port hubzillas OpenWebAuth - use Contact::getIdForURL to query for contact entry
This commit is contained in:
parent
9195ea26b1
commit
b65e4b278b
5 changed files with 36 additions and 66 deletions
|
@ -19,7 +19,6 @@ use Friendica\Database\DBM;
|
|||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Verify;
|
||||
use Friendica\Protocol\Diaspora;
|
||||
use Friendica\Network\Probe;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use Friendica\Util\Network;
|
||||
use Friendica\Util\Temporal;
|
||||
|
@ -1013,22 +1012,14 @@ class Profile
|
|||
Addon::callHooks('zrl_init', $arr);
|
||||
|
||||
// Try to find the public contact entry of the visitor.
|
||||
$fields = ["id", "url"];
|
||||
$condition = ['uid' => 0, 'nurl' => normalise_link($my_url)];
|
||||
|
||||
$contact = dba::selectFirst('contact',$fields, $condition);
|
||||
|
||||
// Not found? Try to probe the visitor.
|
||||
if (!DBM::is_result($contact)) {
|
||||
Probe::uri($my_url, '', -1, true, true);
|
||||
$contact = dba::selectFirst('contact',$fields, $condition);
|
||||
}
|
||||
|
||||
if (!DBM::is_result($contact)) {
|
||||
$cid = Contact::getIdForURL($my_url);
|
||||
if (!$cid) {
|
||||
logger('No contact record found for ' . $my_url, LOGGER_DEBUG);
|
||||
return;
|
||||
}
|
||||
|
||||
$contact = dba::selectFirst('contact',['id', 'url'], ['id' => $cid]);
|
||||
|
||||
if (DBM::is_result($contact) && remote_user() && remote_user() === $contact['id']) {
|
||||
// The visitor is already authenticated.
|
||||
return;
|
||||
|
@ -1039,12 +1030,12 @@ class Profile
|
|||
// Try to avoid recursion - but send them home to do a proper magic auth.
|
||||
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
|
||||
// The other instance needs to know where to redirect.
|
||||
$dest = urlencode(System::baseUrl() . "/" . $query);
|
||||
$dest = urlencode(System::baseUrl() . '/' . $query);
|
||||
|
||||
// We need to extract the basebath from the profile url
|
||||
// to redirect the visitors '/magic' module.
|
||||
// Note: We should have the basepath of a contact also in the contact table.
|
||||
$urlarr = explode("/profile/", $contact['url']);
|
||||
$urlarr = explode('/profile/', $contact['url']);
|
||||
$basepath = $urlarr[0];
|
||||
|
||||
if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
|
||||
|
@ -1077,18 +1068,14 @@ class Profile
|
|||
}
|
||||
|
||||
// Try to find the public contact entry of the visitor.
|
||||
$condition = ["uid" => 0, "addr" => $visitor_handle];
|
||||
$visitor = dba::selectFirst("contact", [], $condition);
|
||||
|
||||
if (!DBM::is_result($visitor)) {
|
||||
Probe::uri($visitor_handle, '', -1, true, true);
|
||||
$visitor = dba::selectFirst("contact", [], $condition);
|
||||
}
|
||||
if(!DBM::is_result($visitor)) {
|
||||
$cid = Contact::getIdForURL($visitor_handle);
|
||||
if(!$cid) {
|
||||
logger('owt: unable to finger ' . $visitor_handle, LOGGER_DEBUG);
|
||||
return;
|
||||
}
|
||||
|
||||
$visitor = dba::selectFirst('contact', [], ['id' => $cid]);
|
||||
|
||||
// Authenticate the visitor.
