harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'upstream/master'

Browse Source
This commit is contained in:
Haakon Meland Eriksen 2015-09-22 07:34:42 +02:00
commit cbd7f89066
7 changed files with 189 additions and 147 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
include/items.php
View File

@ -4417,6 +4417,18 @@ function delete_item_lowlevel($item, $stage = DROPITEM_NORMAL, $force = false) {
intval($item['uid']) intval($item['uid'])
); );
// remove delivery reports
$c = q("select channel_hash from channel where channel_id = %d limit 1",
intval($item['uid'])
);
if($c) {
q("delete from dreport where dreport_xchan = '%s' and dreport_mid = '%s'",
dbesc($c[0]['channel_hash']),
dbesc($item['mid'])
);
}
// network deletion request. Keep the message structure so that we can deliver delete notifications. // network deletion request. Keep the message structure so that we can deliver delete notifications.
// Come back after several days (or perhaps a month) to do the lowlevel delete (DROPITEM_PHASE2). // Come back after several days (or perhaps a month) to do the lowlevel delete (DROPITEM_PHASE2).

15
include/zot.php
View File

@ -957,6 +957,21 @@ function zot_process_response($hub, $arr, $outq) {
logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA); logger('zot_process_response: headers: ' . print_r($arr['header'],true), LOGGER_DATA);
} }
if(array_key_exists('delivery_report',$x)) {
foreach($x['delivery_report'] as $xx) {
if(is_array($xx) && array_key_exists('message_id',$xx)) {
q("insert into dreport ( dreport_mid, dreport_site, dreport_recip, dreport_result, dreport_time, dreport_xchan ) values ( '%s', '%s','%s','%s','%s','%s' ) ",
dbesc($xx['message_id']),
dbesc($xx['location']),
dbesc($xx['recipient']),
dbesc($xx['status']),
dbesc(datetime_convert($xx['date'])),
dbesc($xx['sender'])
);
}
}
}
// update the timestamp for this site // update the timestamp for this site
q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'", q("update site set site_dead = 0, site_update = '%s' where site_url = '%s'",

34
mod/cloud.php
View File

@ -73,6 +73,8 @@ function cloud_init(&$a) {
$server->addPlugin($lockPlugin); $server->addPlugin($lockPlugin);
/* This next bit should no longer be needed... */
// The next section of code allows us to bypass prompting for http-auth if a // The next section of code allows us to bypass prompting for http-auth if a
// FILE is being accessed anonymously and permissions allow this. This way // FILE is being accessed anonymously and permissions allow this. This way
// one can create hotlinks to public media files in their cloud and anonymous // one can create hotlinks to public media files in their cloud and anonymous
@ -83,24 +85,24 @@ function cloud_init(&$a) {
// In order to avoid prompting for passwords for viewing a DIRECTORY, add // In order to avoid prompting for passwords for viewing a DIRECTORY, add
// the URL query parameter 'davguest=1'. // the URL query parameter 'davguest=1'.
$isapublic_file = false; // $isapublic_file = false;
$davguest = ((x($_SESSION, 'davguest')) ? true : false); // $davguest = ((x($_SESSION, 'davguest')) ? true : false);
if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) { // if ((! $auth->observer) && ($_SERVER['REQUEST_METHOD'] === 'GET')) {
try { // try {
$x = RedFileData('/' . $a->cmd, $auth); // $x = RedFileData('/' . $a->cmd, $auth);
if($x instanceof RedDAV\RedFile) // if($x instanceof RedDAV\RedFile)
$isapublic_file = true; // $isapublic_file = true;
} // }
catch (Exception $e) { // catch (Exception $e) {
$isapublic_file = false; // $isapublic_file = false;
} // }
} // }
if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) { // if ((! $auth->observer) && (! $isapublic_file) && (! $davguest)) {
logger('mod_cloud: auth exception'); // logger('mod_cloud: auth exception');
http_status_exit(401, 'Permission denied.'); // http_status_exit(401, 'Permission denied.');
} // }
require_once('include/RedDAV/RedBrowser.php'); require_once('include/RedDAV/RedBrowser.php');
// provide a directory view for the cloud in Hubzilla // provide a directory view for the cloud in Hubzilla

