minor oauth2 updates - renamed zot webbie to 'webfinger' and zothash to 'portable_id', fixed/simplified cgi auth mode
This commit is contained in:
zotlabs
parent
db1a546aba
commit
4fdf5d28ca
@ -55,15 +55,22 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$a = q("select * from account where account_id = %d",
|
||||||
|
intval($x['channel_account_id'])
|
||||||
|
);
|
||||||
|
|
||||||
|
$n = explode(' ', $x['channel_name']);
|
||||||
|
|
||||||
return( [
|
return( [
|
||||||
'webbie' => $x['channel_address'].'@'.\App::get_hostname(),
|
'webfinger' => channel_reddress($x),
|
||||||
'zothash' => $x['channel_hash'],
|
'portable_id' => $x['channel_hash'],
|
||||||
|
'email' => $a['account_email'],
|
||||||
'username' => $x['channel_address'],
|
'username' => $x['channel_address'],
|
||||||
'user_id' => $x['channel_id'],
|
'user_id' => $x['channel_id'],
|
||||||
'name' => $x['channel_name'],
|
'name' => $x['channel_name'],
|
||||||
'firstName' => $x['channel_name'],
|
'firstName' => ((count($n) > 1) ? $n[1] : $n[0]),
|
||||||
'lastName' => '',
|
'lastName' => ((count($n) > 2) ? $n[count($n) - 1] : ''),
|
||||||
'password' => 'NotARealPassword'
|
'picture' => $x['xchan_photo_l']
|
||||||
] );
|
] );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -91,12 +98,16 @@ class OAuth2Storage extends \OAuth2\Storage\Pdo {
|
|||||||
|
|
||||||
$userClaims = Array();
|
$userClaims = Array();
|
||||||
$claims = explode (' ', trim($claims));
|
$claims = explode (' ', trim($claims));
|
||||||
$validclaims = Array ("name","preferred_username","zothash");
|
$validclaims = Array ("name","preferred_username","webfinger","portable_id","email","picture","firstName","lastName");
|
||||||
$claimsmap = Array (
|
$claimsmap = Array (
|
||||||
"zotwebbie" => 'webbie',
|
"webfinger" => 'webfinger',
|
||||||
"zothash" => 'zothash',
|
"portable_id" => 'portable_id',
|
||||||
"name" => 'name',
|
"name" => 'name',
|
||||||
"preferred_username" => "username"
|
"email" => 'email',
|
||||||
|
"preferred_username" => 'username',
|
||||||
|
"picture" => 'picture',
|
||||||
|
"given_name" => 'firstName',
|
||||||
|
"family_name" => 'lastName'
|
||||||
);
|
);
|
||||||
$userinfo = $this->getUser($user_id);
|
$userinfo = $this->getUser($user_id);
|
||||||
foreach ($validclaims as $validclaim) {
|
foreach ($validclaims as $validclaim) {
|
||||||
|
|||||||
@ -14,9 +14,9 @@ class Authorize extends \Zotlabs\Web\Controller {
|
|||||||
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
|
// OpenID Connect Dynamic Client Registration 1.0 Client Metadata
|
||||||
// http://openid.net/specs/openid-connect-registration-1_0.html
|
// http://openid.net/specs/openid-connect-registration-1_0.html
|
||||||
$app = array(
|
$app = array(
|
||||||
'name' => (x($_REQUEST, 'client_name') ? urldecode($_REQUEST['client_name']) : t('Unknown App')),
|
'name' => (x($_REQUEST, 'client_id') ? $_REQUEST['client_id'] : t('Unknown App')),
|
||||||
'icon' => (x($_REQUEST, 'logo_uri') ? urldecode($_REQUEST['logo_uri']) : z_root() . '/images/icons/plugin.png'),
|
'icon' => (x($_REQUEST, 'logo_uri') ? $_REQUEST['logo_uri'] : z_root() . '/images/icons/plugin.png'),
|
||||||
'url' => (x($_REQUEST, 'client_uri') ? urldecode($_REQUEST['client_uri']) : ''),
|
'url' => (x($_REQUEST, 'client_uri') ? $_REQUEST['client_uri'] : ''),
|
||||||
);
|
);
|
||||||
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
|
$o .= replace_macros(get_markup_template('oauth_authorize.tpl'), array(
|
||||||
'$title' => t('Authorize'),
|
'$title' => t('Authorize'),
|
||||||
|
|||||||
@ -12,7 +12,13 @@ function api_login(&$a){
|
|||||||
|
|
||||||
require_once('include/oauth.php');
|
require_once('include/oauth.php');
|
||||||
|
|
||||||
|
|
||||||
|
if(array_key_exists('REDIRECT_REMOTE_USER',$_SERVER) && (! array_key_exists('HTTP_AUTHORIZATION',$_SERVER))) {
|
||||||
|
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER['REDIRECT_REMOTE_USER'];
|
||||||
|
}
|
||||||
|
|
||||||
// login with oauth
|
// login with oauth
|
||||||
|
|
||||||
try {
|
try {
|
||||||
// OAuth 2.0
|
// OAuth 2.0
|
||||||
$storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db);
|
$storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db);
|
||||||
@ -66,32 +72,27 @@ function api_login(&$a){
|
|||||||
logger($e->getMessage());
|
logger($e->getMessage());
|
||||||
}
|
}
|
||||||
|
|
||||||
// workarounds for HTTP-auth in CGI mode
|
|
||||||
|
|
||||||
foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
|
if(array_key_exists('HTTP_AUTHORIZATION',$_SERVER)) {
|
||||||
|
|
||||||
/* Basic authentication */
|
/* Basic authentication */
|
||||||
|
|
||||||
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
