summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--lib/apiauth.php33
1 files changed, 19 insertions, 14 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index ad9651ff2..ac5e997c7 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -84,16 +84,22 @@ class ApiAuthAction extends ApiAction
} else {
$this->checkBasicAuthUser();
}
+ } else {
- // Reject API calls with the wrong access level
+ // Check to see if a basic auth user is there even
+ // if one's not required
- if ($this->isReadOnly($args) == false) {
- if ($this->access != self::READ_WRITE) {
- $msg = 'API resource requires read-write access, ' .
- 'but you only have read access.';
- $this->clientError($msg, 401, $this->format);
- exit();
- }
+ $this->checkBasicAuthUser(false);
+ }
+
+ // Reject API calls with the wrong access level
+
+ if ($this->isReadOnly($args) == false) {
+ if ($this->access != self::READ_WRITE) {
+ $msg = 'API resource requires read-write access, ' .
+ 'but you only have read access.';
+ $this->clientError($msg, 401, $this->format);
+ exit;
}
}
@@ -206,13 +212,13 @@ class ApiAuthAction extends ApiAction
* @return boolean true or false
*/
- function checkBasicAuthUser()
+ function checkBasicAuthUser($required = true)
{
$this->basicAuthProcessHeader();
$realm = common_config('site', 'name') . ' API';
- if (!isset($this->auth_user_nickname)) {
+ if (!isset($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
@@ -222,11 +228,10 @@ class ApiAuthAction extends ApiAction
} else {
- $user = common_check_user($this->auth_user_nickname,
- $this->auth_user_password);
-
if (Event::handle('StartSetApiUser', array(&$user))) {
- $this->auth_user = $user;
+ $this->auth_user = common_check_user($this->auth_user_nickname,
+ $this->auth_user_password);
+
Event::handle('EndSetApiUser', array($user));
}