From 6ff00c9404cb2b2dddcd12d63c497c85d9d087d8 Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 27 Aug 2009 22:55:32 -0400 Subject: Implement the is_member and membership group api's --- actions/api.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'actions/api.php') diff --git a/actions/api.php b/actions/api.php index 93e33085f..f425a8dcd 100644 --- a/actions/api.php +++ b/actions/api.php @@ -133,6 +133,8 @@ class ApiAction extends Action 'groups/show', 'groups/timeline', 'groups/list_all', + 'groups/membership', + 'groups/is_member', 'groups/timeline'); static $bareauth = array('statuses/user_timeline', -- cgit v1.2.3-54-g00ecf From 0d7d4dfe5d258d2018f601f8116d629577105864 Mon Sep 17 00:00:00 2001 From: mEDI Date: Thu, 3 Sep 2009 19:32:27 +0200 Subject: add basic auth support for cgi servers on the api (trac #1832) --- actions/api.php | 46 +++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 41 insertions(+), 5 deletions(-) (limited to 'actions/api.php') diff --git a/actions/api.php b/actions/api.php index f425a8dcd..f624d6b69 100644 --- a/actions/api.php +++ b/actions/api.php @@ -27,6 +27,8 @@ class ApiAction extends Action var $api_arg; var $api_method; var $api_action; + var $auth_user; + var $auth_pw; function handle($args) { @@ -35,6 +37,7 @@ class ApiAction extends Action $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); + $this->basic_auth_process_header(); if (isset($argument)) { $cmdext = explode('.', $argument); @@ -50,7 +53,7 @@ class ApiAction extends Action } if ($this->requires_auth()) { - if (!isset($_SERVER['PHP_AUTH_USER'])) { + if (!isset($this->auth_user)) { # This header makes basic auth go header('WWW-Authenticate: Basic realm="StatusNet API"'); @@ -58,8 +61,8 @@ class ApiAction extends Action # If the user hits cancel -- bam! $this->show_basic_auth_error(); } else { - $nickname = $_SERVER['PHP_AUTH_USER']; - $password = $_SERVER['PHP_AUTH_PW']; + $nickname = $this->auth_user; + $password = $this->auth_pw; $user = common_check_user($nickname, $password); if ($user) { @@ -76,8 +79,8 @@ class ApiAction extends Action } else { // Caller might give us a username even if not required - if (isset($_SERVER['PHP_AUTH_USER'])) { - $user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']); + if (isset($this->auth_user)) { + $user = User::staticGet('nickname', $this->auth_user); if ($user) { $this->user = $user; } @@ -203,6 +206,39 @@ class ApiAction extends Action } } + function basic_auth_process_header() + { + if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) + { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION']; + } + + if(isset($_SERVER['PHP_AUTH_USER'])) + { + $this->auth_user = $_SERVER['PHP_AUTH_USER']; + $this->auth_pw = $_SERVER['PHP_AUTH_PW']; + } + elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) + { + // decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server is the header name AUTHORIZATION + + $auth_hash = base64_decode( substr($authorization_header, 6) ); + list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); + + // set all to NULL on a emty basic auth request + if($this->auth_user == "") { + $this->auth_user = NULL; + $this->auth_pw = NULL; + } + } + else + { + $this->auth_user = NULL; + $this->auth_pw = NULL; + } + } + function show_basic_auth_error() { header('HTTP/1.1 401 Unauthorized'); -- cgit v1.2.3-54-g00ecf From ebcbd3820e10e70ab2ed1bff9839a03f2948ee8f Mon Sep 17 00:00:00 2001 From: Craig Andrews Date: Thu, 3 Sep 2009 15:30:19 -0400 Subject: Fix spelling --- actions/api.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'actions/api.php') diff --git a/actions/api.php b/actions/api.php index f624d6b69..c236378bc 100644 --- a/actions/api.php +++ b/actions/api.php @@ -221,12 +221,12 @@ class ApiAction extends Action elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) { // decode the HTTP_AUTHORIZATION header on php-cgi server self - // on fcgid server is the header name AUTHORIZATION + // on fcgid server the header name is AUTHORIZATION $auth_hash = base64_decode( substr($authorization_header, 6) ); list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); - // set all to NULL on a emty basic auth request + // set all to NULL on a empty basic auth request if($this->auth_user == "") { $this->auth_user = NULL; $this->auth_pw = NULL; -- cgit v1.2.3-54-g00ecf From fcff85bb3610a0f2a77bfa72cf26ce8019ec0378 Mon Sep 17 00:00:00 2001 From: Brenda Wallace Date: Sun, 13 Sep 2009 21:55:45 +1200 Subject: code style cleanup --- actions/api.php | 106 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 61 insertions(+), 45 deletions(-) (limited to 'actions/api.php') diff --git a/actions/api.php b/actions/api.php index c236378bc..9b5f54807 100644 --- a/actions/api.php +++ b/actions/api.php @@ -1,5 +1,5 @@ . + * + * @category Actions + * @package Actions + * @author Evan Prodromou + * @author Evan Prodromou + * @author Brenda Wallace + * @author Jeffery To + * @author Robin Millette + * @author Tom Adams + * @author Christopher Vollick + * @author CiaranG + * @author