This encryption key could be the friendica password, but then this password would be stored in the browser in cleartext.
It is better to use a hash of the password.
The server should not be able to reconstruct the password, so we can't take the same hash the server stores. But we can
- use hash("some_prefix"+password). This will however not work with OpenID logins.
+ use hash("some_prefix"+password). This will however not work with OpenID logins, for this type of login the password must
+be queried manually.
Problem:
How to discover the jabber addresses of the friendica contacts?
Solution:
When two friendica users connect using DFRN, the relation gets a DFRN ID and a keypair is generated.
-Using this keypair, we can provide the jabber address only to contacs:
+Using this keypair, we can provide the jabber address only to contacts:
-Case 1: Alice has prvkey, Bob has pubkey.
- Alice encrypts request
- Bob decrypts the request, send jabber address unencrypted
- Alice reads address
+Alice:
+ signed_address = openssl_*_encrypt(alice_jabber_address)
+send signed_address to Bob, who does
+ trusted_address = openssl_*_decrypt(signed_address)
+ save trusted_address
+ encrypted_address = openssl_*_encrypt(bob_jabber_address)
+reply with encrypted_address to Alice, who does
+ decrypted_address = openssl_*_decrypt(encrypted_address)
+ save decrypted_address
-Case 2: Alice has prvkey, Bob has pubkey
- Alice send request
- Bob encrypts jabber address
- Alice decrypts jabber address
+Interface for this:
+GET /jappixmini/?role=%s&signed_address=%s&dfrn_id=%s
+
+Response:
+json({"status":"ok", "encrypted_address":"%s"})
*/
// Jappix source download as required by AGPL
register_hook('about_hook', 'addon/jappixmini/jappixmini.php', 'jappixmini_download_source');
+
+// set standard configuration
+$info_text = get_config("jappixmini", "infotext");
+if (!$info_text) set_config("jappixmini", "infotext",
+ "To get the chat working, you need to know a BOSH host which works with your Jabber account. ".
+ "An example of a BOSH server that works for all accounts is https://bind.jappix.com/, but keep ".
+ "in mind that the BOSH server can read along all chat messages. If you know that your Jabber ".
+ "server also provides an own BOSH server, it is much better to use this one!"
+);
+
+$bosh_proxy = get_config("jappixmini", "bosh_proxy");
+if ($bosh_proxy==="") set_config("jappixmini", "bosh_proxy", 1);
}
}
function jappixmini_plugin_admin(&$a, &$o) {
+ // display instructions and warnings on addon settings page for admin
+
if (!file_exists("addon/jappixmini/jappix")) {
- $o .= '<p><strong>You need to install the Jappix application, adapted for Friendica (see README).</strong></p>';
+ $o .= '<p><strong>You need to install the Jappix application (see README).</strong></p>';
+ }
+ else if (file_exists("addon/jappixmini/jappix/index.php")) {
+ // try to delete automatically
+ try {
+ unlink("addon/jappixmini/jappix/index.php");
+ }
+ catch (Exception $e) {}
+
+ // warn admin if this is not possible
+ if (file_exists("addon/jappixmini/jappix/index.php"))
+ $o .= '<p><strong style="color:#fff;background-color:#f00">You must delete addon/jappixmini/jappix/index.php (see README).</strong></p>';
+ else {
+ info("Deleted addon/jappixmini/jappix/index.php automatically.");
+ $o .= '<p>Jappix is installed.</p>';
+ }
}
else if (!file_exists("addon/jappixmini/jappix.zip")) {
$o .= '<p><strong style="color:#fff;background-color:#f00">The source archive jappix.zip does not exist. This is probably a violation of the Jappix License (see README).</strong></p>';
}
