From 9dd21bda6d76c89b72303239cc4e7440ff74a0bc Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 06:19:23 +0000 Subject: [PATCH 1/8] OAuth login prototype --- database.sql | 17 ++++++++++++++++- 1 file changed, 16 insertions(+), 1 deletion(-) diff --git a/database.sql b/database.sql index 666a48f66..bbcd479bc 100644 --- a/database.sql +++ b/database.sql @@ -1,6 +1,6 @@ -- ------------------------------------------ -- Friendica 2021.06-dev (Siberian Iris) --- DB_UPDATE_VERSION 1415 +-- DB_UPDATE_VERSION 1416 -- ------------------------------------------ @@ -379,6 +379,21 @@ CREATE TABLE IF NOT EXISTS `application` ( UNIQUE INDEX `client_id` (`client_id`) ) DEFAULT COLLATE utf8mb4_general_ci COMMENT='OAuth application'; +-- +-- TABLE application-token +-- +CREATE TABLE IF NOT EXISTS `application-token` ( + `application-id` int unsigned NOT NULL COMMENT '', + `uid` mediumint unsigned NOT NULL COMMENT 'Owner User id', + `code` varchar(64) NOT NULL COMMENT '', + `access_token` varchar(64) NOT NULL COMMENT '', + `created_at` datetime NOT NULL DEFAULT '0001-01-01 00:00:00' COMMENT 'creation time', + PRIMARY KEY(`application-id`,`uid`), + INDEX `uid_id` (`uid`,`application-id`), + FOREIGN KEY (`application-id`) REFERENCES `application` (`id`) ON UPDATE RESTRICT ON DELETE CASCADE, + FOREIGN KEY (`uid`) REFERENCES `user` (`uid`) ON UPDATE RESTRICT ON DELETE CASCADE +) DEFAULT COLLATE utf8mb4_general_ci COMMENT='OAuth user token'; + -- -- TABLE attach -- From 82003bbe470f758225832b9ffea19fde423bbee1 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 06:30:20 +0000 Subject: [PATCH 2/8] Login prototype --- src/Factory/Api/Mastodon/Attachment.php | 2 +- src/Module/Api/Mastodon/Apps.php | 4 +- src/Module/BaseApi.php | 71 ++++++++++++++++++++++++- src/Module/OAuth/Authorize.php | 70 ++++++++++++++++++++++++ src/Module/OAuth/Revoke.php | 36 +++++++++++++ src/Module/OAuth/Token.php | 65 ++++++++++++++++++++++ src/Module/Security/Login.php | 6 ++- src/Object/Api/Mastodon/Status.php | 4 +- src/Security/Authentication.php | 1 + static/dbstructure.config.php | 16 +++++- static/routes.config.php | 6 +-- 11 files changed, 269 insertions(+), 12 deletions(-) create mode 100644 src/Module/OAuth/Authorize.php create mode 100644 src/Module/OAuth/Revoke.php create mode 100644 src/Module/OAuth/Token.php diff --git a/src/Factory/Api/Mastodon/Attachment.php b/src/Factory/Api/Mastodon/Attachment.php index 7ac45f354..1345da9e8 100644 --- a/src/Factory/Api/Mastodon/Attachment.php +++ b/src/Factory/Api/Mastodon/Attachment.php @@ -59,7 +59,7 @@ class Attachment extends BaseFactory public function createFromUriId(int $uriId) { $attachments = []; - foreach (Post\Media::getByURIId($uriId) as $attachment) { + foreach (Post\Media::getByURIId($uriId, [Post\Media::AUDIO, Post\Media::VIDEO, Post\Media::IMAGE]) as $attachment) { $filetype = !empty($attachment['mimetype']) ? strtolower(substr($attachment['mimetype'], 0, strpos($attachment['mimetype'], '/'))) : ''; diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php index a86d5cc99..b5d98d455 100644 --- a/src/Module/Api/Mastodon/Apps.php +++ b/src/Module/Api/Mastodon/Apps.php @@ -46,8 +46,8 @@ class Apps extends BaseApi DI::mstdnError()->RecordNotFound(); } - $client_id = base64_encode(openssl_random_pseudo_bytes(32)); - $client_secret = bin2hex(random_bytes(32)); + $client_id = bin2hex(openssl_random_pseudo_bytes(32)); + $client_secret = bin2hex(openssl_random_pseudo_bytes(32)); $fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $name, 'redirect_uri' => $redirect]; diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 248e65510..87d0838c5 