From f666d8a0838efec0e05fcd9ea884eb6733cea3a8 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Fri, 15 Jul 2016 01:06:25 -0700
Subject: enforce non-empty name and token/password on access tokens until
 better checks are instituted.

---
 Zotlabs/Module/Settings.php | 25 ++++++++++++++++---------
 1 file changed, 16 insertions(+), 9 deletions(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index 60c9be519..b1f6c8144 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -121,15 +121,22 @@ class Settings extends \Zotlabs\Web\Controller {
 
 		if((argc() > 1) && (argv(1) == 'tokens')) {
 			check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens');
-			
-			$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
-			$name = trim(escape_tags($_POST['name']));
-			$token = trim($_POST['token']);
-			if(trim($_POST['expires']))
-				$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
-			else
-				$expires = NULL_DATE;
-
+			$token_errs = 0;
+			if(array_key_exists('token',$_POST)) {
+				$atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0);
+				$name = trim(escape_tags($_POST['name']));
+				$token = trim($_POST['token']);
+				if((! $name) || (! $token))
+						$token_errs ++;
+				if(trim($_POST['expires']))
+					$expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']);
+				else
+					$expires = NULL_DATE;
+			}
+			if($token_errs) {
+				notice( t('Name and Token are required.') . EOL);
+				return;
+			}
 			if($atoken_id) {
 				$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' 
 					where atoken_id = %d and atoken_uid = %d",
-- 
cgit v1.2.3


From 5e475acb85cac2dd87f92f6c8d51dc0071e5c2eb Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Fri, 15 Jul 2016 01:33:28 -0700
Subject: cleanup and debug of atoken feature

---
 Zotlabs/Module/Settings.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index b1f6c8144..44088fea5 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -138,7 +138,7 @@ class Settings extends \Zotlabs\Web\Controller {
 				return;
 			}
 			if($atoken_id) {
-				$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' 
+				$r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' 
 					where atoken_id = %d and atoken_uid = %d",
 					dbesc($name),
 					dbesc($token),
@@ -148,7 +148,7 @@ class Settings extends \Zotlabs\Web\Controller {
 				);
 			}
 			else {
-				$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expire )
+				$r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires )
 					values ( %d, %d, '%s', '%s', '%s' ) ",
 					intval($channel['channel_account_id']),
 					intval($channel['channel_id']),
-- 
cgit v1.2.3


From d54f5a3831ec003468e33185318a060711cb9c09 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Fri, 15 Jul 2016 01:43:09 -0700
Subject: more cleanup of atoken UI

---
 Zotlabs/Module/Settings.php | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php
index 44088fea5..20aa59f78 100644
--- a/Zotlabs/Module/Settings.php
+++ b/Zotlabs/Module/Settings.php
@@ -134,7 +134,7 @@ class Settings extends \Zotlabs\Web\Controller {
 					$expires = NULL_DATE;
 			}
 			if($token_errs) {
-				notice( t('Name and Token are required.') . EOL);
+				notice( t('Name and Password are required.') . EOL);
 				return;
 			}
 			if($atoken_id) {
@@ -774,10 +774,13 @@ class Settings extends \Zotlabs\Web\Controller {
 				intval(local_channel())
 			);			
 
+			$desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.');
+
 			$tpl = get_markup_template("settings_tokens.tpl");
 			$o .= replace_macros($tpl, array(
 				'$form_security_token' => get_form_security_token("settings_tokens"),
 				'$title'	=> t('Guest Access Tokens'),
+				'$desc'     => $desc,
 				'$tokens' => $t,
 				'$atoken' => $atoken,
 				'$name' => array('name', t('Login Name'), (($atoken) ? $atoken['atoken_name'] : ''),''),
-- 
cgit v1.2.3


From da5ec98f98dd8cef034d568bf0f67231e8517bd4 Mon Sep 17 00:00:00 2001
From: redmatrix <git@macgirvin.com>
Date: Fri, 15 Jul 2016 02:07:27 -0700
Subject: make lockview work with throwaway identities

---
 Zotlabs/Module/Lockview.php | 35 +++++++++++++++++++++++++++++++++--
 1 file changed, 33 insertions(+), 2 deletions(-)

(limited to 'Zotlabs/Module')

diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php
index 4776e1c56..d86a3c1d8 100644
--- a/Zotlabs/Module/Lockview.php
+++ b/Zotlabs/Module/Lockview.php
@@ -1,17 +1,31 @@
 <?php
 namespace Zotlabs\Module;
 
-
+require_once('include/security.php');
 
 class Lockview extends \Zotlabs\Web\Controller {
 
 	function get() {
+
+		$atokens = array();
+
+		if(local_channel()) {
+			$at = q("select * from atoken where atoken_uid = %d",
+				intval(local_channel())
+			);
+			if($at) {
+				foreach($at as $t) {
+					$atokens[] = atoken_xchan($t);
+				}
+			}
+		}
 	  
 		$type = ((argc() > 1) ? argv(1) : 0);
 		if (is_numeric($type)) {
 			$item_id = intval($type);
 			$type='item';
-		} else {
+		} 
+		else {
 			$item_id = ((argc() > 2) ? intval(argv(2)) : 0);
 		}
 	  
@@ -98,6 +112,13 @@ class Lockview extends \Zotlabs\Web\Controller {
 			if($r)
 				foreach($r as $rr) 
 					$l[] = '<li>' . $rr['xchan_name'] . '</li>';
+			if($atokens) {
+				foreach($atokens as $at) {
+					if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) {	
+						$l[] = '<li>' . $at['xchan_name'] . '</li>';
+					}
+				}
+			}
 		}
 		if(count($deny_groups)) {
 			$r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )");
@@ -110,6 +131,16 @@ class Lockview extends \Zotlabs\Web\Controller {
 			if($r)
 				foreach($r as $rr) 
 					$l[] = '<li><strike>' . $rr['xchan_name'] . '</strike></li>';
+
+			if($atokens) {
+				foreach($atokens as $at) {
+					if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) {	
+						$l[] = '<li><strike>' . $at['xchan_name'] . '</strike></li>';
+					}
+				}
+			}
+
+
 		}
 	
 		echo $o . implode($l);
-- 
cgit v1.2.3