Add special basic auth handling for friendships/show. Other fixups.

This commit is contained in:
Zach Copley 2009-07-06 13:21:16 -07:00
parent d40075ae9c
commit 5e067c2c81

View File

@ -75,7 +75,7 @@ class ApiAction extends Action
} }
} else { } else {
# Caller might give us a username even if not required // Caller might give us a username even if not required
if (isset($_SERVER['PHP_AUTH_USER'])) { if (isset($_SERVER['PHP_AUTH_USER'])) {
$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
if ($user) { if ($user) {
@ -117,7 +117,7 @@ class ApiAction extends Action
} }
} }
# Whitelist of API methods that don't need authentication // Whitelist of API methods that don't need authentication
function requires_auth() function requires_auth()
{ {
static $noauth = array( 'statuses/public_timeline', static $noauth = array( 'statuses/public_timeline',
@ -135,28 +135,61 @@ class ApiAction extends Action
'statuses/replies', 'statuses/replies',
'statuses/mentions', 'statuses/mentions',
'statuses/followers', 'statuses/followers',
'favorites/favorites'); 'favorites/favorites',
'friendships/show');
$fullname = "$this->api_action/$this->api_method"; $fullname = "$this->api_action/$this->api_method";
// If the site is "private", all API methods except laconica/config // If the site is "private", all API methods except laconica/config
// need authentication // need authentication
if (common_config('site', 'private')) { if (common_config('site', 'private')) {
return $fullname != 'laconica/config' || false; return $fullname != 'laconica/config' || false;
} }
// bareauth: only needs auth if without an argument or query param specifying user
if (in_array($fullname, $bareauth)) { if (in_array($fullname, $bareauth)) {
# bareauth: only needs auth if without an argument or query param specifying user
if ($this->api_arg || $this->arg('id') || is_numeric($this->arg('user_id')) || $this->arg('screen_name')) { // Special case: friendships/show only needs auth if source_id or
return false; // source_screen_name is not specified as a param
} else {
if ($fullname == 'friendships/show') {
$source_id = $this->arg('source_id');
$source_screen_name = $this->arg('source_screen_name');
if (empty($source_id) && empty($source_screen_name)) {
return true; return true;
} }
return false;
}
// if all of these are empty, auth is required
$id = $this->arg('id');
$user_id = $this->arg('user_id');
$screen_name = $this->arg('screen_name');
if (empty($this->api_arg) &&
empty($id) &&
empty($user_id) &&
empty($screen_name)) {
return true;
} else {
return false;
}
} else if (in_array($fullname, $noauth)) { } else if (in_array($fullname, $noauth)) {
# noauth: never needs auth
// noauth: never needs auth
return false; return false;
} else { } else {
# everybody else needs auth
// everybody else needs auth
return true; return true;
} }
} }