X-Git-Url: https://git.mxchange.org/?a=blobdiff_plain;f=lib%2Fapiauth.php;h=0d1613d381ed17de89be5410b47e1b7df2f04637;hb=69ac99ff949ab0118ff25a62471980ad0ec7a52b;hp=501d3de10e0547804bf1e6cdd4eb6ae13b852f96;hpb=ccc7caf932735a5ba245db5df36615b02e0af9e3;p=quix0rs-gnu-social.git diff --git a/lib/apiauth.php b/lib/apiauth.php index 501d3de10e..0d1613d381 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -21,7 +21,14 @@ * * @category API * @package StatusNet - * @author Zach Copley + * @author Adrian Lang + * @author Brenda Wallace + * @author Craig Andrews + * @author Dan Moore + * @author Evan Prodromou + * @author mEDI + * @author Sarven Capadisli + * @author Zach Copley * @copyright 2009 StatusNet, Inc. * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 * @link http://status.net/ @@ -31,10 +38,43 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR.'/lib/twitterapi.php'; +require_once INSTALLDIR . '/lib/api.php'; -class ApiAuthAction extends TwitterapiAction +/** + * Actions extending this class will require auth + * + * @category API + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +class ApiAuthAction extends ApiAction { + + var $auth_user = null; + + /** + * Take arguments for running, and output basic auth header if needed + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + + function prepare($args) + { + parent::prepare($args); + + if ($this->requiresAuth()) { + $this->checkBasicAuthUser(); + } + + return true; + } + /** * Does this API resource require authentication? * @@ -46,47 +86,75 @@ class ApiAuthAction extends TwitterapiAction return true; } + /** + * Check for a user specified via HTTP basic auth. If there isn't + * one, try to get one by outputting the basic auth header. + * + * @return boolean true or false + */ + function checkBasicAuthUser() { $this->basicAuthProcessHeader(); + $realm = common_config('site', 'name') . ' API'; + if (!isset($this->auth_user)) { - header('WWW-Authenticate: Basic realm="StatusNet API"'); + header('WWW-Authenticate: Basic realm="' . $realm . '"'); // show error if the user clicks 'cancel' $this->showBasicAuthError(); - return false; + exit; } else { $nickname = $this->auth_user; $password = $this->auth_pw; - $this->auth_user = common_check_user($nickname, $password); + $user = common_check_user($nickname, $password); + if (Event::handle('StartSetApiUser', array(&$user))) { + $this->auth_user = $user; + Event::handle('EndSetApiUser', array($user)); + } if (empty($this->auth_user)) { // basic authentication failed list($proxy, $ip) = common_client_ip(); - common_log(LOG_WARNING, - "Failed API auth attempt, nickname = $nickname, proxy = $proxy, ip = $ip."); + common_log( + LOG_WARNING, + 'Failed API auth attempt, nickname = ' . + "$nickname, proxy = $proxy, ip = $ip." + ); $this->showBasicAuthError(); - return false; + exit; } } return true; } + /** + * Read the HTTP headers and set the auth user. Decodes HTTP_AUTHORIZATION + * param to support basic auth when PHP is running in CGI mode. + * + * @return void + */ + function basicAuthProcessHeader() { - if (isset($_SERVER['AUTHORIZATION']) || isset($_SERVER['HTTP_AUTHORIZATION'])) { - $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION'])? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; + if (isset($_SERVER['AUTHORIZATION']) + || isset($_SERVER['HTTP_AUTHORIZATION']) + ) { + $authorization_header = isset($_SERVER['HTTP_AUTHORIZATION']) + ? $_SERVER['HTTP_AUTHORIZATION'] : $_SERVER['AUTHORIZATION']; } if (isset($_SERVER['PHP_AUTH_USER'])) { $this->auth_user = $_SERVER['PHP_AUTH_USER']; $this->auth_pw = $_SERVER['PHP_AUTH_PW']; - } elseif (isset($authorization_header) && strstr(substr($authorization_header, 0, 5), 'Basic')) { + } elseif (isset($authorization_header) + && strstr(substr($authorization_header, 0, 5), 'Basic')) { + // decode the HTTP_AUTHORIZATION header on php-cgi server self // on fcgid server the header name is AUTHORIZATION @@ -94,6 +162,7 @@ class ApiAuthAction extends TwitterapiAction list($this->auth_user, $this->auth_pw) = explode(':', $auth_hash); // set all to null on a empty basic auth request + if ($this->auth_user == "") { $this->auth_user = null; $this->auth_pw = null; @@ -104,12 +173,19 @@ class ApiAuthAction extends TwitterapiAction } } + /** + * Output an authentication error message. Use XML or JSON if one + * of those formats is specified, otherwise output plain text + * + * @return void + */ + function showBasicAuthError() { header('HTTP/1.1 401 Unauthorized'); $msg = 'Could not authenticate you.'; - if ($this->arg('format') == 'xml') { + if ($this->format == 'xml') { header('Content-Type: application/xml; charset=utf-8'); $this->startXML(); $this->elementStart('hash'); @@ -117,9 +193,10 @@ class ApiAuthAction extends TwitterapiAction $this->element('request', null, $_SERVER['REQUEST_URI']); $this->elementEnd('hash'); $this->endXML(); - } elseif ($this->arg('format') == 'json') { + } elseif ($this->format == 'json') { header('Content-Type: application/json; charset=utf-8'); - $error_array = array('error' => $msg, 'request' => $_SERVER['REQUEST_URI']); + $error_array = array('error' => $msg, + 'request' => $_SERVER['REQUEST_URI']); print(json_encode($error_array)); } else { header('Content-type: text/plain'); @@ -127,5 +204,4 @@ class ApiAuthAction extends TwitterapiAction } } - -} \ No newline at end of file +}