From f3eb9af046b155c53a194db6104a24b6d6756072 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 14 Jul 2016 19:43:47 -0700 Subject: more ZAT work --- Zotlabs/Web/WebServer.php | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Web/WebServer.php b/Zotlabs/Web/WebServer.php index 88ab4995b..d4f3cb9ea 100644 --- a/Zotlabs/Web/WebServer.php +++ b/Zotlabs/Web/WebServer.php @@ -59,7 +59,14 @@ class WebServer { \App::$query_string = strip_zids(\App::$query_string); if(! local_channel()) { $_SESSION['my_address'] = $_GET['zid']; - zid_init($a); + zid_init(); + } + } + + if((x($_GET,'zat')) && (! \App::$install)) { + \App::$query_string = strip_zats(\App::$query_string); + if(! local_channel()) { + zat_init(); } } -- cgit v1.2.3 From f70f4a4e8558a6d715eb7ca0d02ac38753094068 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 14 Jul 2016 20:26:22 -0700 Subject: add zat to acl --- Zotlabs/Module/Acl.php | 27 ++++++++++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index f33e257f4..c8a4fdd7c 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -130,13 +130,38 @@ class Acl extends \Zotlabs\Web\Controller { if(local_channel()) { if($extra_channels_sql != '') $extra_channels_sql = " OR (abook_channel IN ($extra_channels_sql)) and abook_hidden = 0 "; + + $r2 = null; + + $r1 = q("select * from atoken where atoken_uid = %d", + intval(local_channel()) + ); + if($r1) { + $r2 = array(); + foreach($r1 as $rr) { + $r2[] = [ + 'id' => 'a' . $rr['atoken_id'] , + 'hash' => $rr['atoken_uid'] . '.' . $rr['atoken_name'], + 'name' => $rr['atoken_name'], + 'micro' => get_default_profile_photo(48), + 'url' => z_root(), + 'nick' => t('guest:') . $rr['atoken_name'], + 'abook_their_perms' => 0, + 'abook_flags' => 0, + 'abook_self' => 0 + ]; + } + } + $r = q("SELECT abook_id as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, abook_their_perms, abook_flags, abook_self FROM abook left join xchan on abook_xchan = xchan_hash WHERE (abook_channel = %d $extra_channels_sql) AND abook_blocked = 0 and abook_pending = 0 and xchan_deleted = 0 $sql_extra2 order by $order_extra2 xchan_name asc" , intval(local_channel()) ); - + if($r2) + $r = array_merge($r2,$r); + } else { // Visitors $r = q("SELECT xchan_hash as id, xchan_hash as hash, xchan_name as name, xchan_photo_s as micro, xchan_url as url, xchan_addr as nick, 0 as abook_their_perms, 0 as abook_flags, 0 as abook_self -- cgit v1.2.3 From 397a23499dc64e2abdd2c27ccdf7e059a23dcfff Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 14 Jul 2016 21:28:17 -0700 Subject: make the xchan_hash for the access token location independent --- Zotlabs/Module/Acl.php | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Acl.php b/Zotlabs/Module/Acl.php index c8a4fdd7c..15609c3c8 100644 --- a/Zotlabs/Module/Acl.php +++ b/Zotlabs/Module/Acl.php @@ -137,15 +137,17 @@ class Acl extends \Zotlabs\Web\Controller { intval(local_channel()) ); if($r1) { + require_once('include/security.php'); $r2 = array(); foreach($r1 as $rr) { + $x = atoken_xchan($rr); $r2[] = [ 'id' => 'a' . $rr['atoken_id'] , - 'hash' => $rr['atoken_uid'] . '.' . $rr['atoken_name'], - 'name' => $rr['atoken_name'], - 'micro' => get_default_profile_photo(48), + 'hash' => $x['xchan_hash'], + 'name' => $x['xchan_name'], + 'micro' => $x['xchan_photo_m'], 'url' => z_root(), - 'nick' => t('guest:') . $rr['atoken_name'], + 'nick' => $x['xchan_addr'], 'abook_their_perms' => 0, 'abook_flags' => 0, 'abook_self' => 0 -- cgit v1.2.3 From 7ee7f00bf34b11d0427f03df9494088cf56ef9ee Mon Sep 17 00:00:00 2001 From: redmatrix Date: Thu, 14 Jul 2016 22:41:53 -0700 Subject: Here's the basic UI for the Zot Access Tokens, requires some minor cleanup --- Zotlabs/Module/Settings.php | 78 ++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 77 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index af246a4dc..60c9be519 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -28,7 +28,7 @@ class Settings extends \Zotlabs\Web\Controller { } - function post() { + function post() { if(! local_channel()) return; @@ -117,6 +117,43 @@ class Settings extends \Zotlabs\Web\Controller { build_sync_packet(); return; } + + + if((argc() > 