+ else {
+ $o .= '<p>Jappix is installed.</p>';
+ }
+
+ // warn if cron job has not yet been executed
+ $cron_run = get_config("jappixmini", "last_cron_execution");
+ if (!$cron_run) $o .= "<p><strong>Warning: The cron job has not yet been executed. If this message is still there after some time (usually 10 minutes), this means that autosubscribe and autoaccept will not work.</strong></p>";
+
+ // bosh proxy
+ $bosh_proxy = intval(get_config("jappixmini", "bosh_proxy"));
+ $bosh_proxy = intval($bosh_proxy) ? ' checked="checked"' : '';
+ $o .= '<label for="jappixmini-proxy">Activate BOSH proxy</label>';
+ $o .= ' <input id="jappixmini-proxy" type="checkbox" name="jappixmini-proxy" value="1"'.$bosh_proxy.' /><br />';
+
+ // info text field
+ $info_text = get_config("jappixmini", "infotext");
+ $o .= '<p><label for="jappixmini-infotext">Info text to help users with configuration (important if you want to provide your own BOSH host!):</label><br />';
+ $o .= '<textarea id="jappixmini-infotext" name="jappixmini-infotext" rows="5" cols="50">'.htmlentities($info_text).'</textarea></p>';
+
+ // submit button
+ $o .= '<input type="submit" name="jappixmini-admin-settings" value="OK" />';
}
function jappixmini_plugin_admin_post(&$a) {
+ // set info text
+ $submit = $_REQUEST['jappixmini-admin-settings'];
+ if ($submit) {
+ $info_text = $_REQUEST['jappixmini-infotext'];
+ $bosh_proxy = intval($_REQUEST['jappixmini-proxy']);
+ set_config("jappixmini", "infotext", $info_text);
+ set_config("jappixmini", "bosh_proxy", $bosh_proxy);
+ }
}
function jappixmini_module() {}
function jappixmini_init(&$a) {
- // Here, other friendica sites can fetch the jabber address of local users.
- // Because we do not want to publish the addresses publicly, they are encrypted so
- // that only contacts can read it.
- $encrypt_for = $_REQUEST["encrypt_for"];
- if ($encrypt_for) {
- $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id` = '%s' LIMIT 1",
- dbesc($encrypt_for)
- );
- if (!count($r)) killme();
+ // module page where other Friendica sites can submit Jabber addresses to and also can query Jabber addresses
+ // of local users
- // get public key to encrypt address
- $pubkey = $r[0]['pubkey'];
-
- // get jabber address
- $uid = $r[0]['uid'];
- $username = get_pconfig($uid, 'jappixmini', 'username');
- if (!$username) killme();
- $server = get_pconfig($uid, 'jappixmini', 'server');
- if (!$server) killme();
+ if (!file_exists("addon/jappixmini/jappix")) killme();
- $address = $username."@".$server;
+ $dfrn_id = $_REQUEST["dfrn_id"];
+ if (!$dfrn_id) killme();
- // encrypt address
- $encrypted = "";
- openssl_public_encrypt($address,$encrypted,$pubkey);
-
- // calculate hex representation of encrypted address
- $hex = bin2hex($encrypted);
+ $role = $_REQUEST["role"];
+ if ($role=="pub") {
+ $r = q("SELECT * FROM `contact` WHERE LENGTH(`pubkey`) AND `dfrn-id`='%s' LIMIT 1",
+ dbesc($dfrn_id)
+ );
+ if (!count($r)) killme();
- // construct answer
- $answer = Array("status"=>"ok", "encrypted_address"=>$hex);
+ $encrypt_func = openssl_public_encrypt;
+ $decrypt_func = openssl_public_decrypt;
+ $key = $r[0]["pubkey"];
+ } else if ($role=="prv") {
+ $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id`='%s' LIMIT 1",
+ dbesc($dfrn_id)
+ );
+ if (!count($r)) killme();
- // return answer as json
- echo json_encode($answer);
+ $encrypt_func = openssl_private_encrypt;
+ $decrypt_func = openssl_private_decrypt;
+ $key = $r[0]["prvkey"];
+ } else {
killme();
}
- // If we have only a private key, other site sends encrypted request, we answer unencrypted.
