From 75f8b3374e3717a5308fcb31b2a9f4f3118fda63 Mon Sep 17 00:00:00 2001
From: Michael <heluecht@pirati.ca>
Date: Sun, 18 Jun 2023 17:18:40 +0000
Subject: [PATCH] Improved basepath detection for Magic Auth

---
 src/Module/Magic.php | 21 ++++++++++++++++-----
 1 file changed, 16 insertions(+), 5 deletions(-)

diff --git a/src/Module/Magic.php b/src/Module/Magic.php
index 5276252de..3000e953c 100644
--- a/src/Module/Magic.php
+++ b/src/Module/Magic.php
@@ -29,12 +29,14 @@ use Friendica\Core\Session\Capability\IHandleUserSessions;
 use Friendica\Core\System;
 use Friendica\Database\Database;
 use Friendica\Model\Contact;
+use Friendica\Model\GServer;
 use Friendica\Model\User;
 use Friendica\Network\HTTPClient\Capability\ICanSendHttpRequests;
 use Friendica\Network\HTTPClient\Client\HttpClientOptions;
 use Friendica\Util\HTTPSignature;
 use Friendica\Util\Profiler;
 use Friendica\Util\Strings;
+use GuzzleHttp\Psr7\Uri;
 use Psr\Log\LoggerInterface;
 
 /**
@@ -83,6 +85,8 @@ class Magic extends BaseModule
 			$this->logger->debug('bdest detected', ['dest' => $dest]);
 		}
 
+		$target = $dest ?: $addr;
+
 		if ($addr ?: $dest) {
 			$contact = Contact::getByURL($addr ?: $dest);
 		}
@@ -110,14 +114,21 @@ class Magic extends BaseModule
 		// OpenWebAuth
 		$owner = User::getOwnerDataById($this->userSession->getLocalUserId());
 
-		$gserver = $this->dba->selectFirst('gserver', ['url'], ['id' => $contact['gsid']]);
-		if (empty($gserver)) {
-			$this->logger->notice('Server not found, redirecting to destination.', ['gsid' => $contact['gsid'], 'dest' => $dest]);
+		if (!empty($contact['gsid'])) {
+			$gserver = $this->dba->selectFirst('gserver', ['url'], ['id' => $contact['gsid']]);
+			if (empty($gserver)) {
+				$this->logger->notice('Server not found, redirecting to destination.', ['gsid' => $contact['gsid'], 'dest' => $dest]);
+				System::externalRedirect($dest);
+			}
+
+			$basepath = $gserver['url'];
+		} elseif (GServer::check($target)) {
+			$basepath = (string)GServer::cleanUri(new Uri($target));
+		} else {
+			$this->logger->notice('The target is not a server path, redirecting to destination.', ['target' => $target]);
 			System::externalRedirect($dest);
 		}
 
-		$basepath = $gserver['url'];
-
 		$header = [
 			'Accept'          => ['application/x-dfrn+json', 'application/x-zot+json'],
 			'X-Open-Web-Auth' => [Strings::getRandomHex()],