|
||||
$_SESSION['authenticated'] = 1;
|
||||
$_SESSION['visitor_id'] = $visitor['id'];
|
||||
|
@ -1108,6 +1095,7 @@ class Profile
|
|||
* * \e array \b session
|
||||
*/
|
||||
Addon::callHooks('magic_auth_success', $arr);
|
||||
|
||||
$a->contact = $visitor;
|
||||
|
||||
info(L10n::t('OpenWebAuth: %1$s welcomes %2$s', $a->get_hostname(), $visitor['name']));
|
||||
|
|
|
@ -5,8 +5,7 @@
|
|||
namespace Friendica\Module;
|
||||
|
||||
use Friendica\BaseModule;
|
||||
use Friendica\Database\DBM;
|
||||
use Friendica\Network\Probe;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Util\HTTPSig;
|
||||
use Friendica\Util\Network;
|
||||
|
||||
|
@ -35,32 +34,28 @@ class Magic extends BaseModule
|
|||
// NOTE: I guess $dest isn't just the profile url (could be also
|
||||
// other profile pages e.g. photo). We need to find a solution
|
||||
// to be able to redirct to other pages than the contact profile.
|
||||
$fields = ["id", "nurl", "url"];
|
||||
$condition = ["nurl" => normalise_link($dest)];
|
||||
$cid = Contact::getIdForURL($dest);
|
||||
|
||||
$contact = dba::selectFirst("contact", $fields, $condition);
|
||||
|
||||
if (!DBM::is_result($contact)) {
|
||||
// If we don't have a contact record, try to probe it.
|
||||
/// @todo: Also check against the $addr.
|
||||
Probe::uri($dest, '', -1, true, true);
|
||||
$contact = dba::selectFirst("contact", $fields, $condition);
|
||||
if (!$cid && !empty($addr)) {
|
||||
$cid = Contact::getIdForURL($addr);
|
||||
}
|
||||
|
||||
if (!DBM::is_result($contact)) {
|
||||
logger("No contact record found: " . print_r($_REQUEST, true), LOGGER_DEBUG);
|
||||
if (!$cid) {
|
||||
logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG);
|
||||
goaway($dest);
|
||||
}
|
||||
|
||||
$contact = dba::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]);
|
||||
|
||||
// Redirect if the contact is already authenticated on this site.
|
||||
if (array_key_exists("id", $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->get_baseurl())) !== false) {
|
||||
if (array_key_exists('id', $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->get_baseurl())) !== false) {
|
||||
if($test) {
|
||||
$ret['success'] = true;
|
||||
$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
|
||||
return $ret;
|
||||
}
|
||||
|
||||
logger("Contact is already authenticated", LOGGER_DEBUG);
|
||||
logger('Contact is already authenticated', LOGGER_DEBUG);
|
||||
goaway($dest);
|
||||
}
|
||||
|
||||
|
@ -73,7 +68,7 @@ class Magic extends BaseModule
|
|||
// NOTE: we need another solution because this does only work
|
||||
// for friendica contacts :-/ . We should have the basepath
|
||||
// of a contact also in the contact table.
|
||||
$exp = explode("/profile/", $contact['url']);
|
||||
$exp = explode('/profile/', $contact['url']);
|
||||
$basepath = $exp[0];
|
||||
|
||||
$headers = [];
|
||||
|
|
|
@ -7,9 +7,8 @@ namespace Friendica\Module;
|
|||
use Friendica\BaseModule;
|
||||
use Friendica\Core\System;
|
||||
use Friendica\Database\DBM;
|
||||
use Friendica\Model\Contact;
|
||||
use Friendica\Model\Verify;
|
||||
use Friendica\Network\Probe;
|
||||
use Friendica\Util\DateTimeFormat;
|
||||
use Friendica\Util\HTTPSig;
|
||||
|
||||
use dba;
|
||||
|
@ -46,17 +45,13 @@ class Owa extends BaseModule
|
|||
|
||||
if ($keyId) {
|
||||
// Try to find the public contact entry of the handle.
