converging on a workable crypto auth handshake

2024-09-19 23:55:19 +00:00 · 2012-12-14 00:45:30 -08:00 · 2012-12-14 00:45:30 -08:00 · d39fb9b1d5
commit d39fb9b1d5
parent ecce0f0e21
4 changed files with 55 additions and 4 deletions
--- a/boot.php
+++ b/boot.php
@ -17,7 +17,7 @@ define ( 'FRIENDICA_PLATFORM',     'Friendica Red');
 define ( 'FRIENDICA_VERSION',      trim(file_get_contents('version.inc')) . 'R');
 define ( 'DFRN_PROTOCOL_VERSION',  '2.23'    );
 define ( 'ZOT_REVISION',               1     ); 
-define ( 'DB_UPDATE_VERSION',       1001     );
+define ( 'DB_UPDATE_VERSION',       1002     );

 define ( 'EOL',                    "<br />\r\n"     );
 define ( 'ATOM_TIME',              'Y-m-d\TH:i:s\Z' );
--- a/install/database.sql
+++ b/install/database.sql
@ -894,6 +894,21 @@ CREATE TABLE IF NOT EXISTS `tokens` (
  KEY `uid` (`uid`)
 ) ENGINE=MyISAM DEFAULT CHARSET=utf8;

+CREATE TABLE IF NOT EXISTS `verify` (
+  `id` int(10) unsigned NOT NULL,
+  `channel` int(10) unsigned NOT NULL DEFAULT '0',
+  `type` char(32) NOT NULL DEFAULT '',
+  `token` char(255) NOT NULL DEFAULT '',
+  `meta` char(255) NOT NULL DEFAULT '',
+  `created` datetime NOT NULL DEFAULT '0000-00-00 00:00:00',
+  PRIMARY KEY (`id`),
+  KEY `channel` (`channel`),
+  KEY `type` (`type`),
+  KEY `token` (`token`),
+  KEY `meta` (`meta`),
+  KEY `created` (`created`)
+) ENGINE=MyISAM DEFAULT CHARSET=utf8;
+
 CREATE TABLE IF NOT EXISTS `xchan` (
  `xchan_hash` char(255) NOT NULL,
  `xchan_guid` char(255) NOT NULL DEFAULT '',
--- a/install/update.php
+++ b/install/update.php
@ -1,6 +1,6 @@
 <?php

-define( 'UPDATE_VERSION' , 1001 );
+define( 'UPDATE_VERSION' , 1002 );

 /**
 *
@ -43,3 +43,21 @@ function update_r1000() {
 }


+function update_r1001() {
+	$r = q("CREATE TABLE if not exists `verify` (
+		`id` INT(10) UNSIGNED NOT NULL ,
+		`channel` INT(10) UNSIGNED NOT NULL DEFAULT '0',
+		`type` CHAR( 32 ) NOT NULL DEFAULT '',
+		`token` CHAR( 255 ) NOT NULL DEFAULT '',
+		`meta` CHAR( 255 ) NOT NULL DEFAULT '',
+		`created` DATETIME NOT NULL DEFAULT '0000-00-00 00:00:00',
+		PRIMARY KEY ( `id` )
+		) ENGINE = MYISAM ");
+
+	$r2 = q("alter table `verify` add index (`channel`), add index (`type`), add index (`token`),
+		add index (`meta`), add index (`created`)");
+
+	if($r && $r2)
+		return UPDATE_SUCCESS;
+	return UPDATE_FAILED;
+}
--- a/mod/magic.php
+++ b/mod/magic.php
@ -49,9 +49,21 @@ function magic_init(&$a) {
 			// Just redirect.
 			goaway($desturl);
 		}
+
+		$token = random_string();
+
 		$recip = array(array('guid' => $x[0]['hubloc_guid'],'guid_sig' => $x[0]['hubloc_guid_sig']));
 		$channel = $a->get_channel();
 		$hash = random_string();
+
+		$r = q("insert into verify ( type, channel, token, meta, created) values ('%s','%d','%s','%s','%s')",
+			dbesc('auth'),
+			intval($channel['channel_id']),
+			dbesc($token),
+			dbesc($hubloc['hubloc_hash']),
+			dbesc(datetime_convert())
+		);
+
 		$packet = zot_build_packet($channel,'auth',$recip,$x[0]['hubloc_sitekey'],$hash);
 		$result = zot_zot($x[0]['hubloc_callback'],$packet);
 		if($result['success']) {
@ -60,8 +72,14 @@ function magic_init(&$a) {
 				$y = aes_unencapsulate($j,$channel['prvkey']);
 				$j = json_decode($y,true);
 			}
-			if($y['token'])
-				goaway($x[0]['callback'] . '?f=&token=' . $token . '&dest=' . $dest);
+			if($j['token'] && $j['ticket'] && $j['token'] === $token) {
+				$r = q("delete from verify where token = '%s' and type = '%s' and channel = %d limit 1",
+					dbesc($token),
+					dbesc('auth'),
+					intval($channel['channel_id'])
+				);				
+				goaway($x[0]['callback'] . '?f=&ticket=' . $ticket . '&dest=' . $dest);
+			}
 		}
 		goaway($dest);
 	}