgit v1.2.3 From 1fbb1e6c2a665159d0085217c9b73d571e360256 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 18:52:18 -0700 Subject: initial testing success with owa --- Zotlabs/Module/Owa.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index f71099599..0b625dbe5 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -33,7 +33,7 @@ logger('verified: ' . print_r($verified,true)); if($verified && $verified['header_signed'] && $verified['header_valid']) { $token = random_string(32); - \Zotlabs\Zot\Verify::create('owt',0,token,$r[0]['hubloc_hash']); + \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); $x = json_encode([ 'success' => true, 'token' => $token ]); header('Content-Type: application/x-zot+json'); echo $x; -- cgit v1.2.3 From 048a8c5f44eee9b201cb3f6a71a5ed7e865e446e Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 19:04:35 -0700 Subject: provide owa discovery --- Zotlabs/Module/Wfinger.php | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index 07a7b7735..de67522b3 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -124,6 +124,13 @@ class Wfinger extends \Zotlabs\Web\Controller { 'rel' => 'http://purl.org/zot/protocol', 'href' => z_root() . '/.well-known/zot-info' . '?address=' . $r[0]['xchan_addr'], ], + + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + [ 'rel' => 'magic-public-key', -- cgit v1.2.3 From f2dc55244c0741505e5de891fae97d67f31381d2 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Thu, 7 Sep 2017 20:42:03 -0700 Subject: provide root discovery for owa --- Zotlabs/Module/Wfinger.php | 35 +++++++++++++++++++++++++++++++---- 1 file changed, 31 insertions(+), 4 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Wfinger.php b/Zotlabs/Module/Wfinger.php index de67522b3..d0c4d73d2 100644 --- a/Zotlabs/Module/Wfinger.php +++ b/Zotlabs/Module/Wfinger.php @@ -30,9 +30,15 @@ class Wfinger extends \Zotlabs\Web\Controller { $resource = $_REQUEST['resource']; logger('webfinger: ' . $resource,LOGGER_DEBUG); + + $root_resource = false; + + if(strcasecmp(rtrim($resource,'/'),z_root()) === 0) + $root_resource = true; + $r = null; - if($resource) { + if(($resource) && (! $root_resource)) { if(strpos($resource,'acct:') === 0) { $channel = str_replace('acct:','',$resource); @@ -60,7 +66,25 @@ class Wfinger extends \Zotlabs\Web\Controller { header('Access-Control-Allow-Origin: *'); + + if($root_resource) { + $result['subject'] = $resource; + $result['properties'] = [ + 'https://w3id.org/security/v1#publicKeyPem' => get_config('system','pubkey') + ]; + $result['links'] = [ + [ + 'rel' => 'http://purl.org/openwebauth/v1', + 'type' => 'application/x-zot+json', + 'href' => z_root() . '/owa', + ], + ]; + + + + } + if($resource && $r) { $h = q("select hubloc_addr from hubloc where hubloc_hash = '%s' and hubloc_deleted = 0", @@ -84,7 +108,8 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['properties'] = [ 'http://webfinger.net/ns/name' => $r[0]['channel_name'], - 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'] + 'http://xmlns.com/foaf/0.1/name' => $r[0]['channel_name'], + 'https://w3id.org/security/v1#publicKeyPem' => $r[0]['xchan_pubkey'] ]; foreach($aliases as $alias) @@ -143,14 +168,16 @@ class Wfinger extends \Zotlabs\Web\Controller { $result['zot'] = zotinfo( [ 'address' => $r[0]['xchan_addr'] ]); } } - else { + + if(! $result) { header($_SERVER["SERVER_PROTOCOL"] . ' ' . 400 . ' ' . 'Bad Request'); killme(); } $arr = [ 'channel' => $r[0], 'request' => $_REQUEST, 'result' => $result ]; call_hooks('webfinger',$arr); - + + json_return_and_die($arr['result'],'application/jrd+json'); } -- cgit v1.2.3 From 84c86f01c853f87be93807b3e190f954aca2e6e6 Mon Sep 17 00:00:00 2001 From: zotlabs Date: Fri, 8 Sep 2017 16:00:27 -0700 Subject: owa: missed the set-observer stuff --- Zotlabs/Module/Owa.php | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 0b625dbe5..900ab9f85 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -1,9 +1,16 @@ false ]); - header('Content-Type: application/x-zot+json'); - echo $x; - killme(); } } - $x = json_encode([ 'success' => false ]); header('Content-Type: application/x-zot+json'); echo $x; -- cgit v1.2.3 From e2e7bee3cca6f2ffc88aee9c94066e117e7a682b Mon Sep 17 00:00:00 2001 From: zotlabs Date: Sat, 9 Sep 2017 13:34:57 -0700 Subject: owa cleanup --- Zotlabs/Module/Magic.php | 13 ------------- Zotlabs/Module/Owa.php | 18 +++++++----------- 2 files changed, 7 insertions(+), 24 deletions(-) (limited to 'Zotlabs/Module') diff --git a/Zotlabs/Module/Magic.php b/Zotlabs/Module/Magic.php index 342c11eb9..d1550ec89 100644 --- a/Zotlabs/Module/Magic.php +++ b/Zotlabs/Module/Magic.php @@ -142,11 +142,8 @@ class Magic extends \Zotlabs\Web\Controller { $headers['X-Open-Web-Auth'] = random_string(); $headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'], 'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512'); - $x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]); - logger('owtfetch: ' . print_r($x,true)); - if($x['success']) { $j = json_decode($x['body'],true); if($j['success'] && $j['token']) { @@ -161,16 +158,6 @@ class Magic extends \Zotlabs\Web\Controller { $token = random_string(); -// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey'])); -// $channel['token'] = $token; -// $channel['token_sig'] = $token_sig; - - - - - - - \Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']); $target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel)) diff --git a/Zotlabs/Module/Owa.php b/Zotlabs/Module/Owa.php index 900ab9f85..4b0d855c5 100644 --- a/Zotlabs/Module/Owa.php +++ b/Zotlabs/Module/Owa.php @@ -15,8 +15,10 @@ namespace Zotlabs\Module; class Owa extends \Zotlabs\Web\Controller { function init() { - foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + $ret = [ 'success' => false ]; + + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') { if($head !== 'HTTP_AUTHORIZATION') { $_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head]; @@ -34,24 +36,18 @@ class Owa extends \Zotlabs\Web\Controller { ); if($r) { $hubloc = $r[0]; - $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); - + $verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']); if($verified && $verified['header_signed'] && $verified['header_valid']) { + $ret['success'] = true; $token = random_string(32); \Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']); - $x = json_encode([ 'success' => true, 'token' => $token ]); - header('Content-Type: application/x-zot+json'); - echo $x; - killme(); + $ret['token'] = $token; } } } } } } - $x = json_encode([ 'success' => false ]); - header('Content-Type: application/x-zot+json'); - echo $x; - killme(); + json_return_and_die($ret,'application/x-zot+json'); } } -- cgit v1.2.3