summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
authorZach Copley <zach@status.net>2010-02-02 23:16:44 +0000
committerZach Copley <zach@status.net>2010-02-05 03:18:44 +0000
commit4041a59282c5ebb751e3763b5489be2bfef7f74a (patch)
treeb54a8733bf2985e5e59d9693b752eacd60ae96eb /lib
parent54171248847e0c535697c6b1e8ff0e89f42f0087 (diff)
Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth, even if one is not required. I think I finally got this right.
Diffstat (limited to 'lib')
-rw-r--r--lib/apiauth.php19
1 files changed, 8 insertions, 11 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 99500404f..25e2196cf 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -55,6 +55,7 @@ class ApiAuthAction extends ApiAction
{
var $auth_user_nickname = null;
var $auth_user_password = null;
+ var $oauth_source = null;
/**
* Take arguments for running, looks for an OAuth request,
@@ -73,20 +74,18 @@ class ApiAuthAction extends ApiAction
// NOTE: $this->auth_user has to get set in prepare(), not handle(),
// because subclasses do stuff with it in their prepares.
- if ($this->requiresAuth()) {
+ $oauthReq = $this->getOAuthRequest();
- $oauthReq = $this->getOAuthRequest();
-
- if (!$oauthReq) {
+ if (!$oauthReq) {
+ if ($this->requiresAuth()) {
$this->checkBasicAuthUser(true);
} else {
- $this->checkOAuthRequest($oauthReq);
+ // Check to see if a basic auth user is there even
+ // if one's not required
+ $this->checkBasicAuthUser(false);
}
} else {
-
- // Check to see if a basic auth user is there even
- // if one's not required
- $this->checkBasicAuthUser(false);
+ $this->checkOAuthRequest($oauthReq);
}
// Reject API calls with the wrong access level
@@ -108,7 +107,6 @@ class ApiAuthAction extends ApiAction
* This is to avoid doign any unnecessary DB lookups.
*
* @return mixed the OAuthRequest or false
- *
*/
function getOAuthRequest()
@@ -137,7 +135,6 @@ class ApiAuthAction extends ApiAction
* @param OAuthRequest $request the OAuth Request
*
* @return nothing
- *
*/
function checkOAuthRequest($request)