|
if (substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,5) === 'Basic') {
|
||||||
$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
|
$userpass = @base64_decode(substr(trim($_SERVER['HTTP_AUTHORIZATION']),6)) ;
|
||||||
if(strlen($userpass)) {
|
if(strlen($userpass)) {
|
||||||
list($name, $password) = explode(':', $userpass);
|
list($name, $password) = explode(':', $userpass);
|
||||||
$_SERVER['PHP_AUTH_USER'] = $name;
|
$_SERVER['PHP_AUTH_USER'] = $name;
|
||||||
$_SERVER['PHP_AUTH_PW'] = $password;
|
$_SERVER['PHP_AUTH_PW'] = $password;
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Signature authentication */
|
/* OpenWebAuth */
|
||||||
|
|
||||||
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
|
if(substr(trim($_SERVER['HTTP_AUTHORIZATION']),0,9) === 'Signature') {
|
||||||
|
|
||||||
if($head !== 'HTTP_AUTHORIZATION') {
|
$record = null;
|
||||||
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
|
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER['HTTP_AUTHORIZATION']);
|
||||||
if($sigblock) {
|
if($sigblock) {
|
||||||
$keyId = str_replace('acct:','',$sigblock['keyId']);
|
$keyId = str_replace('acct:','',$sigblock['keyId']);
|
||||||
if($keyId) {
|
if($keyId) {
|
||||||
@ -108,24 +109,14 @@ function api_login(&$a){
|
|||||||
$record = [ 'channel' => $c, 'account' => $a[0] ];
|
$record = [ 'channel' => $c, 'account' => $a[0] ];
|
||||||
$channel_login = $c['channel_id'];
|
$channel_login = $c['channel_id'];
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
else {
|
|
||||||
continue;
|
|
||||||
}
|
|
||||||
|
|
||||||
if($record) {
|
if($record) {
|
||||||
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
|
$verified = \Zotlabs\Web\HTTPSig::verify('',$record['channel']['channel_pubkey']);
|
||||||
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
|
if(! ($verified && $verified['header_signed'] && $verified['header_valid'])) {
|
||||||
$record = null;
|
$record = null;
|
||||||
}
|
}
|
||||||
break;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -137,7 +128,7 @@ function api_login(&$a){
|
|||||||
|
|
||||||
// process normal login request
|
// process normal login request
|
||||||
|
|
||||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
if(isset($_SERVER['PHP_AUTH_USER']) && (! $record)) {
|
||||||
$channel_login = 0;
|
$channel_login = 0;
|
||||||
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
|
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
|
||||||
if($record && $record['channel']) {
|
if($record && $record['channel']) {
|
||||||
|
|||||||
@ -25,3 +25,31 @@ X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
|||||||
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||||
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||||
-----END CERTIFICATE-----
|
-----END CERTIFICATE-----
|
||||||
|
|
||||||
|
-----BEGIN CERTIFICATE-----
|
||||||
|
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
|
||||||
|
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
|
||||||
|
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
|
||||||
|
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
|
||||||
|
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
|
||||||
|
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
|
||||||
|
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8
|
||||||
|
SMx+yk13EiSdRxta67nsHjcAHJyse6cF6s5K671B5TaYucv9bTyWaN8jKkKQDIZ0
|
||||||
|
Z8h/pZq4UmEUEz9l6YKHy9v6Dlb2honzhT+Xhq+w3Brvaw2VFn3EK6BlspkENnWA
|
||||||
|
a6xK8xuQSXgvopZPKiAlKQTGdMDQMc2PMTiVFrqoM7hD8bEfwzB/onkxEz0tNvjj
|
||||||
|
/PIzark5McWvxI0NHWQWM6r6hCm21AvA2H3DkwIDAQABo4IBfTCCAXkwEgYDVR0T
|
||||||
|
AQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAYYwfwYIKwYBBQUHAQEEczBxMDIG
|
||||||
|
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
|
||||||
|
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
|
||||||
|
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
|
||||||
|
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
|
||||||
|
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
|
||||||
|
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
|
||||||
|
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
|
||||||
|
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
|
||||||
|
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
|
||||||
|
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
|
||||||
|
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
|
||||||
|
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
|
||||||
|
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
|
||||||
|
-----END CERTIFICATE-----
|
||||||
|
|||||||
Reference in New Issue
Block a user