wamo/gnu-social
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Integrate qvitter ApiAuthAction (thanks hannes2peer)

Browse Source
This commit is contained in:
Mikael Nordfeldth 2014-11-10 11:38:50 +01:00
parent e59f9fd32d
commit 6f5086fc52
1 changed files with 35 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
lib/apiauthaction.php
View File

@ -82,9 +82,19 @@ class ApiAuthAction extends ApiAction
{ {
parent::prepare($args); parent::prepare($args);
// NOTE: $this->auth_user has to get set in prepare(), not handle(), // NOTE: $this->scoped and $this->auth_user has to get set in
// because subclasses do stuff with it in their prepares. // prepare(), not handle(), as subclasses use them in prepares.
// Allow regular login session
if (common_logged_in()) {
$this->scoped = Profile::current();
$this->auth_user = $this->scoped->getUser();
if (!$this->auth_user->hasRight(Right::API)) {
// TRANS: Authorization exception thrown when a user without API access tries to access the API.
throw new AuthorizationException(_('Not allowed to use API.'));
}
$this->access = self::READ_WRITE;
} else {
$oauthReq = $this->getOAuthRequest(); $oauthReq = $this->getOAuthRequest();
if (!$oauthReq) { if (!$oauthReq) {
@ -100,11 +110,12 @@ class ApiAuthAction extends ApiAction
} }
// NOTE: Make sure we're scoped properly based on the auths! // NOTE: Make sure we're scoped properly based on the auths!
if (isset($this->auth_user) && !empty($this->auth_user)) { if (isset($this->auth_user) && $this->auth_user instanceof User) {
$this->scoped = $this->auth_user->getProfile(); $this->scoped = $this->auth_user->getProfile();
} else { } else {
$this->scoped = null; $this->scoped = null;
} }
}
// legacy user transferral // legacy user transferral
// TODO: remove when sure no extended classes need it // TODO: remove when sure no extended classes need it
@ -279,10 +290,10 @@ class ApiAuthAction extends ApiAction
header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel' // show error if the user clicks 'cancel'
// TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel". // TRANS: Client error thrown when authentication fails because a user clicked "Cancel".
$this->clientError(_('Could not authenticate you.'), 401); $this->clientError(_('Could not authenticate you.'), 401);
} else { } elseif ($required) {
$user = common_check_user($this->auth_user_nickname, $user = common_check_user($this->auth_user_nickname,
$this->auth_user_password); $this->auth_user_password);
@ -312,6 +323,9 @@ class ApiAuthAction extends ApiAction
// TRANS: Client error thrown when authentication fails. // TRANS: Client error thrown when authentication fails.
$this->clientError(_('Could not authenticate you.'), 401); $this->clientError(_('Could not authenticate you.'), 401);
} }
} else {
// all get rw access for actions that don't need auth
$this->access = self::READ_WRITE;
} }
} }