- $encrypted_for = $_REQUEST["encrypted_for"];
- if (!$encrypted_for) killme();
+ $uid = $r[0]["uid"];
- $encrypted_request_hex = $_REQUEST["encrypted_request"];
- if (!$encrypted_request_hex) killme();
- $encrypted_request = hex2bin($encrypted_request_hex);
+ // save the Jabber address we received
+ try {
+ $signed_address_hex = $_REQUEST["signed_address"];
+ $signed_address = hex2bin($signed_address_hex);
- $r = q("SELECT * FROM `contact` WHERE LENGTH(`prvkey`) AND `issued-id` = '%s' LIMIT 1",
- dbesc($encrypted_for)
- );
- if (!count($r)) killme();
+ $trusted_address = "";
+ $decrypt_func($signed_address, $trusted_address, $key);
+
+ $now = intval(time());
+ set_pconfig($uid, "jappixmini", "id:$dfrn_id", "$now:$trusted_address");
+ } catch (Exception $e) {
+ }
- // decrypt request, validate it
- $prvkey = $r[0]['prvkey'];
- $decrypted_request = "";
- openssl_private_decrypt($encrypted_request, $decrypted_request, $prvkey);
+ // do not return an address if user deactivated plugin
+ $activated = get_pconfig($uid, 'jappixmini', 'activate');
+ if (!$activated) killme();
- if ($decrypted_request!=$encrypted_for) killme();
+ // return the requested Jabber address
+ try {
+ $username = get_pconfig($uid, 'jappixmini', 'username');
+ $server = get_pconfig($uid, 'jappixmini', 'server');
+ $address = "$username@$server";
- // get jabber address
- $uid = $r[0]['uid'];
- $username = get_pconfig($uid, 'jappixmini', 'username');
- if (!$username) killme();
- $server = get_pconfig($uid, 'jappixmini', 'server');
- if (!$server) killme();
+ $encrypted_address = "";
+ $encrypt_func($address, $encrypted_address, $key);
- $address = $username."@".$server;
+ $encrypted_address_hex = bin2hex($encrypted_address);
- // construct answer
- $answer = Array("status"=>"ok", "address"=>$address);
+ $answer = Array(
+ "status"=>"ok",
+ "encrypted_address"=>$encrypted_address_hex
+ );
- // return answer as json
- echo json_encode($answer);
- killme();
+ $answer_json = json_encode($answer);
+ echo $answer_json;
+ killme();
+ } catch (Exception $e) {
+ killme();
+ }
}
function jappixmini_settings(&$a, &$s) {
+ // addon settings for a user
+
+ if (!file_exists("addon/jappixmini/jappix")) return;
+
+ $activate = get_pconfig(local_user(),'jappixmini','activate');
+ $activate = intval($activate) ? ' checked="checked"' : '';
+
$username = get_pconfig(local_user(),'jappixmini','username');
$username = htmlentities($username);
$server = get_pconfig(local_user(),'jappixmini','server');
$server = htmlentities($server);
$bosh = get_pconfig(local_user(),'jappixmini','bosh');
$bosh = htmlentities($bosh);
- $encrypted_password = get_pconfig(local_user(),'jappixmini','encrypted-password');
+ $password = get_pconfig(local_user(),'jappixmini','password');
$autosubscribe = get_pconfig(local_user(),'jappixmini','autosubscribe');
$autosubscribe = intval($autosubscribe) ? ' checked="checked"' : '';
$autoapprove = get_pconfig(local_user(),'jappixmini','autoapprove');
$autoapprove = intval($autoapprove) ? ' checked="checked"' : '';
- $activate = get_pconfig(local_user(),'jappixmini','activate');
- $activate = intval($activate) ? ' checked="checked"' : '';
+ $encrypt = intval(get_pconfig(local_user(),'jappixmini','encrypt'));
+ $encrypt_checked = $encrypt ? ' checked="checked"' : '';
+ $encrypt_disabled = $encrypt ? '' : ' disabled="disabled"';
+
+ $info_text = get_config("jappixmini", "infotext");
+ $info_text = htmlentities($info_text);
+ $info_text = str_replace("\n", "<br />", $info_text);
+
+ if (!$activate) {
+ // load scripts if not yet activated so that password can be saved
+ $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&g=mini.xml"></script>'."\r\n";
