diff options
author | Brion Vibber <brion@pobox.com> | 2010-07-12 14:21:57 -0700 |
---|---|---|
committer | Brion Vibber <brion@pobox.com> | 2010-07-12 14:21:57 -0700 |
commit | cd29d3d646379aa9a1352035973c8e379cc7f42b (patch) | |
tree | e064c5292c546e6df8eaad9609a56150f69c62c3 /lib/apiauth.php | |
parent | bd8506eee883ecd424fdf3d7e545c10c754df6ff (diff) | |
parent | 1b3b7f9a422f6b703ec36d43e2283f91a9835f3b (diff) |
Merge branch '0.9.x' of gitorious.org:statusnet/mainline into 0.9.x
Diffstat (limited to 'lib/apiauth.php')
-rw-r--r-- | lib/apiauth.php | 51 |
1 files changed, 39 insertions, 12 deletions
diff --git a/lib/apiauth.php b/lib/apiauth.php index 5090871cf..91cb64262 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -30,10 +30,29 @@ * @author Sarven Capadisli <csarven@status.net> * @author Zach Copley <zach@status.net> * @copyright 2009-2010 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ */ +/* External API usage documentation. Please update when you change how this method works. */ + +/*! @page authentication Authentication + + StatusNet supports HTTP Basic Authentication and OAuth for API calls. + + @warning Currently, users who have created accounts without setting a + password via OpenID, Facebook Connect, etc., cannot use the API until + they set a password with their account settings panel. + + @section HTTP Basic Auth + + + + @section OAuth + +*/ + if (!defined('STATUSNET')) { exit(1); } @@ -54,7 +73,6 @@ class ApiAuthAction extends ApiAction { var $auth_user_nickname = null; var $auth_user_password = null; - var $oauth_source = null; /** * Take arguments for running, looks for an OAuth request, @@ -91,6 +109,7 @@ class ApiAuthAction extends ApiAction if ($this->isReadOnly($args) == false) { if ($this->access != self::READ_WRITE) { + // TRANS: Client error 401. $msg = _('API resource requires read-write access, ' . 'but you only have read access.'); $this->clientError($msg, 401, $this->format); @@ -162,7 +181,7 @@ class ApiAuthAction extends ApiAction // set the source attr - $this->oauth_source = $app->name; + $this->source = $app->name; $appUser = Oauth_application_user::staticGet('token', $access_token); @@ -235,9 +254,13 @@ class ApiAuthAction extends ApiAction { $this->basicAuthProcessHeader(); - $realm = common_config('site', 'name') . ' API'; + $realm = common_config('api', 'realm'); - if (!isset($this->auth_user_nickname) && $required) { + if (empty($realm)) { + $realm = common_config('site', 'name') . ' API'; + } + + if (empty($this->auth_user_nickname) && $required) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); // show error if the user clicks 'cancel' @@ -263,14 +286,14 @@ class ApiAuthAction extends ApiAction $this->access = self::READ_WRITE; - if (empty($this->auth_user) && $required) { + if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) { // basic authentication failed list($proxy, $ip) = common_client_ip(); - $msg = sprintf(_('Failed API auth attempt, nickname = %1$s, ' . - 'proxy = %2$s, ip = %3$s'), + $msg = sprintf( 'Failed API auth attempt, nickname = %1$s, ' . + 'proxy = %2$s, ip = %3$s', $this->auth_user_nickname, $proxy, $ip); @@ -290,11 +313,15 @@ class ApiAuthAction extends ApiAction function basicAuthProcessHeader() { - if (isset($_SERVER['AUTHORIZATION']) - || isset($_SERVER['HTTP_AUTHORIZATION']) - ) { - $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION']) - ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + $authHeaders = array('AUTHORIZATION', + 'HTTP_AUTHORIZATION', + 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI + $authorization_header = null; + foreach ($authHeaders as $header) { + if (isset($_SERVER[$header])) { + $authorization_header = $_SERVER[$header]; + break; + } } if (isset($_SERVER['PHP_AUTH_USER'])) { |