GNUsocial/gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity

Some adjustments to the way API auth works after merging testing and 0.9.x

Browse Source
This commit is contained in:
Zach Copley 2010-01-28 00:41:44 +00:00
parent 420ae06faf
commit 324590c46e
1 changed files with 24 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
lib/apiauth.php
View File

@ -57,7 +57,6 @@ class ApiAuthAction extends ApiAction
var $auth_user_password = null; var $auth_user_password = null;
var $access_token = null; var $access_token = null;
var $oauth_source = null; var $oauth_source = null;
var $auth_user = null;
/** /**
* Take arguments for running, and output basic auth header if needed * Take arguments for running, and output basic auth header if needed
@ -82,22 +81,27 @@ class ApiAuthAction extends ApiAction
if (!empty($this->access_token)) { if (!empty($this->access_token)) {
$this->checkOAuthRequest(); $this->checkOAuthRequest();
} else { } else {
$this->checkBasicAuthUser(); $this->checkBasicAuthUser(true);
} }
} else { } else {
// Check to see if a basic auth user is there even // Check to see if a basic auth user is there even
// if one's not required // if one's not required
$this->checkBasicAuthUser(false); if (empty($this->access_token)) {
$this->checkBasicAuthUser(false);
}
} }
// Reject API calls with the wrong access level // Reject API calls with the wrong access level
if ($this->isReadOnly($args) == false) { if ($this->isReadOnly($args) == false) {
common_debug(get_class($this) . ' is not read-only!');
if ($this->access != self::READ_WRITE) { if ($this->access != self::READ_WRITE) {
$msg = 'API resource requires read-write access, ' . $msg = _('API resource requires read-write access, ' .
'but you only have read access.'; 'but you only have read access.');
$this->clientError($msg, 401, $this->format); $this->clientError($msg, 401, $this->format);
exit; exit;
} }
@ -176,7 +180,7 @@ class ApiAuthAction extends ApiAction
($this->access = self::READ_WRITE) ? ($this->access = self::READ_WRITE) ?
'read-write' : 'read-only' 'read-write' : 'read-only'
)); ));
return true; return;
} else { } else {
throw new OAuthException('Bad access token.'); throw new OAuthException('Bad access token.');
} }
@ -228,9 +232,14 @@ class ApiAuthAction extends ApiAction
} else { } else {
$user = common_check_user($this->auth_user_nickname,
$this->auth_user_password);
if (Event::handle('StartSetApiUser', array(&$user))) { if (Event::handle('StartSetApiUser', array(&$user))) {
$this->auth_user = common_check_user($this->auth_user_nickname,
$this->auth_user_password); if (!empty($user)) {
$this->auth_user = $user;
}
Event::handle('EndSetApiUser', array($user)); Event::handle('EndSetApiUser', array($user));
} }
@ -239,18 +248,18 @@ class ApiAuthAction extends ApiAction
$this->access = self::READ_WRITE; $this->access = self::READ_WRITE;
if (empty($this->auth_user)) { if (empty($this->auth_user) && $required) {
// basic authentication failed // basic authentication failed
list($proxy, $ip) = common_client_ip(); list($proxy, $ip) = common_client_ip();
common_log( $msg = sprintf(_('Failed API auth attempt, nickname = %1$s, ' .
LOG_WARNING, 'proxy = %2$s, ip = %3$s'),
'Failed API auth attempt, nickname = ' . $this->auth_user_nickname,
"$nickname, proxy = $proxy, ip = $ip." $proxy,
); $ip);
common_log(LOG_WARNING, $msg);
$this->showAuthError(); $this->showAuthError();
exit; exit;
} }