owa: missed the set-observer stuff

Zotlabs/Module/Owa.php

@@ -1,9 +1,16 @@
 <?php
 
-
 namespace Zotlabs\Module;
 
-
+/**
+ * OpenWebAuth verifier and token generator
+ * See https://macgirvin.com/wiki/mike/OpenWebAuth/Home
+ * Requests to this endpoint should be signed using HTTP Signatures
+ * using the 'Authorization: Signature' authentication method
+ * If the signature verifies a token is returned. 
+ *
+ * This token may be exchanged for an authenticated cookie. 
+ */
 
 class Owa extends \Zotlabs\Web\Controller {
 
@@ -29,8 +36,6 @@ class Owa extends \Zotlabs\Web\Controller {
 							$hubloc = $r[0];
 							$verified = \Zotlabs\Web\HTTPSig::verify('',$hubloc['xchan_pubkey']);
 
-logger('verified: ' . print_r($verified,true));
-
 							if($verified && $verified['header_signed'] && $verified['header_valid']) {
 								$token = random_string(32);
 								\Zotlabs\Zot\Verify::create('owt',0,$token,$r[0]['hubloc_addr']);
@@ -42,13 +47,8 @@ logger('verified: ' . print_r($verified,true));
 						}
 					}
 				}
-				$x = json_encode([ 'success' => false ]);
-				header('Content-Type: application/x-zot+json');
-				echo $x;
-				killme();	
 			}
 		}
-
 		$x = json_encode([ 'success' => false ]);
 		header('Content-Type: application/x-zot+json');
 		echo $x;

include/zid.php

@@ -296,6 +296,13 @@ function owt_init($token) {
 		$_SESSION['DNT'] = 1;
 	}
 
-	logger('owa success!');
+	$arr = array('xchan' => $hubloc, 'url' => \App::query_string, 'session' => $_SESSION);
+	call_hooks('magic_auth_success',$arr);
+	\App::set_observer($hubloc);
+	require_once('include/security.php');
+	\App::set_groups(init_groups_visitor($_SESSION['visitor_id']));
+	info(sprintf( t('Welcome %s. Remote authentication successful.'),$hubloc['xchan_name']));
+	logger('OpenWebAuth: auth success from ' . $hubloc['xchan_addr']);
+
 
 }