Browse Source

port hubzillas OpenWebAuth - use Contact::getIdForURL to query for contact entry

pull/5253/head
rabuzarus 4 years ago
parent
commit
b65e4b278b
  1. 34
      src/Model/Profile.php
  2. 27
      src/Module/Magic.php
  3. 17
      src/Module/Owa.php
  4. 17
      src/Network/Probe.php
  5. 7
      src/Util/HTTPSig.php

34
src/Model/Profile.php

@ -19,7 +19,6 @@ use Friendica\Database\DBM;
use Friendica\Model\Contact;
use Friendica\Model\Verify;
use Friendica\Protocol\Diaspora;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\Network;
use Friendica\Util\Temporal;
@ -1013,22 +1012,14 @@ class Profile
Addon::callHooks('zrl_init', $arr);
// Try to find the public contact entry of the visitor.
$fields = ["id", "url"];
$condition = ['uid' => 0, 'nurl' => normalise_link($my_url)];
$contact = dba::selectFirst('contact',$fields, $condition);
// Not found? Try to probe the visitor.
if (!DBM::is_result($contact)) {
Probe::uri($my_url, '', -1, true, true);
$contact = dba::selectFirst('contact',$fields, $condition);
}
if (!DBM::is_result($contact)) {
$cid = Contact::getIdForURL($my_url);
if (!$cid) {
logger('No contact record found for ' . $my_url, LOGGER_DEBUG);
return;
}
$contact = dba::selectFirst('contact',['id', 'url'], ['id' => $cid]);
if (DBM::is_result($contact) && remote_user() && remote_user() === $contact['id']) {
// The visitor is already authenticated.
return;
@ -1039,12 +1030,12 @@ class Profile
// Try to avoid recursion - but send them home to do a proper magic auth.
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
// The other instance needs to know where to redirect.
$dest = urlencode(System::baseUrl() . "/" . $query);
$dest = urlencode(System::baseUrl() . '/' . $query);
// We need to extract the basebath from the profile url
// to redirect the visitors '/magic' module.
// Note: We should have the basepath of a contact also in the contact table.
$urlarr = explode("/profile/", $contact['url']);
$urlarr = explode('/profile/', $contact['url']);
$basepath = $urlarr[0];
if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
@ -1077,18 +1068,14 @@ class Profile
}
// Try to find the public contact entry of the visitor.
$condition = ["uid" => 0, "addr" => $visitor_handle];
$visitor = dba::selectFirst("contact", [], $condition);
if (!DBM::is_result($visitor)) {
Probe::uri($visitor_handle, '', -1, true, true);
$visitor = dba::selectFirst("contact", [], $condition);
}
if(!DBM::is_result($visitor)) {
$cid = Contact::getIdForURL($visitor_handle);
if(!$cid) {
logger('owt: unable to finger ' . $visitor_handle, LOGGER_DEBUG);
return;
}
$visitor = dba::selectFirst('contact', [], ['id' => $cid]);
// Authenticate the visitor.
$_SESSION['authenticated'] = 1;
$_SESSION['visitor_id'] = $visitor['id'];
@ -1108,6 +1095,7 @@ class Profile
* * \e array \b session
*/
Addon::callHooks('magic_auth_success', $arr);
$a->contact = $visitor;
info(L10n::t('OpenWebAuth: %1$s welcomes %2$s', $a->get_hostname(), $visitor['name']));

27
src/Module/Magic.php

@ -5,8 +5,7 @@
namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Database\DBM;
use Friendica\Network\Probe;
use Friendica\Model\Contact;
use Friendica\Util\HTTPSig;
use Friendica\Util\Network;
@ -35,32 +34,28 @@ class Magic extends BaseModule
// NOTE: I guess $dest isn't just the profile url (could be also
// other profile pages e.g. photo). We need to find a solution
// to be able to redirct to other pages than the contact profile.
$fields = ["id", "nurl", "url"];
$condition = ["nurl" => normalise_link($dest)];
$cid = Contact::getIdForURL($dest);
$contact = dba::selectFirst("contact", $fields, $condition);
if (!DBM::is_result($contact)) {
// If we don't have a contact record, try to probe it.
/// @todo: Also check against the $addr.
Probe::uri($dest, '', -1, true, true);
$contact = dba::selectFirst("contact", $fields, $condition);
if (!$cid && !empty($addr)) {
$cid = Contact::getIdForURL($addr);
}
if (!DBM::is_result($contact)) {
logger("No contact record found: " . print_r($_REQUEST, true), LOGGER_DEBUG);
if (!$cid) {
logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG);
goaway($dest);
}
$contact = dba::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]);
// Redirect if the contact is already authenticated on this site.
if (array_key_exists("id", $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->get_baseurl())) !== false) {
if (array_key_exists('id', $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->get_baseurl())) !== false) {
if($test) {
$ret['success'] = true;
$ret['message'] .= 'Local site - you are already authenticated.' . EOL;
return $ret;
}
logger("Contact is already authenticated", LOGGER_DEBUG);
logger('Contact is already authenticated', LOGGER_DEBUG);
goaway($dest);
}
@ -73,7 +68,7 @@ class Magic extends BaseModule
// NOTE: we need another solution because this does only work
// for friendica contacts :-/ . We should have the basepath
// of a contact also in the contact table.
$exp = explode("/profile/", $contact['url']);
$exp = explode('/profile/', $contact['url']);
$basepath = $exp[0];
$headers = [];

