exit(1);
}
-require_once INSTALLDIR . '/lib/api.php';
require_once INSTALLDIR . '/lib/apioauth.php';
/**
{
var $auth_user_nickname = null;
var $auth_user_password = null;
+ var $oauth_source = null;
/**
* Take arguments for running, looks for an OAuth request,
// NOTE: $this->auth_user has to get set in prepare(), not handle(),
// because subclasses do stuff with it in their prepares.
- if ($this->requiresAuth()) {
+ $oauthReq = $this->getOAuthRequest();
- $oauthReq = $this->getOAuthRequest();
-
- if (!$oauthReq) {
+ if (!$oauthReq) {
+ if ($this->requiresAuth()) {
$this->checkBasicAuthUser(true);
} else {
- $this->checkOAuthRequest($oauthReq);
+ // Check to see if a basic auth user is there even
+ // if one's not required
+ $this->checkBasicAuthUser(false);
}
} else {
-
- // Check to see if a basic auth user is there even
- // if one's not required
- $this->checkBasicAuthUser(false);
+ $this->checkOAuthRequest($oauthReq);
}
// Reject API calls with the wrong access level
* This is to avoid doign any unnecessary DB lookups.
*
* @return mixed the OAuthRequest or false
- *
*/
function getOAuthRequest()
* @param OAuthRequest $request the OAuth Request
*
* @return nothing
- *
*/
function checkOAuthRequest($request)
{
$this->basicAuthProcessHeader();
- $realm = common_config('site', 'name') . ' API';
+ $realm = common_config('api', 'realm');
- if (!isset($this->auth_user_nickname) && $required) {
+ if (empty($realm)) {
+ $realm = common_config('site', 'name') . ' API';
+ }
+
+ if (empty($this->auth_user_nickname) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel'
$this->access = self::READ_WRITE;
- if (empty($this->auth_user) && $required) {
+ if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) {
// basic authentication failed
function basicAuthProcessHeader()
{
- if (isset($_SERVER['AUTHORIZATION'])
- || isset($_SERVER['HTTP_AUTHORIZATION'])
- ) {
- $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])
- ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION'];
+ $authHeaders = array('AUTHORIZATION',
+ 'HTTP_AUTHORIZATION',
+ 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI
+ $authorization_header = null;
+ foreach ($authHeaders as $header) {
+ if (isset($_SERVER[$header])) {
+ $authorization_header = $_SERVER[$header];
+ break;
+ }
}
if (isset($_SERVER['PHP_AUTH_USER'])) {