eliseuamaro/gnu-social
1
0
Fork 0
forked from GNUsocial/gnu-social
Code Issues Pull Requests Releases Wiki Activity

Integrate qvitter ApiAuthAction (thanks hannes2peer)

Browse Source
This commit is contained in:
Mikael Nordfeldth 2014-11-10 11:38:50 +01:00
parent e59f9fd32d
commit 6f5086fc52
1 changed files with 35 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
lib/apiauthaction.php
View File

@ -82,28 +82,39 @@ class ApiAuthAction extends ApiAction
{ {
parent::prepare($args); parent::prepare($args);
// NOTE: $this->auth_user has to get set in prepare(), not handle(), // NOTE: $this->scoped and $this->auth_user has to get set in
// because subclasses do stuff with it in their prepares. // prepare(), not handle(), as subclasses use them in prepares.
$oauthReq = $this->getOAuthRequest(); // Allow regular login session
if (common_logged_in()) {
if (!$oauthReq) { $this->scoped = Profile::current();
if ($this->requiresAuth()) { $this->auth_user = $this->scoped->getUser();
$this->checkBasicAuthUser(true); if (!$this->auth_user->hasRight(Right::API)) {
} else { // TRANS: Authorization exception thrown when a user without API access tries to access the API.
// Check to see if a basic auth user is there even throw new AuthorizationException(_('Not allowed to use API.'));
// if one's not required
$this->checkBasicAuthUser(false);
} }
$this->access = self::READ_WRITE;
} else { } else {
$this->checkOAuthRequest($oauthReq); $oauthReq = $this->getOAuthRequest();
}
// NOTE: Make sure we're scoped properly based on the auths! if (!$oauthReq) {
if (isset($this->auth_user) && !empty($this->auth_user)) { if ($this->requiresAuth()) {
$this->scoped = $this->auth_user->getProfile(); $this->checkBasicAuthUser(true);
} else { } else {
$this->scoped = null; // Check to see if a basic auth user is there even
// if one's not required
$this->checkBasicAuthUser(false);
}
} else {
$this->checkOAuthRequest($oauthReq);
}
// NOTE: Make sure we're scoped properly based on the auths!
if (isset($this->auth_user) && $this->auth_user instanceof User) {
$this->scoped = $this->auth_user->getProfile();
} else {
$this->scoped = null;
}
} }
// legacy user transferral // legacy user transferral
@ -215,7 +226,7 @@ class ApiAuthAction extends ApiAction
// does lots of session stuff. // does lots of session stuff.
global $_cur; global $_cur;
$_cur = $this->auth_user; $_cur = $this->auth_user;
Event::handle('EndSetApiUser', array($user)); Event::handle('EndSetApiUser', array($user));
} }
$msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . $msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
@ -279,10 +290,10 @@ class ApiAuthAction extends ApiAction
header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel' // show error if the user clicks 'cancel'
// TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel". // TRANS: Client error thrown when authentication fails because a user clicked "Cancel".
$this->clientError(_('Could not authenticate you.'), 401); $this->clientError(_('Could not authenticate you.'), 401);
} else { } elseif ($required) {
$user = common_check_user($this->auth_user_nickname, $user = common_check_user($this->auth_user_nickname,
$this->auth_user_password); $this->auth_user_password);
@ -312,6 +323,9 @@ class ApiAuthAction extends ApiAction
// TRANS: Client error thrown when authentication fails. // TRANS: Client error thrown when authentication fails.
$this->clientError(_('Could not authenticate you.'), 401); $this->clientError(_('Could not authenticate you.'), 401);
} }
} else {
// all get rw access for actions that don't need auth
$this->access = self::READ_WRITE;
} }
} }