From ed5828f30ea0f7a30e01d407058990b06164c6f3 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Fri, 8 Jan 2010 17:20:25 -0800
Subject: Redirect to a one-time-password when ssl and regular server are
 different

---
 lib/command.php | 24 ++++++++----------------
 lib/router.php  |  5 ++++-
 2 files changed, 12 insertions(+), 17 deletions(-)

(limited to 'lib')

diff --git a/lib/command.php b/lib/command.php
index 67140c348..f846fb823 100644
--- a/lib/command.php
+++ b/lib/command.php
@@ -650,25 +650,17 @@ class LoginCommand extends Command
             $channel->error($this->user, _('Login command is disabled'));
             return;
         }
-        $login_token = Login_token::staticGet('user_id',$this->user->id);
-        if($login_token){
-            $login_token->delete();
-        }
-        $login_token = new Login_token();
-        $login_token->user_id = $this->user->id;
-        $login_token->token = common_good_rand(16);
-        $login_token->created = common_sql_now();
-        $result = $login_token->insert();
-        if (!$result) {
-          common_log_db_error($login_token, 'INSERT', __FILE__);
-          $channel->error($this->user, sprintf(_('Could not create login token for %s'),
-                                       $this->user->nickname));
-          return;
+
+        try {
+            $login_token = Login_token::makeNew($this->user);
+        } catch (Exception $e) {
+            $channel->error($this->user, $e->getMessage());
         }
+
         $channel->output($this->user,
             sprintf(_('This link is useable only once, and is good for only 2 minutes: %s'),
-                    common_local_url('login',
-                        array('user_id'=>$login_token->user_id, 'token'=>$login_token->token))));
+                    common_local_url('otp',
+                        array('user_id' => $login_token->user_id, 'token' => $login_token->token))));
     }
 }
 
diff --git a/lib/router.php b/lib/router.php
index 287d3c79f..4128741a8 100644
--- a/lib/router.php
+++ b/lib/router.php
@@ -88,7 +88,10 @@ class Router
 
             $m->connect('doc/:title', array('action' => 'doc'));
 
-            $m->connect('main/login?user_id=:user_id&token=:token', array('action'=>'login'), array('user_id'=> '[0-9]+', 'token'=>'.+'));
+            $m->connect('main/otp/:user_id/:token',
+                        array('action' => 'otp'),
+                        array('user_id' => '[0-9]+',
+                              'token' => '.+'));
 
             // main stuff is repetitive
 
-- 
cgit v1.2.3-54-g00ecf


From dd7195346c8fbf928ae7087fb7d342e62a4dce39 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Sun, 10 Jan 2010 22:59:32 -0800
Subject: Sever -> server in error message

---
 lib/util.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/util.php b/lib/util.php
index 50bd0e2ac..7093d4e43 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -809,14 +809,14 @@ function common_path($relative, $ssl=false)
         } else if (common_config('site', 'server')) {
             $serverpart = common_config('site', 'server');
         } else {
-            common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
+            common_log(LOG_ERR, 'Site server not configured, unable to determine site name.');
         }
     } else {
         $proto = 'http';
         if (common_config('site', 'server')) {
             $serverpart = common_config('site', 'server');
         } else {
-            common_log(LOG_ERR, 'Site Sever not configured, unable to determine site name.');
+            common_log(LOG_ERR, 'Site server not configured, unable to determine site name.');
         }
     }
 
-- 
cgit v1.2.3-54-g00ecf


From e0eb51e4bb51f17b0281b7ec4e3d4eca33240978 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Sun, 10 Jan 2010 23:51:57 -0800
Subject: add session ID to local URL when server parts differ

---
 lib/util.php | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'lib')

diff --git a/lib/util.php b/lib/util.php
index 7093d4e43..90d4a6532 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -820,6 +820,25 @@ function common_path($relative, $ssl=false)
         }
     }
 
+    if (common_have_session()) {
+
+        $currentServer = $_SERVER['HTTP_HOST'];
+
+        // Are we pointing to another server (like an SSL server?)
+
+        if (!empty($currentServer) &&
+            0 != strcasecmp($currentServer, $serverpart)) {
+            // Pass the session ID as a GET parameter
+            $sesspart = session_name() . '=' . session_id();
+            $i = strpos($relative, '?');
+            if ($i === false) { // no GET params, just append
+                $relative .= '?' . $sesspart;
+            } else {
+                $relative = substr($relative, 0, $i + 1).$sesspart.'&'.substr($relative, $i + 1);
+            }
+        }
+    }
+
     return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
 }
 
-- 
cgit v1.2.3-54-g00ecf


From ae7469a127a3d95237085335b46077460c536814 Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@status.net>
Date: Mon, 11 Jan 2010 08:39:02 +0000
Subject: accept session from

---
 lib/util.php | 35 +++++++++++++++++++++++++++++------
 1 file changed, 29 insertions(+), 6 deletions(-)

(limited to 'lib')

diff --git a/lib/util.php b/lib/util.php
index 90d4a6532..a56a41a57 100644
--- a/lib/util.php
+++ b/lib/util.php
@@ -166,15 +166,27 @@ function common_ensure_session()
         if (common_config('sessions', 'handle')) {
             Session::setSaveHandler();
         }
+	if (array_key_exists(session_name(), $_GET)) {
+	    $id = $_GET[session_name()];
+	    common_log(LOG_INFO, 'Setting session from GET parameter: '.$id);
+	} else if (array_key_exists(session_name(), $_COOKIE)) {
+	    $id = $_COOKIE[session_name()];
+	    common_log(LOG_INFO, 'Setting session from COOKIE: '.$id);
+	}
+	if (isset($id)) {
+	    session_id($id);
+	    setcookie(session_name(), $id);
+	}
         @session_start();
         if (!isset($_SESSION['started'])) {
             $_SESSION['started'] = time();
-            if (!empty($c)) {
+            if (!empty($id)) {
                 common_log(LOG_WARNING, 'Session cookie "' . $_COOKIE[session_name()] . '" ' .
                            ' is set but started value is null');
             }
         }
     }
+    common_debug("Session ID = " . session_id());
 }
 
 // Three kinds of arguments:
@@ -820,8 +832,19 @@ function common_path($relative, $ssl=false)
         }
     }
 
+    $relative = common_inject_session($relative, $serverpart);
+    
+    return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
+}
+
+function common_inject_session($url, $serverpart = null)
+{
     if (common_have_session()) {
 
+	if (empty($serverpart)) {
+	    $serverpart = parse_url($url, PHP_URL_HOST);
+	}
+	
         $currentServer = $_SERVER['HTTP_HOST'];
 
         // Are we pointing to another server (like an SSL server?)
@@ -830,16 +853,16 @@ function common_path($relative, $ssl=false)
             0 != strcasecmp($currentServer, $serverpart)) {
             // Pass the session ID as a GET parameter
             $sesspart = session_name() . '=' . session_id();
-            $i = strpos($relative, '?');
+            $i = strpos($url, '?');
             if ($i === false) { // no GET params, just append
-                $relative .= '?' . $sesspart;
+                $url .= '?' . $sesspart;
             } else {
-                $relative = substr($relative, 0, $i + 1).$sesspart.'&'.substr($relative, $i + 1);
+                $url = substr($url, 0, $i + 1).$sesspart.'&'.substr($url, $i + 1);
             }
         }
     }
-
-    return $proto.'://'.$serverpart.'/'.$pathpart.$relative;
+    
+    return $url;
 }
 
 function common_date_string($dt)
-- 
cgit v1.2.3-54-g00ecf