Commit Graph

43 Commits

Author SHA1 Message Date
Evan Prodromou
d7a16929b9 Set the current user on API calls 2011-05-25 14:01:22 -04:00
Evan Prodromou
a838891c0e set the current user in api actions 2011-05-25 13:04:35 -04:00
Siebrand Mazeland
7abecb61bd i18n/L10n updates.
Translator documentation updated.
Superfluous whitespace removed.
Some FIXMEs added.
2011-04-01 19:47:24 +02:00
Evan Prodromou
1525acdca1 Extend authorization framework to cover login and API use
I've extended the rights framework (centering on the Right class and Profile::hasRight()) to cover
Web login and API use. This will make it possible to prevent login and API use by users.

I added two new Right constants to the Right class: WEBLOGIN and API. I check these rights using
Profile::hasRight() when initializing users. If the rights check fails, I throw an exception.

I created a new AuthorizationException class for this particular
exception, in order to allow a different UI for these kinds of exceptions (or whatever).
2011-02-21 10:20:42 -05:00
Zach Copley
3a24b95edb Fix a couple spelling mistakes in comments and remove redundant statement terminator 2011-01-20 10:44:05 -08:00
Siebrand Mazeland
dc62cf1c0b * i18n/L10n fixes.
* translator documentation updated/added.
* superfluous whitespace removed.
2010-10-20 19:34:27 +02:00
Zach Copley
e8b6d7c946 Add support for an anonymous OAuth consumer. Note: this requires a
small DB tweak.  Oauth_application_user needs to have the primary
compound key: (profile_id, application_id, token).

http://status.net/open-source/issues/2761

This should also make it possible to have multiple access tokens
per application.

http://status.net/open-source/issues/2788
2010-10-19 20:54:53 -07:00
Zach Copley
5866493cae OAuth - better log messages 2010-10-19 12:07:59 -07:00
Siebrand Mazeland
8c94ebf537 * update/add translator documentation
* remove superfluous whitespace
2010-09-13 21:10:54 +02:00
Zach Copley
65862d8f7f Suppress HTTP error headers for JSONP API output 2010-07-16 14:40:22 -07:00
Craig Andrews
6317f7d92b Assigning my copyrights to the Free Software Foundation 2010-05-27 18:27:33 -04:00
Zach Copley
3c9686e80f Fix for repeats from the API having null source attribution 2010-05-07 16:32:24 -07:00
Zach Copley
1b561065b0 Some initial Doxygen-based documentation for the API 2010-04-22 13:11:49 -07:00
Siebrand Mazeland
9b788471d4 Add translator documentation. 2010-04-10 22:50:15 +02:00
Siebrand Mazeland
1661be6851 i18n for low level logging is not needed. 2010-04-10 21:59:17 +02:00
Zach Copley
b82e55356d Return an http auth error, when a client sends in an invalid auth user, even when http auth is not required. 2010-03-26 19:58:15 +00:00
Brion Vibber
1c942afa60 Workaround for HTTP authentication in the API when running PHP as CGI/FastCGI. Example rewrite lines added as comments in htaccess.sample, API tweaked to accept alternate environment var form. 2010-03-17 10:52:11 -07:00
Zach Copley
7f2253759c A blank username should never be allowed. 2010-03-10 03:39:05 +00:00
Evan Prodromou
5f7aa6f2e3 make API realm configurable 2010-03-08 12:36:03 -05:00
Zach Copley
e650794300 Remove unnecessary requires 2010-02-25 22:06:31 -08:00
Zach Copley
2085b506d4 Always check for an OAuth request. This allows OAuth clients to set an
auth user, similar to how they can set one via http basic auth,
even if one is not required.  I think I finally got this right.
2010-02-02 23:17:28 +00:00
Zach Copley
48a1a5a2dc Adjust API authentication to also check for OAuth protocol params in the
HTTP Authorization header, as defined in OAuth HTTP Authorization Scheme.
2010-01-29 01:49:38 +00:00
Zach Copley
f296f04abd Remove debugging statement 2010-01-28 01:24:40 +00:00
Zach Copley
324590c46e Some adjustments to the way API auth works after merging testing and 0.9.x 2010-01-28 00:45:06 +00:00
Michele
b0a325f7d0 HTTP auth provided is evaluated even if it's not required 2010-01-27 14:06:27 -08:00
Zach Copley
923b7de3c6 - Check for read-only vs. read-write access to protected API resources (OAuth)
- Some cleanup
2010-01-27 08:41:26 +00:00
Zach Copley
4daf76212a - Had to remove checking read vs. read-write in OAuth authenticated methods
- Will now pick up source attr from OAuth app
2010-01-25 00:51:56 +00:00
Zach Copley
8b24b5ac7b Add Start/EndSetApiUser events when setting API user via OAuth 2010-01-24 16:46:37 -08:00
Zach Copley
1f8ddf716d Check for read vs. read-write access on OAuth authenticated API mehtods. 2010-01-24 16:36:06 -08:00
Zach Copley
8da5e98cba OAuth 1.0 working now 2010-01-24 16:36:04 -08:00
Zach Copley
8e91e05392 Make API auth handle OAuth requests w/access tokens 2010-01-24 16:36:03 -08:00
Zach Copley
a199bd808a Fix issue with favorited/following always being set to false 2009-12-14 18:16:45 +00:00
Craig Andrews
d07df8a796 Added Authorization plugin
Added LDAPAuthorization plugin
2009-11-18 14:19:43 -05:00
Brion Vibber
088081675f Revert "Remove more contractions"
This reverts commit 5ab709b739.

Missed this one yesterday...
2009-11-09 20:01:46 +01:00
Siebrand Mazeland
5ab709b739 Remove more contractions
* doesn't
* won't
* isn't
* don't
2009-11-08 23:32:15 +01:00
Zach Copley
870b091693 Added in credits. 2009-10-12 16:36:00 -07:00
Zach Copley
4efbe32f6a Use site's name for basic auth realm 2009-10-12 15:12:20 -07:00
Zach Copley
559918826a Remove more redundant $formats 2009-10-09 17:11:40 -07:00
Zach Copley
743c844084 Move all basic auth output and processing to base classes 2009-10-09 16:57:22 -07:00
Zach Copley
bb08611def Delete action/api.php and rename lib/twitterapi.php to lib/api.php 2009-10-09 14:22:18 -07:00
Zach Copley
e307adfbfc New actions for /statuses/friends and /statuses/followers + social graph methods 2009-09-30 10:22:26 -07:00
Zach Copley
37bdc060c5 phpcs on apifriendstimeline.php, apiauth.php and apibareauth.php 2009-09-27 15:33:46 -07:00
Zach Copley
de5ff19713 Moved basic auth stuff into its own classes 2009-09-25 16:58:35 -07:00