// Set the auth user
if (Event::handle('StartSetApiUser', array(&$user))) {
- $this->auth_user = User::staticGet('id', $appUser->profile_id);
+ $user = User::staticGet('id', $appUser->profile_id);
+ if (!empty($user)) {
+ if (!$user->hasRight(Right::API)) {
+ // TRANS: Authorization exception thrown when a user without API access tries to access the API.
+ throw new AuthorizationException(_('Not allowed to use API.'));
+ }
+ }
+ $this->auth_user = $user;
Event::handle('EndSetApiUser', array($user));
}
throw new OAuthException(_('Bad access token.'));
}
} else {
- // Also should not happen
+ // Also should not happen.
// TRANS: OAuth exception given when no user was found for a given token (no token was found).
throw new OAuthException(_('No user for that token.'));
}
// show error if the user clicks 'cancel'
// TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel".
- $this->clientError(_("Could not authenticate you."), 401, $this->format);
+ $this->clientError(_('Could not authenticate you.'), 401, $this->format);
exit;
} else {
if (Event::handle('StartSetApiUser', array(&$user))) {
if (!empty($user)) {
+ if (!$user->hasRight(Right::API)) {
+ // TRANS: Authorization exception thrown when a user without API access tries to access the API.
+ throw new AuthorizationException(_('Not allowed to use API.'));
+ }
$this->auth_user = $user;
}
);
$this->logAuthFailure($msg);
// TRANS: Client error thrown when authentication fails.
- $this->clientError(_("Could not authenticate you."), 401, $this->format);
+ $this->clientError(_('Could not authenticate you.'), 401, $this->format);
exit;
}
}
}
/**
- * Log an API authentication failer. Collect the proxy and IP
+ * Log an API authentication failure. Collect the proxy and IP
* and log them
*
* @param string $logMsg additional log message
*/
-
function logAuthFailure($logMsg)
{
list($proxy, $ip) = common_client_ip();
projects / quix0rs-gnu-social.git / blobdiff