harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

owa - first commit

Browse Source
This commit is contained in:
zotlabs 2017-09-07 17:56:02 -07:00
parent 23e774db8e
commit 61f339a874
7 changed files with 186 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
Zotlabs/Module/Magic.php
View File

@ -17,6 +17,7 @@ class Magic extends \Zotlabs\Web\Controller {
$dest = ((x($_REQUEST,'dest')) ? $_REQUEST['dest'] : '');
$test = ((x($_REQUEST,'test')) ? intval($_REQUEST['test']) : 0);
$rev = ((x($_REQUEST,'rev')) ? intval($_REQUEST['rev']) : 0);
$owa = ((x($_REQUEST,'owa')) ? intval($_REQUEST['owa']) : 0);
$delegate = ((x($_REQUEST,'delegate')) ? $_REQUEST['delegate'] : '');
$parsed = parse_url($dest);
@ -132,12 +133,41 @@ class Magic extends \Zotlabs\Web\Controller {
if(local_channel()) {
$channel = \App::get_channel();
// OpenWebAuth
if($owa) {
$headers = [];
$headers['Accept'] = 'application/x-zot+json' ;
$headers['X-Open-Web-Auth'] = random_string();
$headers = \Zotlabs\Web\HTTPSig::create_sig('',$headers,$channel['channel_prvkey'],
'acct:' . $channel['channel_address'] . '@' . \App::get_hostname(),false,true,'sha512');
$x = z_fetch_url($basepath . '/owa',false,$redirects,[ 'headers' => $headers ]);
if($x['success']) {
$j = json_decode($x['body'],true);
if($j['success'] && $j['token']) {
$x = strpbrk($dest,'?&');
$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
goaway($dest . $args);
}
}
goaway($dest);
}
$token = random_string();
// $token_sig = base64url_encode(rsa_sign($token,$channel['channel_prvkey']));
// $channel['token'] = $token;
// $channel['token_sig'] = $token_sig;
\Zotlabs\Zot\Verify::create('auth',$channel['channel_id'],$token,$x[0]['hubloc_url']);
$target_url = $x[0]['hubloc_callback'] . '/?f=&auth=' . urlencode(channel_reddress($channel))

57
Zotlabs/Module/Owa.php Normal file
View File

@ -0,0 +1,57 @@
<?php
namespace Zotlabs\Module;
class Owa extends \Zotlabs\Web\Controller {
function init() {
foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,9) === 'Signature') {
if($head !== 'HTTP_AUTHORIZATION') {
$_SERVER['HTTP_AUTHORIZATION'] = $_SERVER[$head];
continue;
}
$sigblock = \Zotlabs\Web\HTTPSig::parse_sigheader($_SERVER[$head]);
if($sigblock) {
$keyId = $sigblock['keyId'];
if($keyId) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
where hubloc_addr = '%s' limit 1",
dbesc(str_replace('acct:','',$keyId))
);
if($r) {
$hubloc = $r[0];
$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
logger('verified: ' . print_r($verified,true));
if($verified && $verified['header_signed'] && $verified['header_valid']) {
$token = random_string(32);
\Zotlabs\Zot\Verify::create('owt',0,token,$r[0]['hubloc_hash']);
$x = json_encode([ 'success' => true, 'token' => $token ]);
header('Content-Type: application/x-zot+json');
echo $x;
killme();
}
}
}
}
$x = json_encode([ 'success' => false ]);
header('Content-Type: application/x-zot+json');
echo $x;
killme();
}
}
$x = json_encode([ 'success' => false ]);
header('Content-Type: application/x-zot+json');
echo $x;
killme();
}
}

4
Zotlabs/Module/Rmagic.php
View File

@ -18,7 +18,7 @@ class Rmagic extends \Zotlabs\Web\Controller {
if($r[0]['hubloc_url'] === z_root())
goaway(z_root() . '/login');
$dest = z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string);
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&dest=' . $dest);
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&owa=1&dest=' . $dest);
}
}
}
@ -63,7 +63,7 @@ class Rmagic extends \Zotlabs\Web\Controller {
else
$dest = urlencode(z_root() . '/' . str_replace('zid=','zid_=',\App::$query_string));
goaway($url . '/magic' . '?f=&dest=' . $dest);
goaway($url . '/magic' . '?f=&owa=1&dest=' . $dest);
}
}
}

