friendica-github/src/Module/Magic.php

<?php

// Copyright (C) 2010-2024, the Friendica project
// SPDX-FileCopyrightText: 2010-2024 the Friendica project
//
// SPDX-License-Identifier: AGPL-3.0-or-later

namespace Friendica\Module;

use Exception;
use Friendica\App\Arguments;
use Friendica\App\BaseURL;
use Friendica\AppHelper;
use Friendica\BaseModule;
use Friendica\Core\L10n;
use Friendica\Core\Protocol;
use Friendica\Core\Session\Capability\IHandleUserSessions;
use Friendica\Core\System;
use Friendica\Core\Worker;
use Friendica\Database\Database;
use Friendica\Model\Contact;
use Friendica\Model\GServer;
use Friendica\Model\User;
use Friendica\Network\HTTPClient\Capability\ICanSendHttpRequests;
use Friendica\Network\HTTPClient\Client\HttpClientOptions;
use Friendica\Util\HTTPSignature;
use Friendica\Util\Network;
use Friendica\Util\Profiler;
use Friendica\Util\Strings;
use Friendica\Worker\UpdateContact;
use Psr\Log\LoggerInterface;

/**
 * Magic Auth (remote authentication) module.
 *
 * Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Module/Magic.php
 */
class Magic extends BaseModule
{
	/** @var AppHelper */
	protected $appHelper;
	/** @var Database */
	protected $dba;
	/** @var ICanSendHttpRequests */
	protected $httpClient;
	/** @var IHandleUserSessions */
	protected $userSession;

	public function __construct(AppHelper $appHelper, L10n $l10n, BaseURL $baseUrl, Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, Database $dba, ICanSendHttpRequests $httpClient, IHandleUserSessions $userSession, $server, array $parameters = [])
	{
		parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);

		$this->appHelper   = $appHelper;
		$this->dba         = $dba;
		$this->httpClient  = $httpClient;
		$this->userSession = $userSession;
	}

	protected function rawContent(array $request = [])
	{
		if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {
			$this->logger->debug('Got a HEAD request');
			System::exit();
		}

		$this->logger->debug('Invoked', ['request' => $request]);

		$addr     = (string) $request['addr'] ?? '';
		$bdest    = (string) $request['bdest'] ?? '';
		$dest     = (string) $request['dest'] ?? '';
		$owa      = intval($request['owa'] ?? 0);

		// bdest is preferred as it is hex-encoded and can survive url rewrite and argument parsing
		if ($bdest !== '') {
			$dest = hex2bin($bdest);
			$this->logger->debug('bdest detected', ['dest' => $dest]);
		}

		$target = $dest ?: $addr;

		$contact = Contact::getByURL($addr ?: $dest);
		if ($contact === [] && $owa === 0) {
			$this->logger->info('No contact record found, no oWA, redirecting to destination.', ['request' => $request, 'server' => $_SERVER, 'dest' => $dest]);
			$this->appHelper->redirect($dest);
		}

		if ($contact !== []) {
			// Redirect if the contact is already authenticated on this site.
			if ($this->appHelper->getContactId() && strpos($contact['nurl'], Strings::normaliseLink($this->baseUrl)) !== false) {
				$this->logger->info('Contact is already authenticated, redirecting to destination.', ['dest' => $dest]);
				System::externalRedirect($dest);
			}

			$this->logger->debug('Contact found', ['url' => $contact['url']]);
		}

		if (!$this->userSession->getLocalUserId() || $owa === 0) {
			$this->logger->notice('Not logged in or not OWA, redirecting to destination.', ['uid' => $this->userSession->getLocalUserId(), 'owa' => $owa, 'dest' => $dest]);
			$this->appHelper->redirect($dest);
		}

		$dest = Network::removeUrlParameter($dest, 'zid');
		$dest = Network::removeUrlParameter($dest, 'f');

		// OpenWebAuth
		$owner = User::getOwnerDataById($this->userSession->getLocalUserId());

		if (!empty($contact['gsid'])) {
			$gsid = $contact['gsid'];
		} elseif (GServer::check($target)) {
			$gsid = GServer::getID($target);
		}

		if (empty($gsid)) {
			$this->logger->notice('The target is not a server path, redirecting to destination.', ['target' => $target]);
			System::externalRedirect($dest);
		}