+ $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&f=presence.js~caps.js~name.js~roster.js"></script>'."\r\n";
+
+ $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/lib.js"></script>'."\r\n";
+ }
$s .= '<div class="settings-block">';
+
$s .= '<h3>Jappix Mini addon settings</h3>';
$s .= '<div>';
$s .= '<label for="jappixmini-activate">Activate addon</label>';
$s .= '<label for="jappixmini-server">Jabber server</label>';
$s .= ' <input id="jappixmini-server" type="text" name="jappixmini-server" value="'.$server.'" />';
$s .= '<br />';
+
$s .= '<label for="jappixmini-bosh">Jabber BOSH host</label>';
$s .= ' <input id="jappixmini-bosh" type="text" name="jappixmini-bosh" value="'.$bosh.'" />';
$s .= '<br />';
+
$s .= '<label for="jappixmini-password">Jabber password</label>';
- $s .= ' <input type="hidden" id="jappixmini-encrypted-password" name="jappixmini-encrypted-password" value="'.$encrypted_password.'" />';
- $onchange = "document.getElementById('jappixmini-encrypted-password').value = jappixmini_addon_encrypt_password(document.getElementById('jappixmini-password').value);";
- $s .= ' <input id="jappixmini-password" type="password" value="" onchange="'.$onchange.'" />';
+ $s .= ' <input type="hidden" id="jappixmini-password" name="jappixmini-encrypted-password" value="'.$password.'" />';
+ $s .= ' <input id="jappixmini-clear-password" type="password" value="" onchange="jappixmini_set_password();" />';
+ $s .= '<br />';
+ $onchange = "document.getElementById('jappixmini-friendica-password').disabled = !this.checked;jappixmini_set_password();";
+ $s .= '<label for="jappixmini-encrypt">Encrypt Jabber password with Friendica password (recommended)</label>';
+ $s .= ' <input id="jappixmini-encrypt" type="checkbox" name="jappixmini-encrypt" onchange="'.$onchange.'" value="1"'.$encrypt_checked.' />';
+ $s .= '<br />';
+ $s .= '<label for="jappixmini-friendica-password">Friendica password</label>';
+ $s .= ' <input id="jappixmini-friendica-password" name="jappixmini-friendica-password" type="password" onchange="jappixmini_set_password();" value=""'.$encrypt_disabled.' />';
$s .= '<br />';
$s .= '<label for="jappixmini-autoapprove">Approve subscription requests from Friendica contacts automatically</label>';
$s .= ' <input id="jappixmini-autoapprove" type="checkbox" name="jappixmini-autoapprove" value="1"'.$autoapprove.' />';
$s .= '<label for="jappixmini-autosubscribe">Subscribe to Friendica contacts automatically</label>';
$s .= ' <input id="jappixmini-autosubscribe" type="checkbox" name="jappixmini-autosubscribe" value="1"'.$autosubscribe.' />';
$s .= '<br />';
- $s .= '<label for="jappixmini-purge">Purge list of jabber addresses of contacts</label>';
+ $s .= '<label for="jappixmini-purge">Purge internal list of jabber addresses of contacts</label>';
$s .= ' <input id="jappixmini-purge" type="checkbox" name="jappixmini-purge" value="1" />';
$s .= '<br />';
+ if ($info_text) $s .= '<br />Configuration help:<p style="margin-left:2em;">'.$info_text.'</p>';
$s .= '<input type="submit" name="jappixmini-submit" value="' . t('Submit') . '" />';
+ $s .= ' <input type="button" value="Add contact" onclick="jappixmini_addon_subscribe();" />';
+ $s .= '</div>';
+
$s .= '</div>';
$a->page['htmlhead'] .= "<script type=\"text/javascript\">
+ function jappixmini_set_password() {
+ encrypt = document.getElementById('jappixmini-encrypt').checked;
+ password = document.getElementById('jappixmini-password');
+ clear_password = document.getElementById('jappixmini-clear-password');
+ if (encrypt) {
+ friendica_password = document.getElementById('jappixmini-friendica-password');
+
+ if (friendica_password) {
+ jappixmini_addon_set_client_secret(friendica_password.value);
+ jappixmini_addon_encrypt_password(clear_password.value, function(encrypted_password){
+ password.value = encrypted_password;
+ });
+ }
+ }
+ else {
+ password.value = clear_password.value;
+ }
+ }
+
jQuery(document).ready(function() {
- document.getElementById('jappixmini-password').value = jappixmini_addon_decrypt_password('$encrypted_password');
+ encrypt = document.getElementById('jappixmini-encrypt').checked;
+ password = document.getElementById('jappixmini-password');
+ clear_password = document.getElementById('jappixmini-clear-password');
+ if (encrypt) {
+ jappixmini_addon_decrypt_password(password.value, function(decrypted_password){
+ clear_password.value = decrypted_password;
+ });
+ }
+ else {
+ clear_password.value = password.value;
+ }
});
</script>";
}
function jappixmini_settings_post(&$a,&$b) {
+ // save addon settings for a user
+
+ if (!file_exists("addon/jappixmini/jappix")) return;
+
if(! local_user()) return;
+ $uid = local_user();
if($_POST['jappixmini-submit']) {
- set_pconfig(local_user(),'jappixmini','username',trim($b['jappixmini-username']));
- set_pconfig(local_user(),'jappixmini','server',trim($b['jappixmini-server']));
- set_pconfig(local_user(),'jappixmini','bosh',trim($b['jappixmini-bosh']));
- set_pconfig(local_user(),'jappixmini','encrypted-password',trim($b['jappixmini-encrypted-password']));
- set_pconfig(local_user(),'jappixmini','autosubscribe',intval($b['jappixmini-autosubscribe']));
- set_pconfig(local_user(),'jappixmini','autoapprove',intval($b['jappixmini-autoapprove']));
- set_pconfig(local_user(),'jappixmini','activate',intval($b['jappixmini-activate']));
+ $encrypt = intval($b['jappixmini-encrypt']);
+ if ($encrypt) {
+ // check that Jabber password was encrypted with correct Friendica password
+ $friendica_password = trim($b['jappixmini-friendica-password']);
+ $encrypted = hash('whirlpool',$friendica_password);
+ $r = q("SELECT * FROM `user` WHERE `uid`=$uid AND `password`='%s'",
+ dbesc($encrypted)
+ );
+ if (!count($r)) {
+ info("Wrong friendica password!");
+ return;
+ }
+ }
+
+ $purge = intval($b['jappixmini-purge']);
+
+ $username = trim($b['jappixmini-username']);
+ $old_username = get_pconfig($uid,'jappixmini','username');
+ if ($username!=$old_username) $purge = 1;
+
+ $server = trim($b['jappixmini-server']);
+ $old_server = get_pconfig($uid,'jappixmini','server');
+ if ($server!=$old_server) $purge = 1;
+
+ set_pconfig($uid,'jappixmini','username',$username);
+ set_pconfig($uid,'jappixmini','server',$server);
+ set_pconfig($uid,'jappixmini','bosh',trim($b['jappixmini-bosh']));
+ set_pconfig($uid,'jappixmini','password',trim($b['jappixmini-encrypted-password']));
+ set_pconfig($uid,'jappixmini','autosubscribe',intval($b['jappixmini-autosubscribe']));
+ set_pconfig($uid,'jappixmini','autoapprove',intval($b['jappixmini-autoapprove']));
+ set_pconfig($uid,'jappixmini','activate',intval($b['jappixmini-activate']));
+ set_pconfig($uid,'jappixmini','encrypt',$encrypt);
info( 'Jappix Mini settings saved.' );
- if (intval($b['jappixmini-purge'])) {
- $uid = local_user();
+ if ($purge) {
q("DELETE FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' and `k` LIKE 'id%%'");
info( 'List of addresses purged.' );
}
}
function jappixmini_script(&$a,&$s) {
+ // adds the script to the page header which starts Jappix Mini
+
+ if (!file_exists("addon/jappixmini/jappix")) return;
if(! local_user()) return;
$activate = get_pconfig(local_user(),'jappixmini','activate');
if (!$activate) return;
$a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&g=mini.xml"></script>'."\r\n";
- $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&f=presence.js"></script>'."\r\n";