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -24,6 +24,8 @@ namespace Friendica\Module; use Friendica\BaseModule; use Friendica\Core\Logger; use Friendica\Core\System; +use Friendica\Database\Database; +use Friendica\Database\DBA; use Friendica\DI; use Friendica\Network\HTTPException; @@ -110,7 +112,7 @@ class BaseApi extends BaseModule public static function unsupported(string $method = 'all') { $path = DI::args()->getQueryString(); - Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '']); + Logger::info('Unimplemented API call', ['method' => $method, 'path' => $path, 'agent' => $_SERVER['HTTP_USER_AGENT'] ?? '', 'request' => $_REQUEST ?? []]); $error = DI::l10n()->t('API endpoint %s %s is not implemented', strtoupper($method), $path); $error_description = DI::l10n()->t('The API endpoint is currently not implemented but might be in the future.');; $errorobj = new \Friendica\Object\Api\Mastodon\Error($error, $error_description); @@ -135,6 +137,14 @@ class BaseApi extends BaseModule */ protected static function login() { + $authorization = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; + $authorization = $_SERVER['AUTHORIZATION'] ?? $authorization; + + if (self::checkBearer($authorization)) { + self::$current_user_id = self::getUserByBearer($authorization); + return (bool)self::$current_user_id; + } + api_login(DI::app()); self::$current_user_id = api_user(); @@ -149,6 +159,14 @@ class BaseApi extends BaseModule */ protected static function getCurrentUserID() { + $authorization = $_SERVER['HTTP_AUTHORIZATION'] ?? ''; + $authorization = $_SERVER['AUTHORIZATION'] ?? $authorization; + + if (self::checkBearer($authorization)) { + self::$current_user_id = self::getUserByBearer($authorization); + return (int)self::$current_user_id; + } + if (is_null(self::$current_user_id)) { api_login(DI::app(), false); @@ -158,6 +176,55 @@ class BaseApi extends BaseModule return (int)self::$current_user_id; } + private static function checkBearer(string $authorization) + { + return(strpos($authorization, 'Bearer ') !== false); + } + + private static function getUserByBearer(string $authorization) + { + $bearer = trim(substr($authorization, 6)); + $condition = ['access_token' => $bearer]; + $token = DBA::selectFirst('application-token', ['uid'], $condition); + if (!DBA::isResult($token)) { + Logger::warning('Token not found', $condition); + return 0; + } + Logger::info('Token found', $token); + return $token['uid']; + } + + public static function getApplication() + { + $redirect_uri = !isset($_REQUEST['redirect_uri']) ? '' : $_REQUEST['redirect_uri']; + $client_id = !isset($_REQUEST['client_id']) ? '' : $_REQUEST['client_id']; + + if (empty($redirect_uri) || empty($client_id)) { + Logger::warning('Incomplete request'); + return []; + } + + $condition = ['redirect_uri' => $redirect_uri, 'client_id' => $client_id]; + $application = DBA::selectFirst('application', [], $condition); + if (!DBA::isResult($application)) { + Logger::warning('Application not found', $condition); + return []; + } + return $application; + } + + public static function getTokenForUser(array $application, int $uid) + { + $code = bin2hex(openssl_random_pseudo_bytes(32)); + $access_token = bin2hex(openssl_random_pseudo_bytes(32)); + + $fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token]; + if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) { + return []; + } + + return DBA::selectFirst('application-token', [], ['application-id' => $application['id'], 'uid' => $uid]); + } /** * Get user info array. * @@ -207,7 +274,7 @@ class BaseApi extends BaseModule $return = '' . "\n" . $return; break; } - + return $return; } diff --git a/src/Module/OAuth/Authorize.php b/src/Module/OAuth/Authorize.php new file mode 100644 index 000000000..46a5ee4ef --- /dev/null +++ b/src/Module/OAuth/Authorize.php @@ -0,0 +1,70 @@ +. + * + */ + +namespace Friendica\Module\OAuth; + +use Friendica\Core\Logger; +use Friendica\Core\Session; +use Friendica\Database\Database; +use Friendica\Database\DBA; +use Friendica\DI; +use Friendica\Module\BaseApi; + +/** + * Dummy class for all currently unimplemented endpoints + */ +class Authorize extends BaseApi +{ + /** + * @param array $parameters + * @throws \Friendica\Network\HTTPException\InternalServerErrorException + */ + public static function rawContent(array $parameters = []) + { + //return; + + $response_type = !isset($_REQUEST['response_type']) ? '' : $_REQUEST['response_type']; + if ($response_type != 'code') { + Logger::warning('Wrong or missing response type', ['response_type' => $response_type]); + DI::mstdnError()->RecordNotFound(); + } + + $application = self::getApplication(); + if (empty($application)) { + DI::mstdnError()->RecordNotFound(); + } + + $uid = local_user(); + if (empty($uid)) { + Logger::info('Redirect to login'); + DI::app()->redirect('login?return_path=/oauth/authorize'); + } else { + Logger::info('Already logged in user', ['uid' => $uid]); + } + + $token = self::getTokenForUser($application, $uid); + if (!$token) { + DI::mstdnError()->RecordNotFound(); + } + + DI::app()->redirect($application['redirect_uri'] . '?code=' . $token['code']); + } +} diff --git a/src/Module/OAuth/Revoke.php b/src/Module/OAuth/Revoke.php new file mode 100644 index 000000000..f0457e013 --- /dev/null +++ b/src/Module/OAuth/Revoke.php @@ -0,0 +1,36 @@ +. + * + */ + +namespace Friendica\Module\OAuth; + +use Friendica\Core\Logger; +use Friendica\Module\BaseApi; + +/** + * Dummy class for all currently unimplemented endpoints + */ +class Revoke extends BaseApi +{ + public static function post(array $parameters = []) + { + self::unsupported('post'); + } +} diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php new file mode 100644 index 000000000..a690bd0b1 --- /dev/null +++ b/src/Module/OAuth/Token.php @@ -0,0 +1,65 @@ +. + * + */ + +namespace Friendica\Module\OAuth; + +use Friendica\Core\Logger; +use Friendica\Core\System; +use Friendica\Database\DBA; +use Friendica\DI; +use Friendica\Module\BaseApi; + +/** + * Dummy class for all currently unimplemented endpoints + */ +class Token extends BaseApi +{ + public static function post(array $parameters = []) + { + $client_secret = !isset($_REQUEST['client_secret']) ? '' : $_REQUEST['client_secret']; + $code = !isset($_REQUEST['code']) ? '' : $_REQUEST['code']; + $grant_type = !isset($_REQUEST['grant_type']) ? '' : $_REQUEST['grant_type']; + + if ($grant_type != 'authorization_code') { + Logger::warning('Wrong or missing grant type', ['grant_type' => $grant_type]); + DI::mstdnError()->RecordNotFound(); + } + + $application = self::getApplication(); + if (empty($application)) { + DI::mstdnError()->RecordNotFound(); + } + + if ($application['client_secret'] != $client_secret) { + Logger::warning('Wrong client secret', $client_secret); + DI::mstdnError()->RecordNotFound(); + } + + $condition = ['application-id' => $application['id'], 'code' => $code]; + $token = DBA::selectFirst('application-token', ['access_token'], $condition); + if (!DBA::isResult($token)) { + Logger::warning('Token not found', $condition); + DI::mstdnError()->RecordNotFound(); + } + + System::jsonExit(['access_token' => $token['access_token'], 'token_type' => 'Bearer', 'scope' => $application['scopes']]); + } +} diff --git