summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMichele <macno@macno.org>2010-01-17 11:21:07 +0100
committerZach Copley <zach@status.net>2010-01-20 17:55:37 -0800
commit05156b708a16c5a20d4081242c398e667792de15 (patch)
tree0c373732643860bfcc23f2be699f0fc15899e7cd
parentc63832f7bf3ddde0f66fb36a3ace638d50b4b3d6 (diff)
HTTP auth provided is evaluated even if it's not required
-rw-r--r--lib/apiauth.php19
1 files changed, 13 insertions, 6 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 691db584b..b4292408a 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -79,10 +79,13 @@ class ApiAuthAction extends ApiAction
$this->checkOAuthRequest();
} else {
$this->checkBasicAuthUser();
- // By default, all basic auth users have read and write access
-
- $this->access = self::READ_WRITE;
}
+ } else {
+
+ // Check to see if a basic auth user is there even
+ // if one's not required
+
+ $this->checkBasicAuthUser(false);
}
return true;
@@ -198,13 +201,13 @@ class ApiAuthAction extends ApiAction
* @return boolean true or false
*/
- function checkBasicAuthUser()
+ function checkBasicAuthUser($required = true)
{
$this->basicAuthProcessHeader();
$realm = common_config('site', 'name') . ' API';
- if (!isset($this->auth_user)) {
+ if (!isset($this->auth_user) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
@@ -212,12 +215,16 @@ class ApiAuthAction extends ApiAction
$this->showBasicAuthError();
exit;
- } else {
+ } else if (isset($this->auth_user)) {
$nickname = $this->auth_user;
$password = $this->auth_pw;
$user = common_check_user($nickname, $password);
if (Event::handle('StartSetApiUser', array(&$user))) {
$this->auth_user = $user;
+
+ // By default, all basic auth users have read and write access
+ $this->access = self::READ_WRITE;
+
Event::handle('EndSetApiUser', array($user));
}