From: Mikael Nordfeldth Date: Mon, 9 Sep 2013 21:05:33 +0000 (+0200) Subject: Removing unnecessary require_once lines (autoload!) X-Git-Url: https://git.mxchange.org/?a=commitdiff_plain;h=a9c4bcd71f0ce046bd57ea727c140c6e91fcd013;p=quix0rs-gnu-social.git Removing unnecessary require_once lines (autoload!) --- diff --git a/actions/apiaccountratelimitstatus.php b/actions/apiaccountratelimitstatus.php index 8490e2965c..0883425513 100644 --- a/actions/apiaccountratelimitstatus.php +++ b/actions/apiaccountratelimitstatus.php @@ -35,8 +35,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * We don't have a rate limit, but some clients check this method. * It always returns the same thing: 150 hits left. diff --git a/actions/apiaccountupdatedeliverydevice.php b/actions/apiaccountupdatedeliverydevice.php index 57e4fbfa00..dd0c404456 100644 --- a/actions/apiaccountupdatedeliverydevice.php +++ b/actions/apiaccountupdatedeliverydevice.php @@ -32,8 +32,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Sets which channel (device) StatusNet delivers updates to for * the authenticating user. Sending none as the device parameter diff --git a/actions/apiaccountupdateprofile.php b/actions/apiaccountupdateprofile.php index 15b13c0f20..04151ec01e 100644 --- a/actions/apiaccountupdateprofile.php +++ b/actions/apiaccountupdateprofile.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * API analog to the profile settings page * Only the parameters specified will be updated. diff --git a/actions/apiaccountupdateprofileimage.php b/actions/apiaccountupdateprofileimage.php index 3bf064ea89..07cafbdb99 100644 --- a/actions/apiaccountupdateprofileimage.php +++ b/actions/apiaccountupdateprofileimage.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Updates the authenticating user's profile image. Note that this API method * expects raw multipart data, not a URL to an image. diff --git a/actions/apiaccountverifycredentials.php b/actions/apiaccountverifycredentials.php index 359939b0cc..ccb3bd7a60 100644 --- a/actions/apiaccountverifycredentials.php +++ b/actions/apiaccountverifycredentials.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Check a user's credentials. Returns an HTTP 200 OK response code and a * representation of the requesting user if authentication was successful; diff --git a/actions/apiatomservice.php b/actions/apiatomservice.php index 5d786723e9..8267c38b83 100644 --- a/actions/apiatomservice.php +++ b/actions/apiatomservice.php @@ -27,7 +27,9 @@ * @link http://status.net/ */ -require_once INSTALLDIR.'/lib/apibareauth.php'; +if (!defined('STATUSNET')) { + exit(1); +} /** * Shows an AtomPub service document for a user diff --git a/actions/apiblockcreate.php b/actions/apiblockcreate.php index 766d91bd41..bb0d722889 100644 --- a/actions/apiblockcreate.php +++ b/actions/apiblockcreate.php @@ -32,8 +32,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Blocks the user specified in the ID parameter as the authenticating user. * Destroys a friendship to the blocked user if it exists. Returns the diff --git a/actions/apiblockdestroy.php b/actions/apiblockdestroy.php index 7dd0859e9c..535c7a10ab 100644 --- a/actions/apiblockdestroy.php +++ b/actions/apiblockdestroy.php @@ -32,8 +32,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Un-blocks the user specified in the ID parameter for the authenticating user. * Returns the un-blocked user in the requested format when successful. diff --git a/actions/apiconversation.php b/actions/apiconversation.php index 23ddf02c5d..b3b44c7721 100644 --- a/actions/apiconversation.php +++ b/actions/apiconversation.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Show a stream of notices in a particular conversation * diff --git a/actions/apidirectmessage.php b/actions/apidirectmessage.php index 584decc747..308d143f27 100644 --- a/actions/apidirectmessage.php +++ b/actions/apidirectmessage.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Show a list of direct messages from or to the authenticating user * diff --git a/actions/apidirectmessagenew.php b/actions/apidirectmessagenew.php index d642252b4d..6d637fcb46 100644 --- a/actions/apidirectmessagenew.php +++ b/actions/apidirectmessagenew.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Creates a new direct message from the authenticating user to * the user specified by id. diff --git a/actions/apifavoritecreate.php b/actions/apifavoritecreate.php index 26e4325e65..607fb76edc 100644 --- a/actions/apifavoritecreate.php +++ b/actions/apifavoritecreate.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Favorites the status specified in the ID parameter as the authenticating user. * Returns the favorite status when successful. diff --git a/actions/apifavoritedestroy.php b/actions/apifavoritedestroy.php index af1b4075f6..02f81cf4df 100644 --- a/actions/apifavoritedestroy.php +++ b/actions/apifavoritedestroy.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Un-favorites the status specified in the ID parameter as the authenticating user. * Returns the un-favorited status in the requested format when successful. diff --git a/actions/apifriendshipscreate.php b/actions/apifriendshipscreate.php index 9932809818..acafbb964b 100644 --- a/actions/apifriendshipscreate.php +++ b/actions/apifriendshipscreate.