a/src/Module/Security/Login.php b/src/Module/Security/Login.php index 9f5095452..80a966220 100644 --- a/src/Module/Security/Login.php +++ b/src/Module/Security/Login.php @@ -36,8 +36,12 @@ class Login extends BaseModule { public static function content(array $parameters = []) { + $return_path = !isset($_REQUEST['return_path']) ? '' : $_REQUEST['return_path']; + if (local_user()) { - DI::baseUrl()->redirect(); + DI::baseUrl()->redirect($return_path); + } elseif (!empty($return_path)) { + Session::set('return_path', $return_path); } return self::form(Session::get('return_path'), intval(DI::config()->get('config', 'register_policy')) !== \Friendica\Module\Register::CLOSED); diff --git a/src/Object/Api/Mastodon/Status.php b/src/Object/Api/Mastodon/Status.php index c7c9247b3..26c0705bd 100644 --- a/src/Object/Api/Mastodon/Status.php +++ b/src/Object/Api/Mastodon/Status.php @@ -126,7 +126,7 @@ class Status extends BaseDataTransferObject $this->muted = $userAttributes->muted; $this->bookmarked = $userAttributes->bookmarked; $this->pinned = $userAttributes->pinned; - $this->content = BBCode::convert($item['raw-body'] ?? $item['body'], false); + $this->content = BBCode::convert($item['raw-body'] ?? $item['body'], false, BBCode::API); $this->reblog = $reblog; $this->application = $application->toArray(); $this->account = $account->toArray(); @@ -134,7 +134,7 @@ class Status extends BaseDataTransferObject $this->mentions = $mentions; $this->tags = $tags; $this->emojis = []; - $this->card = $card->toArray(); + //$this->card = $card; $this->poll = null; } diff --git a/src/Security/Authentication.php b/src/Security/Authentication.php index eab75ba5d..acbb4bfd4 100644 --- a/src/Security/Authentication.php +++ b/src/Security/Authentication.php @@ -39,6 +39,7 @@ use Friendica\Util\Network; use Friendica\Util\Strings; use LightOpenID; use Friendica\Core\L10n; +use Friendica\Core\Logger; use Psr\Log\LoggerInterface; /** diff --git a/static/dbstructure.config.php b/static/dbstructure.config.php index 052f73b9c..41515681e 100644 --- a/static/dbstructure.config.php +++ b/static/dbstructure.config.php @@ -55,7 +55,7 @@ use Friendica\Database\DBA; if (!defined('DB_UPDATE_VERSION')) { - define('DB_UPDATE_VERSION', 1415); + define('DB_UPDATE_VERSION', 1416); } return [ @@ -442,6 +442,20 @@ return [ "client_id" => ["UNIQUE", "client_id"] ] ], + "application-token" => [ + "comment" => "OAuth user token", + "fields" => [ + "application-id" => ["type" => "int unsigned", "not null" => "1", "primary" => "1", "foreign" => ["application" => "id"], "comment" => ""], + "uid" => ["type" => "mediumint unsigned", "not null" => "1", "primary" => "1", "foreign" => ["user" => "uid"], "comment" => "Owner User id"], + "code" => ["type" => "varchar(64)", "not null" => "1", "comment" => ""], + "access_token" => ["type" => "varchar(64)", "not null" => "1", "comment" => ""], + "created_at" => ["type" => "datetime", "not null" => "1", "default" => DBA::NULL_DATETIME, "comment" => "creation time"], + ], + "indexes" => [ + "PRIMARY" => ["application-id", "uid"], + "uid_id" => ["uid", "application-id"], + ] + ], "attach" => [ "comment" => "file attachments", "fields" => [ diff --git a/static/routes.config.php b/static/routes.config.php index 5fbcffbd7..f666feeff 100644 --- a/static/routes.config.php +++ b/static/routes.config.php @@ -331,9 +331,9 @@ return [ '/mark/all' => [Module\Notifications\Notification::class, [R::GET]], '/{id:\d+}' => [Module\Notifications\Notification::class, [R::GET, R::POST]], ], - '/oauth/authorize' => [Module\Api\Mastodon\Unimplemented::class, [R::GET]], - '/oauth/revoke' => [Module\Api\Mastodon\Unimplemented::class, [R::POST]], - '/oauth/token' => [Module\Api\Mastodon\Unimplemented::class, [R::POST]], + '/oauth/authorize' => [Module\OAuth\Authorize::class, [R::GET]], + '/oauth/revoke' => [Module\OAuth\Revoke::class, [R::POST]], + '/oauth/token' => [Module\OAuth\Token::class, [R::POST]], '/objects/{guid}[/{activity}]' => [Module\Objects::class, [R::GET]], '/oembed' => [ From c9e6fea74bc08d2a08f8bf05eae1b3248c20b30f Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 06:31:48 +0000 Subject: [PATCH 3/8] Code style --- src/Module/OAuth/Token.php | 1 + 1 file changed, 1 insertion(+) diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index a690bd0b1..3cb59a4c1 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -54,6 +54,7 @@ class Token extends BaseApi } $condition = ['application-id' => $application['id'], 'code' => $code]; + $token = DBA::selectFirst('application-token', ['access_token'], $condition); if (!DBA::isResult($token)) { Logger::warning('Token not found', $condition); From a3d14235620415249d1b5728e788b322e17c3d04 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 06:33:18 +0000 Subject: [PATCH 4/8] unused use --- src/Module/OAuth/Authorize.php | 3 --- 1 file changed, 3 deletions(-) diff --git a/src/Module/OAuth/Authorize.php b/src/Module/OAuth/Authorize.php index 46a5ee4ef..c2e8cc30a 100644 --- a/src/Module/OAuth/Authorize.php +++ b/src/Module/OAuth/Authorize.php @@ -22,9 +22,6 @@ namespace Friendica\Module\OAuth; use Friendica\Core\Logger; -use Friendica\Core\Session; -use Friendica\Database\Database; -use Friendica\Database\DBA; use Friendica\DI; use Friendica\Module\BaseApi; From 0f4920dca8afa8479af8793da1f576d2c8262641 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 06:34:31 +0000 Subject: [PATCH 5/8] Unused use --- src/Module/OAuth/Revoke.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Module/OAuth/Revoke.php b/src/Module/OAuth/Revoke.php index f0457e013..b38133570 100644 --- a/src/Module/OAuth/Revoke.php +++ b/src/Module/OAuth/Revoke.php @@ -21,7 +21,6 @@ namespace Friendica\Module\OAuth; -use Friendica\Core\Logger; use Friendica\Module\BaseApi; /** From cfb9b732055cac819417128cc2ad320f25991843 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 08:16:40 +0000 Subject: [PATCH 6/8] Store creation date --- src/Module/BaseApi.php | 3 ++- src/Module/OAuth/Token.php | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 87d0838c5..739d400e3 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -28,6 +28,7 @@ use Friendica\Database\Database; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Network\HTTPException; +use Friendica\Util\DateTimeFormat; require_once __DIR__ . '/../../include/api.php'; @@ -218,7 +219,7 @@ class BaseApi extends BaseModule $code = bin2hex(openssl_random_pseudo_bytes(32)); $access_token = bin2hex(openssl_random_pseudo_bytes(32)); - $fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token]; + $fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token, 'created_at' => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)]; if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) { return []; } diff --git a/src/Module/OAuth/Token.php b/src/Module/OAuth/Token.php index 3cb59a4c1..6e574a8af 100644 --- a/src/Module/OAuth/Token.php +++ b/src/Module/OAuth/Token.php @@ -61,6 +61,7 @@ class Token extends BaseApi DI::mstdnError()->RecordNotFound(); } - System::jsonExit(['access_token' => $token['access_token'], 'token_type' => 'Bearer', 'scope' => $application['scopes']]); + // @todo Use entity class + System::jsonExit(['access_token' => $token['access_token'], 'token_type' => 'Bearer', 'scope' => $application['scopes'], 