diff options
author | Michele <macno@macno.org> | 2010-01-17 11:21:07 +0100 |
---|---|---|
committer | Zach Copley <zach@status.net> | 2010-01-20 17:55:37 -0800 |
commit | 05156b708a16c5a20d4081242c398e667792de15 (patch) | |
tree | 0c373732643860bfcc23f2be699f0fc15899e7cd /lib | |
parent | c63832f7bf3ddde0f66fb36a3ace638d50b4b3d6 (diff) |
HTTP auth provided is evaluated even if it's not required
Diffstat (limited to 'lib')
-rw-r--r-- | lib/apiauth.php | 19 |
1 files changed, 13 insertions, 6 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php index 691db584b..b4292408a 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -79,10 +79,13 @@ class ApiAuthAction extends ApiAction $this->checkOAuthRequest(); } else { $this->checkBasicAuthUser(); - // By default, all basic auth users have read and write access - - $this->access = self::READ_WRITE; } + } else { + + // Check to see if a basic auth user is there even + // if one's not required + + $this->checkBasicAuthUser(false); } return true; @@ -198,13 +201,13 @@ class ApiAuthAction extends ApiAction * @return boolean true or false */ - function checkBasicAuthUser() + function checkBasicAuthUser($required = true) { $this->basicAuthProcessHeader(); $realm = common_config('site', 'name') . ' API'; - if (!isset($this->auth_user)) { + if (!isset($this->auth_user) && $required) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); // show error if the user clicks 'cancel' @@ -212,12 +215,16 @@ class ApiAuthAction extends ApiAction $this->showBasicAuthError(); exit; - } else { + } else if (isset($this->auth_user)) { $nickname = $this->auth_user; $password = $this->auth_pw; $user = common_check_user($nickname, $password); if (Event::handle('StartSetApiUser', array(&$user))) { $this->auth_user = $user; + + // By default, all basic auth users have read and write access + $this->access = self::READ_WRITE; + Event::handle('EndSetApiUser', array($user)); } |