diff options
| author | Zach Copley <zach@status.net> | 2009-09-16 12:40:22 -0700 |
|---|---|---|
| committer | Zach Copley <zach@status.net> | 2009-09-16 12:40:22 -0700 |
| commit | 0190785b73b52e2c6069c31542f578f812a5e0ab (patch) | |
| tree | b0c1184753a0fa10ca8efae0b283ad8ea79fb750 /actions/api.php | |
| parent | 876f56254d3ccdcc7ba3e9c7693345cef8a6e22b (diff) | |
| parent | 83b09164573ede90d87a7038a56f651a5f82b9f1 (diff) | |
Merge branch '0.9.x' into pluginize-twitter-bridge
* 0.9.x: (57 commits)
Updated csarven emails to csarven@status.net and removed dupes
statusize new HTTP classes
dedupe evans
change all evans to evan@status.net
add post to curlclient
fix user-agent for curlclient
add get to curl client
add cURL client with HEAD method
add user agent and correct version check to httpclient
statusize OpenID plugin
add http client config value
update httpclient class
move httputil to httpclient
Start a common library for HTTP client stuff
check correct define (not backwards compatible)
Fixed broken list items in installer output
Got rid of a bunch of ugly warnings
Add Jiminy to notice sources
Make it impossible to delete self-subscriptions via the API
Fix bad merge d7ae0ed4fd755ebad0788a17d0f2fb6a6ca9d63b
...
Diffstat (limited to 'actions/api.php')
| -rw-r--r-- | actions/api.php | 89 |
1 files changed, 69 insertions, 20 deletions
diff --git a/actions/api.php b/actions/api.php index f425a8dcd..d570bb017 100644 --- a/actions/api.php +++ b/actions/api.php @@ -1,5 +1,5 @@ <?php -/* +/** * StatusNet - the distributed open-source microblogging tool * Copyright (C) 2008, 2009, StatusNet, Inc. * @@ -15,9 +15,27 @@ * * You should have received a copy of the GNU Affero General Public License * along with this program. If not, see <http://www.gnu.org/licenses/>. + * + * @category Actions + * @package Actions + * @author Evan Prodromou <evan@status.net> + * @author Brenda Wallace <shiny@cpan.org> + * @author Jeffery To <jeffery.to@gmail.com> + * @author Robin Millette <millette@controlyourself.ca> + * @author Tom Adams <tom@holizz.com> + * @author Christopher Vollick <psycotica0@gmail.com> + * @author CiaranG <ciaran@ciarang.com> + * @author Craig Andrews <candrews@integralblue.com> + * @author Gina Haeussge <osd@foosel.net> + * @author Mike Cochrane <mikec@mikenz.geek.nz> + * @author Sarven Capadisli <csarven@status.net> + * @license GNU Affero General Public License http://www.gnu.org/licenses/ + * @link http://status.net */ -if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} class ApiAction extends Action { @@ -27,6 +45,8 @@ class ApiAction extends Action var $api_arg; var $api_method; var $api_action; + var $auth_user; + var $auth_pw; function handle($args) { @@ -35,6 +55,7 @@ class ApiAction extends Action $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); + $this->basic_auth_process_header(); if (isset($argument)) { $cmdext = explode('.', $argument); @@ -43,30 +64,30 @@ class ApiAction extends Action $this->content_type = strtolower($cmdext[1]); } else { - # Requested format / content-type will be an extension on the method + //Requested format / content-type will be an extension on the method $cmdext = explode('.', $method); $this->api_method = $cmdext[0]; $this->content_type = strtolower($cmdext[1]); } if ($this->requires_auth()) { - if (!isset($_SERVER['PHP_AUTH_USER'])) { + if (!isset($this->auth_user)) { - # This header makes basic auth go + //This header makes basic auth go header('WWW-Authenticate: Basic realm="StatusNet API"'); - # If the user hits cancel -- bam! + //If the user hits cancel -- bam! $this->show_basic_auth_error(); } else { - $nickname = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; + $nickname = $this->auth_user; + $password = $this->auth_pw; $user = common_check_user($nickname, $password); if ($user) { $this->user = $user; $this->process_command(); } else { - # basic authentication failed + //basic authentication failed list($proxy, $ip) = common_client_ip(); common_log(LOG_WARNING, "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip."); @@ -76,12 +97,12 @@ class ApiAction extends Action } else { // Caller might give us a username even if not required - if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + if (isset($this->auth_user)) { + $user = User::staticGet('nickname', $this->auth_user); if ($user) { $this->user = $user; } - # Twitter doesn't throw an error if the user isn't found + //Twitter doesn't throw an error if the user isn't found } $this->process_command(); @@ -94,7 +115,7 @@ class ApiAction extends Action $actionfile = INSTALLDIR."/actions/$action.php"; if (file_exists($actionfile)) { - require_once($actionfile); + include_once $actionfile; $action_class = ucfirst($action)."Action"; $action_obj = new $action_class(); @@ -110,10 +131,10 @@ class ApiAction extends Action call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); } else { - $this->clientError("API method not found!", $code=404); + $this->clientError("API method not found!", $code = 404); } } else { - $this->clientError("API method not found!", $code=404); + $this->clientError("API method not found!", $code = 404); } } @@ -181,10 +202,11 @@ class ApiAction extends Action $user_id = $this->arg('user_id'); $screen_name = $this->arg('screen_name'); - if (empty($this->api_arg) && - empty($id) && - empty($user_id) && - empty($screen_name)) { + if (empty($this->api_arg) + && empty($id) + && empty($user_id) + && empty($screen_name) + ) { return true; } else { return false; @@ -203,6 +225,33 @@ class ApiAction extends Action } } + function basic_auth_process_header() + { + if (isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + } + + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->auth_user = $_SERVER['PHP_AUTH_USER']; + $this->auth_pw = $_SERVER['PHP_AUTH_PW']; + } elseif (isset($authorization_header) && strstr(substr($authorization_header, 0, 5), 'Basic')) { + // decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server the header name is AUTHORIZATION + + $auth_hash = base64_decode(substr($authorization_header, 6)); + list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); + + // set all to null on a empty basic auth request + if ($this->auth_user == "") { + $this->auth_user = null; + $this->auth_pw = null; + } + } else { + $this->auth_user = null; + $this->auth_pw = null; + } + } + function show_basic_auth_error() { header('HTTP/1.1 401 Unauthorized'); @@ -216,7 +265,7 @@ class ApiAction extends Action $this->element('request', null, $_SERVER['REQUEST_URI']); $this->elementEnd('hash'); $this->endXML(); - } else if ($this->content_type == 'json') { + } else if ($this->content_type == 'json') { header('Content-Type: application/json; charset=utf-8'); $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); |