'created_at' => $token['created_at']]); } } From 74f3c885bff6691018e1a284ebbc0f43ab744d33 Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 13:12:12 +0000 Subject: [PATCH 7/8] use "random_bytes" instead of "openssl_random_pseudo_bytes" --- mod/dfrn_confirm.php | 2 +- src/Module/Api/Mastodon/Apps.php | 4 ++-- src/Module/BaseApi.php | 4 ++-- src/Protocol/DFRN.php | 2 +- src/Protocol/Diaspora.php | 4 ++-- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/mod/dfrn_confirm.php b/mod/dfrn_confirm.php index 164198c9d..47cc09326 100644 --- a/mod/dfrn_confirm.php +++ b/mod/dfrn_confirm.php @@ -181,7 +181,7 @@ function dfrn_confirm_post(App $a, $handsfree = null) * random key which is encrypted with their site public key. */ - $src_aes_key = openssl_random_pseudo_bytes(64); + $src_aes_key = random_bytes(64); $result = ''; openssl_private_encrypt($dfrn_id, $result, $user['prvkey']); diff --git a/src/Module/Api/Mastodon/Apps.php b/src/Module/Api/Mastodon/Apps.php index b5d98d455..3d06cdbb0 100644 --- a/src/Module/Api/Mastodon/Apps.php +++ b/src/Module/Api/Mastodon/Apps.php @@ -46,8 +46,8 @@ class Apps extends BaseApi DI::mstdnError()->RecordNotFound(); } - $client_id = bin2hex(openssl_random_pseudo_bytes(32)); - $client_secret = bin2hex(openssl_random_pseudo_bytes(32)); + $client_id = bin2hex(random_bytes(32)); + $client_secret = bin2hex(random_bytes(32)); $fields = ['client_id' => $client_id, 'client_secret' => $client_secret, 'name' => $name, 'redirect_uri' => $redirect]; diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 739d400e3..9e7ee3836 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -216,8 +216,8 @@ class BaseApi extends BaseModule public static function getTokenForUser(array $application, int $uid) { - $code = bin2hex(openssl_random_pseudo_bytes(32)); - $access_token = bin2hex(openssl_random_pseudo_bytes(32)); + $code = bin2hex(random_bytes(32)); + $access_token = bin2hex(random_bytes(32)); $fields = ['application-id' => $application['id'], 'uid' => $uid, 'code' => $code, 'access_token' => $access_token, 'created_at' => DateTimeFormat::utcNow(DateTimeFormat::MYSQL)]; if (!DBA::insert('application-token', $fields, Database::INSERT_UPDATE)) { diff --git a/src/Protocol/DFRN.php b/src/Protocol/DFRN.php index df974729b..a24fbaa03 100644 --- a/src/Protocol/DFRN.php +++ b/src/Protocol/DFRN.php @@ -1272,7 +1272,7 @@ class DFRN switch ($rino_remote_version) { case 1: - $key = openssl_random_pseudo_bytes(16); + $key = random_bytes(16); $data = self::aesEncrypt($postvars['data'], $key); break; diff --git a/src/Protocol/Diaspora.php b/src/Protocol/Diaspora.php index 16f934ecc..00da7d391 100644 --- a/src/Protocol/Diaspora.php +++ b/src/Protocol/Diaspora.php @@ -2870,9 +2870,9 @@ class Diaspora return false; } - $aes_key = openssl_random_pseudo_bytes(32); + $aes_key = random_bytes(32); $b_aes_key = base64_encode($aes_key); - $iv = openssl_random_pseudo_bytes(16); + $iv = random_bytes(16); $b_iv = base64_encode($iv); $ciphertext = self::aesEncrypt($aes_key, $iv, $msg); From 7d8c152aaf2ed1ebb82ab429b0ab42184fee602a Mon Sep 17 00:00:00 2001 From: Michael Date: Tue, 11 May 2021 13:17:48 +0000 Subject: [PATCH 8/8] Check the start of the string --- src/Module/BaseApi.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index 9e7ee3836..f79832026 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -179,7 +179,7 @@ class BaseApi extends BaseModule private static function checkBearer(string $authorization) { - return(strpos($authorization, 'Bearer ') !== false); + return (substr($authorization, 0, 7) == 'Bearer '); } private static function getUserByBearer(string $authorization)