		$gserver = $this->dba->selectFirst('gserver', ['url', 'network', 'openwebauth'], ['id' => $gsid]);
		if (empty($gserver)) {
			$this->logger->notice('Server not found, redirecting to destination.', ['gsid' => $gsid, 'dest' => $dest]);
			System::externalRedirect($dest);
		}

		$openwebauth = $gserver['openwebauth'];

		// This part can be removed, when all server entries had been updated. So removing it in 2025 should be safe.
		if (empty($openwebauth) && ($gserver['network'] == Protocol::DFRN)) {
			$this->logger->notice('Open Web Auth path not provided. Assume default path', ['gsid' => $gsid, 'dest' => $dest]);
			$openwebauth = $gserver['url'] . '/owa';
			// Update contact to assign the path to the server
			UpdateContact::add(Worker::PRIORITY_MEDIUM, $contact['id']);
		}

		if (empty($openwebauth)) {
			$this->logger->debug('Server does not support open web auth, redirecting to destination.', ['gsid' => $gsid, 'dest' => $dest]);
			System::externalRedirect($dest);
		}

		$header = [
			'Accept'          => 'application/x-zot+json',
			'X-Open-Web-Auth' => Strings::getRandomHex(),
		];

		// Create a header that is signed with the local users private key.
		$header = HTTPSignature::createSig(
			$header,
			$owner['prvkey'],
			'acct:' . $owner['addr']
		);

		$this->logger->info('Fetch from remote system', ['openwebauth' => $openwebauth, 'headers' => $header]);

		// Try to get an authentication token from the other instance.
		try {
			$curlResult = $this->httpClient->request('get', $openwebauth, [HttpClientOptions::HEADERS => $header]);
		} catch (Exception $exception) {
			$this->logger->notice('URL is invalid, redirecting to destination.', ['url' => $openwebauth, 'error' => $exception, 'dest' => $dest]);
			System::externalRedirect($dest);
		}
		if (!$curlResult->isSuccess()) {
			$this->logger->notice('OWA request failed, redirecting to destination.', ['returncode' => $curlResult->getReturnCode(), 'dest' => $dest]);
			System::externalRedirect($dest);
		}

		$j = json_decode($curlResult->getBodyString(), true);
		if (empty($j) || !$j['success']) {
			$this->logger->notice('Invalid JSON, redirecting to destination.', ['json' => $j, 'dest' => $dest]);
			$this->appHelper->redirect($dest);
		}

		if ($j['encrypted_token']) {
			// The token is encrypted. If the local user is really the one the other instance
			// thinks they is, the token can be decrypted with the local users public key.
			$token = '';
			openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $owner['prvkey']);
		} else {
			$token = $j['token'];
		}
		$args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token;

		$this->logger->debug('Redirecting', ['path' => $dest . $args]);
		System::externalRedirect($dest . $args);
	}
}
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`<?php`
REUSE src directory 2024-08-24 15:27:00 +02:00
			`// Copyright (C) 2010-2024, the Friendica project`
			`// SPDX-FileCopyrightText: 2010-2024 the Friendica project`
			`//`
			`// SPDX-License-Identifier: AGPL-3.0-or-later`
Add license info at Friendica PHP files 2020-02-09 16:18:46 +01:00
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`namespace Friendica\Module;`

