summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-01-28 00:41:44 +0000
committerZach Copley <zach@status.net>2010-01-28 00:45:06 +0000
commit324590c46eba2900164d0487a2d525ea4e9f93b8 (patch)
treef77dadde87a28c6a8c60ef5d60059a5a90bf9c49 /lib
parent420ae06faf033b799c677845045b50b259801dbd (diff)
Some adjustments to the way API auth works after merging testing and 0.9.x
Diffstat (limited to 'lib')
-rw-r--r--lib/apiauth.php39
1 files changed, 24 insertions, 15 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index ac5e997c7..d441014ad 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -57,7 +57,6 @@ class ApiAuthAction extends ApiAction
var $auth_user_password = null;
var $access_token = null;
var $oauth_source = null;
- var $auth_user = null;
/**
* Take arguments for running, and output basic auth header if needed
@@ -82,22 +81,27 @@ class ApiAuthAction extends ApiAction
if (!empty($this->access_token)) {
$this->checkOAuthRequest();
} else {
- $this->checkBasicAuthUser();
+ $this->checkBasicAuthUser(true);
}
} else {
// Check to see if a basic auth user is there even
// if one's not required
- $this->checkBasicAuthUser(false);
+ if (empty($this->access_token)) {
+ $this->checkBasicAuthUser(false);
+ }
}
// Reject API calls with the wrong access level
if ($this->isReadOnly($args) == false) {
+
+ common_debug(get_class($this) . ' is not read-only!');
+
if ($this->access != self::READ_WRITE) {
- $msg = 'API resource requires read-write access, ' .
- 'but you only have read access.';
+ $msg = _('API resource requires read-write access, ' .
+ 'but you only have read access.');
$this->clientError($msg, 401, $this->format);
exit;
}
@@ -176,7 +180,7 @@ class ApiAuthAction extends ApiAction
($this->access = self::READ_WRITE) ?
'read-write' : 'read-only'
));
- return true;
+ return;
} else {
throw new OAuthException('Bad access token.');
}
@@ -228,9 +232,14 @@ class ApiAuthAction extends ApiAction
} else {
+ $user = common_check_user($this->auth_user_nickname,
+ $this->auth_user_password);
+
if (Event::handle('StartSetApiUser', array(&$user))) {
- $this->auth_user = common_check_user($this->auth_user_nickname,
- $this->auth_user_password);
+
+ if (!empty($user)) {
+ $this->auth_user = $user;
+ }
Event::handle('EndSetApiUser', array($user));
}
@@ -239,18 +248,18 @@ class ApiAuthAction extends ApiAction
$this->access = self::READ_WRITE;
- if (empty($this->auth_user)) {
+ if (empty($this->auth_user) && $required) {
// basic authentication failed
list($proxy, $ip) = common_client_ip();
- common_log(
- LOG_WARNING,
- 'Failed API auth attempt, nickname = ' .
- "$nickname, proxy = $proxy, ip = $ip."
- );
-
+ $msg = sprintf(_('Failed API auth attempt, nickname = %1$s, ' .
+ 'proxy = %2$s, ip = %3$s'),
+ $this->auth_user_nickname,
+ $proxy,
+ $ip);
+ common_log(LOG_WARNING, $msg);
$this->showAuthError();
exit;
}