1 files changed, 58 insertions, 15 deletions

diff --git a/actions/api.php b/actions/api.php
index 8b92889f8..3705d035c 100644
--- a/actions/api.php
+++ b/actions/api.php
@@ -1,7 +1,7 @@
 <?php
 /*
- * Laconica - a distributed open-source microblogging tool
- * Copyright (C) 2008, 2009, Control Yourself, Inc.
+ * StatusNet - the distributed open-source microblogging tool
+ * Copyright (C) 2008, 2009, StatusNet, Inc.
  *
  * This program is free software: you can redistribute it and/or modify
  * it under the terms of the GNU Affero General Public License as published by
@@ -17,7 +17,7 @@
  * along with this program.     If not, see <http://www.gnu.org/licenses/>.
  */
 
-if (!defined('LACONICA')) { exit(1); }
+if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); }
 
 class ApiAction extends Action
 {
@@ -27,6 +27,8 @@ class ApiAction extends Action
     var $api_arg;
     var $api_method;
     var $api_action;
+    var $auth_user;
+    var $auth_pw;
 
     function handle($args)
     {
@@ -35,6 +37,7 @@ class ApiAction extends Action
         $this->api_action = $this->arg('apiaction');
         $method = $this->arg('method');
         $argument = $this->arg('argument');
+	$this->basic_auth_process_header();
 
         if (isset($argument)) {
             $cmdext = explode('.', $argument);
@@ -50,16 +53,16 @@ class ApiAction extends Action
         }
 
         if ($this->requires_auth()) {
-            if (!isset($_SERVER['PHP_AUTH_USER'])) {
+            if (!isset($this->auth_user)) {
 
                 # This header makes basic auth go
-                header('WWW-Authenticate: Basic realm="Laconica API"');
+                header('WWW-Authenticate: Basic realm="StatusNet API"');
 
                 # If the user hits cancel -- bam!
                 $this->show_basic_auth_error();
             } else {
-                $nickname = $_SERVER['PHP_AUTH_USER'];
-                $password = $_SERVER['PHP_AUTH_PW'];
+                $nickname = $this->auth_user;
+                $password = $this->auth_pw;
                 $user = common_check_user($nickname, $password);
 
                 if ($user) {
@@ -76,8 +79,8 @@ class ApiAction extends Action
         } else {
 
             // Caller might give us a username even if not required
-            if (isset($_SERVER['PHP_AUTH_USER'])) {
-                $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
+            if (isset($this->auth_user)) {
+                $user = User::staticGet('nickname', $this->auth_user);
                 if ($user) {
                     $this->user = $user;
                 }
@@ -125,29 +128,36 @@ class ApiAction extends Action
                                 'users/show',
                                 'help/test',
                                 'help/downtime_schedule',
-                                'laconica/version',
-                                'laconica/config',
-                                'laconica/wadl',
+                                'statusnet/version',
+                                'statusnet/config',
+                                'statusnet/wadl',
                                 'tags/timeline',
                                 'oembed/oembed',
+                                'groups/show',
+                                'groups/timeline',
+                                'groups/list_all',
+                                'groups/membership',
+                                'groups/is_member',
                                 'groups/timeline');
 
         static $bareauth = array('statuses/user_timeline',
                                  'statuses/friends_timeline',
+				 'statuses/home_timeline',
                                  'statuses/friends',
                                  'statuses/replies',
                                  'statuses/mentions',
                                  'statuses/followers',
                                  'favorites/favorites',
-                                 'friendships/show');
+                                 'friendships/show',
+                                 'groups/list_groups');
 
         $fullname = "$this->api_action/$this->api_method";
 
-        // If the site is "private", all API methods except laconica/config
+        // If the site is "private", all API methods except statusnet/config
         // need authentication
 
         if (common_config('site', 'private')) {
-            return $fullname != 'laconica/config' || false;
+            return $fullname != 'statusnet/config' || false;
         }
 
         // bareauth: only needs auth if without an argument or query param specifying user
@@ -197,6 +207,39 @@ class ApiAction extends Action
         }
     }
 
+    function basic_auth_process_header()
+    {
+	if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION']))
+	{
+		$authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION'];
+	}
+
+	if(isset($_SERVER['PHP_AUTH_USER']))
+	{
+		$this->auth_user = $_SERVER['PHP_AUTH_USER'];
+		$this->auth_pw = $_SERVER['PHP_AUTH_PW'];
+	}
+	elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic')  )
+	{
+		// decode the HTTP_AUTHORIZATION header on php-cgi server self
+		// on fcgid server the header name is AUTHORIZATION
+
+		$auth_hash = base64_decode( substr($authorization_header, 6) );
+		list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash);
+
+		// set all to NULL on a empty basic auth request
+		if($this->auth_user == "") {
+			$this->auth_user = NULL;
+			$this->auth_pw = NULL;
+		}
+	}
+	else
+	{
+		$this->auth_user = NULL;
+		$this->auth_pw = NULL;
+	}
+    }
+
     function show_basic_auth_error()
     {
         header('HTTP/1.1 401 Unauthorized');