Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth, even if one is not required. I think I finally got this right.
This commit is contained in:
parent
dae28d98d1
commit
2085b506d4
@ -55,6 +55,7 @@ class ApiAuthAction extends ApiAction
|
|||||||
{
|
{
|
||||||
var $auth_user_nickname = null;
|
var $auth_user_nickname = null;
|
||||||
var $auth_user_password = null;
|
var $auth_user_password = null;
|
||||||
|
var $oauth_source = null;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Take arguments for running, looks for an OAuth request,
|
* Take arguments for running, looks for an OAuth request,
|
||||||
@ -73,21 +74,19 @@ class ApiAuthAction extends ApiAction
|
|||||||
// NOTE: $this->auth_user has to get set in prepare(), not handle(),
|
// NOTE: $this->auth_user has to get set in prepare(), not handle(),
|
||||||
// because subclasses do stuff with it in their prepares.
|
// because subclasses do stuff with it in their prepares.
|
||||||
|
|
||||||
if ($this->requiresAuth()) {
|
|
||||||
|
|
||||||
$oauthReq = $this->getOAuthRequest();
|
$oauthReq = $this->getOAuthRequest();
|
||||||
|
|
||||||
if (!$oauthReq) {
|
if (!$oauthReq) {
|
||||||
|
if ($this->requiresAuth()) {
|
||||||
$this->checkBasicAuthUser(true);
|
$this->checkBasicAuthUser(true);
|
||||||
} else {
|
} else {
|
||||||
$this->checkOAuthRequest($oauthReq);
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
|
|
||||||
// Check to see if a basic auth user is there even
|
// Check to see if a basic auth user is there even
|
||||||
// if one's not required
|
// if one's not required
|
||||||
$this->checkBasicAuthUser(false);
|
$this->checkBasicAuthUser(false);
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
$this->checkOAuthRequest($oauthReq);
|
||||||
|
}
|
||||||
|
|
||||||
// Reject API calls with the wrong access level
|
// Reject API calls with the wrong access level
|
||||||
|
|
||||||
@ -108,7 +107,6 @@ class ApiAuthAction extends ApiAction
|
|||||||
* This is to avoid doign any unnecessary DB lookups.
|
* This is to avoid doign any unnecessary DB lookups.
|
||||||
*
|
*
|
||||||
* @return mixed the OAuthRequest or false
|
* @return mixed the OAuthRequest or false
|
||||||
*
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function getOAuthRequest()
|
function getOAuthRequest()
|
||||||
@ -137,7 +135,6 @@ class ApiAuthAction extends ApiAction
|
|||||||
* @param OAuthRequest $request the OAuth Request
|
* @param OAuthRequest $request the OAuth Request
|
||||||
*
|
*
|
||||||
* @return nothing
|
* @return nothing
|
||||||
*
|
|
||||||
*/
|
*/
|
||||||
|
|
||||||
function checkOAuthRequest($request)
|
function checkOAuthRequest($request)
|
||||||
|
Loading…
Reference in New Issue
Block a user