harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

hubloc confusion during magic auth where hublocs with more than one network may exist

Browse Source
This commit is contained in:
zotlabs 2019-04-24 16:21:59 -07:00
parent 831b9d4433
commit c88286556a
6 changed files with 90 additions and 28 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
Zotlabs/Lib/Libzot.php
View File

@ -3107,7 +3107,11 @@ class Libzot {
foreach($arr as $v) { foreach($arr as $v) {
if($v[$check] === 'zot6') { if($v[$check] === 'zot6') {
return $v;
}
}
foreach($arr as $v) {
if($v[$check] === 'zot') {
return $v; return $v;
} }
} }

4
Zotlabs/Module/Magic.php
View File

@ -169,8 +169,8 @@ class Magic extends \Zotlabs\Web\Controller {
$token = $j['token']; $token = $j['token'];
} }
$x = strpbrk($dest,'?&'); $strp = strpbrk($dest,'?&');
$args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : ''); $args = (($strp) ? '&owt=' . $token : '?f=&owt=' . $token) . (($delegate) ? '&delegate=1' : '');
goaway($dest . $args); goaway($dest . $args);
} }
} }

26
Zotlabs/Module/Owa.php
View File

@ -30,12 +30,29 @@ class Owa extends \Zotlabs\Web\Controller {
$keyId = $sigblock['keyId']; $keyId = $sigblock['keyId'];
if($keyId) { if($keyId) {
// Hubzilla connections can have both zot and zot6 hublocs
// The connections will usually be zot so match those first
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) ", where ( hubloc_addr = '%s' or hubloc_id_url = '%s' ) and hubloc_network = 'zot' ",
dbesc(str_replace('acct:','',$keyId)), dbesc(str_replace('acct:','',$keyId)),
dbesc($keyId) dbesc($keyId)
); );
if(! $r) {
// If nothing was found, try searching on any network
if (! $r) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
where ( hubloc_addr = '%s' or hubloc_id_url = '%s' )",
dbesc(str_replace('acct:','',$keyId)),
dbesc($keyId)
);
}
// If nothing was found on any network, use network discovery and create a new record
if (! $r) {
$found = discover_by_webbie(str_replace('acct:','',$keyId)); $found = discover_by_webbie(str_replace('acct:','',$keyId));
if($found) { if($found) {
$r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash $r = q("select * from hubloc left join xchan on hubloc_hash = xchan_hash
@ -45,7 +62,8 @@ class Owa extends \Zotlabs\Web\Controller {
); );
} }
} }
if($r) {
if ($r) {
foreach($r as $hubloc) { foreach($r as $hubloc) {
$verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']); $verified = \Zotlabs\Web\HTTPSig::verify(file_get_contents('php://input'),$hubloc['xchan_pubkey']);
if($verified && $verified['header_signed'] && $verified['header_valid']) { if($verified && $verified['header_signed'] && $verified['header_valid']) {
@ -53,7 +71,7 @@ class Owa extends \Zotlabs\Web\Controller {
logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA); logger('OWA success: ' . $hubloc['hubloc_addr'],LOGGER_DATA);
$ret['success'] = true; $ret['success'] = true;
$token = random_string(32); $token = random_string(32);
\Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_addr']); \Zotlabs\Lib\Verify::create('owt',0,$token,$hubloc['hubloc_network'] . ',' . $hubloc['hubloc_addr']);
$result = ''; $result = '';
openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']); openssl_public_encrypt($token,$result,$hubloc['xchan_pubkey']);
$ret['encrypted_token'] = base64url_encode($result); $ret['encrypted_token'] = base64url_encode($result);

11
include/channel.php
View File

@ -1812,13 +1812,16 @@ function zid_init() {
call_hooks('zid_init', $arr); call_hooks('zid_init', $arr);
if(! local_channel()) { if(! local_channel()) {
$r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc limit 1", $r = q("select * from hubloc where hubloc_addr = '%s' order by hubloc_connected desc",
dbesc($tmp_str) dbesc($tmp_str)
); );
if(! $r) { if(! $r) {
Master::Summon(array('Gprobe',bin2hex($tmp_str))); Master::Summon(array('Gprobe',bin2hex($tmp_str)));
} }
if($r && remote_channel() && remote_channel() === $r[0]['hubloc_hash']) if($r) {
$r = zot_record_preferred($r);
}
if($r && remote_channel() && remote_channel() === $r['hubloc_hash'])
return; return;
logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str); logger('Not authenticated. Invoking reverse magic-auth for ' . $tmp_str);
@ -1826,8 +1829,8 @@ function zid_init() {
$query = App::$query_string; $query = App::$query_string;
$query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query); $query = str_replace(array('?zid=','&zid='),array('?rzid=','&rzid='),$query);
$dest = '/' . $query; $dest = '/' . $query;
if($r && ($r[0]['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) { if($r && ($r['hubloc_url'] != z_root()) && (! strstr($dest,'/magic')) && (! strstr($dest,'/rmagic'))) {
goaway($r[0]['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest)); goaway($r['hubloc_url'] . '/magic' . '?f=&rev=1&owa=1&bdest=' . bin2hex(z_root() . $dest));
} }
else else
logger('No hubloc found.'); logger('No hubloc found.');