8
Zotlabs/Web/HTTPSig.php
View File

@ -91,6 +91,9 @@ class HTTPSig {
if($sig_block['algorithm'] === 'rsa-sha256') {
$algorithm = 'sha256';
}
if($sig_block['algorithm'] === 'rsa-sha512') {
$algorithm = 'sha512';
}
if(! $key) {
$result['signer'] = $sig_block['keyId'];
@ -113,6 +116,8 @@ class HTTPSig {
$digest = explode('=', $headers['digest']);
if($digest[0] === 'SHA-256')
$hashalg = 'sha256';
if($digest[0] === 'SHA-512')
$hashalg = 'sha512';
// The explode operation will have stripped the '=' padding, so compare against unpadded base64
if(rtrim(base64_encode(hash($hashalg,$body,true)),'=') === $digest[1]) {
@ -164,6 +169,9 @@ class HTTPSig {
if($alg === 'sha256') {
$algorithm = 'rsa-sha256';
}
if($alg === 'sha512') {
$algorithm = 'rsa-sha512';
}
$x = self::sign($request,$head,$prvkey,$alg);

6
Zotlabs/Web/WebServer.php
View File

@ -70,6 +70,12 @@ class WebServer {
}
}
if((x($_REQUEST,'owt')) && (! \App::$install)) {
$token = $_REQUEST['owt'];
\App::$query_string = strip_query_param(\App::$query_string,'owt');
owt_init($token);
}
if((x($_SESSION, 'authenticated')) || (x($_POST, 'auth-params')) || (\App::$module === 'login'))
require('include/auth.php');

16
Zotlabs/Zot/Verify.php
View File

@ -31,6 +31,22 @@ class Verify {
return false;
}
function get_meta($type,$channel_id,$token) {
$r = q("select id from verify where vtype = '%s' and channel = %d and token = '%s' limit 1",
dbesc($type),
intval($channel_id),
dbesc($token)
);
if($r) {
q("delete from verify where id = %d",
intval($r[0]['id'])
);
return $r[0]['meta'];
}
return false;
}
function purge($type,$interval) {
q("delete from verify where vtype = '%s' and created < %s - INTERVAL %s",
dbesc($type),

66
include/zid.php
View File

@ -81,6 +81,10 @@ function zid($s,$address = '') {
}
function strip_query_param($s,$param) {
return preg_replace('/[\?&]' . $param . '=(.*?)(&|$)/ism','$2',$s);
}
function strip_zids($s) {
return preg_replace('/[\?&]zid=(.*?)(&|$)/ism','$2',$s);
}
@ -230,3 +234,65 @@ function red_zrlify_img_callback($matches) {
return $matches[0];
}
function owt_init($token) {
\Zotlabs\Zot\Verify::purge('owt','3 MINUTE');
$ob_hash = \Zotlabs\Zot\Verify::get_meta('owt',0,$token);
if($ob_hash === false) {
return;
}
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($ob_hash)
);
if(! $r) {
// finger them if they can't be found.
$j = Finger::run($ob_hash, null);
if ($j['success']) {
import_xchan($j);
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($ob_hash)
);
}
}
if(! $r) {
logger('owt: unable to finger ' . $ob_hash);
return;
}
$hubloc = $r[0];
$delegate_success = false;
if($_REQUEST['delegate']) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
dbesc($_REQUEST['delegate'])
);
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'],$hubloc['xchan_hash'],'delegate');
if($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $hubloc['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once('include/security.php');
// this will set the local_channel authentication in the session
change_channel($r[0]['channel_id']);
$delegate_success = true;
}
}
}
if (! $delegate_success) {
// normal visitor (remote_channel) login session credentials
$_SESSION['visitor_id'] = $hubloc['xchan_hash'];
$_SESSION['my_url'] = $hubloc['xchan_url'];
$_SESSION['my_address'] = $hubloc['hubloc_addr'];
$_SESSION['remote_hub'] = $hubloc['hubloc_url'];
$_SESSION['DNT'] = 1;
}
logger('owa success!');
}