From 0c271c9d17b5d15efc6a935bf3e2b76ce309968e Mon Sep 17 00:00:00 2001
From: Evan Prodromou <evan@prodromou.name>
Date: Sat, 19 Jul 2008 11:55:26 -0400
Subject: [PATCH] try again with user_timeline auth

darcs-hash:20080719155526-84dde-5157cd11d2f96128321b46cb2bea8ff27ce4478f.gz
---
 actions/api.php             | 13 +++++++++++--
 actions/twitapistatuses.php |  8 --------
 2 files changed, 11 insertions(+), 10 deletions(-)

diff --git a/actions/api.php b/actions/api.php
index 97da359fea..1cfae91143 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -105,9 +105,18 @@ class ApiAction extends Action {
 								'statuses/show',
 								'help/test', 
 								'help/downtime_schedule');
-		if (in_array("$this->api_action/$this->api_method", $noauth)) {
+		static $bareauth = array('statuses/user_timeline');
+
+		# noauth: never needs auth
+		# bareauth: only needs auth if without an argument
+		
+		$fullname = "$this->api_action/$this->api_method";
+		
+		if (in_array($fullname, $bareauth) && !$this->api_arg) {
+			return true;
+		} if (in_array($fullname, $noauth)) {
 			return false;
-		}		
+		}
 		return true;
 	}
 		
diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php
index 5a4345ab65..96931fec63 100644
--- a/actions/twitapistatuses.php
+++ b/actions/twitapistatuses.php
@@ -309,14 +309,6 @@ class TwitapistatusesAction extends TwitterapiAction {
 			// Set the user to be the auth user if asked-for can't be found
 			// honestly! This is what Twitter does, I swear --Zach
 			$user = $apidata['user'];
-			
-			if (!$user) {
-				# This header makes basic auth go
-				header('WWW-Authenticate: Basic realm="Laconica API"');
-				# if the user hits cancel -- bam!
-				common_show_basic_auth_error();
-				exit();
-			}
 		}
 
 		$profile = $user->getProfile();