From 372e704a5829bd447477c93afa3fd25658391f55 Mon Sep 17 00:00:00 2001
From: "psyc://loupsycedyglgamf.onion/~lynX"
 <BM-NB7xa9gEpmJgYp9PVnEdACiZcGmmEJcY>
Date: Thu, 19 Jul 2018 17:51:32 +0200
Subject: [PATCH] web challenge redirects

---
 world/net/include/net.h       |  6 ++++++
 world/net/include/place.gen   | 18 +++++++++++++----
 world/net/jabber/disco.c      |  6 ++----
 world/net/jabber/server.c     | 10 ++++-----
 world/net/jabber/user.c       |  2 +-
 world/net/place/archetype.gen | 38 ++++++++++++++++++++---------------
 6 files changed, 50 insertions(+), 30 deletions(-)

diff --git a/world/net/include/net.h b/world/net/include/net.h
index 6938f3f..09dab36 100644
--- a/world/net/include/net.h
+++ b/world/net/include/net.h
@@ -146,6 +146,12 @@
 # echo Please fix your #define REGISTERED_USERS_ONLY
 # define _flag_disable_unauthenticated_users
 #endif
+#ifdef _flag_disable_unauthenticated_users
+# define _flag_disable_unauthenticated_users_XMPP
+#endif
+#ifdef _flag_disable_registration
+# define _flag_disable_registration_XMPP
+#endif
 
 #ifdef RELAY
 # define	_flag_disable_authorization
diff --git a/world/net/include/place.gen b/world/net/include/place.gen
index db72af8..e9de120 100644
--- a/world/net/include/place.gen
+++ b/world/net/include/place.gen
@@ -616,12 +616,20 @@ htget(prot, query, headers, qs) {
 // maybe this all belongs into archetype.gen.. chesmo!
 htget(prot, query, headers, qs, data, noprocess) {
 	if (stringp(headers["cookie"]) && regmatch(headers["cookie"],
-		 "challenge=complete&answer="+ md5(CHALLENGE_MATCH)))
-# ifdef HTGET
-	    return HTGET;
+		 "challenge=complete&answer="+ md5(CHALLENGE_MATCH))) {
+		htnotify(query, headers, "_accomplished_web",
+		    "Challenge accomplished in [_nick_place] by [_web_on] coming from [_web_from].");
+# ifdef CHALLENGE_REDIRECT
+		return htredirect(prot, CHALLENGE_REDIRECT);
 # else
-	    return ::htget(prot, query, headers, qs, data, noprocess);
+#  ifdef HTGET
+		// you may want to output a player iframe instead of a redirect...
+		return HTGET;
+#  else
+		return ::htget(prot, query, headers, qs, data, noprocess);
+#  endif
 # endif
+	}
 	string item = headers[item] || "/@"+ MYNICK;
 	if (stringp(query["answer"]) && headers["cookie"] &&
 	    regmatch(headers["cookie"], "challenge=given") &&
@@ -645,6 +653,8 @@ htget(prot, query, headers, qs, data, noprocess) {
 	       "_parameters" : query["parameters"] || qs,
 	       "_nick_place" : MYNICK ]) );
 	// printf("%O vs %O\n", query, headers);
+	htnotify(query, headers, "_challenged_web",
+	    "[_nick_place] challenges [_web_on] coming from [_web_from].");
 	return 1;
 }
 #endif
diff --git a/world/net/jabber/disco.c b/world/net/jabber/disco.c
index c6363cb..5edc045 100644
--- a/world/net/jabber/disco.c
+++ b/world/net/jabber/disco.c
@@ -18,11 +18,9 @@
 disco_info_root(vars) {
     string featurelist;
     featurelist = "<feature var='http://jabber.org/protocol/muc'/>"
-#ifndef _flag_disable_unauthenticated_users
-# ifndef _flag_disable_registration
-#  ifndef _flag_disable_registration_XMPP
+#ifndef _flag_disable_unauthenticated_users_XMPP
+# ifndef _flag_disable_registration_XMPP
 		"<feature var='jabber:iq:register'/>"
-#  endif
 # endif
 #endif
 #ifndef VOLATILE
diff --git a/world/net/jabber/server.c b/world/net/jabber/server.c
index ae3767e..c78481f 100644
--- a/world/net/jabber/server.c
+++ b/world/net/jabber/server.c
@@ -187,7 +187,7 @@ jabberMsg(XMLNode node) {
 	    case "jabber:iq:register":
 		if (node["@type"] == "get"){
 		    string packet;
-#if defined(_flag_disable_unauthenticated_users) || defined(_flag_disable_registration) || defined(_flag_disable_registration_XMPP)
+#if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
 		    // super dirty.. this should all be in textdb
 		    packet = sprintf("<iq type='result' id='%s'>"
 				     "<query xmlns='jabber:iq:register'/>"
@@ -234,7 +234,7 @@ jabberMsg(XMLNode node) {
 			emit(packet);
 			// QUIT
 		    } else {
-#if defined(_flag_disable_unauthenticated_users) || defined(_flag_disable_registration) || defined(_flag_disable_registration_XMPP)
+#if defined(_flag_disable_unauthenticated_users_XMPP) || defined(_flag_disable_registration_XMPP)
 			// TODO: generate some error as above
 #else
 			user -> vSet("password", t[Cdata]);
@@ -358,7 +358,7 @@ jabberMsg(XMLNode node) {
 # endif
 		break;
 #endif
-#ifndef _flag_disable_unauthenticated_users
+#ifndef _flag_disable_unauthenticated_users_XMPP
 	    case "ANONYMOUS":
 		unless(node[Cdata]) {
 		    SASL_ERROR("incorrect-encoding")
@@ -481,7 +481,7 @@ open_stream(XMLNode node) {
 		      "<mechanism>DIGEST-MD5</mechanism>"
 #endif
 		      "<mechanism>PLAIN</mechanism>";
-#ifndef _flag_disable_unauthenticated_users
+#ifndef _flag_disable_unauthenticated_users_XMPP
 		    // sasl anonymous
 		      "<mechanism>ANONYMOUS</mechanism>";
 #endif
@@ -497,7 +497,7 @@ open_stream(XMLNode node) {
 #endif
 		features += "</mechanisms>";
 		features += "<auth xmlns='http://jabber.org/features/iq-auth'/>";
-#ifndef _flag_disable_unauthenticated_users
+#ifndef _flag_disable_registration_XMPP
 		features += "<register xmlns='http://jabber.org/features/iq-register'/>";
 #endif
 	    }
diff --git a/world/net/jabber/user.c b/world/net/jabber/user.c
index c325b81..237f61f 100644
--- a/world/net/jabber/user.c
+++ b/world/net/jabber/user.c
@@ -627,7 +627,7 @@ iq(XMLNode node) {
 	    break;
 	}
 	break;
-#if !defined(_flag_disable_unauthenticated_users) && !defined(_flag_disable_registration) && !defined(_flag_disable_registration_XMPP)
+#if !defined(_flag_disable_unauthenticated_users_XMPP) && !defined(_flag_disable_registration_XMPP)
     case "jabber:iq:register":
 	switch(node["@type"]) {
 	case "get":
diff --git a/world/net/place/archetype.gen b/world/net/place/archetype.gen
index 6991f04..67dfa6a 100644
--- a/world/net/place/archetype.gen
+++ b/world/net/place/archetype.gen
@@ -473,6 +473,27 @@ _request_set_topic(source, mc, data, vars, b) {
 #endif
 
