Merge commit 'mainline/0.9.x' into 0.9.x

author: Brenda Wallace <shiny@cpan.org> 2010-01-24 14:54:31 +1300
committer: Brenda Wallace <shiny@cpan.org> 2010-01-24 14:54:31 +1300
commit: ef3b849db05ff6ad4b9e97b38a82242a710519d1 (patch)
tree: 7a121df2e7ed4b4644b92b9652e1fc59999f84df /lib/apiauth.php
parent: 02a6006bafd663443b512c5c283b64c7dacfbbb1 (diff)
parent: 8c54151dbd2dbf99b23124ec618b2fa5570ac2ee (diff)
1 files changed, 17 insertions, 7 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php
index 691db584b..927dcad6a 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -79,10 +79,13 @@ class ApiAuthAction extends ApiAction
                 $this->checkOAuthRequest();
             } else {
                 $this->checkBasicAuthUser();
-                // By default, all basic auth users have read and write access
-
-                $this->access = self::READ_WRITE;
             }
+        } else {
+
+            // Check to see if a basic auth user is there even
+            // if one's not required
+
+            $this->checkBasicAuthUser(false);
         }
 
         return true;
@@ -145,7 +148,10 @@ class ApiAuthAction extends ApiAction
                     $this->access = ($appUser->access_type & Oauth_application::$writeAccess)
                       ? self::READ_WRITE : self::READ_ONLY;
 
-                    $this->auth_user = User::staticGet('id', $appUser->profile_id);
+                    if (Event::handle('StartSetApiUser', array(&$user))) {
+                        $this->auth_user = User::staticGet('id', $appUser->profile_id);
+                        Event::handle('EndSetApiUser', array($user));
+                    }
 
                     $msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " .
                       "application '%s' (id: %d).";
@@ -198,13 +204,13 @@ class ApiAuthAction extends ApiAction
      * @return boolean true or false
      */
 
-    function checkBasicAuthUser()
+    function checkBasicAuthUser($required = true)
     {
         $this->basicAuthProcessHeader();
 
         $realm = common_config('site', 'name') . ' API';
 
-        if (!isset($this->auth_user)) {
+        if (!isset($this->auth_user) && $required) {
             header('WWW-Authenticate: Basic realm="' . $realm . '"');
 
             // show error if the user clicks 'cancel'
@@ -212,12 +218,16 @@ class ApiAuthAction extends ApiAction
             $this->showBasicAuthError();
             exit;
 
-        } else {
+        } else if (isset($this->auth_user)) {
             $nickname = $this->auth_user;
             $password = $this->auth_pw;
             $user = common_check_user($nickname, $password);
             if (Event::handle('StartSetApiUser', array(&$user))) {
                 $this->auth_user = $user;
+
+                // By default, all basic auth users have read and write access
+                $this->access = self::READ_WRITE;
+
                 Event::handle('EndSetApiUser', array($user));
             }
author	Brenda Wallace <shiny@cpan.org>	2010-01-24 14:54:31 +1300
committer	Brenda Wallace <shiny@cpan.org>	2010-01-24 14:54:31 +1300
commit	ef3b849db05ff6ad4b9e97b38a82242a710519d1 (patch)
tree	7a121df2e7ed4b4644b92b9652e1fc59999f84df /lib/apiauth.php
parent	02a6006bafd663443b512c5c283b64c7dacfbbb1 (diff)
parent	8c54151dbd2dbf99b23124ec618b2fa5570ac2ee (diff)