diff options
author | Zach Copley <zach@status.net> | 2009-11-04 22:09:46 -0800 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2009-11-04 22:09:46 -0800 |
commit | 3252f6ec1b0e97fe2db8b40b8236a7652f87a47e (patch) | |
tree | e1944cd2a909acb9938343482efdebc2b43ceb3d | |
parent | 2149168d2995da0b89ee9eb6875d3899e04c783b (diff) | |
parent | 1ef1f59fe8ec8c3fd012838cfe0d20051287c2d6 (diff) |
Merge branch 'fix-private-auth' into 0.9.x
* fix-private-auth:
Fix for Ticket #1957 - API methods are not accessible when site is private (0.8->0.9 regression)
Allow all API calls, even if the site is configured as private. The
-rw-r--r-- | actions/apifriendshipsexists.php | 4 | ||||
-rw-r--r-- | actions/apigrouplistall.php | 4 | ||||
-rw-r--r-- | actions/apigroupmembership.php | 4 | ||||
-rw-r--r-- | actions/apigroupshow.php | 4 | ||||
-rw-r--r-- | actions/apihelptest.php | 4 | ||||
-rw-r--r-- | actions/apistatusesshow.php | 4 | ||||
-rw-r--r-- | actions/apistatusnetversion.php | 4 | ||||
-rw-r--r-- | actions/apitimelinefriends.php | 2 | ||||
-rw-r--r-- | actions/apitimelinegroup.php | 4 | ||||
-rw-r--r-- | actions/apitimelinepublic.php | 4 | ||||
-rw-r--r-- | actions/apitimelinetag.php | 4 | ||||
-rw-r--r-- | actions/apiusershow.php | 4 | ||||
-rw-r--r-- | index.php | 1 | ||||
-rw-r--r-- | lib/apiauth.php | 1 | ||||
-rw-r--r-- | lib/apibareauth.php | 2 | ||||
-rw-r--r-- | lib/apiprivateauth.php | 82 |
16 files changed, 109 insertions, 23 deletions
diff --git a/actions/apifriendshipsexists.php b/actions/apifriendshipsexists.php index 2910f7ead..c040b9f6a 100644 --- a/actions/apifriendshipsexists.php +++ b/actions/apifriendshipsexists.php @@ -33,7 +33,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Tests for the existence of friendship between two users. Will return true if @@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiFriendshipsExistsAction extends ApiAction +class ApiFriendshipsExistsAction extends ApiPrivateAuthAction { var $user_a = null; var $user_b = null; diff --git a/actions/apigrouplistall.php b/actions/apigrouplistall.php index 89469f36f..c597839a8 100644 --- a/actions/apigrouplistall.php +++ b/actions/apigrouplistall.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns of the lastest 20 groups for the site @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupListAllAction extends ApiAction +class ApiGroupListAllAction extends ApiPrivateAuthAction { var $groups = null; diff --git a/actions/apigroupmembership.php b/actions/apigroupmembership.php index b31e47b39..d221a6418 100644 --- a/actions/apigroupmembership.php +++ b/actions/apigroupmembership.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * List 20 newest members of the group specified by name or ID. @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupMembershipAction extends ApiAction +class ApiGroupMembershipAction extends ApiPrivateAuthAction { var $group = null; var $profiles = null; diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php index 2bdb22bc4..b745ff92f 100644 --- a/actions/apigroupshow.php +++ b/actions/apigroupshow.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Outputs detailed information about the group specified by ID @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupShowAction extends ApiAction +class ApiGroupShowAction extends ApiPrivateAuthAction { var $group = null; diff --git a/actions/apihelptest.php b/actions/apihelptest.php index e4ef55f2e..f2c459e6f 100644 --- a/actions/apihelptest.php +++ b/actions/apihelptest.php @@ -32,7 +32,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the string "ok" in the requested format with a 200 OK HTTP status code. @@ -45,7 +45,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiHelpTestAction extends ApiAction +class ApiHelpTestAction extends ApiPrivateAuthAction { /** diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php index 3be22ca59..e26c009c4 100644 --- a/actions/apistatusesshow.php +++ b/actions/apistatusesshow.php @@ -37,7 +37,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the notice specified by id as a Twitter-style status and inline user @@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiStatusesShowAction extends ApiAction +class ApiStatusesShowAction extends ApiPrivateAuthAction { var $notice_id = null; diff --git a/actions/apistatusnetversion.php b/actions/apistatusnetversion.php index e73ab983b..bbf891a89 100644 --- a/actions/apistatusnetversion.php +++ b/actions/apistatusnetversion.php @@ -32,7 +32,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns a version number for this version of StatusNet, which @@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiStatusnetVersionAction extends ApiAction +class ApiStatusnetVersionAction extends ApiPrivateAuthAction { /** * Take arguments for running diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php index 1ea35866e..66dd3f2b2 100644 --- a/actions/apitimelinefriends.php +++ b/actions/apitimelinefriends.php @@ -72,7 +72,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction function prepare($args) { parent::prepare($args); - + common_debug("api friends_timeline"); $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php index 5d0542918..f25f6ba51 100644 --- a/actions/apitimelinegroup.php +++ b/actions/apitimelinegroup.