Compare commits
3 Commits
7b90d0f927
...
937278c8d5
| Author | SHA1 | Date |
|---|---|---|
 Elizabeth Cray
|
937278c8d5 | |
|
Elizabeth Cray
|
ccb94ef0ac | |
|
Elizabeth Cray
|
52c66eea16 |
|
|
@ -4,6 +4,15 @@ use Mastodon oauth to generate system users
|
|||
|
||||
Warrant canary available at /etc/ttyserver/canary
|
||||
|
||||
# Work In Progress
|
||||
|
||||
## Active TODO:
|
||||
|
||||
*Fix OAuth Process (Invalid showing up)*
|
||||
|
||||
Fix involves changing auth procedure to store the reusable auth token encrypted in the client browser.
|
||||
This should alleviate the occasional invalid error.
|
||||
|
||||
## TODO: (From Fedi Reports)
|
||||
|
||||
* [ ] Descriptive pubkey upload responses
|
||||
|
|
|
|||
|
|
@ -3,6 +3,8 @@ $config = json_decode(file_get_contents("/var/www/usergen/secret/config.json", t
|
|||
ini_set('display_errors', 1);
|
||||
ini_set('display_startup_errors', 1);
|
||||
error_reporting(E_ALL);
|
||||
|
||||
require("/var/www/usergen/secret/oauth.php");
|
||||
function flog($log_msg) {
|
||||
$log_filename = "/var/www/html";
|
||||
$log_file_data = $log_filename.'/log_' . date('d-M-Y') . '.log';
|
||||
|
|
@ -28,16 +30,6 @@ if (isset($_REQUEST["act"])){
|
|||
$MastCode = $_REQUEST["code"];
|
||||
// var_dump($_REQUEST);
|
||||
}
|
||||
if (isset($_REQUEST["token"])){
|
||||
// Token passed, use for repeated OAUTH
|
||||
/* TODO: Long-Term Auth
|
||||
* Check if HT Token valid
|
||||
* Generate Browser Token
|
||||
* Encrypt Browser Token with Client Data (User Agent + IP)
|
||||
* $_SERVER["HTTP_USER_AGENT"] + $_SERVER["REMOTE_ADDR"]
|
||||
*/
|
||||
flog("token:35 ✨ ".$_REQUEST["token"]);
|
||||
}
|
||||
?>
|
||||
<!DOCTYPE html>
|
||||
<HTML lang="en">
|
||||
|
|
@ -76,40 +68,11 @@ if (isset($_REQUEST["token"])){
|
|||
</div>
|
||||
<?php
|
||||
// Query /oauth/token
|
||||
$AuthToken = "";
|
||||
$UserName = "";
|
||||
$ErrorDesc = "";
|
||||
$UserId = "";
|
||||
$request = curl_init();
|
||||
curl_setopt($request, CURLOPT_POST, 1);
|
||||
curl_setopt($request, CURLOPT_URL, "https://hackers.town/oauth/token");
|
||||
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
|
||||
$origin = "https://tty.hackers.town";
|
||||
if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
|
||||
$origin = str_replace("\n", "", file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE"));
|
||||
}
|
||||
$redirectUri = $origin."/auth";
|
||||
$options = "grant_type=authorization_code&code=".$MastCode."&client_id=".$config->oauth->key."&client_secret=".$config->oauth->secret."&scope=read:accounts&redirect_uri=".$redirectUri;
|
||||
curl_setopt($request, CURLOPT_POSTFIELDS, $options);
|
||||
$response = curl_exec($request);
|
||||
curl_close($request);
|
||||
flog("oauth_token:91 ✨ ".$response);
|
||||
$Auth = json_decode($response);
|
||||
$Auth = oauthToken($MastCode, $config);
|
||||
if(isset($Auth->token_type)){
|
||||
// Valid Auth?
|
||||
$request = curl_init();
|
||||
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
|
||||
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
|
||||
curl_setopt($request, CURLOPT_HTTPHEADER, array(
|
||||
"Authorization: ".$Auth->token_type." ".$Auth->access_token
|
||||
));
|
||||
$response = curl_exec($request);
|
||||
curl_close($request);
|
||||
$User = json_decode($response);
|
||||
|
||||
flog("cred_verify:104 ✨ ".$response);
|
||||
|
||||
if (isset($User->id)){
|
||||
$User = verifyCredentials($Auth->access_token);
|
||||
if (gettype($User) == "object" && isset($User->id)) {
|
||||
// Congrats!