1) && (argv(1) == 'tokens')) { + check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); + + $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0); + $name = trim(escape_tags($_POST['name'])); + $token = trim($_POST['token']); + if(trim($_POST['expires'])) + $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); + else + $expires = NULL_DATE; + + if($atoken_id) { + $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' + where atoken_id = %d and atoken_uid = %d", + dbesc($name), + dbesc($token), + dbesc($expires), + intval($atoken_id), + intval($channel['channel_id']) + ); + } + else { + $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expire ) + values ( %d, %d, '%s', '%s', '%s' ) ", + intval($channel['channel_account_id']), + intval($channel['channel_id']), + dbesc($name), + dbesc($token), + dbesc($expires) + ); + } + + info( t('Token saved.') . EOL); + return; + } @@ -706,6 +743,45 @@ class Settings extends \Zotlabs\Web\Controller { )); return $o; } + + if((argc() > 1) && (argv(1) === 'tokens')) { + $atoken = null; + if(argc() > 2) { + $id = argv(2); + + $atoken = q("select * from atoken where atoken_id = %d and atoken_uid = %d", + intval($id), + intval(local_channel()) + ); + + if($atoken) + $atoken = $atoken[0]; + + if($atoken && argc() > 3 && argv(3) === 'drop') { + $r = q("delete from atoken where atoken_id = %d", + intval($id) + ); + } + } + $t = q("select * from atoken where atoken_uid = %d", + intval(local_channel()) + ); + + $tpl = get_markup_template("settings_tokens.tpl"); + $o .= replace_macros($tpl, array( + '$form_security_token' => get_form_security_token("settings_tokens"), + '$title' => t('Guest Access Tokens'), + '$tokens' => $t, + '$atoken' => $atoken, + '$name' => array('name', t('Login Name'), (($atoken) ? $atoken['atoken_name'] : ''),''), + '$token'=> array('token', t('Login Password'),(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''), + '$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] != NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''), + '$submit' => t('Submit') + )); + return $o; + } + + -- cgit v1.2.3 From f666d8a0838efec0e05fcd9ea884eb6733cea3a8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 01:06:25 -0700 Subject: enforce non-empty name and token/password on access tokens until better checks are instituted. --- Zotlabs/Module/Settings.php | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 60c9be519..b1f6c8144 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -121,15 +121,22 @@ class Settings extends \Zotlabs\Web\Controller { if((argc() > 1) && (argv(1) == 'tokens')) { check_form_security_token_redirectOnErr('/settings/tokens', 'settings_tokens'); - - $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0); - $name = trim(escape_tags($_POST['name'])); - $token = trim($_POST['token']); - if(trim($_POST['expires'])) - $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); - else - $expires = NULL_DATE; - + $token_errs = 0; + if(array_key_exists('token',$_POST)) { + $atoken_id = (($_POST['atoken_id']) ? intval($_POST['atoken_id']) : 0); + $name = trim(escape_tags($_POST['name'])); + $token = trim($_POST['token']); + if((! $name) || (! $token)) + $token_errs ++; + if(trim($_POST['expires'])) + $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); + else + $expires = NULL_DATE; + } + if($token_errs) { + notice( t('Name and Token are required.') . EOL); + return; + } if($atoken_id) { $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' where atoken_id = %d and atoken_uid = %d", -- cgit v1.2.3 From 5e475acb85cac2dd87f92f6c8d51dc0071e5c2eb Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 01:33:28 -0700 Subject: cleanup and debug of atoken feature --- Zotlabs/Module/Settings.