diff options
Diffstat (limited to 'lib/apiauth.php')
-rw-r--r-- | lib/apiauth.php | 56 |
1 files changed, 48 insertions, 8 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php index 501d3de10..c1976f964 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -33,6 +33,16 @@ if (!defined('STATUSNET')) { require_once INSTALLDIR.'/lib/twitterapi.php'; +/** + * Actions extending this class will require auth + * + * @category API + * @package StatusNet + * @author Zach Copley <zach@status.net> + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + class ApiAuthAction extends TwitterapiAction { /** @@ -46,6 +56,13 @@ class ApiAuthAction extends TwitterapiAction return true; } + /** + * Check for a user specified via HTTP basic auth. If there isn't + * one, try to get one by outputting the basic auth header. + * + * @return boolean true or false + */ + function checkBasicAuthUser() { $this->basicAuthProcessHeader(); @@ -68,8 +85,11 @@ class ApiAuthAction extends TwitterapiAction // basic authentication failed list($proxy, $ip) = common_client_ip(); - common_log(LOG_WARNING, - "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip."); + common_log( + LOG_WARNING, + 'Failed API auth attempt, nickname = ' . + "$nickname, proxy = $proxy, ip = $ip." + ); $this->showBasicAuthError(); return false; } @@ -77,16 +97,28 @@ class ApiAuthAction extends TwitterapiAction return true; } + /** + * Read the HTTP headers and set the auth user. Decodes HTTP_AUTHORIZATION + * param to support basic auth when PHP is running in CGI mode. + * + * @return void + */ + function basicAuthProcessHeader() { - if (isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) { - $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + if (isset($_SERVER['AUTHORIZATION']) + || isset($_SERVER['HTTP_AUTHORIZATION']) + ) { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION']) + ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; } if (isset($_SERVER['PHP_AUTH_USER'])) { $this->auth_user = $_SERVER['PHP_AUTH_USER']; $this->auth_pw = $_SERVER['PHP_AUTH_PW']; - } elseif (isset($authorization_header) && strstr(substr($authorization_header, 0, 5), 'Basic')) { + } elseif (isset($authorization_header) + && strstr(substr($authorization_header, 0, 5), 'Basic')) { + // decode the HTTP_AUTHORIZATION header on php-cgi server self // on fcgid server the header name is AUTHORIZATION @@ -94,6 +126,7 @@ class ApiAuthAction extends TwitterapiAction list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); // set all to null on a empty basic auth request + if ($this->auth_user == "") { $this->auth_user = null; $this->auth_pw = null; @@ -104,6 +137,13 @@ class ApiAuthAction extends TwitterapiAction } } + /** + * Output an authentication error message. Use XML or JSON if one + * of those formats is specified, otherwise output plain text + * + * @return void + */ + function showBasicAuthError() { header('HTTP/1.1 401 Unauthorized'); @@ -119,7 +159,8 @@ class ApiAuthAction extends TwitterapiAction $this->endXML(); } elseif ($this->arg('format') == 'json') { header('Content-Type: application/json; charset=utf-8'); - $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); + $error_array = array('error' => $msg, + 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); } else { header('Content-type: text/plain'); @@ -127,5 +168,4 @@ class ApiAuthAction extends TwitterapiAction } } - -}
\ No newline at end of file +} |