X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FMagic.php;h=45fde43f64657bc334958ca85eef3f2fac3908c6;hb=4495e83eca67986ecbd5e083509c782116d77c6c;hp=a95b7e6ba0de9203f2bb36393bc0a5f8be7975c9;hpb=74f4637ff3fc799875c12564df7b68b74a3188fc;p=friendica.git diff --git a/src/Module/Magic.php b/src/Module/Magic.php index a95b7e6ba0..45fde43f64 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -1,7 +1,24 @@ . + * */ + namespace Friendica\Module; use Friendica\BaseModule; @@ -10,8 +27,8 @@ use Friendica\Core\System; use Friendica\Database\DBA; use Friendica\DI; use Friendica\Model\Contact; +use Friendica\Model\User; use Friendica\Util\HTTPSignature; -use Friendica\Util\Network; use Friendica\Util\Strings; /** @@ -25,9 +42,9 @@ class Magic extends BaseModule { $a = DI::app(); $ret = ['success' => false, 'url' => '', 'message' => '']; - Logger::log('magic mdule: invoked', Logger::DEBUG); + Logger::info('magic mdule: invoked'); - Logger::log('args: ' . print_r($_REQUEST, true), Logger::DATA); + Logger::debug('args', ['request' => $_REQUEST]); $addr = $_REQUEST['addr'] ?? ''; $dest = $_REQUEST['dest'] ?? ''; @@ -49,63 +66,61 @@ class Magic extends BaseModule $contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]); // Redirect if the contact is already authenticated on this site. - if (!empty($a->contact) && array_key_exists('id', $a->contact) && strpos($contact['nurl'], Strings::normaliseLink(DI::baseUrl()->get())) !== false) { + if ($a->getContactId() && strpos($contact['nurl'], Strings::normaliseLink(DI::baseUrl()->get())) !== false) { if ($test) { $ret['success'] = true; $ret['message'] .= 'Local site - you are already authenticated.' . EOL; return $ret; } - Logger::log('Contact is already authenticated', Logger::DEBUG); + Logger::info('Contact is already authenticated'); System::externalRedirect($dest); } - if (local_user()) { - $user = $a->user; - - // OpenWebAuth - if ($owa) { - // Extract the basepath - // NOTE: we need another solution because this does only work - // for friendica contacts :-/ . We should have the basepath - // of a contact also in the contact table. - $exp = explode('/profile/', $contact['url']); - $basepath = $exp[0]; - - $headers = []; - $headers['Accept'] = 'application/x-dfrn+json, application/x-zot+json'; - $headers['X-Open-Web-Auth'] = Strings::getRandomHex(); - - // Create a header that is signed with the local users private key. - $headers = HTTPSignature::createSig( - $headers, - $user['prvkey'], - 'acct:' . $user['nickname'] . '@' . DI::baseUrl()->getHostname() . (DI::baseUrl()->getUrlPath() ? '/' . DI::baseUrl()->getUrlPath() : '') - ); - - // Try to get an authentication token from the other instance. - $curlResult = Network::curl($basepath . '/owa', false, ['headers' => $headers]); - - if ($curlResult->isSuccess()) { - $j = json_decode($curlResult->getBody(), true); - - if ($j['success']) { - $token = ''; - if ($j['encrypted_token']) { - // The token is encrypted. If the local user is really the one the other instance - // thinks he/she is, the token can be decrypted with the local users public key. - openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $user['prvkey']); - } else { - $token = $j['token']; - } - $args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token; - - Logger::info('Redirecting', ['path' => $dest . $args]); - System::externalRedirect($dest . $args); + // OpenWebAuth + if (local_user() && $owa) { + $user = User::getById(local_user()); + + // Extract the basepath + // NOTE: we need another solution because this does only work + // for friendica contacts :-/ . We should have the basepath + // of a contact also in the contact table. + $exp = explode('/profile/', $contact['url']); + $basepath = $exp[0]; + + $header = []; + $header['Accept'] = 'application/x-dfrn+json, application/x-zot+json'; + $header['X-Open-Web-Auth'] = Strings::getRandomHex(); + + // Create a header that is signed with the local users private key. + $header = HTTPSignature::createSig( + $header, + $user['prvkey'], + 'acct:' . $user['nickname'] . '@' . DI::baseUrl()->getHostname() . (DI::baseUrl()->getUrlPath() ? '/' . DI::baseUrl()->getUrlPath() : '') + ); + + // Try to get an authentication token from the other instance. + $curlResult = DI::httpRequest()->get($basepath . '/owa', ['header' => $header]); + + if ($curlResult->isSuccess()) { + $j = json_decode($curlResult->getBody(), true); + + if ($j['success']) { + $token = ''; + if ($j['encrypted_token']) { + // The token is encrypted. If the local user is really the one the other instance + // thinks he/she is, the token can be decrypted with the local users public key. + openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $user['prvkey']); + } else { + $token = $j['token']; } + $args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token; + + Logger::info('Redirecting', ['path' => $dest . $args]); + System::externalRedirect($dest . $args); } - System::externalRedirect($dest); } + System::externalRedirect($dest); } if ($test) {