Merge pull request #5938 from annando/magic-loop

Avoid endless loop at magic auth
pull/5947/head
Tobias Diekershoff 2018-10-16 09:17:17 +02:00 committed by GitHub
commit dbd2aa1196
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 44 additions and 41 deletions

View File

@ -1010,19 +1010,19 @@ class Profile
$my_url = self::getMyURL(); $my_url = self::getMyURL();
$my_url = Network::isUrlValid($my_url); $my_url = Network::isUrlValid($my_url);
if ($my_url) { if (empty($my_url) || local_user()) {
if (!local_user()) {
// Is it a DDoS attempt?
// The check fetches the cached value from gprobe to reduce the load for this system
$urlparts = parse_url($my_url);
$result = Cache::get('gprobe:' . $urlparts['host']);
if ((!is_null($result)) && (in_array($result['network'], [Protocol::FEED, Protocol::PHANTOM]))) {
logger('DDoS attempt detected for ' . $urlparts['host'] . ' by ' . $_SERVER['REMOTE_ADDR'] . '. server data: ' . print_r($_SERVER, true), LOGGER_DEBUG);
return; return;
} }
Worker::add(PRIORITY_LOW, 'GProbe', $my_url); // Avoid endless loops
$cachekey = 'zrlInit:' . $my_url;
if (Cache::get($cachekey)) {
logger('URL ' . $my_url . ' already tried to authenticate.', LOGGER_DEBUG);
return;
} else {
Cache::set($cachekey, true, CACHE_MINUTE);
}
$arr = ['zrl' => $my_url, 'url' => $a->cmd]; $arr = ['zrl' => $my_url, 'url' => $a->cmd];
Addon::callHooks('zrl_init', $arr); Addon::callHooks('zrl_init', $arr);
@ -1033,10 +1033,12 @@ class Profile
return; return;
} }
Worker::add(PRIORITY_LOW, 'GProbe', $my_url);
$contact = DBA::selectFirst('contact',['id', 'url'], ['id' => $cid]); $contact = DBA::selectFirst('contact',['id', 'url'], ['id' => $cid]);
if (DBA::isResult($contact) && remote_user() && remote_user() == $contact['id']) { if (DBA::isResult($contact) && remote_user() && remote_user() == $contact['id']) {
// The visitor is already authenticated. logger('The visitor ' . $my_url . ' is already authenticated', LOGGER_DEBUG);
return; return;
} }
@ -1055,14 +1057,15 @@ class Profile
if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) { if ($basepath != System::baseUrl() && !strstr($dest, '/magic') && !strstr($dest, '/rmagic')) {
$magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest; $magic_path = $basepath . '/magic' . '?f=&owa=1&dest=' . $dest;
$serverret = Network::curl($magic_path);
// We have to check if the remote server does understand /magic without invoking something
$serverret = Network::curl($basepath . '/magic');
if ($serverret->isSuccess()) { if ($serverret->isSuccess()) {
logger('Doing magic auth for visitor ' . $my_url . ' to ' . $magic_path, LOGGER_DEBUG);
goaway($magic_path); goaway($magic_path);
} }
} }
} }
}
}
/** /**
* OpenWebAuth authentication. * OpenWebAuth authentication.