From: Mikael Nordfeldth Date: Fri, 9 Oct 2015 13:43:17 +0000 (+0200) Subject: Make Bsaic Auth work properly with RW actions X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=5dc718c54d4c32c593e341f3b28c15549f747f49;p=quix0rs-gnu-social.git Make Bsaic Auth work properly with RW actions --- diff --git a/lib/apiauthaction.php b/lib/apiauthaction.php index 2f2e50a4d7..0e81082c35 100644 --- a/lib/apiauthaction.php +++ b/lib/apiauthaction.php @@ -295,7 +295,7 @@ class ApiAuthAction extends ApiAction // TRANS: Client error thrown when authentication fails because a user clicked "Cancel". $this->clientError(_('Could not authenticate you.'), 401); - } elseif ($required) { + } else { // $this->auth_user_nickname - i.e. PHP_AUTH_USER - will have a value since it was not empty $user = common_check_user($this->auth_user_nickname, @@ -314,10 +314,10 @@ class ApiAuthAction extends ApiAction $this->auth_user = null; } - // By default, basic auth users have rw access - $this->access = self::READ_WRITE; - - if (!$this->auth_user instanceof User) { + if ($required && $this->auth_user instanceof User) { + // By default, basic auth users have rw access + $this->access = self::READ_WRITE; + } elseif ($required) { $msg = sprintf( "basic auth nickname = %s", $this->auth_user_nickname @@ -328,10 +328,10 @@ class ApiAuthAction extends ApiAction header('WWW-Authenticate: Basic realm="' . $realm . '"'); // TRANS: Client error thrown when authentication fails. $this->clientError(_('Could not authenticate you.'), 401); + } else { + // all get rw access for actions that don't require auth + $this->access = self::READ_WRITE; } - } else { - // all get rw access for actions that don't require auth - $this->access = self::READ_WRITE; } }