summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/apiauth.php22
1 files changed, 8 insertions, 14 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 262f4b966..25e2196cf 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -55,6 +55,7 @@ class ApiAuthAction extends ApiAction
{
var $auth_user_nickname = null;
var $auth_user_password = null;
+ var $oauth_source = null;
/**
* Take arguments for running, looks for an OAuth request,
@@ -73,28 +74,23 @@ class ApiAuthAction extends ApiAction
// NOTE: $this->auth_user has to get set in prepare(), not handle(),
// because subclasses do stuff with it in their prepares.
- if ($this->requiresAuth()) {
+ $oauthReq = $this->getOAuthRequest();
- $oauthReq = $this->getOAuthRequest();
-
- if (!$oauthReq) {
+ if (!$oauthReq) {
+ if ($this->requiresAuth()) {
$this->checkBasicAuthUser(true);
} else {
- $this->checkOAuthRequest($oauthReq);
+ // Check to see if a basic auth user is there even
+ // if one's not required
+ $this->checkBasicAuthUser(false);
}
} else {
-
- // Check to see if a basic auth user is there even
- // if one's not required
- $this->checkBasicAuthUser(false);
+ $this->checkOAuthRequest($oauthReq);
}
// Reject API calls with the wrong access level
if ($this->isReadOnly($args) == false) {
-
- common_debug(get_class($this) . ' is not read-only!');
-
if ($this->access != self::READ_WRITE) {
$msg = _('API resource requires read-write access, ' .
'but you only have read access.');
@@ -111,7 +107,6 @@ class ApiAuthAction extends ApiAction
* This is to avoid doign any unnecessary DB lookups.
*
* @return mixed the OAuthRequest or false
- *
*/
function getOAuthRequest()
@@ -140,7 +135,6 @@ class ApiAuthAction extends ApiAction
* @param OAuthRequest $request the OAuth Request
*
* @return nothing
- *
*/
function checkOAuthRequest($request)