15
mod/locs.php
View File

@ -50,8 +50,17 @@ function locs_post(&$a) {
return; return;
} }
if(intval($r[0]['hubloc_primary'])) { if(intval($r[0]['hubloc_primary'])) {
notice( t('Primary location cannot be removed.') . EOL); $x = q("select hubloc_id from hubloc where hubloc_primary = 1 and hubloc_hash = '%s'",
return; dbesc($channel['channel_hash'])
);
if(! $x) {
notice( t('Location lookup failed.'));
return;
}
if(count($x) == 1) {
notice( t('Please select another location to become primary before removing the primary location.') . EOL);
return;
}
} }
$r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'", $r = q("update hubloc set hubloc_deleted = 1 where hubloc_id = %d and hubloc_hash = '%s'",
@ -91,8 +100,6 @@ function locs_content(&$a) {
$r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false); $r[$x]['deleted'] = (intval($r[$x]['hubloc_deleted']) ? true : false);
} }
$o = replace_macros(get_markup_template('locmanage.tpl'), array( $o = replace_macros(get_markup_template('locmanage.tpl'), array(
'$header' => t('Manage Channel Locations'), '$header' => t('Manage Channel Locations'),
'$loc' => t('Location (address)'), '$loc' => t('Location (address)'),

256
mod/post.php
View File

@ -117,7 +117,7 @@ function post_init(&$a) {
} }
// Try and find a hubloc for the person attempting to auth // Try and find a hubloc for the person attempting to auth
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($address) dbesc($address)
); );
@ -128,7 +128,7 @@ function post_init(&$a) {
$j = json_decode($ret['body'], true); $j = json_decode($ret['body'], true);
if ($j) if ($j)
import_xchan($j); import_xchan($j);
$x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc limit 1", $x = q("select * from hubloc left join xchan on xchan_hash = hubloc_hash where hubloc_addr = '%s' order by hubloc_id desc",
dbesc($address) dbesc($address)
); );
} }
@ -144,152 +144,159 @@ function post_init(&$a) {
goaway($desturl); goaway($desturl);
} }
logger('mod_zot: auth request received from ' . $x[0]['hubloc_addr'] );
// check credentials and access foreach($x as $xx) {
logger('mod_zot: auth request received from ' . $xx['hubloc_addr'] );
// If they are already authenticated and haven't changed credentials, // check credentials and access
// we can save an expensive network round trip and improve performance.
$remote = remote_channel(); // If they are already authenticated and haven't changed credentials,
$result = null; // we can save an expensive network round trip and improve performance.
$remote_service_class = '';
$remote_level = 0;
$remote_hub = $x[0]['hubloc_url'];
$DNT = 0;
// Also check that they are coming from the same site as they authenticated with originally. $remote = remote_channel();
$result = null;
$remote_service_class = '';
$remote_level = 0;
$remote_hub = $xx['hubloc_url'];
$DNT = 0;
$already_authed = ((($remote) && ($x[0]['hubloc_hash'] == $remote) && ($x[0]['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false); // Also check that they are coming from the same site as they authenticated with originally.
if($delegate && $delegate !== $_SESSION['delegate_channel'])
$already_authed = false;
$j = array(); $already_authed = ((($remote) && ($xx['hubloc_hash'] == $remote) && ($xx['hubloc_url'] === $_SESSION['remote_hub'])) ? true : false);
if($delegate && $delegate !== $_SESSION['delegate_channel'])
$already_authed = false;
if (! $already_authed) { $j = array();
// Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key if (! $already_authed) {
// The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender
// which can be verified // Auth packets MUST use ultra top-secret hush-hush mode - e.g. the entire packet is encrypted using the site private key
// The actual channel sending the packet ($c[0]) is not important, but this provides a generic zot packet with a sender
// which can be verified
$p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig'])), $x[0]['hubloc_sitekey'], $sec); $p = zot_build_packet($c[0],$type = 'auth_check', array(array('guid' => $xx['hubloc_guid'],'guid_sig' => $xx['hubloc_guid_sig'])), $xx['hubloc_sitekey'], $sec);
