This should resolve the dav authentication loop (correctly)
This commit is contained in:
friendica
parent
9c4c0e6d23
commit
075b7fa9c8
@ -58,15 +58,18 @@ function account_verify_password($email,$pass) {
|
||||
}
|
||||
|
||||
|
||||
// login/logout
|
||||
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* Inline - not a function
|
||||
* look for auth parameters or re-validate an existing session
|
||||
* also handles logout
|
||||
*/
|
||||
|
||||
|
||||
if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) {
|
||||
|
||||
|
||||
// process a logout request
|
||||
|
||||
if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) {
|
||||
|
||||
// process logout request
|
||||
@ -77,6 +80,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
|
||||
goaway(z_root());
|
||||
}
|
||||
|
||||
// re-validate a visitor, optionally invoke "su" if permitted to do so
|
||||
|
||||
if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) {
|
||||
// if our authenticated guest is allowed to take control of the admin channel, make it so.
|
||||
$admins = get_config('system','remote_admin');
|
||||
@ -106,9 +111,11 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p
|
||||
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
|
||||
}
|
||||
|
||||
// already logged in user returning
|
||||
|
||||
if(x($_SESSION,'uid') || x($_SESSION,'account_id')) {
|
||||
|
||||
// already logged in user returning
|
||||
// first check if we're enforcing that sessions can't change IP address
|
||||
|
||||
$check = get_config('system','paranoia');
|
||||
// extra paranoia - if the IP changed, log them out
|
||||
@ -150,6 +157,8 @@ else {
|
||||
nuke_session();
|
||||
}
|
||||
|
||||
// handle a fresh login request
|
||||
|
||||
if((x($_POST,'password')) && strlen($_POST['password']))
|
||||
$encrypted = hash('whirlpool',trim($_POST['password']));
|
||||
|
||||
@ -188,7 +197,7 @@ else {
|
||||
notice( t('Failed authentication') . EOL);
|
||||
}
|
||||
|
||||
logger('authenticate: ' . print_r(get_app()->account,true));
|
||||
logger('authenticate: ' . print_r(get_app()->account,true), LOGGER_DEBUG);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@ -792,6 +792,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||
$this->channel_id = $r[0]['channel_id'];
|
||||
$this->channel_hash = $this->observer = $r[0]['channel_hash'];
|
||||
$_SESSION['uid'] = $r[0]['channel_id'];
|
||||
$_SESSION['account_id'] = $r[0]['channel_account_id'];
|
||||
$_SESSION['authenticated'] = true;
|
||||
return true;
|
||||
}
|
||||
@ -813,6 +814,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic {
|
||||
$this->channel_id = $r[0]['channel_id'];
|
||||
$this->channel_hash = $this->observer = $r[0]['channel_hash'];
|
||||
$_SESSION['uid'] = $r[0]['channel_id'];
|
||||
$_SESSION['account_id'] = $r[0]['channel_account_id'];
|
||||
$_SESSION['authenticated'] = true;
|
||||
return true;
|
||||
}
|
||||
|
||||
@ -32,9 +32,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive
|
||||
|
||||
}
|
||||
|
||||
if($login_initial)
|
||||
if($login_initial) {
|
||||
|
||||
call_hooks('logged_in', $user_record);
|
||||
|
||||
|
||||
// might want to log success here
|
||||
}
|
||||
|
||||
if($return || x($_SESSION,'workflow')) {
|
||||
unset($_SESSION['workflow']);
|
||||
|
||||
@ -28,7 +28,7 @@ function ping_init(&$a) {
|
||||
|
||||
header("content-type: application/json");
|
||||
|
||||
$result['invalid'] = ((local_user()) && (intval($_GET['uid'])) && (intval($_GET['uid']) != local_user()) ? 1 : 0);
|
||||
$result['invalid'] = ((intval($_GET['uid'])) && (intval($_GET['uid']) != local_user()) ? 1 : 0);
|
||||
|
||||
if(x($_SESSION,'sysmsg')){
|
||||
foreach ($_SESSION['sysmsg'] as $m){
|
||||
|
||||
Reference in New Issue
Block a user