17
src/Module/Owa.php

@ -7,9 +7,8 @@ namespace Friendica\Module;
use Friendica\BaseModule;
use Friendica\Core\System;
use Friendica\Database\DBM;
use Friendica\Model\Contact;
use Friendica\Model\Verify;
use Friendica\Network\Probe;
use Friendica\Util\DateTimeFormat;
use Friendica\Util\HTTPSig;
use dba;
@ -46,17 +45,13 @@ class Owa extends BaseModule
if ($keyId) {
// Try to find the public contact entry of the handle.
$handle = str_replace("acct:", "", $keyId);
$fields = ["id", "url", "addr", "pubkey"];
$condition = ["addr" => $handle, "uid" => 0];
$handle = str_replace('acct:', '', $keyId);
$contact = dba::selectFirst("contact", $fields, $condition);
$cid = Contact::getIdForURL($handle);
$fields = ['id', 'url', 'addr', 'pubkey'];
$condition = ['id' => $cid];
// Not found? Try to probe with the handle.
if(!DBM::is_result($contact)) {
Probe::uri($handle, '', -1, true, true);
$contact = dba::selectFirst("contact", $fields, $condition);
}
$contact = dba::selectFirst('contact', $fields, $condition);
if (DBM::is_result($contact)) {
// Try to verify the signed header with the public key of the contact record

17
src/Network/Probe.php

@ -311,11 +311,10 @@ class Probe
* @param string $network Test for this specific network
* @param integer $uid User ID for the probe (only used for mails)
* @param boolean $cache Use cached values?
* @param boolean $insert Insert the contact into the contact table.
*
* @return array uri data
*/
public static function uri($uri, $network = "", $uid = -1, $cache = true, $insert = false)
public static function uri($uri, $network = "", $uid = -1, $cache = true)
{
if ($cache) {
$result = Cache::get("Probe::uri:".$network.":".$uri);
@ -464,19 +463,11 @@ class Probe
$condition = ['nurl' => normalise_link($data["url"]), 'self' => false, 'uid' => 0];
// "$old_fields" will return a "false" when the contact doesn't exist.
// This won't trigger an insert except $insert is set to true.
// This is intended, since we only need public contacts
// for everyone we store items from. We don't need to store
// every contact on the planet.
// This won't trigger an insert. This is intended, since we only need
// public contacts for everyone we store items from.
// We don't need to store every contact on the planet.
$old_fields = dba::selectFirst('contact', $fieldnames, $condition);
// When the contact doesn't exist, the value "true" will trigger an insert
if (!$old_fields && $insert) {
$old_fields = true;
$fields['blocked'] = false;
$fields['pending'] = false;
}
$fields['name-date'] = DateTimeFormat::utcNow();
$fields['uri-date'] = DateTimeFormat::utcNow();
$fields['success_update'] = DateTimeFormat::utcNow();

7
src/Util/HTTPSig.php

@ -26,9 +26,10 @@ class HTTPSig
*
* @see https://tools.ietf.org/html/rfc5843
*
* @param string $body The value to create the digest for
* @param boolean $set (optional, default true)
* @param string $body The value to create the digest for
* @param boolean $set (optional, default true)
* If set send a Digest HTTP header
*
* @return string The generated digest of $body
*/
public static function generateDigest($body, $set = true)
@ -119,7 +120,7 @@ class HTTPSig
$algorithm = 'sha512';
}
if ($key && function_exists($key)) { /// @todo What function do we check for - maybe we check now for a method !!!
if ($key && function_exists($key)) {
$result['signer'] = $sig_block['keyId'];
$key = $key($sig_block['keyId']);
}

Loading…
Cancel
Save