forked from GNUsocial/gnu-social
- Had to remove checking read vs. read-write in OAuth authenticated methods
- Will now pick up source attr from OAuth app
This commit is contained in:
parent
c28c511438
commit
33df392289
@ -82,4 +82,18 @@ class ApiAccountVerifyCredentialsAction extends ApiAuthAction
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* Is this action read only?
|
||||
*
|
||||
* @param array $args other arguments
|
||||
*
|
||||
* @return boolean true
|
||||
*
|
||||
**/
|
||||
|
||||
function isReadOnly($args)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -85,6 +85,11 @@ class ApiStatusesUpdateAction extends ApiAuthAction
|
||||
$this->lat = $this->trimmed('lat');
|
||||
$this->lon = $this->trimmed('long');
|
||||
|
||||
// try to set the source attr from OAuth app
|
||||
if (empty($this->source)) {
|
||||
$this->source = $this->oauth_source;
|
||||
}
|
||||
|
||||
if (empty($this->source) || in_array($this->source, self::$reserved_sources)) {
|
||||
$this->source = 'api';
|
||||
}
|
||||
|
@ -55,6 +55,7 @@ class ApiAuthAction extends ApiAction
|
||||
{
|
||||
var $access_token;
|
||||
var $oauth_access_type;
|
||||
var $oauth_source;
|
||||
|
||||
/**
|
||||
* Take arguments for running, and output basic auth header if needed
|
||||
@ -90,13 +91,6 @@ class ApiAuthAction extends ApiAction
|
||||
function handle($args)
|
||||
{
|
||||
parent::handle($args);
|
||||
|
||||
if ($this->isReadOnly($args) == false) {
|
||||
if ($this->access == self::READ_ONLY) {
|
||||
$this->clientError(_('API method requires write access.'), 401);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
function checkOAuthRequest()
|
||||
@ -116,8 +110,6 @@ class ApiAuthAction extends ApiAction
|
||||
$req = OAuthRequest::from_request();
|
||||
$server->verify_request($req);
|
||||
|
||||
common_debug("Good OAuth request!");
|
||||
|
||||
$app = Oauth_application::getByConsumerKey($this->consumer_key);
|
||||
|
||||
if (empty($app)) {
|
||||
@ -129,6 +121,10 @@ class ApiAuthAction extends ApiAction
|
||||
throw new OAuthException('No application for that consumer key.');
|
||||
}
|
||||
|
||||
// set the source attr
|
||||
|
||||
$this->oauth_source = $app->name;
|
||||
|
||||
$appUser = Oauth_application_user::staticGet('token',
|
||||
$this->access_token);
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user