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index b1f6c8144..44088fea5 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -138,7 +138,7 @@ class Settings extends \Zotlabs\Web\Controller { return; } if($atoken_id) { - $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expire = '%s' + $r = q("update atoken set atoken_name = '%s', atoken_token = '%s' atoken_expires = '%s' where atoken_id = %d and atoken_uid = %d", dbesc($name), dbesc($token), @@ -148,7 +148,7 @@ class Settings extends \Zotlabs\Web\Controller { ); } else { - $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expire ) + $r = q("insert into atoken ( atoken_aid, atoken_uid, atoken_name, atoken_token, atoken_expires ) values ( %d, %d, '%s', '%s', '%s' ) ", intval($channel['channel_account_id']), intval($channel['channel_id']), -- cgit v1.2.3 From d54f5a3831ec003468e33185318a060711cb9c09 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 01:43:09 -0700 Subject: more cleanup of atoken UI --- Zotlabs/Module/Settings.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 44088fea5..20aa59f78 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -134,7 +134,7 @@ class Settings extends \Zotlabs\Web\Controller { $expires = NULL_DATE; } if($token_errs) { - notice( t('Name and Token are required.') . EOL); + notice( t('Name and Password are required.') . EOL); return; } if($atoken_id) { @@ -774,10 +774,13 @@ class Settings extends \Zotlabs\Web\Controller { intval(local_channel()) ); + $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.'); + $tpl = get_markup_template("settings_tokens.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_tokens"), '$title' => t('Guest Access Tokens'), + '$desc' => $desc, '$tokens' => $t, '$atoken' => $atoken, '$name' => array('name', t('Login Name'), (($atoken) ? $atoken['atoken_name'] : ''),''), -- cgit v1.2.3 From da5ec98f98dd8cef034d568bf0f67231e8517bd4 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 02:07:27 -0700 Subject: make lockview work with throwaway identities --- Zotlabs/Module/Lockview.php | 35 +++++++++++++++++++++++++++++++++-- 1 file changed, 33 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Lockview.php b/Zotlabs/Module/Lockview.php index 4776e1c56..d86a3c1d8 100644 --- a/Zotlabs/Module/Lockview.php +++ b/Zotlabs/Module/Lockview.php @@ -1,17 +1,31 @@ 1) ? argv(1) : 0); if (is_numeric($type)) { $item_id = intval($type); $type='item'; - } else { + } + else { $item_id = ((argc() > 2) ? intval(argv(2)) : 0); } @@ -98,6 +112,13 @@ class Lockview extends \Zotlabs\Web\Controller { if($r) foreach($r as $rr) $l[] = '
  • ' . $rr['xchan_name'] . '
  • '; + if($atokens) { + foreach($atokens as $at) { + if(in_array("'" . $at['xchan_hash'] . "'",$allowed_users)) { + $l[] = '
  • ' . $at['xchan_name'] . '
  • '; + } + } + } } if(count($deny_groups)) { $r = q("SELECT gname FROM `groups` WHERE hash IN ( " . implode(', ', $deny_groups) . " )"); @@ -110,6 +131,16 @@ class Lockview extends \Zotlabs\Web\Controller { if($r) foreach($r as $rr) $l[] = '
  • ' . $rr['xchan_name'] . '
  • '; + + if($atokens) { + foreach($atokens as $at) { + if(in_array("'" . $at['xchan_hash'] . "'",$deny_users)) { + $l[] = '
  • ' . $at['xchan_name'] . '
  • '; + } + } + } + + } echo $o . implode($l); -- cgit v1.2.3 From dcb3c2c299057467105200e298a03d7b2ee072e8 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 15:26:36 -0700 Subject: mod_home: if using an atoken login on the home page redirect to the channel page of the channel that owns the atoken. --- Zotlabs/Module/Home.php | 13 +++++++++++++ 1 file changed, 13 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Home.php b/Zotlabs/Module/Home.php index f3ba96fdd..79449c3b2 100644 --- a/Zotlabs/Module/Home.php +++ b/Zotlabs/Module/Home.php @@ -28,6 +28,19 @@ class Home extends \Zotlabs\Web\Controller { goaway($dest); } + + if(remote_channel() && (! $splash) && $_SESSION['atoken']) { + $r = q("select * from atoken where atoken_id = %d", + intval($_SESSION['atoken']) + ); + if($r) { + $x = channelx_by_n($r[0]['atoken_uid']); + if($x) { + goaway(z_root() . '/channel/' . $x['channel_address']); + } + } + } + if(get_account_id() && ! $splash) { goaway(z_root() . '/new_channel'); -- cgit v1.2.3 From f3aff45042096ab113b77492c0018d5e6b47c7e4 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 16:31:21 -0700 Subject: provide examples for using access tokens in urls --- Zotlabs/Module/Settings.