 #if HAS_PORT(HTTP_PORT, HTTP_PATH) || HAS_PORT(HTTPS_PORT, HTTP_PATH)
+// for GDPR compliance server owners are expected not to log these messages
+htnotify(query, headers, mc, fmt) {
+	if (query["from"] == "") query["from"] = 0;
+	if (query["location"] == "") query["location"] = 0;
+
+	// should be renamed into _notice_examine_web_place
+	castmsg(ME, "_notice_place"+(mc || "_examine_web"),
+	    fmt || "[_nick_place] viewed on [_web_on] coming from [_web_from].",
+	([	"_web_referrer" : query["from"] || "bookmark",
+		"_web_page" : query["location"] || headers["referer"] || "",
+		"_web_browser" : headers["user-agent"] || "",
+		"_web_on" : query["location"] || headers["referer"] ||
+			    headers["user-agent"] || "",
+		"_web_from" : query["from"] ||
+			    query_ip_name(this_interactive()) ||
+			    headers["user-agent"] || "http",
+		"_host_name" : query_ip_name(this_interactive()) || "",
+		"_nick_place" : MYNICK || "This place",
+	    ]) );
+}
+
 htget(prot, query, headers, qs, data, noprocess) {
     //P3((">> archetype.gen:htget(%O, %O, %O, %O, %O, %O)\n", prot, query, headers, qs, data, noprocess))
 # ifdef PLACE_SCRATCHPAD
@@ -629,22 +650,7 @@ htget(prot, query, headers, qs, data, noprocess) {
 	    }
 	}
 #  ifndef _flag_disable_notice_place_examine_web
-	if (query["from"] == "") query["from"] = 0;
-	if (query["location"] == "") query["location"] = 0;
-
-	// should be renamed into _notice_examine_web_place
-	castmsg(ME, "_notice_place_examine_web", "[_nick_place] inspected on [_web_on] coming from [_web_from].",
-	([	"_web_referrer" : query["from"] || "bookmark",
-		"_web_page" : query["location"] || headers["referer"] || "",
-		"_web_browser" : headers["user-agent"] || "",
-		"_web_on" : query["location"] || headers["referer"] ||
-			    headers["user-agent"] || "",
-		"_web_from" : query["from"] ||
-			//    query_ip_name(this_interactive()) ||
-			    headers["user-agent"] || "http",
-		"_host_name" : query_ip_name(this_interactive()) || "",
-		"_nick_place" : MYNICK || "This place",
-	    ]) );
+	htnotify(query, headers, "_examine_web");
 #  endif
 
 	// this is usually not very interesting really.. like: