hubloc confusion in magic auth
This commit is contained in:
		| @@ -3107,7 +3107,11 @@ class Libzot { | |||||||
|  |  | ||||||
| 		foreach($arr as $v) { | 		foreach($arr as $v) { | ||||||
| 			if($v[$check] === 'zot6') { | 			if($v[$check] === 'zot6') { | ||||||
|  | 				return $v; | ||||||
|  | 			} | ||||||
|  | 		} | ||||||
|  | 		foreach($arr as $v) { | ||||||
|  | 			if($v[$check] === 'zot') { | ||||||
| 				return $v; | 				return $v; | ||||||
| 			} | 			} | ||||||
| 		} | 		} | ||||||
|   | |||||||
| @@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller { | |||||||
| 							$token = $j['token']; | 							$token = $j['token']; | ||||||
| 						} | 						} | ||||||
| 						 | 						 | ||||||
| 						$x = strpbrk($dest,'?&'); | 						$strp = strpbrk($dest,'?&'); | ||||||
| 						$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); | 						$args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); | ||||||
| 						goaway($dest . $args); | 						goaway($dest . $args); | ||||||
| 					} | 					} | ||||||
| 				} | 				} | ||||||
|   | |||||||
| @@ -30,11 +30,28 @@ class Owa extends \Zotlabs\Web\Controller { | |||||||
| 					$keyId = $sigblock['keyId']; | 					$keyId = $sigblock['keyId']; | ||||||
|  |  | ||||||
| 					if($keyId) { | 					if($keyId) { | ||||||
|  |  | ||||||
|  | 						// Hubzilla connections can have both zot and zot6 hublocs | ||||||
|  | 						// The connections will usually be zot so match those first | ||||||
|  | 						 | ||||||
|  | 						$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash  | ||||||
|  | 							where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ", | ||||||
|  | 							dbesc(str_replace('acct:','',$keyId)), | ||||||
|  | 							dbesc($keyId) | ||||||
|  | 						); | ||||||
|  |  | ||||||
|  | 						// If nothing was found, try searching on any network | ||||||
|  | 						 | ||||||
|  | 						if (! $r) { | ||||||
| 							$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash  | 							$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash  | ||||||
| 								where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", | 								where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )", | ||||||
| 								dbesc(str_replace('acct:','',$keyId)), | 								dbesc(str_replace('acct:','',$keyId)), | ||||||
| 								dbesc($keyId) | 								dbesc($keyId) | ||||||
| 							); | 							); | ||||||
|  | 						} | ||||||
|  |  | ||||||
|  | 						// If nothing was found on any network, use network discovery and create a new record | ||||||
|  | 						 | ||||||
| 						if (! $r) { | 						if (! $r) { | ||||||
| 							$found = discover_by_webbie(str_replace('acct:','',$keyId)); | 							$found = discover_by_webbie(str_replace('acct:','',$keyId)); | ||||||
| 							if($found) { | 							if($found) { | ||||||
| @@ -45,6 +62,7 @@ class Owa extends \Zotlabs\Web\Controller { | |||||||
| 								); | 								); | ||||||
| 							} | 							} | ||||||
| 						} | 						} | ||||||
|  | 						 | ||||||
| 						if ($r) { | 						if ($r) { | ||||||
| 							foreach($r as $hubloc) { | 							foreach($r as $hubloc) { | ||||||
| 								$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);	 | 								$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);	 | ||||||
| @@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller { | |||||||
| 									logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); | 									logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); | ||||||
| 									$ret['success'] = true; | 									$ret['success'] = true; | ||||||
| 									$token = random_string(32); | 									$token = random_string(32); | ||||||
| 									\Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); | 									\Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']); | ||||||
| 									$result = ''; | 									$result = ''; | ||||||