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index 20aa59f78..ccc5ec04a 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -776,15 +776,20 @@ class Settings extends \Zotlabs\Web\Controller { $desc = t('Use this form to create temporary access identifiers to share things with non-members. These identities may be used in Access Control Lists and visitors may login using these credentials to access the private content.'); + $desc2 = t('You may also provide dropbox style access links to friends and associates by adding the Login Password to any specific site URL as shown. Examples:'); + $tpl = get_markup_template("settings_tokens.tpl"); $o .= replace_macros($tpl, array( '$form_security_token' => get_form_security_token("settings_tokens"), '$title' => t('Guest Access Tokens'), '$desc' => $desc, + '$desc2' => $desc2, '$tokens' => $t, '$atoken' => $atoken, - '$name' => array('name', t('Login Name'), (($atoken) ? $atoken['atoken_name'] : ''),''), - '$token'=> array('token', t('Login Password'),(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''), + '$url1' => z_root() . '/channel/' . $channel['channel_address'], + '$url2' => z_root() . '/photos/' . $channel['channel_address'], + '$name' => array('name', t('Login Name') . ' *', (($atoken) ? $atoken['atoken_name'] : ''),''), + '$token'=> array('token', t('Login Password') . ' *',(($atoken) ? $atoken['atoken_token'] : autoname(8)), ''), '$expires'=> array('expires', t('Expires (yyyy-mm-dd)'), (($atoken['atoken_expires'] && $atoken['atoken_expires'] != NULL_DATE) ? datetime_convert('UTC',date_default_timezone_get(),$atoken['atoken_expires']) : ''), ''), '$submit' => t('Submit') )); -- cgit v1.2.3 From 01fe7d6620644daa8c73ed34aa5b9e4bf832db15 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 17:34:44 -0700 Subject: remove expired access tokens --- Zotlabs/Daemon/Cron.php | 9 +++++++++ 1 file changed, 9 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Daemon/Cron.php b/Zotlabs/Daemon/Cron.php index d5b41274b..5af8174bf 100644 --- a/Zotlabs/Daemon/Cron.php +++ b/Zotlabs/Daemon/Cron.php @@ -62,6 +62,15 @@ class Cron { } + // delete expired access tokens + + q("delete from atoken where atoken_expires != '%s' && atoken_expires < %s", + dbesc(NULL_DATE), + dbutcnow() + ); + + + // Ensure that every channel pings a directory server once a month. This way we can discover // channels and sites that quietly vanished and prevent the directory from accumulating stale // or dead entries. -- cgit v1.2.3 From 8e667866fd2cb834563b1eee8fadf6eedec77660 Mon Sep 17 00:00:00 2001 From: redmatrix Date: Fri, 15 Jul 2016 21:57:41 -0700 Subject: add service class restrictions to access_tokens --- Zotlabs/Module/Settings.php | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Module/Settings.php b/Zotlabs/Module/Settings.php index ccc5ec04a..b1258e049 100644 --- a/Zotlabs/Module/Settings.php +++ b/Zotlabs/Module/Settings.php @@ -132,6 +132,16 @@ class Settings extends \Zotlabs\Web\Controller { $expires = datetime_convert(date_default_timezone_get(),'UTC',$_POST['expires']); else $expires = NULL_DATE; + $max_atokens = service_class_fetch(local_channel(),'access_tokens'); + if($max_atokens) { + $r = q("select count(atoken_id) as total where atoken_uid = %d", + intval(local_channel()) + ); + if($r && intval($r[0]['total']) >= $max_tokens) { + notice( sprintf( t('This channel is limited to %d tokens'), $max_tokens) . EOL); + return; + } + } } if($token_errs) { notice( t('Name and Password are required.') . EOL); -- cgit v1.2.3 From aac0fa2b5fb4f81a567a782bb6bafce7e46fe19e Mon Sep 17 00:00:00 2001 From: redmatrix Date: Sat, 16 Jul 2016 01:02:41 -0700 Subject: os_delete_prohibit --- Zotlabs/Storage/File.php | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'Zotlabs') diff --git a/Zotlabs/Storage/File.php b/Zotlabs/Storage/File.php index ecd15cc55..5a70a99f1 100644 --- a/Zotlabs/Storage/File.php +++ b/Zotlabs/Storage/File.php @@ -337,6 +337,10 @@ class File extends DAV\Node implements DAV\IFile { } } + if(get_pconfig($this->auth->owner_id,'system','os_delete_prohibit') && \App::$module == 'dav') { + throw new DAV\Exception\Forbidden('Permission denied.'); + } + attach_delete($this->auth->owner_id, $this->data['hash']); $ch = channelx_by_n($this->auth->owner_id); -- cgit v1.2.3