From fbeae998840fb58ac2fbb8779f14eb2abe74cd08 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Wed, 4 Nov 2009 21:33:59 -0800 Subject: Allow all API calls, even if the site is configured as private. The API Actions will decide whether something requires auth or a redirect. --- index.php | 1 + 1 file changed, 1 insertion(+) diff --git a/index.php b/index.php index 3acdba375..577b491ed 100644 --- a/index.php +++ b/index.php @@ -239,6 +239,7 @@ function main() if (!$user && common_config('site', 'private') && !isLoginAction($action) && !preg_match('/rss$/', $action) + && !preg_match('/^Api/', $action) ) { common_redirect(common_local_url('login')); return; -- cgit v1.2.3-54-g00ecf From 1ef1f59fe8ec8c3fd012838cfe0d20051287c2d6 Mon Sep 17 00:00:00 2001 From: Zach Copley Date: Wed, 4 Nov 2009 22:03:41 -0800 Subject: Fix for Ticket #1957 - API methods are not accessible when site is private (0.8->0.9 regression) --- actions/apifriendshipsexists.php | 4 +- actions/apigrouplistall.php | 4 +- actions/apigroupmembership.php | 4 +- actions/apigroupshow.php | 4 +- actions/apihelptest.php | 4 +- actions/apistatusesshow.php | 4 +- actions/apistatusnetversion.php | 4 +- actions/apitimelinefriends.php | 2 +- actions/apitimelinegroup.php | 4 +- actions/apitimelinepublic.php | 4 +- actions/apitimelinetag.php | 4 +- actions/apiusershow.php | 4 +- lib/apiauth.php | 1 + lib/apibareauth.php | 2 + lib/apiprivateauth.php | 82 ++++++++++++++++++++++++++++++++++++++++ 15 files changed, 108 insertions(+), 23 deletions(-) create mode 100644 lib/apiprivateauth.php diff --git a/actions/apifriendshipsexists.php b/actions/apifriendshipsexists.php index 2910f7ead..c040b9f6a 100644 --- a/actions/apifriendshipsexists.php +++ b/actions/apifriendshipsexists.php @@ -33,7 +33,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Tests for the existence of friendship between two users. Will return true if @@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiFriendshipsExistsAction extends ApiAction +class ApiFriendshipsExistsAction extends ApiPrivateAuthAction { var $user_a = null; var $user_b = null; diff --git a/actions/apigrouplistall.php b/actions/apigrouplistall.php index 89469f36f..c597839a8 100644 --- a/actions/apigrouplistall.php +++ b/actions/apigrouplistall.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns of the lastest 20 groups for the site @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupListAllAction extends ApiAction +class ApiGroupListAllAction extends ApiPrivateAuthAction { var $groups = null; diff --git a/actions/apigroupmembership.php b/actions/apigroupmembership.php index b31e47b39..d221a6418 100644 --- a/actions/apigroupmembership.php +++ b/actions/apigroupmembership.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * List 20 newest members of the group specified by name or ID. @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupMembershipAction extends ApiAction +class ApiGroupMembershipAction extends ApiPrivateAuthAction { var $group = null; var $profiles = null; diff --git a/actions/apigroupshow.php b/actions/apigroupshow.php index 2bdb22bc4..b745ff92f 100644 --- a/actions/apigroupshow.php +++ b/actions/apigroupshow.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Outputs detailed information about the group specified by ID @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiGroupShowAction extends ApiAction +class ApiGroupShowAction extends ApiPrivateAuthAction { var $group = null; diff --git a/actions/apihelptest.php b/actions/apihelptest.php index e4ef55f2e..f2c459e6f 100644 --- a/actions/apihelptest.php +++ b/actions/apihelptest.php @@ -32,7 +32,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the string "ok" in the requested format with a 200 OK HTTP status code. @@ -45,7 +45,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiHelpTestAction extends ApiAction +class ApiHelpTestAction extends ApiPrivateAuthAction { /** diff --git a/actions/apistatusesshow.php b/actions/apistatusesshow.php index 3be22ca59..e26c009c4 100644 --- a/actions/apistatusesshow.php +++ b/actions/apistatusesshow.php @@ -37,7 +37,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the notice specified by id as a Twitter-style status and inline user @@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiStatusesShowAction extends ApiAction +class ApiStatusesShowAction extends ApiPrivateAuthAction { var $notice_id = null; diff --git a/actions/apistatusnetversion.php b/actions/apistatusnetversion.php index e73ab983b..bbf891a89 100644 --- a/actions/apistatusnetversion.php +++ b/actions/apistatusnetversion.php @@ -32,7 +32,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns a version number for this version of StatusNet, which @@ -48,7 +48,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiStatusnetVersionAction extends ApiAction +class ApiStatusnetVersionAction extends ApiPrivateAuthAction { /** * Take arguments for running diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php index 1ea35866e..66dd3f2b2 100644 --- a/actions/apitimelinefriends.php +++ b/actions/apitimelinefriends.php @@ -72,7 +72,7 @@ class ApiTimelineFriendsAction extends ApiBareAuthAction function prepare($args) { parent::prepare($args); - + common_debug("api friends_timeline"); $this->user = $this->getTargetUser($this->arg('id')); if (empty($this->user)) { diff --git a/actions/apitimelinegroup.php b/actions/apitimelinegroup.php index 5d0542918..f25f6ba51 100644 --- a/actions/apitimelinegroup.php +++ b/actions/apitimelinegroup.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the most recent notices (default 20) posted to the group specified by ID @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelineGroupAction extends ApiAction +class ApiTimelineGroupAction extends ApiPrivateAuthAction { var $group = null; diff --git a/actions/apitimelinepublic.php b/actions/apitimelinepublic.php index 58e267734..7a8504259 100644 --- a/actions/apitimelinepublic.php +++ b/actions/apitimelinepublic.php @@ -37,7 +37,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the most recent notices (default 20) posted by everybody @@ -55,7 +55,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelinePublicAction extends ApiAction +class ApiTimelinePublicAction extends ApiPrivateAuthAction { var $notices = null; diff --git a/actions/apitimelinetag.php b/actions/apitimelinetag.php index a274daac0..452593c11 100644 --- a/actions/apitimelinetag.php +++ b/actions/apitimelinetag.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Returns the 20 most recent notices tagged by a given tag @@ -49,7 +49,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiTimelineTagAction extends ApiAction +class ApiTimelineTagAction extends ApiPrivateAuthAction { var $notices = null; diff --git a/actions/apiusershow.php b/actions/apiusershow.php index b3a939b43..aa7aec5a4 100644 --- a/actions/apiusershow.php +++ b/actions/apiusershow.php @@ -34,7 +34,7 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/api.php'; +require_once INSTALLDIR . '/lib/apiprivateauth.php'; /** * Ouputs information for a user, specified by ID or screen name. @@ -50,7 +50,7 @@ require_once INSTALLDIR . '/lib/api.php'; * @link http://status.net/ */ -class ApiUserShowAction extends ApiAction +class ApiUserShowAction extends ApiPrivateAuthAction { /** * Take arguments for running diff --git a/lib/apiauth.php b/lib/apiauth.php index 2f2e44a26..2a3377013 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -66,6 +66,7 @@ class ApiAuthAction extends ApiAction function prepare($args) { + common_debug('ApiAction::prepare()'); parent::prepare($args); if ($this->requiresAuth()) { diff --git a/lib/apibareauth.php b/lib/apibareauth.php index 2d29c1ddd..a127a5bf3 100644 --- a/lib/apibareauth.php +++ b/lib/apibareauth.php @@ -74,6 +74,8 @@ class ApiBareAuthAction extends ApiAuthAction function prepare($args) { + common_debug("ApiBareAuthAction::prepare()"); + parent::prepare($args); return true; } diff --git a/lib/apiprivateauth.php b/lib/apiprivateauth.php new file mode 100644 index 000000000..5d0033005 --- /dev/null +++ b/lib/apiprivateauth.php @@ -0,0 +1,82 @@ +. + * + * @category API + * @package StatusNet + * @author Adrian Lang + * @author Brenda Wallace + * @author Craig Andrews + * @author Dan Moore + * @author Evan Prodromou + * @author mEDI + * @author Sarven Capadisli + * @author Zach Copley + * @copyright 2009 StatusNet, Inc. + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR.'/lib/apiauth.php'; + +/** + * Actions extending this class will require auth only if a site is private + * + * @category API + * @package StatusNet + * @author Adrian Lang + * @author Brenda Wallace + * @author Craig Andrews + * @author Dan Moore + * @author Evan Prodromou + * @author mEDI + * @author Sarven Capadisli + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiPrivateAuthAction extends ApiAuthAction +{ + + /** + * Does this API resource require authentication? + * + * @return boolean true or false + */ + + function requiresAuth() + { + // If the site is "private", all API methods except statusnet/config + // need authentication + + if (common_config('site', 'private')) { + return true; + } + + return false; + } + +} -- cgit v1.2.3-54-g00ecf