-
- $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&f=caps.js"></script>'."\r\n";
- $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&f=name.js"></script>'."\r\n";
+ $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&f=presence.js~caps.js~name.js~roster.js"></script>'."\r\n";
$a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/lib.js"></script>'."\r\n";
$server = str_replace("'", "\\'", $server);
$bosh = get_pconfig(local_user(),'jappixmini','bosh');
$bosh = str_replace("'", "\\'", $bosh);
- $encrypted_password = get_pconfig(local_user(),'jappixmini','encrypted-password');
- $encrypted_password = str_replace("'", "\\'", $encrypted_password);
+ $encrypt = get_pconfig(local_user(),'jappixmini','encrypt');
+ $encrypt = intval($encrypt);
+ $password = get_pconfig(local_user(),'jappixmini','password');
+ $password = str_replace("'", "\\'", $password);
$autoapprove = get_pconfig(local_user(),'jappixmini','autoapprove');
$autoapprove = intval($autoapprove);
$autosubscribe = get_pconfig(local_user(),'jappixmini','autosubscribe');
$autosubscribe = intval($autosubscribe);
+ // set proxy if necessary
+ $use_proxy = get_config('jappixmini','bosh_proxy');
+ if ($use_proxy) {
+ $proxy = $a->get_baseurl().'/addon/jappixmini/proxy.php';
+ }
+ else {
+ $proxy = "";
+ }
+
// get a list of jabber accounts of the contacts
$contacts = Array();
$uid = local_user();
- $rows = q("SELECT `v` FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' and `k` LIKE 'id%%'");
+ $rows = q("SELECT * FROM `pconfig` WHERE `uid`=$uid AND `cat`='jappixmini' and `k` LIKE 'id%%'");
foreach ($rows as $row) {
+ $key = $row['k'];
+ $pos = strpos($key, ":");
+ $dfrn_id = substr($key, $pos+1);
+ $r = q("SELECT `name` FROM `contact` WHERE `uid`=$uid AND `dfrn-id`='%s' OR `issued-id`='%s'",
+ dbesc($dfrn_id),
+ dbesc($dfrn_id)
+ );
+ $name = $r[0]["name"];
+
$value = $row['v'];
$pos = strpos($value, ":");
$address = substr($value, $pos+1);
- $contacts[] = $address;
+ if (!$address) continue;
+ if (!$name) $name = $address;
+
+ $contacts[$address] = $name;
}
$contacts_json = json_encode($contacts);
+ $contacts_hash = sha1($contacts_json);
+ // get nickname
+ $r = q("SELECT `username` FROM `user` WHERE `uid`=$uid");
+ $nickname = json_encode($r[0]["username"]);
+
+ // add javascript to start Jappix Mini
$a->page['htmlhead'] .= "<script type=\"text/javascript\">
jQuery(document).ready(function() {
- jappixmini_addon_start('$server', '$username', '$bosh', '$encrypted_password');
- jappixmini_manage_roster($contacts_json, $autoapprove, $autosubscribe);
+ jappixmini_addon_start('$server', '$username', '$proxy', '$bosh', $encrypt, '$password', $nickname, $contacts_json, '$contacts_hash', $autoapprove, $autosubscribe);
});
</script>";
}
function jappixmini_login(&$a, &$o) {
- // save hash of password using setDB
+ // create client secret on login to be able to encrypt jabber passwords
+
+ if (!file_exists("addon/jappixmini/jappix")) return;
+
+ // for setDB and str_sha1, needed by jappixmini_addon_set_client_secret
+ $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/jappix/php/get.php?t=js&f=datastore.js~jsjac.js"></script>'."\r\n";
+
+ // for jappixmini_addon_set_client_secret
+ $a->page['htmlhead'] .= '<script type="text/javascript" src="' . $a->get_baseurl() . '/addon/jappixmini/lib.js"></script>'."\r\n";
+
+ // save hash of password
$o = str_replace("<form ", "<form onsubmit=\"jappixmini_addon_set_client_secret(this.elements['id_password'].value);return true;\" ", $o);
}
function jappixmini_cron(&$a, $d) {
// For autosubscribe/autoapprove, we need to maintain a list of jabber addresses of our contacts.
