harukin/core
Archived
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

first cut at zot access tokens

Browse Source
This commit is contained in:
redmatrix 2016-07-14 19:24:15 -07:00
parent 05a9f2f0f5
commit e6c8614801
2 changed files with 83 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

40
include/auth.php
View File

@ -36,14 +36,14 @@ function account_verify_password($email, $pass) {
// you have to verify the email and then go through the account approval workflow before // you have to verify the email and then go through the account approval workflow before
// letting them login. // letting them login.
if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED)) // @bug there is no record here
return null; //if(($email_verify) && ($register_policy == REGISTER_OPEN) && ($record['account_flags'] & ACCOUNT_UNVERIFIED))
// return null;
$r = q("select * from account where account_email = '%s'", $r = q("select * from account where account_email = '%s'",
dbesc($email) dbesc($email)
); );
if(! ($r && count($r))) if($r) {
return null;
foreach($r as $record) { foreach($r as $record) {
if(($record['account_flags'] == ACCOUNT_OK) if(($record['account_flags'] == ACCOUNT_OK)
@ -52,6 +52,17 @@ function account_verify_password($email, $pass) {
return $record; return $record;
} }
} }
}
$x = q("select * from atoken where atoken_name = '%s' and atoken_token = '%s' limit 1",
dbesc($email),
dbesc($pass)
);
if($x) {
atoken_login($x[0]);
return $x[0];
}
$error = 'password failed for ' . $email; $error = 'password failed for ' . $email;
logger($error); logger($error);
@ -123,10 +134,18 @@ if((isset($_SESSION)) && (x($_SESSION, 'authenticated')) &&
authenticate_success($x[0], true, true); authenticate_success($x[0], true, true);
} }
} }
if(array_key_exists('atoken',$_SESSION)) {
$y = q("select * from atoken where atoken_id = %d limit 1",
intval($_SESSION['atoken'])
);
if($y)
$r = array(atoken_xchan($y[0]));
}
else {
$r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1", $r = q("select * from xchan left join hubloc on xchan_hash = hubloc_hash where xchan_hash = '%s' limit 1",
dbesc($_SESSION['visitor_id']) dbesc($_SESSION['visitor_id'])
); );
}
if($r) { if($r) {
App::set_observer($r[0]); App::set_observer($r[0]);
} }
@ -199,11 +218,17 @@ else {
call_hooks('authenticate', $addon_auth); call_hooks('authenticate', $addon_auth);
$atoken = false;
if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) { if(($addon_auth['authenticated']) && (count($addon_auth['user_record']))) {
$record = $addon_auth['user_record']; $record = $addon_auth['user_record'];
} }
else { else {
$record = App::$account = account_verify_password($_POST['username'], $_POST['password']); $x = account_verify_password($_POST['username'], $_POST['password']);
if(array_key_exists('atoken',$x))
$atoken = true;
if(! $atoken) {
$record = App::$account = $x;
if(App::$account) { if(App::$account) {
$_SESSION['account_id'] = App::$account['account_id']; $_SESSION['account_id'] = App::$account['account_id'];
@ -214,6 +239,7 @@ else {
logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL); logger('authenticate: ' . print_r(App::$account, true), LOGGER_ALL);
} }
}
if((! $record) || (! count($record))) { if((! $record) || (! count($record))) {
$error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR']; $error = 'authenticate: failed login attempt: ' . notags(trim($_POST['username'])) . ' from IP ' . $_SERVER['REMOTE_ADDR'];
@ -252,6 +278,7 @@ else {
// if we haven't failed up this point, log them in. // if we haven't failed up this point, log them in.
$_SESSION['last_login_date'] = datetime_convert(); $_SESSION['last_login_date'] = datetime_convert();
if(! $atoken)
authenticate_success($record, true, true); authenticate_success($record, true, true);
} }
} }
@ -270,6 +297,7 @@ else {
* @return int|bool * @return int|bool
* Return channel_id from pconfig or false. * Return channel_id from pconfig or false.
*/ */
function match_openid($authid) { function match_openid($authid) {
// Query the uid/channel_id from pconfig for a given value. // Query the uid/channel_id from pconfig for a given value.
$r = q("SELECT uid FROM pconfig WHERE cat = 'system' AND k = 'openid' AND v = '%s' LIMIT 1", $r = q("SELECT uid FROM pconfig WHERE cat = 'system' AND k = 'openid' AND v = '%s' LIMIT 1",

33
include/security.php
View File

@ -82,6 +82,39 @@ function authenticate_success($user_record, $login_initial = false, $interactive
/* else just return */ /* else just return */
} }
function atoken_login($atoken) {
if(! $atoken)
return false;
$xchan = atoken_xchan($atoken);
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $xchan['xchan_hash'];
$_SESSION['atoken'] = $atoken['atoken_id'];
\App::set_observer($xchan);
return [ 'atoken' => true ];
}
function atoken_xchan($atoken) {
return [
'xchan_hash' => $atoken['atoken_uid'] . '.' . $atoken['atoken_name'],
'xchan_network' => 'unknown',
'xchan_hidden' => 1,
'xchan_photo_mimetype' => 'image/jpeg',
'xchan_photo_l' => get_default_profile_photo(300),
'xchan_photo_m' => get_default_profile_photo(80),
'xchan_photo_s' => get_default_profile_photo(48)
];
}
/** /**
* @brief Change to another channel with current logged-in account. * @brief Change to another channel with current logged-in account.
* *