OWA: reworked code 2023-05-15 20:46:05 +00:00			`use Exception;`
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`use Friendica\App\Arguments;`
			`use Friendica\App\BaseURL;`
			`use Friendica\AppHelper;`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`use Friendica\BaseModule;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`use Friendica\Core\L10n;`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`use Friendica\Core\Protocol;`
UserSession class [6] - Refactor src/Module/ files without DI 2022-10-20 23:35:01 +02:00			`use Friendica\Core\Session\Capability\IHandleUserSessions;`
Log function implement log() function. 2018-10-29 17:20:46 -04:00			`use Friendica\Core\System;`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`use Friendica\Core\Worker;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`use Friendica\Database\Database;`
port hubzillas OpenWebAuth - use Contact::getIdForURL to query for contact entry 2018-06-19 16:15:28 +02:00			`use Friendica\Model\Contact;`
Improved basepath detection for Magic Auth 2023-06-18 17:18:40 +00:00			`use Friendica\Model\GServer;`
Get rid of App->user completely 2021-08-08 19:30:21 +00:00			`use Friendica\Model\User;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`use Friendica\Network\HTTPClient\Capability\ICanSendHttpRequests;`
Restructure HTTPClient for new paradigm 2021-10-23 12:50:31 +02:00			`use Friendica\Network\HTTPClient\Client\HttpClientOptions;`
port hubzillas OpenWebAuth - rename some methods and classes 2018-06-20 18:38:23 +02:00			`use Friendica\Util\HTTPSignature;`
Enable "magic" with Hubzilla 2024-05-20 19:36:40 +00:00			`use Friendica\Util\Network;`
Make `BaseModule` a real entity - Add all dependencies, necessary to run the content (baseUrl, Arguments) - Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule - Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well) 2021-11-20 15:38:03 +01:00			`use Friendica\Util\Profiler;`
random_string calls implement getRandomHex function 2018-11-08 08:45:46 -05:00			`use Friendica\Util\Strings;`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`use Friendica\Worker\UpdateContact;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`use Psr\Log\LoggerInterface;`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00
port hubzillas OpenWebAuth - add some notes to the doxygen to refer to hubzilla's source code 2018-06-19 13:30:55 +02:00			`/**`
			`* Magic Auth (remote authentication) module.`
Several more warnings ... (#5340) * Some more warnings removed * Even more warnings ... * Will it ever end? ;-) * Avoid warning in dbstructure * Origin and OStatus ... * There are more warnings solved ... yeah! * And again ... * We are not done yet * And more ... * And some new places ... * And more in the feeds * Avoid some more * And some backend stuff * Notifications cleared * Some more stuff * and again ... * It's getting fewer ... * Some warnings had been hidden in the notifications * Fix the fix * And another missing one ... * We need the owner here, not the user * Forgotten user * And more ... * And some more warnings disappeared ... * Some more frontend warnings * Some backend warnings removed * Fixed sidebar for "vier" * And more ... * Some more ... * And something for "remote self" * Am I stuck in an endless loop? * Fix: Clear tag and file field on update * Preset page content 2018-07-10 14:27:56 +02:00			`*`
port hubzillas OpenWebAuth - add some notes to the doxygen to refer to hubzilla's source code 2018-06-19 13:30:55 +02:00			`* Ported from Hubzilla: https://framagit.org/hubzilla/core/blob/master/Zotlabs/Module/Magic.php`
			`*/`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`class Magic extends BaseModule`
			`{`
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`/** @var AppHelper */`
			`protected $appHelper;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`/** @var Database */`
			`protected $dba;`
			`/** @var ICanSendHttpRequests */`
			`protected $httpClient;`
UserSession class [6] - Refactor src/Module/ files without DI 2022-10-20 23:35:01 +02:00			`/** @var IHandleUserSessions */`
			`protected $userSession;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`public function __construct(AppHelper $appHelper, L10n $l10n, BaseURL $baseUrl, Arguments $args, LoggerInterface $logger, Profiler $profiler, Response $response, Database $dba, ICanSendHttpRequests $httpClient, IHandleUserSessions $userSession, $server, array $parameters = [])`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`{`
Introduce `Response` for Modules to create a testable way for module responses 2021-11-21 20:06:36 +01:00			`parent::__construct($l10n, $baseUrl, $args, $logger, $profiler, $response, $server, $parameters);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`$this->appHelper = $appHelper;`
UserSession class [6] - Refactor src/Module/ files without DI 2022-10-20 23:35:01 +02:00			`$this->dba = $dba;`
			`$this->httpClient = $httpClient;`
			`$this->userSession = $userSession;`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`}`