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the most recent notices (default 20) posted to the group specified by ID @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelineGroupAction extends ApiAction +class ApiTimelineGroupAction extends ApiPrivateAuthAction { var $group = null; diff --git a/actions/apitimelinepublic.php b/actions/apitimelinepublic.php index 58e267734..7a8504259 100644 --- a/actions/apitimelinepublic.php +++ b/actions/apitimelinepublic.php @@ -37,7 +37,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the most recent notices (default 20) posted by everybody @@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelinePublicAction extends ApiAction +class ApiTimelinePublicAction extends ApiPrivateAuthAction { var $notices = null; diff --git a/actions/apitimelinetag.php b/actions/apitimelinetag.php index a274daac0..452593c11 100644 --- a/actions/apitimelinetag.php +++ b/actions/apitimelinetag.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the 20 most recent notices tagged by a given tag @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelineTagAction extends ApiAction +class ApiTimelineTagAction extends ApiPrivateAuthAction { var $notices = null; diff --git a/actions/apiusershow.php b/actions/apiusershow.php index b3a939b43..aa7aec5a4 100644 --- a/actions/apiusershow.php +++ b/actions/apiusershow.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Ouputs information for a user, specified by ID or screen name. @@ -50,7 +50,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiUserShowAction extends ApiAction +class ApiUserShowAction extends ApiPrivateAuthAction { /** * Take arguments for running @@ -239,6 +239,7 @@ function main() if (!$user && common_config('site', 'private') && !isLoginAction($action) && !preg_match('/rss$/', $action) + && !preg_match('/^Api/', $action) ) { common_redirect(common_local_url('login')); return; diff --git a/lib/apiauth.php b/lib/apiauth.php index 2f2e44a26..2a3377013 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -66,6 +66,7 @@ class ApiAuthAction extends ApiAction function prepare($args) { + common_debug('ApiAction::prepare()'); parent::prepare($args); if ($this->requiresAuth()) { diff --git a/lib/apibareauth.php b/lib/apibareauth.php index 2d29c1ddd..a127a5bf3 100644 --- a/lib/apibareauth.php +++ b/lib/apibareauth.php @@ -74,6 +74,8 @@ class ApiBareAuthAction extends ApiAuthAction function prepare($args) { + common_debug("ApiBareAuthAction::prepare()"); + parent::prepare($args); return true; } diff --git a/lib/apiprivateauth.php b/lib/apiprivateauth.php new file mode 100644 index 000000000..5d0033005 --- /dev/null +++ b/lib/apiprivateauth.php @@ -0,0 +1,82 @@ +<?php +/** + * StatusNet, the distributed open-source microblogging tool + * + * Base class for API actions that only require auth when a site + * is configured to be private + * + * PHP version 5 + * + * LICENCE: This program is free software: you can redistribute it and/or modify + * it under the terms of the GNU Affero General Public License as published by + * the Free Software Foundation, either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU Affero General Public License for more details. + * + * You should have received a copy of the GNU Affero General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category API + * @package StatusNet + * @author Adrian Lang <mail@adrianlang.de> + * @author Brenda Wallace <shiny@cpan.org> + * @author Craig Andrews <candrews@integralblue.com> + * @author Dan Moore <dan@moore.cx> + * @author Evan Prodromou <evan@status.net> + * @author mEDI <medi@milaro.net> + * @author Sarven Capadisli <csarven@status.net> + * @author Zach Copley <zach@status.net> + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR.'/lib/apiauth.php'; + +/** + * Actions extending this class will require auth only if a site is private + * + * @category API + * @package StatusNet + * @author Adrian Lang <mail@adrianlang.de> + * @author Brenda Wallace <shiny@cpan.org> + * @author Craig Andrews <candrews@integralblue.com> + * @author Dan Moore <dan@moore.cx> + * @author Evan Prodromou <evan@status.net> + * @author mEDI <medi@milaro.net> + * @author Sarven Capadisli <csarven@status.net> + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiPrivateAuthAction extends ApiAuthAction +{ + + /** + * Does this API resource require authentication? + * + * @return boolean true or false + */ + + function requiresAuth() + { + // If the site is "private", all API methods except statusnet/config + // need authentication + + if (common_config('site', 'private')) { + return true; + } + + return false; + } + +} |