| 									openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); | 									openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); | ||||||
| 									$ret['encrypted_token'] = base64url_encode($result); | 									$ret['encrypted_token'] = base64url_encode($result); | ||||||
|   | |||||||
| @@ -1812,13 +1812,16 @@ function zid_init() { | |||||||
| 		call_hooks('zid_init', $arr); | 		call_hooks('zid_init', $arr); | ||||||
|  |  | ||||||
| 		if(! local_channel()) { | 		if(! local_channel()) { | ||||||
| 			$r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1", | 			$r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc", | ||||||
| 				dbesc($tmp_str) | 				dbesc($tmp_str) | ||||||
| 			); | 			); | ||||||
| 			if(! $r) { | 			if(! $r) { | ||||||
| 				Master::Summon(array('Gprobe',bin2hex($tmp_str))); | 				Master::Summon(array('Gprobe',bin2hex($tmp_str))); | ||||||
| 			} | 			} | ||||||
| 			if($r && remote_channel() && remote_channel() === $r[0]['hubloc_hash']) | 			if($r) { | ||||||
|  | 				$r = zot_record_preferred($r); | ||||||
|  | 			} | ||||||
|  | 			if($r && remote_channel() && remote_channel() === $r['hubloc_hash']) | ||||||
| 				return; | 				return; | ||||||
|  |  | ||||||
| 			logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str); | 			logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str); | ||||||
| @@ -1826,8 +1829,8 @@ function zid_init() { | |||||||
| 			$query = App::$query_string; | 			$query = App::$query_string; | ||||||
| 			$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); | 			$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); | ||||||
| 			$dest = '/' . $query; | 			$dest = '/' . $query; | ||||||
| 			if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { | 			if($r && ($r['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { | ||||||
| 				goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); | 				goaway($r['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); | ||||||
| 			} | 			} | ||||||
| 			else | 			else | ||||||
| 				logger('No hubloc found.'); | 				logger('No hubloc found.'); | ||||||
|   | |||||||
| @@ -1,5 +1,6 @@ | |||||||
| <?php | <?php | ||||||
|  |  | ||||||
|  | use Zotlabs\Lib\Verify; | ||||||
|  |  | ||||||
| function is_matrix_url($url) { | function is_matrix_url($url) { | ||||||
|  |  | ||||||
| @@ -270,34 +271,45 @@ function red_zrlify_img_callback($matches) { | |||||||
|  */ |  */ | ||||||
| function owt_init($token) { | function owt_init($token) { | ||||||
|  |  | ||||||
| 	\Zotlabs\Lib\Verify::purge('owt', '3 MINUTE'); | 	Verify::purge('owt', '3 MINUTE'); | ||||||
|  |  | ||||||
| 	$ob_hash = \Zotlabs\Lib\Verify::get_meta('owt', 0, $token); | 	$key = Verify::get_meta('owt', 0, $token); | ||||||
|  |  | ||||||
| 	if($ob_hash === false) { | 	if($key === false) { | ||||||
|  | 		return; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	$parts = explode(',',$key,2); | ||||||
|  | 	if(count($parts) < 2) { | ||||||
| 		return; | 		return; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash | 	$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash | ||||||
| 		where hubloc_addr = '%s' order by hubloc_id desc", | 		where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc", | ||||||
| 		dbesc($ob_hash) | 		dbesc($parts[0]), | ||||||
|  | 		dbesc($parts[1]) | ||||||
| 	); | 	); | ||||||
|  |  | ||||||
| 	if(! $r) { | 	if(! $r) { | ||||||
|  |  | ||||||
| 		// finger them if they can't be found. | 		// finger them if they can't be found. | ||||||
| 		$j = \Zotlabs\Zot\Finger::run($ob_hash, null); | 		// @todo check that this is still needed. Discovery should have been performed in the Owa module. | ||||||
|  | 		 | ||||||
|  | 		$j = \Zotlabs\Zot\Finger::run($parts[1], null); | ||||||
| 		if ($j['success']) { | 		if ($j['success']) { | ||||||
| 			import_xchan($j); | 			import_xchan($j); | ||||||