|
||||
$handle = str_replace("acct:", "", $keyId);
|
||||
$fields = ["id", "url", "addr", "pubkey"];
|
||||
$condition = ["addr" => $handle, "uid" => 0];
|
||||
$handle = str_replace('acct:', '', $keyId);
|
||||
|
||||
$contact = dba::selectFirst("contact", $fields, $condition);
|
||||
$cid = Contact::getIdForURL($handle);
|
||||
$fields = ['id', 'url', 'addr', 'pubkey'];
|
||||
$condition = ['id' => $cid];
|
||||
|
||||
// Not found? Try to probe with the handle.
|
||||
if(!DBM::is_result($contact)) {
|
||||
Probe::uri($handle, '', -1, true, true);
|
||||
$contact = dba::selectFirst("contact", $fields, $condition);
|
||||
}
|
||||
$contact = dba::selectFirst('contact', $fields, $condition);
|
||||
|
||||
if (DBM::is_result($contact)) {
|
||||
// Try to verify the signed header with the public key of the contact record
|
||||
|
|
|
@ -311,11 +311,10 @@ class Probe
|
|||
* @param string $network Test for this specific network
|
||||
* @param integer $uid User ID for the probe (only used for mails)
|
||||
* @param boolean $cache Use cached values?
|
||||
* @param boolean $insert Insert the contact into the contact table.
|
||||
*
|
||||
* @return array uri data
|
||||
*/
|
||||
public static function uri($uri, $network = "", $uid = -1, $cache = true, $insert = false)
|
||||
public static function uri($uri, $network = "", $uid = -1, $cache = true)
|
||||
{
|
||||
if ($cache) {
|
||||
$result = Cache::get("Probe::uri:".$network.":".$uri);
|
||||
|
@ -464,19 +463,11 @@ class Probe
|
|||
$condition = ['nurl' => normalise_link($data["url"]), 'self' => false, 'uid' => 0];
|
||||
|
||||
// "$old_fields" will return a "false" when the contact doesn't exist.
|
||||
// This won't trigger an insert except $insert is set to true.
|
||||
// This is intended, since we only need public contacts
|
||||
// for everyone we store items from. We don't need to store
|
||||
// every contact on the planet.
|
||||
// This won't trigger an insert. This is intended, since we only need
|
||||
// public contacts for everyone we store items from.
|
||||
// We don't need to store every contact on the planet.
|
||||
$old_fields = dba::selectFirst('contact', $fieldnames, $condition);
|
||||
|
||||
// When the contact doesn't exist, the value "true" will trigger an insert
|
||||
if (!$old_fields && $insert) {
|
||||
$old_fields = true;
|
||||
$fields['blocked'] = false;
|
||||
$fields['pending'] = false;
|
||||
}
|
||||
|
||||
$fields['name-date'] = DateTimeFormat::utcNow();
|
||||
$fields['uri-date'] = DateTimeFormat::utcNow();
|
||||
$fields['success_update'] = DateTimeFormat::utcNow();
|
||||
|
|
|
@ -26,9 +26,10 @@ class HTTPSig
|
|||
*
|
||||
* @see https://tools.ietf.org/html/rfc5843
|
||||
*
|
||||
* @param string $body The value to create the digest for
|
||||
* @param boolean $set (optional, default true)
|
||||
* @param string $body The value to create the digest for
|
||||
* @param boolean $set (optional, default true)
|
||||
* If set send a Digest HTTP header
|
||||
*
|
||||
* @return string The generated digest of $body
|
||||
*/
|
||||
public static function generateDigest($body, $set = true)
|
||||
|
@ -119,7 +120,7 @@ class HTTPSig
|
|||
$algorithm = 'sha512';
|
||||
}
|
||||
|
||||
if ($key && function_exists($key)) { /// @todo What function do we check for - maybe we check now for a method !!!
|
||||
if ($key && function_exists($key)) {
|
||||
$result['signer'] = $sig_block['keyId'];
|
||||
$key = $key($sig_block['keyId']);
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue