X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=src%2FModule%2FMagic.php;h=f6f3bbc5908120dd06ec1fcf9ed67fb8cc94701e;hb=6dbbd081795fa1c8fe57db2248ac162efeeada88;hp=0b4126e0e965528fba0c9170a725c2b2dec262c9;hpb=11310f4cf0eb66206ba758e178a892345028bf15;p=friendica.git diff --git a/src/Module/Magic.php b/src/Module/Magic.php index 0b4126e0e9..f6f3bbc590 100644 --- a/src/Module/Magic.php +++ b/src/Module/Magic.php @@ -1,14 +1,39 @@ . + * */ + namespace Friendica\Module; +use Friendica\App; use Friendica\BaseModule; -use Friendica\Database\DBA; +use Friendica\Core\L10n; +use Friendica\Core\System; +use Friendica\Database\Database; use Friendica\Model\Contact; +use Friendica\Model\User; +use Friendica\Network\HTTPClient\Capability\ICanSendHttpRequests; +use Friendica\Network\HTTPClient\Client\HttpClientOptions; use Friendica\Util\HTTPSignature; -use Friendica\Util\Network; +use Friendica\Util\Profiler; +use Friendica\Util\Strings; +use Psr\Log\LoggerInterface; /** * Magic Auth (remote authentication) module. @@ -17,100 +42,100 @@ use Friendica\Util\Network; */ class Magic extends BaseModule { - public static function init() + /** @var App */ + protected $app; + /** @var Database */ + protected $dba; + /** @var ICanSendHttpRequests */ + protected $httpClient; + + public function __construct(App $app, L10n $l10n, App\BaseURL $baseUrl, App\Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, Database $dba, ICanSendHttpRequests $httpClient, array $server, array $parameters = []) { - $a = self::getApp(); - $ret = ['success' => false, 'url' => '', 'message' => '']; - logger('magic mdule: invoked', LOGGER_DEBUG); + parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters); - logger('args: ' . print_r($_REQUEST, true), LOGGER_DATA); + $this->app = $app; + $this->dba = $dba; + $this->httpClient = $httpClient; + } - $addr = ((x($_REQUEST, 'addr')) ? $_REQUEST['addr'] : ''); - $dest = ((x($_REQUEST, 'dest')) ? $_REQUEST['dest'] : ''); - $test = ((x($_REQUEST, 'test')) ? intval($_REQUEST['test']) : 0); - $owa = ((x($_REQUEST, 'owa')) ? intval($_REQUEST['owa']) : 0); + protected function rawContent(array $request = []) + { + $this->logger->info('magic module: invoked'); - // NOTE: I guess $dest isn't just the profile url (could be also - // other profile pages e.g. photo). We need to find a solution - // to be able to redirct to other pages than the contact profile. - $cid = Contact::getIdForURL($dest); + $this->logger->debug('args', ['request' => $_REQUEST]); - if (!$cid && !empty($addr)) { + $addr = $_REQUEST['addr'] ?? ''; + $dest = $_REQUEST['dest'] ?? ''; + $owa = (!empty($_REQUEST['owa']) ? intval($_REQUEST['owa']) : 0); + $cid = 0; + + if (!empty($addr)) { $cid = Contact::getIdForURL($addr); + } elseif (!empty($dest)) { + $cid = Contact::getIdForURL($dest); } if (!$cid) { - logger('No contact record found: ' . print_r($_REQUEST, true), LOGGER_DEBUG); - goaway($dest); + $this->logger->info('No contact record found', $_REQUEST); + // @TODO Finding a more elegant possibility to redirect to either internal or external URL + $this->app->redirect($dest); } - - $contact = DBA::selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]); + $contact = $this->dba->selectFirst('contact', ['id', 'nurl', 'url'], ['id' => $cid]); // Redirect if the contact is already authenticated on this site. - if (!empty($a->contact) && array_key_exists('id', $a->contact) && strpos($contact['nurl'], normalise_link(self::getApp()->get_baseurl())) !== false) { - if ($test) { - $ret['success'] = true; - $ret['message'] .= 'Local site - you are already authenticated.' . EOL; - return $ret; - } - - logger('Contact is already authenticated', LOGGER_DEBUG); - goaway($dest); + if ($this->app->getContactId() && strpos($contact['nurl'], Strings::normaliseLink($this->baseUrl->get())) !== false) { + $this->logger->info('Contact is already authenticated'); + System::externalRedirect($dest); } - if (local_user()) { - $user = $a->user; - - // OpenWebAuth - if ($owa) { - // Extract the basepath - // NOTE: we need another solution because this does only work - // for friendica contacts :-/ . We should have the basepath - // of a contact also in the contact table. - $exp = explode('/profile/', $contact['url']); - $basepath = $exp[0]; - - $headers = []; - $headers['Accept'] = 'application/x-dfrn+json'; - $headers['X-Open-Web-Auth'] = random_string(); - - // Create a header that is signed with the local users private key. - $headers = HTTPSignature::createSig( - $headers, - $user['prvkey'], - 'acct:' . $user['nickname'] . '@' . $a->get_hostname() . ($a->urlpath ? '/' . $a->urlpath : '') - ); - - // Try to get an authentication token from the other instance. - $x = Network::curl($basepath . '/owa', false, $redirects, ['headers' => $headers]); - - if ($x['success']) { - $j = json_decode($x['body'], true); - - if ($j['success']) { - $token = ''; - if ($j['encrypted_token']) { - // The token is encrypted. If the local user is really the one the other instance - // thinks he/she is, the token can be decrypted with the local users public key. - openssl_private_decrypt(base64url_decode($j['encrypted_token']), $token, $user['prvkey']); - } else { - $token = $j['token']; - } - $x = strpbrk($dest, '?&'); - $args = (($x) ? '&owt=' . $token : '?f=&owt=' . $token); - - goaway($dest . $args); + // OpenWebAuth + if (local_user() && $owa) { + $user = User::getById(local_user()); + + // Extract the basepath + // NOTE: we need another solution because this does only work + // for friendica contacts :-/ . We should have the basepath + // of a contact also in the contact table. + $exp = explode('/profile/', $contact['url']); + $basepath = $exp[0]; + + $header = [ + 'Accept' => ['application/x-dfrn+json', 'application/x-zot+json'], + 'X-Open-Web-Auth' => [Strings::getRandomHex()], + ]; + + // Create a header that is signed with the local users private key. + $header = HTTPSignature::createSig( + $header, + $user['prvkey'], + 'acct:' . $user['nickname'] . '@' . $this->baseUrl->getHostname() . ($this->baseUrl->getUrlPath() ? '/' . $this->baseUrl->getUrlPath() : '') + ); + + // Try to get an authentication token from the other instance. + $curlResult = $this->httpClient->get($basepath . '/owa', [HttpClientOptions::HEADERS => $header]); + + if ($curlResult->isSuccess()) { + $j = json_decode($curlResult->getBody(), true); + + if ($j['success']) { + $token = ''; + if ($j['encrypted_token']) { + // The token is encrypted. If the local user is really the one the other instance + // thinks he/she is, the token can be decrypted with the local users public key. + openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $user['prvkey']); + } else { + $token = $j['token']; } + $args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token; + + $this->logger->info('Redirecting', ['path' => $dest . $args]); + System::externalRedirect($dest . $args); } - goaway($dest); } + System::externalRedirect($dest); } - if ($test) { - $ret['message'] = 'Not authenticated or invalid arguments' . EOL; - return $ret; - } - - goaway($dest); + // @TODO Finding a more elegant possibility to redirect to either internal or external URL + $this->app->redirect($dest); } }