Avoid endless loop at magic auth
This commit is contained in:
parent
cbd49b641a
commit
012fe3c11e
|
@ -1010,56 +1010,59 @@ class Profile
|
||||||
$my_url = self::getMyURL();
|
$my_url = self::getMyURL();
|
||||||
$my_url = Network::isUrlValid($my_url);
|
$my_url = Network::isUrlValid($my_url);
|
||||||
|
|
||||||
if ($my_url) {
|
if (empty($my_url) || local_user()) {
|
||||||
if (!local_user()) {
|
return;
|
||||||
// Is it a DDoS attempt?
|
}
|
||||||
// The check fetches the cached value from gprobe to reduce the load for this system
|
|
||||||
$urlparts = parse_url($my_url);
|
|
||||||
|
|
||||||
$result = Cache::get('gprobe:' . $urlparts['host']);
|
// Avoid endless loops
|
||||||
if ((!is_null($result)) && (in_array($result['network'], [Protocol::FEED, Protocol::PHANTOM]))) {
|
$cachekey = 'zrlInit:' . $my_url;
|
||||||
logger('DDoS attempt detected for ' . $urlparts['host'] . ' by ' . $_SERVER['REMOTE_ADDR'] . '. server data: ' . print_r($_SERVER, true), LOGGER_DEBUG);
|
if (Cache::get($cachekey)) {
|
||||||
return;
|
logger('URL ' . $my_url . ' already tried to authenticate.', LOGGER_DEBUG);
|
||||||
}
|
return;
|
||||||
|
} else {
|
||||||
|
Cache::set($cachekey, true, CACHE_MINUTE);
|
||||||
|
}
|
||||||
|
|
||||||
Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
|
$arr = ['zrl' => $my_url, 'url' => $a->cmd];
|
||||||
$arr = ['zrl' => $my_url, 'url' => $a->cmd];
|
Addon::callHooks('zrl_init', $arr);
|
||||||
Addon::callHooks('zrl_init', $arr);
|
|
||||||
|
|
||||||
// Try to find the public contact entry of the visitor.
|
// Try to find the public contact entry of the visitor.
|
||||||
$cid = Contact::getIdForURL($my_url);
|
$cid = Contact::getIdForURL($my_url);
|
||||||
if (!$cid) {
|
if (!$cid) {
|
||||||
logger('No contact record found for ' . $my_url, LOGGER_DEBUG);
|
logger('No contact record found for ' . $my_url, LOGGER_DEBUG);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$contact = DBA::selectFirst('contact',['id', 'url'], ['id' => $cid]);
|
Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
|
||||||
|
|
||||||
if (DBA::isResult($contact) && remote_user() && remote_user() == $contact['id']) {
|
$contact = DBA::selectFirst('contact',['id', 'url'], ['id' => $cid]);
|
||||||
// The visitor is already authenticated.
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
logger('Not authenticated. Invoking reverse magic-auth for ' . $my_url, LOGGER_DEBUG);
|
if (DBA::isResult($contact) && remote_user() && remote_user() == $contact['id']) {
|
||||||
|
logger('The visitor ' . $my_url . ' is already authenticated', LOGGER_DEBUG);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
// Try to avoid recursion - but send them home to do a proper magic auth.
|
logger('Not authenticated. Invoking reverse magic-auth for ' . $my_url, LOGGER_DEBUG);
|
||||||
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
|
|
||||||
// The other instance needs to know where to redirect.
|
|
||||||
$dest = urlencode(System::baseUrl() . '/' . $query);
|
|
||||||
|
|
||||||
// We need to extract the basebath from the profile url
|
// Try to avoid recursion - but send them home to do a proper magic auth.
|
||||||
// to redirect the visitors '/magic' module.
|
$query = str_replace(array('?zrl=', '&zid='), array('?rzrl=', '&rzrl='), $a->query_string);
|
||||||
// Note: We should have the basepath of a contact also in the contact table.
|
// The other instance needs to know where to redirect.
|
||||||
$urlarr = explode('/profile/', $contact['url']);
|
$dest = urlencode(System::baseUrl() . '/' . $query);
|
||||||
$basepath = $urlarr[0];
|
|
||||||
|
|
||||||
if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
|
// We need to extract the basebath from the profile url
|
||||||
$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest;
|
// to redirect the visitors '/magic' module.
|
||||||
$serverret = Network::curl($magic_path);
|
// Note: We should have the basepath of a contact also in the contact table.
|
||||||
if ($serverret->isSuccess()) {
|
$urlarr = explode('/profile/', $contact['url']);
|
||||||
goaway($magic_path);
|
$basepath = $urlarr[0];
|
||||||
}
|
|
||||||
}
|
if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
|
||||||
|
$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest;
|
||||||
|
|
||||||
|
// We have to check if the remote server does understand /magic without invoking something
|
||||||
|
$serverret = Network::curl($basepath . '/magic');
|
||||||
|
if ($serverret->isSuccess()) {
|
||||||
|
logger('Doing magic auth for visitor ' . $my_url . ' to ' . $magic_path, LOGGER_DEBUG);
|
||||||
|
goaway($magic_path);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue