better login (logout didn't work properly)

2014-05-16 12:36:30 +02:00 · 2014-05-16 12:36:30 +02:00 · 4bbb4601e4
commit 4bbb4601e4
parent 3cbe54d48b
4 changed files with 142 additions and 29 deletions
--- a/QvitterPlugin.php
+++ b/QvitterPlugin.php
@ -84,6 +84,9 @@ class QvitterPlugin extends Plugin {
 		$m->connect('api/qvitter/update_background_color.json',
 					array('action' => 'apiqvitterupdatebackgroundcolor'));

+		$m->connect('api/qvitter/checklogin.json',
+					array('action' => 'apiqvitterchecklogin'));					
+
        $m->connect('settings/qvitter',
                    array('action' => 'qvittersettings'));
        $m->connect('main/qlogin',
--- a/actions/apiqvitterchecklogin.php
+++ b/actions/apiqvitterchecklogin.php
@ -0,0 +1,97 @@
+<?php
+/**
+ * StatusNet, the distributed open-source microblogging tool
+ *
+ * Test if supplied user credentials are valid.
+ *
+ * PHP version 5
+ *
+ * LICENCE: This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ *
+ * @category  API
+ * @package   StatusNet
+ * @author    Evan Prodromou <evan@status.net>
+ * @author    Robin Millette <robin@millette.info>
+ * @author    Zach Copley <zach@status.net>
+ * @copyright 2009 StatusNet, Inc.
+ * @license   http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link      http://status.net/
+ */
+
+if (!defined('STATUSNET')) {
+    exit(1);
+}
+
+/**
+ * Check a user's credentials. Returns an HTTP 200 OK response code and a
+ * representation of the requesting user if authentication was successful;
+ * returns a 401 status code and an error message if not.
+ *
+ * @category API
+ * @package  StatusNet
+ * @author   Evan Prodromou <evan@status.net>
+ * @author   Robin Millette <robin@millette.info>
+ * @author   Zach Copley <zach@status.net>
+ * @license  http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0
+ * @link     http://status.net/
+ */
+class ApiQvitterCheckLoginAction extends ApiAuthAction
+{
+    /**
+     * Handle the request
+     *
+     * Check whether the credentials are valid and output the result
+     *
+     * @param array $args $_REQUEST data (unused)
+     *
+     * @return void
+     */
+    function handle($args)
+    {
+        parent::handle($args);
+
+        if ($_SERVER['REQUEST_METHOD'] != 'POST') {
+            $this->clientError(
+                // TRANS: Client error. POST is a HTTP command. It should not be translated.
+                _('This method requires a POST.'),
+                400,
+                $this->format
+            );
+            return;
+        }
+        
+		$user = common_check_user($this->arg('username'),
+								  $this->arg('password'));   
+		
+		if($user) {
+			$user = true;
+			}
+
+		$this->initDocument('json');
+		$this->showJsonObjects($user);
+		$this->endDocument('json');
+    }
+
+    /**
+     * Is this action read only?
+     *
+     * @param array $args other arguments
+     *
+     * @return boolean true
+     */
+    function isReadOnly($args)
+    {
+        return true;
+    }
+}
--- a/edited-gnu-social-files/lib/apiauthaction.php
+++ b/edited-gnu-social-files/lib/apiauthaction.php
@ -85,9 +85,10 @@ class ApiAuthAction extends ApiAction
        // NOTE: $this->auth_user has to get set in prepare(), not handle(),
        // because subclasses do stuff with it in their prepares.

-		// qvitterfix
-        if (common_current_user()) {
-        	$this->auth_user = common_current_user();
+
+		// qvitterfix, accepts regular login session
+        if ($this->scoped) {
+        	$this->auth_user = $this->scoped;
        	$this->access = self::READ_WRITE;
        }
        
@ -293,34 +294,42 @@ class ApiAuthAction extends ApiAction

        } else {

-            $user = common_check_user($this->auth_user_nickname,
-                                      $this->auth_user_password);
+// 				COMMENTED OUT BECAUSE MAKES NO SENSE!! 
+// 				THIS IS PUBLIC AND SHOULD BE SHOWN EVEN 
+// 				IF LOGIN CREDENTIALS ARE INVALID /Hannes 2014-05-16

-            if (Event::handle('StartSetApiUser', array(&$user))) {
-
-                if (!empty($user)) {
-                    if (!$user->hasRight(Right::API)) {
-                        // TRANS: Authorization exception thrown when a user without API access tries to access the API.
-                        throw new AuthorizationException(_('Not allowed to use API.'));
-                    }
-                    $this->auth_user = $user;
-                }
-
-                Event::handle('EndSetApiUser', array($user));
-            }
+//             $user = common_check_user($this->auth_user_nickname,
+//                                       $this->auth_user_password);
+// 
+//             if (Event::handle('StartSetApiUser', array(&$user))) {
+// 
+//                 if (!empty($user)) {
+//                     if (!$user->hasRight(Right::API)) {
+//                         // TRANS: Authorization exception thrown when a user without API access tries to access the API.
+//                         throw new AuthorizationException(_('Not allowed to use API.'));
+//                     }
+//                     $this->auth_user = $user;
+//                 }
+// 
+//                 Event::handle('EndSetApiUser', array($user));
+//             }

            // By default, basic auth users have rw access
            $this->access = self::READ_WRITE;
+            
+// 				COMMENTED OUT BECAUSE MAKES NO SENSE!! 
+// 				THIS IS PUBLIC AND SHOULD BE SHOWN EVEN 
+// 				IF LOGIN CREDENTIALS ARE INVALID /Hannes 2014-05-16            

-            if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
-                $msg = sprintf(
-                    "basic auth nickname = %s",
-                    $this->auth_user_nickname
-                );
-                $this->logAuthFailure($msg);
-                // TRANS: Client error thrown when authentication fails.
-                $this->clientError(_('Could not authenticate you.'), 401);
-            }
+//             if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
+//                 $msg = sprintf(
+//                     "basic auth nickname = %s",
+//                     $this->auth_user_nickname
+//                 );
+//                 $this->logAuthFailure($msg);
+//                 // TRANS: Client error thrown when authentication fails.
+//                 $this->clientError(_('Could not authenticate you.'), 401);
+//             }
        }
    }

--- a/js/ajax-functions.js
+++ b/js/ajax-functions.js
@ -57,14 +57,18 @@ function timeNow() {
   · · · · · · · · · */
    
 function checkLogin(username,password,actionOnSuccess) { 
- 	$.ajax({ url: 'http://' + username + ':' + password + '@qvitter.dev/api/account/verify_credentials.json', 
-	 	type: 'GET',	 	
+ 	$.ajax({ url: 'http://qvitter.dev/api/qvitter/checklogin.json', 
+	 	type: 'POST',
+	 	data: { 
+			username: username,
+			password: password
+			},	 	
 	 	dataType: 'json', 
 	 	error: function() {
 	 		logoutWithoutReload(true);
 	 		},
 		success: function(data) { 					
-			if(typeof data.error == 'undefined') {
+			if(typeof data.error == 'undefined' && data !== false) {
 				actionOnSuccess(data);
 				}
 			else {