add basic auth support for cgi servers on the api (trac #1832)
This commit is contained in:
parent
0c95734a68
commit
0d7d4dfe5d
|
@ -27,6 +27,8 @@ class ApiAction extends Action
|
||||||
var $api_arg;
|
var $api_arg;
|
||||||
var $api_method;
|
var $api_method;
|
||||||
var $api_action;
|
var $api_action;
|
||||||
|
var $auth_user;
|
||||||
|
var $auth_pw;
|
||||||
|
|
||||||
function handle($args)
|
function handle($args)
|
||||||
{
|
{
|
||||||
|
@ -35,6 +37,7 @@ class ApiAction extends Action
|
||||||
$this->api_action = $this->arg('apiaction');
|
$this->api_action = $this->arg('apiaction');
|
||||||
$method = $this->arg('method');
|
$method = $this->arg('method');
|
||||||
$argument = $this->arg('argument');
|
$argument = $this->arg('argument');
|
||||||
|
$this->basic_auth_process_header();
|
||||||
|
|
||||||
if (isset($argument)) {
|
if (isset($argument)) {
|
||||||
$cmdext = explode('.', $argument);
|
$cmdext = explode('.', $argument);
|
||||||
|
@ -50,7 +53,7 @@ class ApiAction extends Action
|
||||||
}
|
}
|
||||||
|
|
||||||
if ($this->requires_auth()) {
|
if ($this->requires_auth()) {
|
||||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
if (!isset($this->auth_user)) {
|
||||||
|
|
||||||
# This header makes basic auth go
|
# This header makes basic auth go
|
||||||
header('WWW-Authenticate: Basic realm="StatusNet API"');
|
header('WWW-Authenticate: Basic realm="StatusNet API"');
|
||||||
|
@ -58,8 +61,8 @@ class ApiAction extends Action
|
||||||
# If the user hits cancel -- bam!
|
# If the user hits cancel -- bam!
|
||||||
$this->show_basic_auth_error();
|
$this->show_basic_auth_error();
|
||||||
} else {
|
} else {
|
||||||
$nickname = $_SERVER['PHP_AUTH_USER'];
|
$nickname = $this->auth_user;
|
||||||
$password = $_SERVER['PHP_AUTH_PW'];
|
$password = $this->auth_pw;
|
||||||
$user = common_check_user($nickname, $password);
|
$user = common_check_user($nickname, $password);
|
||||||
|
|
||||||
if ($user) {
|
if ($user) {
|
||||||
|
@ -76,8 +79,8 @@ class ApiAction extends Action
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// Caller might give us a username even if not required
|
// Caller might give us a username even if not required
|
||||||
if (isset($_SERVER['PHP_AUTH_USER'])) {
|
if (isset($this->auth_user)) {
|
||||||
$user = User::staticGet('nickname', $_SERVER['PHP_AUTH_USER']);
|
$user = User::staticGet('nickname', $this->auth_user);
|
||||||
if ($user) {
|
if ($user) {
|
||||||
$this->user = $user;
|
$this->user = $user;
|
||||||
}
|
}
|
||||||
|
@ -203,6 +206,39 @@ class ApiAction extends Action
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function basic_auth_process_header()
|
||||||
|
{
|
||||||
|
if(isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION']))
|
||||||
|
{
|
||||||
|
$authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])?$_SERVER['HTTP_AUTHORIZATION']:$_SERVER['AUTHORIZATION'];
|
||||||
|
}
|
||||||
|
|
||||||
|
if(isset($_SERVER['PHP_AUTH_USER']))
|
||||||
|
{
|
||||||
|
$this->auth_user = $_SERVER['PHP_AUTH_USER'];
|
||||||
|
$this->auth_pw = $_SERVER['PHP_AUTH_PW'];
|
||||||
|
}
|
||||||
|
elseif ( isset($authorization_header) && strstr(substr($authorization_header, 0,5),'Basic') )
|
||||||
|
{
|
||||||
|
// decode the HTTP_AUTHORIZATION header on php-cgi server self
|
||||||
|
// on fcgid server is the header name AUTHORIZATION
|
||||||
|
|
||||||
|
$auth_hash = base64_decode( substr($authorization_header, 6) );
|
||||||
|
list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash);
|
||||||
|
|
||||||
|
// set all to NULL on a emty basic auth request
|
||||||
|
if($this->auth_user == "") {
|
||||||
|
$this->auth_user = NULL;
|
||||||
|
$this->auth_pw = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
$this->auth_user = NULL;
|
||||||
|
$this->auth_pw = NULL;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
function show_basic_auth_error()
|
function show_basic_auth_error()
|
||||||
{
|
{
|
||||||
header('HTTP/1.1 401 Unauthorized');
|
header('HTTP/1.1 401 Unauthorized');
|
||||||
|
|
Loading…
Reference in New Issue
Block a user