Commit Graph

28 Commits

Author SHA1 Message Date
Zach Copley
b82e55356d Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required. 2010-03-26 19:58:15 +00:00
Brion Vibber
1c942afa60 Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form. 2010-03-17 10:52:11 -07:00
Zach Copley
7f2253759c A blank username should never be allowed. 2010-03-10 03:39:05 +00:00
Evan Prodromou
5f7aa6f2e3 make API realm configurable 2010-03-08 12:36:03 -05:00
Zach Copley
e650794300 Remove unnecessary requires 2010-02-25 22:06:31 -08:00
Zach Copley
2085b506d4 Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth,
even if one is not required.  I think I finally got this right.
2010-02-02 23:17:28 +00:00
Zach Copley
48a1a5a2dc Adjust API authentication to also check for OAuth protocol params in the
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
2010-01-29 01:49:38 +00:00
Zach Copley
f296f04abd Remove debugging statement 2010-01-28 01:24:40 +00:00
Zach Copley
324590c46e Some adjustments to the way API auth works after merging testing and 0.9.x 2010-01-28 00:45:06 +00:00
Michele
b0a325f7d0 HTTP auth provided is evaluated even if it's not required 2010-01-27 14:06:27 -08:00
Zach Copley
923b7de3c6 - Check for read-only vs. read-write access to protected API resources (OAuth)
- Some cleanup
2010-01-27 08:41:26 +00:00
Zach Copley
4daf76212a - Had to remove checking read vs. read-write in OAuth authenticated methods
- Will now pick up source attr from OAuth app
2010-01-25 00:51:56 +00:00
Zach Copley
8b24b5ac7b Add Start/EndSetApiUser events when setting API user via OAuth 2010-01-24 16:46:37 -08:00
Zach Copley
1f8ddf716d Check for read vs. read-write access on OAuth authenticated API mehtods. 2010-01-24 16:36:06 -08:00
Zach Copley
8da5e98cba OAuth 1.0 working now 2010-01-24 16:36:04 -08:00
Zach Copley
8e91e05392 Make API auth handle OAuth requests w/access tokens 2010-01-24 16:36:03 -08:00
Zach Copley
a199bd808a Fix issue with favorited/following always being set to false 2009-12-14 18:16:45 +00:00
Craig Andrews
d07df8a796 Added Authorization plugin
Added LDAPAuthorization plugin
2009-11-18 14:19:43 -05:00
Brion Vibber
088081675f Revert "Remove more contractions"
This reverts commit 5ab709b739.

Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
5ab709b739 Remove more contractions
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Zach Copley
870b091693 Added in credits. 2009-10-12 16:36:00 -07:00
Zach Copley
4efbe32f6a Use site's name for basic auth realm 2009-10-12 15:12:20 -07:00
Zach Copley
559918826a Remove more redundant $formats 2009-10-09 17:11:40 -07:00
Zach Copley
743c844084 Move all basic auth output and processing to base classes 2009-10-09 16:57:22 -07:00
Zach Copley
bb08611def Delete action/api.php and rename lib/twitterapi.php to lib/api.php 2009-10-09 14:22:18 -07:00
Zach Copley
e307adfbfc New actions for /statuses/friends and /statuses/followers + social graph methods 2009-09-30 10:22:26 -07:00
Zach Copley
37bdc060c5 phpcs on apifriendstimeline.php, apiauth.php and apibareauth.php 2009-09-27 15:33:46 -07:00
Zach Copley
de5ff19713 Moved basic auth stuff into its own classes 2009-09-25 16:58:35 -07:00