49
include/zid.php
View File

@ -1,5 +1,7 @@
<?php <?php
use App;
use Zotlabs\Lib\Verify;
function is_matrix_url($url) { function is_matrix_url($url) {
@ -270,34 +272,45 @@ function red_zrlify_img_callback($matches) {
*/ */
function owt_init($token) { function owt_init($token) {
\Zotlabs\Lib\Verify::purge('owt', '3 MINUTE'); Verify::purge('owt', '3 MINUTE');
$ob_hash = \Zotlabs\Lib\Verify::get_meta('owt', 0, $token); $key = Verify::get_meta('owt', 0, $token);
if($ob_hash === false) { if($key === false) {
return;
}
$parts = explode(',',$key,2);
if(count($parts) < 2) {
return; return;
} }
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
where hubloc_addr = '%s' order by hubloc_id desc", where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc",
dbesc($ob_hash) dbesc($parts[0]),
dbesc($parts[1])
); );
if(! $r) { if(! $r) {
// finger them if they can't be found. // finger them if they can't be found.
$j = \Zotlabs\Zot\Finger::run($ob_hash, null); // @todo check that this is still needed. Discovery should have been performed in the Owa module.
$j = \Zotlabs\Zot\Finger::run($parts[1], null);
if ($j['success']) { if ($j['success']) {
import_xchan($j); import_xchan($j);
$r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash $r = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash
where hubloc_addr = '%s' order by hubloc_id desc", where hubloc_network = '%s' and hubloc_addr = '%s' order by hubloc_id desc",
dbesc($ob_hash) dbesc($parts[0]),
dbesc($parts[1])
); );
} }
} }
if(! $r) { if(! $r) {
logger('owt: unable to finger ' . $ob_hash); logger('owt: unable to finger ' . $key);
return; return;
} }
$hubloc = $r[0]; $hubloc = $r[0];
$_SESSION['authenticated'] = 1; $_SESSION['authenticated'] = 1;
@ -324,7 +337,7 @@ function owt_init($token) {
if (! $delegate_success) { if (! $delegate_success) {
// normal visitor (remote_channel) login session credentials // normal visitor (remote_channel) login session credentials
$_SESSION['visitor_id'] = $hubloc['xchan_hash']; $_SESSION['visitor_id'] = $hubloc['xchan_hash'];
$_SESSION['my_url'] = $hubloc['xchan_url']; $_SESSION['my_url'] = $hubloc['xchan_url'];
$_SESSION['my_address'] = $hubloc['hubloc_addr']; $_SESSION['my_address'] = $hubloc['hubloc_addr'];
$_SESSION['remote_hub'] = $hubloc['hubloc_url']; $_SESSION['remote_hub'] = $hubloc['hubloc_url'];
$_SESSION['DNT'] = 1; $_SESSION['DNT'] = 1;
@ -332,7 +345,7 @@ function owt_init($token) {
$arr = [ $arr = [
'xchan' => $hubloc, 'xchan' => $hubloc,
'url' => \App::$query_string, 'url' => App::$query_string,
'session' => $_SESSION 'session' => $_SESSION
]; ];
/** /**
@ -344,11 +357,11 @@ function owt_init($token) {
*/ */
call_hooks('magic_auth_success', $arr); call_hooks('magic_auth_success', $arr);
\App::set_observer($hubloc); App::set_observer($hubloc);
require_once('include/security.php'); require_once('include/security.php');
\App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
if(! get_config('system', 'hide_owa_greeting')) if(! get_config('system', 'hide_owa_greeting'))
info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),\App::get_hostname(), $hubloc['xchan_name'])); info(sprintf( t('OpenWebAuth: %1$s welcomes %2$s'),App::get_hostname(), $hubloc['xchan_name']));
logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']); logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']);
} }
@ -384,7 +397,9 @@ function observer_auth($ob_hash) {
return; return;
} }
$hubloc = $r[0]; // Note: this has no Libzot namespace so prefers zot over zot6
$hubloc = zot_record_preferred($r);
$_SESSION['authenticated'] = 1; $_SESSION['authenticated'] = 1;
@ -395,8 +410,8 @@ function observer_auth($ob_hash) {
$_SESSION['remote_hub'] = $hubloc['hubloc_url']; $_SESSION['remote_hub'] = $hubloc['hubloc_url'];
$_SESSION['DNT'] = 1; $_SESSION['DNT'] = 1;
\App::set_observer($hubloc); App::set_observer($hubloc);
require_once('include/security.php'); require_once('include/security.php');
\App::set_groups(init_groups_visitor($_SESSION['visitor_id'])); App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
} }

22
include/zot.php
View File

@ -5286,3 +5286,25 @@ function zot_reply_notify($data) {
$ret['success'] = true; $ret['success'] = true;
json_return_and_die($ret); json_return_and_die($ret);
} }
function zot_record_preferred($arr, $check = 'hubloc_network') {
if(! $arr) {
return $arr;
}
foreach($arr as $v) {
if($v[$check] === 'zot') {
return $v;
}
}
foreach($arr as $v) {
if($v[$check] === 'zot6') {
return $v;
}
}
return $arr[0];
}