Make `BaseModule` a real entity - Add all dependencies, necessary to run the content (baseUrl, Arguments) - Encapsulate all POST/GET/DELETE/PATCH/PUT methods as protected methods inside the BaseModule - Return Module content ONLY per `BaseModule::run()` (including the Hook logic there as well) 2021-11-20 15:38:03 +01:00			`protected function rawContent(array $request = [])`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00			`{`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`if ($_SERVER['REQUEST_METHOD'] == 'HEAD') {`
			`$this->logger->debug('Got a HEAD request');`
			`System::exit();`
			`}`
Revert "Revert "Replace Module::init() with Constructors"" This reverts commit 89d6c89b6775bc37340dd93d747022e2d7db9618. 2021-11-19 20:18:48 +01:00
OWA: reworked code 2023-05-15 20:46:05 +00:00			`$this->logger->debug('Invoked', ['request' => $request]);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00
Refactor Magic module 2024-11-18 08:28:32 +00:00			`$addr = (string) $request['addr'] ?? '';`
			`$bdest = (string) $request['bdest'] ?? '';`
			`$dest = (string) $request['dest'] ?? '';`
Enable "magic" with Hubzilla 2024-05-20 19:36:40 +00:00			`$owa = intval($request['owa'] ?? 0);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00
OWA: reworked code 2023-05-15 20:46:05 +00:00			`// bdest is preferred as it is hex-encoded and can survive url rewrite and argument parsing`
Refactor Magic module 2024-11-18 08:28:32 +00:00			`if ($bdest !== '') {`
Remote auth works from Streams 2023-05-05 12:46:30 +02:00			`$dest = hex2bin($bdest);`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`$this->logger->debug('bdest detected', ['dest' => $dest]);`
Remote auth works from Streams 2023-05-05 12:46:30 +02:00			`}`
OWA: reworked code 2023-05-15 20:46:05 +00:00
Improved basepath detection for Magic Auth 2023-06-18 17:18:40 +00:00			`$target = $dest ?: $addr;`

Refactor Magic module 2024-11-18 08:28:32 +00:00			`$contact = Contact::getByURL($addr ?: $dest);`
			`if ($contact === [] && $owa === 0) {`
			`$this->logger->info('No contact record found, no oWA, redirecting to destination.', ['request' => $request, 'server' => $_SERVER, 'dest' => $dest]);`
Merge branch 'develop' into phpstan-level-1 2024-11-18 21:45:42 +00:00			`$this->appHelper->redirect($dest);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`}`
port hubzillas OpenWebAuth - use Contact::getIdForURL to query for contact entry 2018-06-19 16:15:28 +02:00
Refactor Magic module 2024-11-18 08:28:32 +00:00			`if ($contact !== []) {`
Remote auth works from Streams 2023-05-05 12:46:30 +02:00			`// Redirect if the contact is already authenticated on this site.`
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`if ($this->appHelper->getContactId() && strpos($contact['nurl'], Strings::normaliseLink($this->baseUrl)) !== false) {`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`$this->logger->info('Contact is already authenticated, redirecting to destination.', ['dest' => $dest]);`
Remote auth works from Streams 2023-05-05 12:46:30 +02:00			`System::externalRedirect($dest);`
			`}`

OWA: reworked code 2023-05-15 20:46:05 +00:00			`$this->logger->debug('Contact found', ['url' => $contact['url']]);`
			`}`

Refactor Magic module 2024-11-18 08:28:32 +00:00			`if (!$this->userSession->getLocalUserId() \|\| $owa === 0) {`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`$this->logger->notice('Not logged in or not OWA, redirecting to destination.', ['uid' => $this->userSession->getLocalUserId(), 'owa' => $owa, 'dest' => $dest]);`
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`$this->appHelper->redirect($dest);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`}`

Enable "magic" with Hubzilla 2024-05-20 19:36:40 +00:00			`$dest = Network::removeUrlParameter($dest, 'zid');`
			`$dest = Network::removeUrlParameter($dest, 'f');`
Refactor Magic module 2024-11-18 08:28:32 +00:00
Get rid of App->user completely 2021-08-08 19:30:21 +00:00			`// OpenWebAuth`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`$owner = User::getOwnerDataById($this->userSession->getLocalUserId());`
Get rid of App->user completely 2021-08-08 19:30:21 +00:00
Improved basepath detection for Magic Auth 2023-06-18 17:18:40 +00:00			`if (!empty($contact['gsid'])) {`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`$gsid = $contact['gsid'];`
Improved basepath detection for Magic Auth 2023-06-18 17:18:40 +00:00			`} elseif (GServer::check($target)) {`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`$gsid = GServer::getID($target);`
			`}`

			`if (empty($gsid)) {`
Improved basepath detection for Magic Auth 2023-06-18 17:18:40 +00:00			`$this->logger->notice('The target is not a server path, redirecting to destination.', ['target' => $target]);`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`System::externalRedirect($dest);`
			`}`

OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`$gserver = $this->dba->selectFirst('gserver', ['url', 'network', 'openwebauth'], ['id' => $gsid]);`
			`if (empty($gserver)) {`
			`$this->logger->notice('Server not found, redirecting to destination.', ['gsid' => $gsid, 'dest' => $dest]);`
			`System::externalRedirect($dest);`
			`}`

			`$openwebauth = $gserver['openwebauth'];`

			`// This part can be removed, when all server entries had been updated. So removing it in 2025 should be safe.`
			`if (empty($openwebauth) && ($gserver['network'] == Protocol::DFRN)) {`
			`$this->logger->notice('Open Web Auth path not provided. Assume default path', ['gsid' => $gsid, 'dest' => $dest]);`
			`$openwebauth = $gserver['url'] . '/owa';`
			`// Update contact to assign the path to the server`
			`UpdateContact::add(Worker::PRIORITY_MEDIUM, $contact['id']);`
			`}`

			`if (empty($openwebauth)) {`
			`$this->logger->debug('Server does not support open web auth, redirecting to destination.', ['gsid' => $gsid, 'dest' => $dest]);`
			`System::externalRedirect($dest);`
			`}`

OWA: reworked code 2023-05-15 20:46:05 +00:00			`$header = [`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`'Accept' => 'application/x-zot+json',`
Enable "magic" with Hubzilla 2024-05-20 19:36:40 +00:00			`'X-Open-Web-Auth' => Strings::getRandomHex(),`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`];`

			`// Create a header that is signed with the local users private key.`
			`$header = HTTPSignature::createSig(`
			`$header,`
			`$owner['prvkey'],`
			`'acct:' . $owner['addr']`
			`);`

OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`$this->logger->info('Fetch from remote system', ['openwebauth' => $openwebauth, 'headers' => $header]);`
OWA: reworked code 2023-05-15 20:46:05 +00:00
			`// Try to get an authentication token from the other instance.`
			`try {`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`$curlResult = $this->httpClient->request('get', $openwebauth, [HttpClientOptions::HEADERS => $header]);`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`} catch (Exception $exception) {`
OpenWebAuth path is now fetched during probing 2024-05-20 19:36:40 +00:00			`$this->logger->notice('URL is invalid, redirecting to destination.', ['url' => $openwebauth, 'error' => $exception, 'dest' => $dest]);`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`System::externalRedirect($dest);`
			`}`
			`if (!$curlResult->isSuccess()) {`
			`$this->logger->notice('OWA request failed, redirecting to destination.', ['returncode' => $curlResult->getReturnCode(), 'dest' => $dest]);`
Get rid of App->user completely 2021-08-08 19:30:21 +00:00			`System::externalRedirect($dest);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`}`

[Composer] Bump guzzlehttp/guzzle to version 7 to suppress deprecation notices - Bump divineomega/password_exposed to version 3 to remove dependency on Guzzle version 6 - Add new ICanHandleHttpResponses->getBodyString method to solve inheritance mismatch with GuzzleHttp\Psr7\ResponseInterface->getBody return type 2024-01-12 01:12:48 -05:00			`$j = json_decode($curlResult->getBodyString(), true);`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`if (empty($j) \|\| !$j['success']) {`
			`$this->logger->notice('Invalid JSON, redirecting to destination.', ['json' => $j, 'dest' => $dest]);`
Replace all calls for App::getContactId() with AppHelper 2024-11-08 23:04:52 +00:00			`$this->appHelper->redirect($dest);`
OWA: reworked code 2023-05-15 20:46:05 +00:00			`}`

			`if ($j['encrypted_token']) {`
			`// The token is encrypted. If the local user is really the one the other instance`
			`// thinks they is, the token can be decrypted with the local users public key.`
			`$token = '';`
			`openssl_private_decrypt(Strings::base64UrlDecode($j['encrypted_token']), $token, $owner['prvkey']);`
			`} else {`
			`$token = $j['token'];`
			`}`
			`$args = (strpbrk($dest, '?&') ? '&' : '?') . 'owt=' . $token;`

			`$this->logger->debug('Redirecting', ['path' => $dest . $args]);`
			`System::externalRedirect($dest . $args);`
port hubzillas OpenWebAuth - remote authentification 2018-06-18 23:05:44 +02:00			`}`
			`}`