diff options
| -rw-r--r-- | actions/api.php | 13 | ||||
| -rw-r--r-- | actions/twitapistatuses.php | 8 |
2 files changed, 11 insertions, 10 deletions
diff --git a/actions/api.php b/actions/api.php index 97da359fe..1cfae9114 100644 --- a/actions/api.php +++ b/actions/api.php @@ -105,9 +105,18 @@ class ApiAction extends Action { 'statuses/show', 'help/test', 'help/downtime_schedule'); - if (in_array("$this->api_action/$this->api_method", $noauth)) { + static $bareauth = array('statuses/user_timeline'); + + # noauth: never needs auth + # bareauth: only needs auth if without an argument + + $fullname = "$this->api_action/$this->api_method"; + + if (in_array($fullname, $bareauth) && !$this->api_arg) { + return true; + } if (in_array($fullname, $noauth)) { return false; - } + } return true; } diff --git a/actions/twitapistatuses.php b/actions/twitapistatuses.php index 5a4345ab6..96931fec6 100644 --- a/actions/twitapistatuses.php +++ b/actions/twitapistatuses.php @@ -309,14 +309,6 @@ class TwitapistatusesAction extends TwitterapiAction { // Set the user to be the auth user if asked-for can't be found // honestly! This is what Twitter does, I swear --Zach $user = $apidata['user']; - - if (!$user) { - # This header makes basic auth go - header('WWW-Authenticate: Basic realm="Laconica API"'); - # if the user hits cancel -- bam! - common_show_basic_auth_error(); - exit(); - } } $profile = $user->getProfile(); |