diff options
author | Evan Prodromou <evan@status.net> | 2010-01-27 18:09:43 -0500 |
---|---|---|
committer | Evan Prodromou <evan@status.net> | 2010-01-27 18:09:43 -0500 |
commit | 0b41fa3ec384971cecc631d3cd395d440b61f32d (patch) | |
tree | 640f260547d35d5eb5695f5d351fafe8d55794f7 | |
parent | 2aba2eeeaf78f4e407abe23643ff6027b0ea53dd (diff) | |
parent | 2494d3fa25a44b3cacf85c594683675ae9e6d0cb (diff) |
Merge branch 'testing' of git@gitorious.org:statusnet/mainline into testing
-rw-r--r-- | db/rc3to09.sql | 16 | ||||
-rw-r--r-- | db/rc3torc4.sql | 48 | ||||
-rw-r--r-- | lib/apiauth.php | 33 |
3 files changed, 67 insertions, 30 deletions
diff --git a/db/rc3to09.sql b/db/rc3to09.sql deleted file mode 100644 index 02dc7a6e2..000000000 --- a/db/rc3to09.sql +++ /dev/null @@ -1,16 +0,0 @@ -create table queue_item_new ( - id integer auto_increment primary key comment 'unique identifier', - frame blob not null comment 'data: object reference or opaque string', - transport varchar(8) not null comment 'queue for what? "email", "jabber", "sms", "irc", ...', - created datetime not null comment 'date this record was created', - claimed datetime comment 'date this item was claimed', - - index queue_item_created_idx (created) - -) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; - -insert into queue_item_new (frame,transport,created,claimed) - select notice_id,transport,created,claimed from queue_item; -alter table queue_item rename to queue_item_old; -alter table queue_item_new rename to queue_item; - diff --git a/db/rc3torc4.sql b/db/rc3torc4.sql new file mode 100644 index 000000000..8342c4bc6 --- /dev/null +++ b/db/rc3torc4.sql @@ -0,0 +1,48 @@ +create table queue_item_new ( + id integer auto_increment primary key comment 'unique identifier', + frame blob not null comment 'data: object reference or opaque string', + transport varchar(8) not null comment 'queue for what? "email", "jabber", "sms", "irc", ...', + created datetime not null comment 'date this record was created', + claimed datetime comment 'date this item was claimed', + + index queue_item_created_idx (created) + +) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; + +insert into queue_item_new (frame,transport,created,claimed) + select notice_id,transport,created,claimed from queue_item; +alter table queue_item rename to queue_item_old; +alter table queue_item_new rename to queue_item; + +alter table consumer + add consumer_secret varchar(255) not null comment 'secret value', + add verifier varchar(255) comment 'verifier string for OAuth 1.0a', + add verified_callback varchar(255) comment 'verified callback URL for OAuth 1.0a'; + +create table oauth_application ( + id integer auto_increment primary key comment 'unique identifier', + owner integer not null comment 'owner of the application' references profile (id), + consumer_key varchar(255) not null comment 'application consumer key' references consumer (consumer_key), + name varchar(255) not null comment 'name of the application', + description varchar(255) comment 'description of the application', + icon varchar(255) not null comment 'application icon', + source_url varchar(255) comment 'application homepage - used for source link', + organization varchar(255) comment 'name of the organization running the application', + homepage varchar(255) comment 'homepage for the organization', + callback_url varchar(255) comment 'url to redirect to after authentication', + type tinyint default 0 comment 'type of app, 1 = browser, 2 = desktop', + access_type tinyint default 0 comment 'default access type, bit 1 = read, bit 2 = write', + created datetime not null comment 'date this record was created', + modified timestamp comment 'date this record was modified' +) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; + +create table oauth_application_user ( + profile_id integer not null comment 'user of the application' references profile (id), + application_id integer not null comment 'id of the application' references oauth_application (id), + access_type tinyint default 0 comment 'access type, bit 1 = read, bit 2 = write, bit 3 = revoked', + token varchar(255) comment 'request or access token', + created datetime not null comment 'date this record was created', + modified timestamp comment 'date this record was modified', + constraint primary key (profile_id, application_id) +) ENGINE=InnoDB CHARACTER SET utf8 COLLATE utf8_bin; + diff --git a/lib/apiauth.php b/lib/apiauth.php index ad9651ff2..ac5e997c7 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -84,16 +84,22 @@ class ApiAuthAction extends ApiAction } else { $this->checkBasicAuthUser(); } + } else { - // Reject API calls with the wrong access level + // Check to see if a basic auth user is there even + // if one's not required - if ($this->isReadOnly($args) == false) { - if ($this->access != self::READ_WRITE) { - $msg = 'API resource requires read-write access, ' . - 'but you only have read access.'; - $this->clientError($msg, 401, $this->format); - exit(); - } + $this->checkBasicAuthUser(false); + } + + // Reject API calls with the wrong access level + + if ($this->isReadOnly($args) == false) { + if ($this->access != self::READ_WRITE) { + $msg = 'API resource requires read-write access, ' . + 'but you only have read access.'; + $this->clientError($msg, 401, $this->format); + exit; } } @@ -206,13 +212,13 @@ class ApiAuthAction extends ApiAction * @return boolean true or false */ - function checkBasicAuthUser() + function checkBasicAuthUser($required = true) { $this->basicAuthProcessHeader(); $realm = common_config('site', 'name') . ' API'; - if (!isset($this->auth_user_nickname)) { + if (!isset($this->auth_user_nickname) && $required) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); // show error if the user clicks 'cancel' @@ -222,11 +228,10 @@ class ApiAuthAction extends ApiAction } else { - $user = common_check_user($this->auth_user_nickname, - $this->auth_user_password); - if (Event::handle('StartSetApiUser', array(&$user))) { - $this->auth_user = $user; + $this->auth_user = common_check_user($this->auth_user_nickname, + $this->auth_user_password); + Event::handle('EndSetApiUser', array($user)); } |