+ set_config("jappixmini", "last_cron_execution", $d);
+
+ if (!file_exists("addon/jappixmini/jappix")) return;
+
// go through list of users with jabber enabled
$users = q("SELECT `uid` FROM `pconfig` WHERE `cat`='jappixmini' AND (`k`='autosubscribe' OR `k`='autoapprove') AND `v`='1'");
+ logger("jappixmini: Update list of contacts' jabber accounts for ".count($users)." users.");
foreach ($users as $row) {
$uid = $row["uid"];
if (!$request) continue;
$dfrn_id = $contact_row["dfrn-id"];
- $pubkey = $contact_row["pubkey"];
- if (!$dfrn_id) {
+ if ($dfrn_id) {
+ $key = $contact_row["pubkey"];
+ $encrypt_func = openssl_public_encrypt;
+ $decrypt_func = openssl_public_decrypt;
+ $role = "prv";
+ } else {
$dfrn_id = $contact_row["issued-id"];
- $prvkey = $contact_row["prvkey"];
+ $key = $contact_row["prvkey"];
+ $encrypt_func = openssl_private_encrypt;
+ $decrypt_func = openssl_private_decrypt;
+ $role = "pub";
}
// check if jabber address already present
$pos = strpos($request, "/dfrn_request/");
if ($pos===false) continue;
- $base = substr($request, 0, $pos)."/jappixmini";
+ $base = substr($request, 0, $pos)."/jappixmini?role=$role";
- // retrieve address
- if ($prvkey) {
- $retrieval_address = $base."?encrypt_for=".urlencode($dfrn_id);
+ // construct own address
+ $username = get_pconfig($uid, 'jappixmini', 'username');
+ if (!$username) continue;
+ $server = get_pconfig($uid, 'jappixmini', 'server');
+ if (!$server) continue;
- $answer_json = fetch_url($retrieval_address);
- $answer = json_decode($answer_json);
- if ($answer->status != "ok") continue;
+ $address = $username."@".$server;
- $encrypted_address_hex = $answer->encrypted_address;
- if (!$encrypted_address_hex) continue;
- $encrypted_address = hex2bin($encrypted_address_hex);
+ // sign address
+ $signed_address = "";
+ $encrypt_func($address, $signed_address, $key);
- $decrypted_address = "";
- openssl_private_decrypt($encrypted_address, $decrypted_address, $prvkey);
- if (!$decrypted_address) continue;
-
- $address = $decrypted_address;
- } else if ($pubkey) {
- $encrypted_request = "";
- openssl_public_encrypt($dfrn_id, $encrypted_request, $pubkey);
- if (!$encrypted_request) continue;
- $encrypted_request_hex = bin2hex($encrypted_request);
+ // construct request url
+ $signed_address_hex = bin2hex($signed_address);
+ $url = $base."&signed_address=$signed_address_hex&dfrn_id=".urlencode($dfrn_id);
- $retrieval_address = $base."?encrypted_for=".urlencode($dfrn_id)."&encrypted_request=".urlencode($encrypted_request_hex);
+ try {
+ // send request
+ $answer_json = fetch_url($url);
- $answer_json = fetch_url($retrieval_address);
+ // parse answer
$answer = json_decode($answer_json);
- if ($answer->status != "ok") continue;
+ if ($answer->status != "ok") throw new Exception();
+
+ $encrypted_address_hex = $answer->encrypted_address;
+ if (!$encrypted_address_hex) throw new Exception();
+
+ $encrypted_address = hex2bin($encrypted_address_hex);
+ if (!$encrypted_address) throw new Exception();
- $address = $answer->address;
- if (!$address) continue;
+ // decrypt address
+ $decrypted_address = "";
+ $decrypt_func($encrypted_address, $decrypted_address, $key);
+ if (!$decrypted_address) throw new Exception();
+ } catch (Exception $e) {
+ $decrypted_address = "";
}
// save address
- set_pconfig($uid, "jappixmini", "id:$dfrn_id", "$now:$address");
+ set_pconfig($uid, "jappixmini", "id:$dfrn_id", "$now:$decrypted_address");
}
}
}
function jappixmini_download_source(&$a,&$b) {
+ // Jappix Mini source download link on About page
+
+ if (!file_exists("addon/jappixmini/jappix")) return;
+
$b .= '<h1>Jappix Mini</h1>';
$b .= '<p>This site uses Jappix Mini by the <a href="'.$a->get_baseurl().'/addon/jappixmini/jappix/AUTHORS">Jappix authors</a>, which is distributed under the terms of the <a href="'.$a->get_baseurl().'/addon/jappixmini/jappix/COPYING">GNU Affero General Public License</a>.</p>';
$b .= '<p>You can download the <a href="'.$a->get_baseurl().'/addon/jappixmini/jappix.zip">source code</a>.</p>';
projects / friendica-addons.git / blobdiff