Some adjustments to the way API auth works after merging testing and 0.9.x

This commit is contained in:
Zach Copley 2010-01-28 00:41:44 +00:00
parent 420ae06faf
commit 324590c46e

View File

@ -57,7 +57,6 @@ class ApiAuthAction extends ApiAction
var $auth_user_password = null;
var $access_token = null;
var $oauth_source = null;
var $auth_user = null;
/**
* Take arguments for running, and output basic auth header if needed
@ -82,22 +81,27 @@ class ApiAuthAction extends ApiAction
if (!empty($this->access_token)) {
$this->checkOAuthRequest();
} else {
$this->checkBasicAuthUser();
$this->checkBasicAuthUser(true);
}
} else {
// Check to see if a basic auth user is there even
// if one's not required
$this->checkBasicAuthUser(false);
if (empty($this->access_token)) {
$this->checkBasicAuthUser(false);
}
}
// Reject API calls with the wrong access level
if ($this->isReadOnly($args) == false) {
common_debug(get_class($this) . ' is not read-only!');
if ($this->access != self::READ_WRITE) {
$msg = 'API resource requires read-write access, ' .
'but you only have read access.';
$msg = _('API resource requires read-write access, ' .
'but you only have read access.');
$this->clientError($msg, 401, $this->format);
exit;
}
@ -176,7 +180,7 @@ class ApiAuthAction extends ApiAction
($this->access = self::READ_WRITE) ?
'read-write' : 'read-only'
));
return true;
return;
} else {
throw new OAuthException('Bad access token.');
}
@ -228,9 +232,14 @@ class ApiAuthAction extends ApiAction
} else {
$user = common_check_user($this->auth_user_nickname,
$this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) {
$this->auth_user = common_check_user($this->auth_user_nickname,
$this->auth_user_password);
if (!empty($user)) {
$this->auth_user = $user;
}
Event::handle('EndSetApiUser', array($user));
}
@ -239,18 +248,18 @@ class ApiAuthAction extends ApiAction
$this->access = self::READ_WRITE;
if (empty($this->auth_user)) {
if (empty($this->auth_user) && $required) {
// basic authentication failed
list($proxy, $ip) = common_client_ip();
common_log(
LOG_WARNING,
'Failed API auth attempt, nickname = ' .
"$nickname, proxy = $proxy, ip = $ip."
);
$msg = sprintf(_('Failed API auth attempt, nickname = %1$s, ' .
'proxy = %2$s, ip = %3$s'),
$this->auth_user_nickname,
$proxy,
$ip);
common_log(LOG_WARNING, $msg);
$this->showAuthError();
exit;
}