summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2009-11-04 22:09:46 -0800
committerZach Copley <zach@status.net>2009-11-04 22:09:46 -0800
commit3252f6ec1b0e97fe2db8b40b8236a7652f87a47e (patch)
treee1944cd2a909acb9938343482efdebc2b43ceb3d
parent2149168d2995da0b89ee9eb6875d3899e04c783b (diff)
parent1ef1f59fe8ec8c3fd012838cfe0d20051287c2d6 (diff)
Merge branch 'fix-private-auth' into 0.9.x
* fix-private-auth: Fix for Ticket #1957 - API methods are not accessible when site is private (0.8->0.9 regression) Allow all API calls, even if the site is configured as private. The
-rw-r--r--actions/apifriendshipsexists.php4
-rw-r--r--actions/apigrouplistall.php4
-rw-r--r--actions/apigroupmembership.php4
-rw-r--r--actions/apigroupshow.php4
-rw-r--r--actions/apihelptest.php4
-rw-r--r--actions/apistatusesshow.php4
-rw-r--r--actions/apistatusnetversion.php4
-rw-r--r--actions/apitimelinefriends.php2
-rw-r--r--actions/apitimelinegroup.php4
-rw-r--r--actions/apitimelinepublic.php4
-rw-r--r--actions/apitimelinetag.php4
-rw-r--r--actions/apiusershow.php4
-rw-r--r--index.php1
-rw-r--r--lib/apiauth.php1
-rw-r--r--lib/apibareauth.php2
-rw-r--r--lib/apiprivateauth.php82
16 files changed, 109 insertions, 23 deletions
diff --git a/actions/apifriendshipsexists.php b/actions/apifriendshipsexists.php
index 2910f7ead..c040b9f6a 100644
--- a/actions/apifriendshipsexists.php
+++ b/actions/apifriendshipsexists.php
@@ -33,7 +33,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Tests for the existence of friendship between two users. Will return true if
@@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiFriendshipsExistsAction extends ApiAction
+class ApiFriendshipsExistsAction extends ApiPrivateAuthAction
{
var $user_a = null;
var $user_b = null;
diff --git a/actions/apigrouplistall.php b/actions/apigrouplistall.php
index 89469f36f..c597839a8 100644
--- a/actions/apigrouplistall.php
+++ b/actions/apigrouplistall.php
@@ -34,7 +34,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns of the lastest 20 groups for the site
@@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiGroupListAllAction extends ApiAction
+class ApiGroupListAllAction extends ApiPrivateAuthAction
{
var $groups = null;
diff --git a/actions/apigroupmembership.php b/actions/apigroupmembership.php
index b31e47b39..d221a6418 100644
--- a/actions/apigroupmembership.php
+++ b/actions/apigroupmembership.php
@@ -34,7 +34,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* List 20 newest members of the group specified by name or ID.
@@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiGroupMembershipAction extends ApiAction
+class ApiGroupMembershipAction extends ApiPrivateAuthAction
{
var $group = null;
var $profiles = null;
diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php
index 2bdb22bc4..b745ff92f 100644
--- a/actions/apigroupshow.php
+++ b/actions/apigroupshow.php
@@ -34,7 +34,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Outputs detailed information about the group specified by ID
@@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiGroupShowAction extends ApiAction
+class ApiGroupShowAction extends ApiPrivateAuthAction
{
var $group = null;
diff --git a/actions/apihelptest.php b/actions/apihelptest.php
index e4ef55f2e..f2c459e6f 100644
--- a/actions/apihelptest.php
+++ b/actions/apihelptest.php
@@ -32,7 +32,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns the string "ok" in the requested format with a 200 OK HTTP status code.