Craig Andrews + * @author Evan Prodromou + * @author Evan Prodromou + * @author Gina Haeussge + * @author Mike Cochrane + * @author Sarven Capadisli + * @license GNU Affero General Public License http://www.gnu.org/licenses/ + * @link http://status.net */ -if (!defined('STATUSNET') && !defined('LACONICA')) { exit(1); } +if (!defined('STATUSNET') && !defined('LACONICA')) { + exit(1); +} class ApiAction extends Action { @@ -37,7 +58,7 @@ class ApiAction extends Action $this->api_action = $this->arg('apiaction'); $method = $this->arg('method'); $argument = $this->arg('argument'); - $this->basic_auth_process_header(); + $this->basic_auth_process_header(); if (isset($argument)) { $cmdext = explode('.', $argument); @@ -46,7 +67,7 @@ class ApiAction extends Action $this->content_type = strtolower($cmdext[1]); } else { - # Requested format / content-type will be an extension on the method + //Requested format / content-type will be an extension on the method $cmdext = explode('.', $method); $this->api_method = $cmdext[0]; $this->content_type = strtolower($cmdext[1]); @@ -55,10 +76,10 @@ class ApiAction extends Action if ($this->requires_auth()) { if (!isset($this->auth_user)) { - # This header makes basic auth go + //This header makes basic auth go header('WWW-Authenticate: Basic realm="StatusNet API"'); - # If the user hits cancel -- bam! + //If the user hits cancel -- bam! $this->show_basic_auth_error(); } else { $nickname = $this->auth_user; @@ -69,7 +90,7 @@ class ApiAction extends Action $this->user = $user; $this->process_command(); } else { - # basic authentication failed + //basic authentication failed list($proxy, $ip) = common_client_ip(); common_log(LOG_WARNING, "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip."); @@ -84,7 +105,7 @@ class ApiAction extends Action if ($user) { $this->user = $user; } - # Twitter doesn't throw an error if the user isn't found + //Twitter doesn't throw an error if the user isn't found } $this->process_command(); @@ -97,7 +118,7 @@ class ApiAction extends Action $actionfile = INSTALLDIR."/actions/$action.php"; if (file_exists($actionfile)) { - require_once($actionfile); + include_once $actionfile; $action_class = ucfirst($action)."Action"; $action_obj = new $action_class(); @@ -113,10 +134,10 @@ class ApiAction extends Action call_user_func(array($action_obj, $this->api_method), $_REQUEST, $apidata); } else { - $this->clientError("API method not found!", $code=404); + $this->clientError("API method not found!", $code = 404); } } else { - $this->clientError("API method not found!", $code=404); + $this->clientError("API method not found!", $code = 404); } } @@ -184,10 +205,11 @@ class ApiAction extends Action $user_id = $this->arg('user_id'); $screen_name = $this->arg('screen_name'); - if (empty($this->api_arg) && - empty($id) && - empty($user_id) && - empty($screen_name)) { + if (empty($this->api_arg) + && empty($id) + && empty($user_id) + && empty($screen_name) + ) { return true; } else { return false; @@ -208,35 +230,29 @@ class ApiAction extends Action function basic_auth_process_header() { - if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) - { - $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION']; - } - - if(isset($_SERVER['PHP_AUTH_USER'])) - { - $this->auth_user = $_SERVER['PHP_AUTH_USER']; - $this->auth_pw = $_SERVER['PHP_AUTH_PW']; - } - elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') ) - { - // decode the HTTP_AUTHORIZATION header on php-cgi server self - // on fcgid server the header name is AUTHORIZATION - - $auth_hash = base64_decode( substr($authorization_header, 6) ); - list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); - - // set all to NULL on a empty basic auth request - if($this->auth_user == "") { - $this->auth_user = NULL; - $this->auth_pw = NULL; - } - } - else - { - $this->auth_user = NULL; - $this->auth_pw = NULL; - } + if (isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + } + + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->auth_user = $_SERVER['PHP_AUTH_USER']; + $this->auth_pw = $_SERVER['PHP_AUTH_PW']; + } elseif (isset($authorization_header) && strstr(substr($authorization_header, 0, 5), 'Basic')) { + // decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server the header name is AUTHORIZATION + + $auth_hash = base64_decode(substr($authorization_header, 6)); + list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); + + // set all to null on a empty basic auth request + if ($this->auth_user == "") { + $this->auth_user = null; + $this->auth_pw = null; + } + } else { + $this->auth_user = null; + $this->auth_pw = null; + } } function show_basic_auth_error() @@ -252,7 +268,7 @@ class ApiAction extends Action $this->element('request', null, $_SERVER['REQUEST_URI']); $this->elementEnd('hash'); $this->endXML(); - } else if ($this->content_type == 'json') { + } else if ($this->content_type == 'json') { header('Content-Type: application/json; charset=utf-8'); $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); -- cgit v1.2.3-54-g00ecf