GNUsocial
/
gnu-social
4
0
Fork 1
Code Issues Releases Wiki Activity
11,738 Commits 8 Branches 4 Tags 309 MiB
Commit Graph

40 Commits

Author SHA1 Message Date
Evan Prodromou 1525acdca1 Extend authorization framework to cover login and API use 
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
 2011-02-21 10:20:42 -05:00
Zach Copley 3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Siebrand Mazeland dc62cf1c0b * i18n/L10n fixes. 
* translator documentation updated/added.
* superfluous whitespace removed.
 2010-10-20 19:34:27 +02:00
Zach Copley e8b6d7c946 Add support for an anonymous OAuth consumer. Note: this requires a 
small DB tweak.  Oauth_application_user needs to have the primary
compound key: (profile_id, application_id, token).

http://status.net/open-source/issues/2761

This should also make it possible to have multiple access tokens
per application.

http://status.net/open-source/issues/2788
 2010-10-19 20:54:53 -07:00
Zach Copley 5866493cae OAuth - better log messages 2010-10-19 12:07:59 -07:00
Siebrand Mazeland 8c94ebf537 * update/add translator documentation 
* remove superfluous whitespace
 2010-09-13 21:10:54 +02:00
Zach Copley 65862d8f7f Suppress HTTP error headers for JSONP API output 2010-07-16 14:40:22 -07:00
Craig Andrews 6317f7d92b Assigning my copyrights to the Free Software Foundation 2010-05-27 18:27:33 -04:00
Zach Copley 3c9686e80f Fix for repeats from the API having null source attribution 2010-05-07 16:32:24 -07:00
Zach Copley 1b561065b0 Some initial Doxygen-based documentation for the API 2010-04-22 13:11:49 -07:00
Siebrand Mazeland 9b788471d4 Add translator documentation. 2010-04-10 22:50:15 +02:00
Siebrand Mazeland 1661be6851 i18n for low level logging is not needed. 2010-04-10 21:59:17 +02:00
Zach Copley b82e55356d Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required. 2010-03-26 19:58:15 +00:00
Brion Vibber 1c942afa60 Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form. 2010-03-17 10:52:11 -07:00
Zach Copley 7f2253759c A blank username should never be allowed. 2010-03-10 03:39:05 +00:00
Evan Prodromou 5f7aa6f2e3 make API realm configurable 2010-03-08 12:36:03 -05:00
Zach Copley e650794300 Remove unnecessary requires 2010-02-25 22:06:31 -08:00
Zach Copley 2085b506d4 Always check for an OAuth request. This allows OAuth clients to set an 
auth user, similar to how they can set one via http basic auth,
even if one is not required.  I think I finally got this right.
 2010-02-02 23:17:28 +00:00
Zach Copley 48a1a5a2dc Adjust API authentication to also check for OAuth protocol params in the 
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
 2010-01-29 01:49:38 +00:00
Zach Copley f296f04abd Remove debugging statement 2010-01-28 01:24:40 +00:00
Zach Copley 324590c46e Some adjustments to the way API auth works after merging testing and 0.9.x 2010-01-28 00:45:06 +00:00
Michele b0a325f7d0 HTTP auth provided is evaluated even if it's not required 2010-01-27 14:06:27 -08:00
Zach Copley 923b7de3c6 - Check for read-only vs. read-write access to protected API resources (OAuth) 
- Some cleanup
 2010-01-27 08:41:26 +00:00
Zach Copley 4daf76212a - Had to remove checking read vs. read-write in OAuth authenticated methods 
- Will now pick up source attr from OAuth app
 2010-01-25 00:51:56 +00:00
Zach Copley 8b24b5ac7b Add Start/EndSetApiUser events when setting API user via OAuth 2010-01-24 16:46:37 -08:00
Zach Copley 1f8ddf716d Check for read vs. read-write access on OAuth authenticated API mehtods. 2010-01-24 16:36:06 -08:00
Zach Copley 8da5e98cba OAuth 1.0 working now 2010-01-24 16:36:04 -08:00
Zach Copley 8e91e05392 Make API auth handle OAuth requests w/access tokens 2010-01-24 16:36:03 -08:00
Zach Copley a199bd808a Fix issue with favorited/following always being set to false 2009-12-14 18:16:45 +00:00
Craig Andrews d07df8a796 Added Authorization plugin 
Added LDAPAuthorization plugin
 2009-11-18 14:19:43 -05:00
Brion Vibber 088081675f Revert "Remove more contractions" 
This reverts commit 5ab709b739.

Missed this one yesterday...
 2009-11-09 20:01:46 +01:00
Siebrand Mazeland 5ab709b739 Remove more contractions 
* doesn't
* won't
* isn't
* don't
 2009-11-08 23:32:15 +01:00
Zach Copley 870b091693 Added in credits. 2009-10-12 16:36:00 -07:00
Zach Copley 4efbe32f6a Use site's name for basic auth realm 2009-10-12 15:12:20 -07:00
Zach Copley 559918826a Remove more redundant $formats 2009-10-09 17:11:40 -07:00
Zach Copley 743c844084 Move all basic auth output and processing to base classes 2009-10-09 16:57:22 -07:00
Zach Copley bb08611def Delete action/api.php and rename lib/twitterapi.php to lib/api.php 2009-10-09 14:22:18 -07:00
Zach Copley e307adfbfc New actions for /statuses/friends and /statuses/followers + social graph methods 2009-09-30 10:22:26 -07:00
Zach Copley 37bdc060c5 phpcs on apifriendstimeline.php, apiauth.php and apibareauth.php 2009-09-27 15:33:46 -07:00
Zach Copley de5ff19713 Moved basic auth stuff into its own classes 2009-09-25 16:58:35 -07:00