if ($test) {
$ret['message'] .= 'auth check packet created using sitekey ' . $x[0]['hubloc_sitekey'] . EOL;
$ret['message'] .= 'packet contents: ' . $p . EOL;
}
$result = zot_zot($x[0]['hubloc_callback'],$p);
if (! $result['success']) {
logger('mod_zot: auth_check callback failed.');
if ($test) { if ($test) {
$ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL; $ret['message'] .= 'auth check packet created using sitekey ' . $xx['hubloc_sitekey'] . EOL;
json_return_and_die($ret); $ret['message'] .= 'packet contents: ' . $p . EOL;
} }
goaway($desturl); $result = zot_zot($xx['hubloc_callback'],$p);
}
$j = json_decode($result['body'], true);
if (! $j) {
logger('mod_zot: auth_check json data malformed.');
if($test) {
$ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
json_return_and_die($ret);
}
}
}
if ($test) { if (! $result['success']) {
$ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL; logger('mod_zot: auth_check callback failed.');
}
if ($already_authed || $j['success']) {
if ($j['success']) {
// legit response, but we do need to check that this wasn't answered by a man-in-middle
if (! rsa_verify($sec . $x[0]['xchan_hash'],base64url_decode($j['confirm']),$x[0]['xchan_pubkey'])) {
logger('mod_zot: auth: final confirmation failed.');
if ($test) { if ($test) {
$ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($x[0],true); $ret['message'] .= 'auth check request to your site returned .' . print_r($result, true) . EOL;
json_return_and_die($ret); continue;
} }
continue;
goaway($desturl);
} }
if (array_key_exists('service_class',$j)) $j = json_decode($result['body'], true);
$remote_service_class = $j['service_class']; if (! $j) {
if (array_key_exists('level',$j)) logger('mod_zot: auth_check json data malformed.');
$remote_level = $j['level']; if($test) {
if (array_key_exists('DNT',$j)) $ret['message'] .= 'json malformed: ' . $result['body'] . EOL;
$DNT = $j['DNT']; continue;
}
// everything is good... maybe
if(local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $x[0]['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
json_return_and_die($ret);
} }
} }
goaway($desturl);
} }
// log them in
if ($test) { if ($test) {
$ret['success'] = true; $ret['message'] .= 'auth check request returned .' . print_r($j, true) . EOL;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
} }
$delegation_success = false; if ($already_authed || $j['success']) {
if ($delegate) { if ($j['success']) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1", // legit response, but we do need to check that this wasn't answered by a man-in-middle
dbesc($delegate) if (! rsa_verify($sec . $xx['xchan_hash'],base64url_decode($j['confirm']),$xx['xchan_pubkey'])) {
); logger('mod_zot: auth: final confirmation failed.');
if ($r && intval($r[0]['channel_id'])) { if ($test) {
$allowed = perm_is_allowed($r[0]['channel_id'],$x[0]['xchan_hash'],'delegate'); $ret['message'] .= 'final confirmation failed. ' . $sec . print_r($j,true) . print_r($xx,true);
if ($allowed) { continue;
$_SESSION['delegate_channel'] = $r[0]['channel_id']; }
$_SESSION['delegate'] = $x[0]['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']); continue;
require_once('include/security.php'); }
change_channel($r[0]['channel_id']); if (array_key_exists('service_class',$j))
$delegation_success = true; $remote_service_class = $j['service_class'];
if (array_key_exists('level',$j))
$remote_level = $j['level'];
if (array_key_exists('DNT',$j))
$DNT = $j['DNT'];
}
// everything is good... maybe
if(local_channel()) {
// tell them to logout if they're logged in locally as anything but the target remote account
// in which case just shut up because they don't need to be doing this at all.
if ($a->channel['channel_hash'] != $xx['xchan_hash']) {
logger('mod_zot: auth: already authenticated locally as somebody else.');
notice( t('Remote authentication blocked. You are logged into this site locally. Please logout and retry.') . EOL);
if ($test) {
$ret['message'] .= 'already logged in locally with a conflicting identity.' . EOL;
continue;
}
}
continue;
}
// log them in
if ($test) {
$ret['success'] = true;
$ret['message'] .= 'Authentication Success!' . EOL;
json_return_and_die($ret);
}
$delegation_success = false;
if ($delegate) {
$r = q("select * from channel left join xchan on channel_hash = xchan_hash where xchan_addr = '%s' limit 1",
dbesc($delegate)
);
if ($r && intval($r[0]['channel_id'])) {
$allowed = perm_is_allowed($r[0]['channel_id'],$xx['xchan_hash'],'delegate');
if ($allowed) {
$_SESSION['delegate_channel'] = $r[0]['channel_id'];
$_SESSION['delegate'] = $xx['xchan_hash'];
$_SESSION['account_id'] = intval($r[0]['channel_account_id']);
require_once('include/security.php');
change_channel($r[0]['channel_id']);
$delegation_success = true;
}
} }
} }
$_SESSION['authenticated'] = 1;
if (! $delegation_success) {
$_SESSION['visitor_id'] = $xx['xchan_hash'];
$_SESSION['my_url'] = $xx['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
}
$arr = array('xchan' => $xx, 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success',$arr);
$a->set_observer($xx);
require_once('include/security.php');
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf( t('Welcome %s. Remote authentication successful.'),$xx['xchan_name']));
logger('mod_zot: auth success from ' . $xx['xchan_addr']);
}
else {
if ($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
continue;
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $xx['xchan_addr']);
} }
$_SESSION['authenticated'] = 1; if ($test) {
if (! $delegation_success) { $ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
$_SESSION['visitor_id'] = $x[0]['xchan_hash']; continue;
$_SESSION['my_url'] = $x[0]['xchan_url'];
$_SESSION['my_address'] = $address;
$_SESSION['remote_service_class'] = $remote_service_class;
$_SESSION['remote_level'] = $remote_level;
$_SESSION['remote_hub'] = $remote_hub;
$_SESSION['DNT'] = $DNT;
} }
$arr = array('xchan' => $x[0], 'url' => $desturl, 'session' => $_SESSION);
call_hooks('magic_auth_success',$arr);
$a->set_observer($x[0]);
require_once('include/security.php');
$a->set_groups(init_groups_visitor($_SESSION['visitor_id']));
info(sprintf( t('Welcome %s. Remote authentication successful.'),$x[0]['xchan_name']));
logger('mod_zot: auth success from ' . $x[0]['xchan_addr']);
}
else {
if($test) {
$ret['message'] .= 'auth failure. ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
json_return_and_die($ret);
}
logger('mod_zot: magic-auth failure - not authenticated: ' . $x[0]['xchan_addr']);
} }
/** /**
@ -299,14 +306,13 @@ function post_init(&$a) {
* But z_root() probably isn't where you really want to go. * But z_root() probably isn't where you really want to go.
*/ */
if ($test) {
$ret['message'] .= 'auth failure fallthrough ' . print_r($_REQUEST,true) . print_r($j,true) . EOL;
json_return_and_die($ret);
}
if(strstr($desturl,z_root() . '/rmagic')) if(strstr($desturl,z_root() . '/rmagic'))
goaway(z_root()); goaway(z_root());
if ($test) {
json_return_and_die($ret);
}
goaway($desturl); goaway($desturl);
} }
} }

2
version.inc
View File

@ -1 +1 @@
2015-09-20.1161 2015-09-21.1162

2
view/tpl/locmanage.tpl
View File

@ -19,7 +19,7 @@ function drophub(id) {
{{if $hub.primary}}<button class="btn btn-std"><i class="icon-check"></i></button>{{else}}<button class="btn btn-std" onclick="primehub({{$hub.hubloc_id}}); return false;" ><i class="icon-check-empty" ></i></button>{{/if}} {{if $hub.primary}}<button class="btn btn-std"><i class="icon-check"></i></button>{{else}}<button class="btn btn-std" onclick="primehub({{$hub.hubloc_id}}); return false;" ><i class="icon-check-empty" ></i></button>{{/if}}
</td> </td>
<td>{{if $hub.primary}}{{else}}{{if ! $hub.deleted}}<button class="btn btn-std" onclick="drophub({{$hub.hubloc_id}}); return false;"><i class="icon-trash"></i></button>{{/if}}{{/if}}</td> <td>{{if ! $hub.deleted}}<button class="btn btn-std" onclick="drophub({{$hub.hubloc_id}}); return false;"><i class="icon-trash"></i></button>{{/if}}</td>
</tr> </tr>
{{/foreach}} {{/foreach}}
</table> </table>