Evan Prodromou
a838891c0e
set the current user in api actions
2011-05-25 13:04:35 -04:00
Siebrand Mazeland
7abecb61bd
i18n/L10n updates.
...
Translator documentation updated.
Superfluous whitespace removed.
Some FIXMEs added.
2011-04-01 19:47:24 +02:00
Evan Prodromou
1525acdca1
Extend authorization framework to cover login and API use
...
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.
I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.
I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Zach Copley
3a24b95edb
Fix a couple spelling mistakes in comments and remove redundant statement terminator
2011-01-20 10:44:05 -08:00
Siebrand Mazeland
dc62cf1c0b
* i18n/L10n fixes.
...
* translator documentation updated/added.
* superfluous whitespace removed.
2010-10-20 19:34:27 +02:00
Zach Copley
e8b6d7c946
Add support for an anonymous OAuth consumer. Note: this requires a
...
small DB tweak. Oauth_application_user needs to have the primary
compound key: (profile_id, application_id, token).
http://status.net/open-source/issues/2761
This should also make it possible to have multiple access tokens
per application.
http://status.net/open-source/issues/2788
2010-10-19 20:54:53 -07:00
Zach Copley
5866493cae
OAuth - better log messages
2010-10-19 12:07:59 -07:00
Siebrand Mazeland
8c94ebf537
* update/add translator documentation
...
* remove superfluous whitespace
2010-09-13 21:10:54 +02:00
Zach Copley
65862d8f7f
Suppress HTTP error headers for JSONP API output
2010-07-16 14:40:22 -07:00
Craig Andrews
6317f7d92b
Assigning my copyrights to the Free Software Foundation
2010-05-27 18:27:33 -04:00
Zach Copley
3c9686e80f
Fix for repeats from the API having null source attribution
2010-05-07 16:32:24 -07:00
Zach Copley
1b561065b0
Some initial Doxygen-based documentation for the API
2010-04-22 13:11:49 -07:00
Siebrand Mazeland
9b788471d4
Add translator documentation.
2010-04-10 22:50:15 +02:00
Siebrand Mazeland
1661be6851
i18n for low level logging is not needed.
2010-04-10 21:59:17 +02:00
Zach Copley
b82e55356d
Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required.
2010-03-26 19:58:15 +00:00
Brion Vibber
1c942afa60
Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form.
2010-03-17 10:52:11 -07:00
Zach Copley
7f2253759c
A blank username should never be allowed.
2010-03-10 03:39:05 +00:00
Evan Prodromou
5f7aa6f2e3
make API realm configurable
2010-03-08 12:36:03 -05:00
Zach Copley
e650794300
Remove unnecessary requires
2010-02-25 22:06:31 -08:00
Zach Copley
2085b506d4
Always check for an OAuth request. This allows OAuth clients to set an
...
auth user, similar to how they can set one via http basic auth,
even if one is not required. I think I finally got this right.
2010-02-02 23:17:28 +00:00
Zach Copley
48a1a5a2dc
Adjust API authentication to also check for OAuth protocol params in the
...
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
2010-01-29 01:49:38 +00:00
Zach Copley
f296f04abd
Remove debugging statement
2010-01-28 01:24:40 +00:00
Zach Copley
324590c46e
Some adjustments to the way API auth works after merging testing and 0.9.x
2010-01-28 00:45:06 +00:00
Michele
b0a325f7d0
HTTP auth provided is evaluated even if it's not required
2010-01-27 14:06:27 -08:00
Zach Copley
923b7de3c6
- Check for read-only vs. read-write access to protected API resources (OAuth)
...
- Some cleanup
2010-01-27 08:41:26 +00:00
Zach Copley
4daf76212a
- Had to remove checking read vs. read-write in OAuth authenticated methods
...
- Will now pick up source attr from OAuth app
2010-01-25 00:51:56 +00:00
Zach Copley
8b24b5ac7b
Add Start/EndSetApiUser events when setting API user via OAuth
2010-01-24 16:46:37 -08:00
Zach Copley
1f8ddf716d
Check for read vs. read-write access on OAuth authenticated API mehtods.
2010-01-24 16:36:06 -08:00
Zach Copley
8da5e98cba
OAuth 1.0 working now
2010-01-24 16:36:04 -08:00
Zach Copley
8e91e05392
Make API auth handle OAuth requests w/access tokens
2010-01-24 16:36:03 -08:00
Zach Copley
a199bd808a
Fix issue with favorited/following always being set to false
2009-12-14 18:16:45 +00:00
Craig Andrews
d07df8a796
Added Authorization plugin
...
Added LDAPAuthorization plugin
2009-11-18 14:19:43 -05:00
Brion Vibber
088081675f
Revert "Remove more contractions"
...
This reverts commit 5ab709b739
.
Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
5ab709b739
Remove more contractions
...
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Zach Copley
870b091693
Added in credits.
2009-10-12 16:36:00 -07:00
Zach Copley
4efbe32f6a
Use site's name for basic auth realm
2009-10-12 15:12:20 -07:00
Zach Copley
559918826a
Remove more redundant $formats
2009-10-09 17:11:40 -07:00
Zach Copley
743c844084
Move all basic auth output and processing to base classes
2009-10-09 16:57:22 -07:00
Zach Copley
bb08611def
Delete action/api.php and rename lib/twitterapi.php to lib/api.php
2009-10-09 14:22:18 -07:00
Zach Copley
e307adfbfc
New actions for /statuses/friends and /statuses/followers + social graph methods
2009-09-30 10:22:26 -07:00
Zach Copley
37bdc060c5
phpcs on apifriendstimeline.php, apiauth.php and apibareauth.php
2009-09-27 15:33:46 -07:00
Zach Copley
de5ff19713
Moved basic auth stuff into its own classes
2009-09-25 16:58:35 -07:00