From 324590c46eba2900164d0487a2d525ea4e9f93b8 Mon Sep 17 00:00:00 2001
From: Zach Copley <zach@status.net>
Date: Thu, 28 Jan 2010 00:41:44 +0000
Subject: Some adjustments to the way API auth works after merging testing and
 0.9.x

---
 lib/apiauth.php | 39 ++++++++++++++++++++++++---------------
 1 file changed, 24 insertions(+), 15 deletions(-)

(limited to 'lib/apiauth.php')

diff --git a/lib/apiauth.php b/lib/apiauth.php
index ac5e997c7..d441014ad 100644
--- a/lib/apiauth.php
+++ b/lib/apiauth.php
@@ -57,7 +57,6 @@ class ApiAuthAction extends ApiAction
     var $auth_user_password = null;
     var $access_token       = null;
     var $oauth_source       = null;
-    var $auth_user          = null;
 
     /**
      * Take arguments for running, and output basic auth header if needed
@@ -82,22 +81,27 @@ class ApiAuthAction extends ApiAction
             if (!empty($this->access_token)) {
                 $this->checkOAuthRequest();
             } else {
-                $this->checkBasicAuthUser();
+                $this->checkBasicAuthUser(true);
             }
         } else {
 
             // Check to see if a basic auth user is there even
             // if one's not required
 
-            $this->checkBasicAuthUser(false);
+            if (empty($this->access_token)) {
+                $this->checkBasicAuthUser(false);
+            }
         }
 
         // Reject API calls with the wrong access level
 
         if ($this->isReadOnly($args) == false) {
+
+            common_debug(get_class($this) . ' is not read-only!');
+
             if ($this->access != self::READ_WRITE) {
-                $msg = 'API resource requires read-write access, ' .
-                       'but you only have read access.';
+                $msg = _('API resource requires read-write access, ' .
+                         'but you only have read access.');
                 $this->clientError($msg, 401, $this->format);
                 exit;
             }
@@ -176,7 +180,7 @@ class ApiAuthAction extends ApiAction
                                                  ($this->access = self::READ_WRITE) ?
                                                  'read-write' : 'read-only'
                                                  ));
-                    return true;
+                    return;
                 } else {
                     throw new OAuthException('Bad access token.');
                 }
@@ -228,9 +232,14 @@ class ApiAuthAction extends ApiAction
 
         } else {
 
+            $user = common_check_user($this->auth_user_nickname,
+                                      $this->auth_user_password);
+
             if (Event::handle('StartSetApiUser', array(&$user))) {
-                $this->auth_user = common_check_user($this->auth_user_nickname,
-                                                     $this->auth_user_password);
+
+                if (!empty($user)) {
+                    $this->auth_user = $user;
+                }
 
                 Event::handle('EndSetApiUser', array($user));
             }
@@ -239,18 +248,18 @@ class ApiAuthAction extends ApiAction
 
             $this->access = self::READ_WRITE;
 
-            if (empty($this->auth_user)) {
+            if (empty($this->auth_user) && $required) {
 
                 // basic authentication failed
 
                 list($proxy, $ip) = common_client_ip();
 
-                common_log(
-                    LOG_WARNING,
-                    'Failed API auth attempt, nickname = ' .
-                    "$nickname, proxy = $proxy, ip = $ip."
-                );
-
+                $msg = sprintf(_('Failed API auth attempt, nickname = %1$s, ' .
+                         'proxy = %2$s, ip = %3$s'),
+                               $this->auth_user_nickname,
+                               $proxy,
+                               $ip);
+                common_log(LOG_WARNING, $msg);
                 $this->showAuthError();
                 exit;
             }
-- 
cgit v1.2.3-54-g00ecf