From: Michele Date: Sun, 17 Jan 2010 10:21:07 +0000 (+0100) Subject: HTTP auth provided is evaluated even if it's not required X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=05156b708a16c5a20d4081242c398e667792de15;p=quix0rs-gnu-social.git HTTP auth provided is evaluated even if it's not required --- diff --git a/lib/apiauth.php b/lib/apiauth.php index 691db584b7..b4292408a1 100644 --- a/lib/apiauth.php +++ b/lib/apiauth.php @@ -79,10 +79,13 @@ class ApiAuthAction extends ApiAction $this->checkOAuthRequest(); } else { $this->checkBasicAuthUser(); - // By default, all basic auth users have read and write access - - $this->access = self::READ_WRITE; } + } else { + + // Check to see if a basic auth user is there even + // if one's not required + + $this->checkBasicAuthUser(false); } return true; @@ -198,13 +201,13 @@ class ApiAuthAction extends ApiAction * @return boolean true or false */ - function checkBasicAuthUser() + function checkBasicAuthUser($required = true) { $this->basicAuthProcessHeader(); $realm = common_config('site', 'name') . ' API'; - if (!isset($this->auth_user)) { + if (!isset($this->auth_user) && $required) { header('WWW-Authenticate: Basic realm="' . $realm . '"'); // show error if the user clicks 'cancel' @@ -212,12 +215,16 @@ class ApiAuthAction extends ApiAction $this->showBasicAuthError(); exit; - } else { + } else if (isset($this->auth_user)) { $nickname = $this->auth_user; $password = $this->auth_pw; $user = common_check_user($nickname, $password); if (Event::handle('StartSetApiUser', array(&$user))) { $this->auth_user = $user; + + // By default, all basic auth users have read and write access + $this->access = self::READ_WRITE; + Event::handle('EndSetApiUser', array($user)); }