diff options
| author | Bjoern Schiessle <bjoern@schiessle.org> | 2017-04-27 19:04:59 +0300 |
|---|---|---|
| committer | Bjoern Schiessle <bjoern@schiessle.org> | 2017-04-27 19:08:23 +0300 |
| commit | e5c542ad89052e9cddb2c3cb79586705d5fb9867 (patch) | |
| tree | 741d919e7a7f89676a775fa862e15ebd2a9d26ae | |
| parent | d300d7c4691dba70eabb256107a05f61f8d3864c (diff) | |
check webpage proof
Signed-off-by: Bjoern Schiessle <bjoern@schiessle.org>
| -rw-r--r-- | server/lib/UserManager.php | 61 |
1 files changed, 54 insertions, 7 deletions
diff --git a/server/lib/UserManager.php b/server/lib/UserManager.php index cd340b3..e6d2cbe 100644 --- a/server/lib/UserManager.php +++ b/server/lib/UserManager.php @@ -324,13 +324,38 @@ LIMIT 50'); break; } if ($success) { - // ToDo update verification status - $this->removeOpenVerificationRequest($verify); + $this->updateVerificationStatus($verify['storeId']); + $this->removeOpenVerificationRequest($verify['id']); } } } /** + * if data could be verified successfully we update the information in the store table + * + * @param $storeId + */ + private function updateVerificationStatus($storeId) { + $stmt = $this->db->prepare('UPDATE store SET valid = 1 WHERE id = :storeId'); + $stmt->bindParam('storeId', $storeId); + $stmt->execute(); + $stmt->closeCursor(); + } + + /** + * remove data from to verify table if verificartion was successful or max. number of tries reached. + * + * @param $id + */ + private function removeOpenVerificationRequest($id) { + return true; // Fixme... just for testing purpose. + $stmt = $this->db->prepare('DELETE FROM toVerify WHERE id = :id'); + $stmt->bindParam(':id', $id); + $stmt->execute(); + $stmt->closeCursor(); + } + + /** * get open verification Requests * * @return array @@ -363,15 +388,37 @@ LIMIT 50'); * @return bool */ private function verifyWebpage($data) { - // ToDo get data from verify table (includes $cloudId, $location) - // ToDo get proof from webpage $location - // ToDo split $message & $signature - return false; - $result = $this->verifyRequest($cloudId, $message, $signature); + $url = $this->getValidUrl($data['location']); + $proof = @file_get_contents($url); + $result = false; + if ($proof) { + $userData = $this->getForUserId($data['userId']); + $cloudId = $userData['federationId']; + $proofSanitized = trim(preg_replace('/\s\s+/', ' ', $proof)); + list($message, $signature) = $this->splitMessageSignature($proofSanitized); + $result = $this->verifyRequest($cloudId, $message, $signature); + } return $result; } + private function getValidUrl($url) { + $url = trim($url); + $url = rtrim($url, '/'); + if (strpos($url, 'http://') !== 0 && strpos($url, 'https://') !== 0) { + $url = 'http://' . $url; + } + + return $url . '/.well-known/CloudIdVerificationCode.txt'; + } + + private function splitMessageSignature($proof) { + $signature = substr($proof, -344); + $message = substr($proof, 0, -344); + + return [trim($message), trim($signature)]; + } + /** * check signature of incoming request * |