@@ -45,7 +45,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiHelpTestAction extends ApiAction
+class ApiHelpTestAction extends ApiPrivateAuthAction
{
/**
diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php
index 3be22ca59..e26c009c4 100644
--- a/actions/apistatusesshow.php
+++ b/actions/apistatusesshow.php
@@ -37,7 +37,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns the notice specified by id as a Twitter-style status and inline user
@@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiStatusesShowAction extends ApiAction
+class ApiStatusesShowAction extends ApiPrivateAuthAction
{
var $notice_id = null;
diff --git a/actions/apistatusnetversion.php b/actions/apistatusnetversion.php
index e73ab983b..bbf891a89 100644
--- a/actions/apistatusnetversion.php
+++ b/actions/apistatusnetversion.php
@@ -32,7 +32,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns a version number for this version of StatusNet, which
@@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiStatusnetVersionAction extends ApiAction
+class ApiStatusnetVersionAction extends ApiPrivateAuthAction
{
/**
* Take arguments for running
diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php
index 1ea35866e..66dd3f2b2 100644
--- a/actions/apitimelinefriends.php
+++ b/actions/apitimelinefriends.php
@@ -72,7 +72,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction
function prepare($args)
{
parent::prepare($args);
-
+ common_debug("api friends_timeline");
$this->user = $this->getTargetUser($this->arg('id'));
if (empty($this->user)) {
diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php
index 5d0542918..f25f6ba51 100644
--- a/actions/apitimelinegroup.php
+++ b/actions/apitimelinegroup.php
@@ -34,7 +34,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns the most recent notices (default 20) posted to the group specified by ID
@@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiTimelineGroupAction extends ApiAction
+class ApiTimelineGroupAction extends ApiPrivateAuthAction
{
var $group = null;
diff --git a/actions/apitimelinepublic.php b/actions/apitimelinepublic.php
index 58e267734..7a8504259 100644
--- a/actions/apitimelinepublic.php
+++ b/actions/apitimelinepublic.php
@@ -37,7 +37,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns the most recent notices (default 20) posted by everybody
@@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiTimelinePublicAction extends ApiAction
+class ApiTimelinePublicAction extends ApiPrivateAuthAction
{
var $notices = null;
diff --git a/actions/apitimelinetag.php b/actions/apitimelinetag.php
index a274daac0..452593c11 100644
--- a/actions/apitimelinetag.php
+++ b/actions/apitimelinetag.php
@@ -34,7 +34,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Returns the 20 most recent notices tagged by a given tag
@@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiTimelineTagAction extends ApiAction
+class ApiTimelineTagAction extends ApiPrivateAuthAction
{
var $notices = null;
diff --git a/actions/apiusershow.php b/actions/apiusershow.php
index b3a939b43..aa7aec5a4 100644
--- a/actions/apiusershow.php
+++ b/actions/apiusershow.php
@@ -34,7 +34,7 @@ if (!defined('STATUSNET')) {
exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
+require_once INSTALLDIR . '/lib/apiprivateauth.php';
/**
* Ouputs information for a user, specified by ID or screen name.
@@ -50,7 +50,7 @@ require_once INSTALLDIR . '/lib/api.php';
* @link http://status.net/
*/
-class ApiUserShowAction extends ApiAction
+class ApiUserShowAction extends ApiPrivateAuthAction
{
/**
* Take arguments for running
diff --git a/index.php b/index.php
index 3acdba375..577b491ed 100644
--- a/index.php
+++ b/index.php
@@ -239,6 +239,7 @@ function main()
if (!$user && common_config('site', 'private')
&& !isLoginAction($action)
&& !preg_match('/rss$/', $action)
+ && !preg_match('/^Api/', $action)
) {
common_redirect(common_local_url('login'));
return;
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 2f2e44a26..2a3377013 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -66,6 +66,7 @@ class ApiAuthAction extends ApiAction
function prepare($args)
{
+ common_debug('ApiAction::prepare()');
parent::prepare($args);
if ($this->requiresAuth()) {
diff --git a/lib/apibareauth.php b/lib/apibareauth.php
index 2d29c1ddd..a127a5bf3 100644
--- a/lib/apibareauth.php
+++ b/lib/apibareauth.php
@@ -74,6 +74,8 @@ class ApiBareAuthAction extends ApiAuthAction
function prepare($args)
{
+ common_debug("ApiBareAuthAction::prepare()");
+
parent::prepare($args);
return true;
}
diff --git a/lib/apiprivateauth.php b/lib/apiprivateauth.php
new file mode 100644
index 000000000..5d0033005
--- /dev/null
+++ b/lib/apiprivateauth.php
@@ -0,0 +1,82 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Base class for API actions that only require auth when a site
+ * is configured to be private
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program. If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category API
+ * @package StatusNet
+ * @author Adrian Lang <mail@adrianlang.de>
+ * @author Brenda Wallace <shiny@cpan.org>
+ * @author Craig Andrews <candrews@integralblue.com>
+ * @author Dan Moore <dan@moore.cx>
+ * @author Evan Prodromou <evan@status.net>
+ * @author mEDI <medi@milaro.net>
+ * @author Sarven Capadisli <csarven@status.net>
+ * @author Zach Copley <zach@status.net>
+ * @copyright 2009 StatusNet, Inc.
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+if (!defined('STATUSNET')) {
+ exit(1);
+}
+
+require_once INSTALLDIR.'/lib/apiauth.php';
+
+/**
+ * Actions extending this class will require auth only if a site is private
+ *
+ * @category API
+ * @package StatusNet
+ * @author Adrian Lang <mail@adrianlang.de>
+ * @author Brenda Wallace <shiny@cpan.org>
+ * @author Craig Andrews <candrews@integralblue.com>
+ * @author Dan Moore <dan@moore.cx>
+ * @author Evan Prodromou <evan@status.net>
+ * @author mEDI <medi@milaro.net>
+ * @author Sarven Capadisli <csarven@status.net>
+ * @author Zach Copley <zach@status.net>
+ * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link http://status.net/
+ */
+
+class ApiPrivateAuthAction extends ApiAuthAction
+{
+
+ /**
+ * Does this API resource require authentication?
+ *
+ * @return boolean true or false
+ */
+
+ function requiresAuth()
+ {
+ // If the site is "private", all API methods except statusnet/config
+ // need authentication
+
+ if (common_config('site', 'private')) {
+ return true;
+ }
+
+ return false;
+ }
+
+}