forked from GNUsocial/gnu-social
Some adjustments to the way API auth works after merging testing and 0.9.x
This commit is contained in:
Zach Copley
@@ -57,7 +57,6 @@ class ApiAuthAction extends ApiAction
|
||||
var $auth_user_password = null;
|
||||
var $access_token = null;
|
||||
var $oauth_source = null;
|
||||
var $auth_user = null;
|
||||
|
||||
/**
|
||||
* Take arguments for running, and output basic auth header if needed
|
||||
@@ -82,22 +81,27 @@ class ApiAuthAction extends ApiAction
|
||||
if (!empty($this->access_token)) {
|
||||
$this->checkOAuthRequest();
|
||||
} else {
|
||||
$this->checkBasicAuthUser();
|
||||
$this->checkBasicAuthUser(true);
|
||||
}
|
||||
} else {
|
||||
|
||||
// Check to see if a basic auth user is there even
|
||||
// if one's not required
|
||||
|
||||
if (empty($this->access_token)) {
|
||||
$this->checkBasicAuthUser(false);
|
||||
}
|
||||
}
|
||||
|
||||
// Reject API calls with the wrong access level
|
||||
|
||||
if ($this->isReadOnly($args) == false) {
|
||||
|
||||
common_debug(get_class($this) . ' is not read-only!');
|
||||
|
||||
if ($this->access != self::READ_WRITE) {
|
||||
$msg = 'API resource requires read-write access, ' .
|
||||
'but you only have read access.';
|
||||
$msg = _('API resource requires read-write access, ' .
|
||||
'but you only have read access.');
|
||||
$this->clientError($msg, 401, $this->format);
|
||||
exit;
|
||||
}
|
||||
@@ -176,7 +180,7 @@ class ApiAuthAction extends ApiAction
|
||||
($this->access = self::READ_WRITE) ?
|
||||
'read-write' : 'read-only'
|
||||
));
|
||||
return true;
|
||||
return;
|
||||
} else {
|
||||
throw new OAuthException('Bad access token.');
|
||||
}
|
||||
@@ -228,10 +232,15 @@ class ApiAuthAction extends ApiAction
|
||||
|
||||
} else {
|
||||
|
||||
if (Event::handle('StartSetApiUser', array(&$user))) {
|
||||
$this->auth_user = common_check_user($this->auth_user_nickname,
|
||||
$user = common_check_user($this->auth_user_nickname,
|
||||
$this->auth_user_password);
|
||||
|
||||
if (Event::handle('StartSetApiUser', array(&$user))) {
|
||||
|
||||
if (!empty($user)) {
|
||||
$this->auth_user = $user;
|
||||
}
|
||||
|
||||
Event::handle('EndSetApiUser', array($user));
|
||||
}
|
||||
|
||||
@@ -239,18 +248,18 @@ class ApiAuthAction extends ApiAction
|
||||
|
||||
$this->access = self::READ_WRITE;
|
||||
|
||||
if (empty($this->auth_user)) {
|
||||
if (empty($this->auth_user) && $required) {
|
||||
|
||||
// basic authentication failed
|
||||
|
||||
list($proxy, $ip) = common_client_ip();
|
||||
|
||||
common_log(
|
||||
LOG_WARNING,
|
||||
'Failed API auth attempt, nickname = ' .
|
||||
"$nickname, proxy = $proxy, ip = $ip."
|
||||
);
|
||||
|
||||
$msg = sprintf(_('Failed API auth attempt, nickname = %1$s, ' .
|
||||
'proxy = %2$s, ip = %3$s'),
|
||||
$this->auth_user_nickname,
|
||||
$proxy,
|
||||
$ip);
|
||||
common_log(LOG_WARNING, $msg);
|
||||
$this->showAuthError();
|
||||
exit;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user