|
||||
$AuthToken = $Auth->access_token;
|
||||
$UserName = $User->display_name;
|
||||
|
|
@ -119,6 +82,7 @@ if (isset($_REQUEST["token"])){
|
|||
$AuthToken = "BadUser";
|
||||
$ErrorDesc = "User Not Found";
|
||||
}
|
||||
|
||||
}else{
|
||||
// invalid auth
|
||||
if(isset($_COOKIE["oa_retries"])){
|
||||
|
|
@ -186,17 +150,7 @@ if (isset($_REQUEST["token"])){
|
|||
<input id="keyfile" type="file" style="display: none;"/>
|
||||
</form>
|
||||
</div>
|
||||
<div class="row copyright">
|
||||
<?php
|
||||
if (file_exists("/etc/ttyserver/canary")){
|
||||
echo "Canary";
|
||||
}
|
||||
?>
|
||||
<br>
|
||||
<button class="footerbutton" onclick="displayFingerprints()">SSH Fingerprints</button>
|
||||
<br>
|
||||
<a href="https://git.corrupt.link/liz/tilde-oauth">View Source on Git</a>
|
||||
</div>
|
||||
<?php require("/var/www/usergen/footer.php"); ?>
|
||||
</div>
|
||||
<div class="desktopOnly col-4"></div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,11 @@
|
|||
<div class="row copyright">
|
||||
<?php
|
||||
if (file_exists("/etc/ttyserver/canary")){
|
||||
echo "Canary";
|
||||
}
|
||||
?>
|
||||
<br>
|
||||
<button class="footerbutton" onclick="displayFingerprints()">SSH Fingerprints</button>
|
||||
<br>
|
||||
<a href="https://git.corrupt.link/liz/tilde-oauth">View Source on Git</a>
|
||||
</div>
|
||||
12
index.php
12
index.php
|
|
@ -37,17 +37,7 @@
|
|||
<div class="row button">
|
||||
<button id="bttn" class="keyButton" onclick="beginOauth()">Log In</button>
|
||||
</div>
|
||||
<div class="row copyright">
|
||||
<?php
|
||||
if (file_exists("/etc/ttyserver/canary")){
|
||||
echo "Canary";
|
||||
}
|
||||
?>
|
||||
<br>
|
||||
<button class="footerbutton" onclick="displayFingerprints()">SSH Fingerprints</button>
|
||||
<br>
|
||||
<a href="https://git.corrupt.link/liz/tilde-oauth">View Source on Git</a>
|
||||
</div>
|
||||
<?php require("/var/www/usergen/footer.php"); ?>
|
||||
</div>
|
||||
<div class="desktopOnly col-4"></div>
|
||||
</div>
|
||||
|
|
|
|||
|
|
@ -0,0 +1,44 @@
|
|||
<?php
|
||||
|
||||
function verifyCredentials($Auth) {
|
||||
$request = curl_init();
|
||||
curl_setopt($request, CURLOPT_URL, "https://hackers.town/api/v1/accounts/verify_credentials");
|
||||
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
|
||||
curl_setopt($request, CURLOPT_HTTPHEADER, array(
|
||||
"Authorization: Bearer ".$Auth
|
||||
));
|
||||
$response = curl_exec($request);
|
||||
curl_close($request);
|
||||
$User = json_decode($response);
|
||||
|
||||
// if (isset($User->id)){
|
||||
// // Congrats!
|
||||
// $UserName = $User->display_name;
|
||||
// $UserId = $User->id;
|
||||
// }else{
|
||||
// }
|
||||
return (isset($User->error) ? $User->error : $User);
|
||||
}
|
||||
|
||||
function oauthToken($AuthCode, $config){
|
||||
$AuthToken = "";
|
||||
$UserName = "";
|
||||
$ErrorDesc = "";
|
||||
$UserId = "";
|
||||
$request = curl_init();
|
||||
curl_setopt($request, CURLOPT_POST, 1);
|
||||
curl_setopt($request, CURLOPT_URL, "https://hackers.town/oauth/token");
|
||||
curl_setopt($request, CURLOPT_RETURNTRANSFER, 1);
|
||||
$origin = "https://tty.hackers.town";
|
||||
if(file_exists("/var/www/usergen/DOMAIN_OVERRIDE")){
|
||||
$origin = str_replace("\n", "", file_get_contents("/var/www/usergen/DOMAIN_OVERRIDE"));
|
||||
}
|
||||
$redirectUri = $origin."/auth";
|
||||
$options = "grant_type=authorization_code&code=".$AuthCode."&client_id=".$config->oauth->key."&client_secret=".$config->oauth->secret."&scope=read:accounts&redirect_uri=".$redirectUri;
|
||||
curl_setopt($request, CURLOPT_POSTFIELDS, $options);
|
||||
$response = curl_exec($request);
|
||||
curl_close($request);
|
||||
$Auth = json_decode($response);
|
||||
return (isset($Auth->error) ? $Auth->error_description : $Auth);
|
||||
}
|
||||
?>
|
||||
Loading…
Reference in New Issue