| 			$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash | 			$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash | ||||||
| 				where hubloc_addr = '%s' order by hubloc_id desc", | 				where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc", | ||||||
| 				dbesc($ob_hash) | 				dbesc($parts[0]), | ||||||
|  | 				dbesc($parts[1]) | ||||||
| 			); | 			); | ||||||
| 		} | 		} | ||||||
| 	} | 	} | ||||||
| 	if(! $r) { | 	if(! $r) { | ||||||
| 		logger('owt: unable to finger ' . $ob_hash); | 		logger('owt: unable to finger ' . $key); | ||||||
| 		return; | 		return; | ||||||
| 	} | 	} | ||||||
|  | 	 | ||||||
| 	$hubloc = $r[0]; | 	$hubloc = $r[0]; | ||||||
|  |  | ||||||
| 	$_SESSION['authenticated'] = 1; | 	$_SESSION['authenticated'] = 1; | ||||||
| @@ -332,7 +344,7 @@ function owt_init($token) { | |||||||
|  |  | ||||||
| 	$arr = [ | 	$arr = [ | ||||||
| 			'xchan' => $hubloc, | 			'xchan' => $hubloc, | ||||||
| 			'url' => \App::$query_string, | 			'url' => App::$query_string, | ||||||
| 			'session' => $_SESSION | 			'session' => $_SESSION | ||||||
| 	]; | 	]; | ||||||
| 	/** | 	/** | ||||||
| @@ -344,11 +356,11 @@ function owt_init($token) { | |||||||
| 	 */ | 	 */ | ||||||
| 	call_hooks('magic_auth_success', $arr); | 	call_hooks('magic_auth_success', $arr); | ||||||
|  |  | ||||||
| 	\App::set_observer($hubloc); | 	App::set_observer($hubloc); | ||||||
| 	require_once('include/security.php'); | 	require_once('include/security.php'); | ||||||
| 	\App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); | 	App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); | ||||||
| 	if(! get_config('system', 'hide_owa_greeting')) | 	if(! get_config('system', 'hide_owa_greeting')) | ||||||
| 		info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); | 		info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),App::get_hostname(), $hubloc['xchan_name'])); | ||||||
|  |  | ||||||
| 	logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); | 	logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); | ||||||
| } | } | ||||||
| @@ -384,7 +396,9 @@ function observer_auth($ob_hash) { | |||||||
| 		return; | 		return; | ||||||
| 	} | 	} | ||||||
|  |  | ||||||
| 	$hubloc = $r[0]; | 	// Note: this has no Libzot namespace so prefers zot over zot6 | ||||||
|  | 	 | ||||||
|  | 	$hubloc = zot_record_preferred($r); | ||||||
|  |  | ||||||
| 	$_SESSION['authenticated'] = 1; | 	$_SESSION['authenticated'] = 1; | ||||||
|  |  | ||||||
| @@ -395,8 +409,8 @@ function observer_auth($ob_hash) { | |||||||
| 	$_SESSION['remote_hub'] = $hubloc['hubloc_url']; | 	$_SESSION['remote_hub'] = $hubloc['hubloc_url']; | ||||||
| 	$_SESSION['DNT'] = 1; | 	$_SESSION['DNT'] = 1; | ||||||
|  |  | ||||||
| 	\App::set_observer($hubloc); | 	App::set_observer($hubloc); | ||||||
| 	require_once('include/security.php'); | 	require_once('include/security.php'); | ||||||
| 	\App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); | 	App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); | ||||||
|  |  | ||||||
| } | } | ||||||
|   | |||||||
| @@ -5286,3 +5286,25 @@ function zot_reply_notify($data) { | |||||||
| 	$ret['success'] = true; | 	$ret['success'] = true; | ||||||
| 	json_return_and_die($ret); | 	json_return_and_die($ret); | ||||||
| } | } | ||||||
|  |  | ||||||
|  |  | ||||||
|  | function zot_record_preferred($arr, $check = 'hubloc_network') { | ||||||
|  |  | ||||||
|  | 	if(! $arr) { | ||||||
|  | 		return $arr; | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	foreach($arr as $v) { | ||||||
|  | 		if($v[$check] === 'zot') { | ||||||
|  | 			return $v; | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  | 	foreach($arr as $v) { | ||||||
|  | 		if($v[$check] === 'zot6') { | ||||||
|  | 			return $v; | ||||||
|  | 		} | ||||||
|  | 	} | ||||||
|  |  | ||||||
|  | 	return $arr[0]; | ||||||
|  |  | ||||||
|  | } | ||||||
|   | |||||||
		Reference in New Issue
	
	Block a user