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Allows the authenticating users to follow (subscribe) the user specified in * the ID parameter. Returns the befriended user in the requested format when diff --git a/actions/apifriendshipsdestroy.php b/actions/apifriendshipsdestroy.php index 1534aa799f..5f7c85e0af 100644 --- a/actions/apifriendshipsdestroy.php +++ b/actions/apifriendshipsdestroy.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Allows the authenticating users to unfollow (unsubscribe) the user specified in * the ID parameter. Returns the unfollowed user in the requested format when diff --git a/actions/apifriendshipsshow.php b/actions/apifriendshipsshow.php index bf7e7daf62..58e610ecdb 100644 --- a/actions/apifriendshipsshow.php +++ b/actions/apifriendshipsshow.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Outputs detailed information about the relationship between two users * diff --git a/actions/apigroupcreate.php b/actions/apigroupcreate.php index 295962896d..6992da9db9 100644 --- a/actions/apigroupcreate.php +++ b/actions/apigroupcreate.php @@ -35,8 +35,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Make a new group. Sets the authenticated user as the administrator of the group. * diff --git a/actions/apigroupismember.php b/actions/apigroupismember.php index 13ed9e1fbf..c9a363582b 100644 --- a/actions/apigroupismember.php +++ b/actions/apigroupismember.php @@ -35,8 +35,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Returns whether a user is a member of a specified group. * diff --git a/actions/apigroupjoin.php b/actions/apigroupjoin.php index 6f3df0d8cd..e18e20c5dd 100644 --- a/actions/apigroupjoin.php +++ b/actions/apigroupjoin.php @@ -35,8 +35,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Joins the authenticated user to the group speicified by ID * diff --git a/actions/apigroupleave.php b/actions/apigroupleave.php index 9d2825b00e..bdfa36aa43 100644 --- a/actions/apigroupleave.php +++ b/actions/apigroupleave.php @@ -35,8 +35,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Removes the authenticated user from the group specified by ID * diff --git a/actions/apigrouplist.php b/actions/apigrouplist.php index c7518ca129..a3fc3fc435 100644 --- a/actions/apigrouplist.php +++ b/actions/apigrouplist.php @@ -35,8 +35,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Returns whether a user is a member of a specified group. * diff --git a/actions/apigroupprofileupdate.php b/actions/apigroupprofileupdate.php index eb47fa2512..73b3823e36 100644 --- a/actions/apigroupprofileupdate.php +++ b/actions/apigroupprofileupdate.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * API analog to the group edit page * diff --git a/actions/apilist.php b/actions/apilist.php index 90cbfddb69..56d0f0f1bc 100644 --- a/actions/apilist.php +++ b/actions/apilist.php @@ -30,8 +30,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - class ApiListAction extends ApiBareAuthAction { /** diff --git a/actions/apilistmember.php b/actions/apilistmember.php index 8e6a84c96d..1d56a3dbc7 100644 --- a/actions/apilistmember.php +++ b/actions/apilistmember.php @@ -30,8 +30,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Action handler for Twitter list_memeber methods * diff --git a/actions/apilistmemberships.php b/actions/apilistmemberships.php index 3d235c5d93..9dc48fa8d4 100644 --- a/actions/apilistmemberships.php +++ b/actions/apilistmemberships.php @@ -30,8 +30,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Action handler for API method to list lists a user belongs to. * (people tags for a user) diff --git a/actions/apilists.php b/actions/apilists.php index 5eab3e6a1f..529bdd6785 100644 --- a/actions/apilists.php +++ b/actions/apilists.php @@ -30,8 +30,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Action handler for Twitter list_memeber methods * diff --git a/actions/apilistsubscriber.php b/actions/apilistsubscriber.php index cd10568e1b..9d7fde329f 100644 --- a/actions/apilistsubscriber.php +++ b/actions/apilistsubscriber.php @@ -29,8 +29,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - class ApiListSubscriberAction extends ApiBareAuthAction { var $list = null; diff --git a/actions/apilistsubscriptions.php b/actions/apilistsubscriptions.php index 480523033b..263d00ca30 100644 --- a/actions/apilistsubscriptions.php +++ b/actions/apilistsubscriptions.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - class ApiListSubscriptionsAction extends ApiBareAuthAction { var $lists = array(); diff --git a/actions/apimediaupload.php b/actions/apimediaupload.php index 0b08dbedf1..9c888ce3ed 100644 --- a/actions/apimediaupload.php +++ b/actions/apimediaupload.php @@ -30,9 +30,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Upload an image via the API. Returns a shortened URL for the image * to the user. diff --git a/actions/apistatusesdestroy.php b/actions/apistatusesdestroy.php index 1f97b1a9de..db41c87ad0 100644 --- a/actions/apistatusesdestroy.php +++ b/actions/apistatusesdestroy.php @@ -38,8 +38,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Deletes one of the authenticating user's statuses (notices). * diff --git a/actions/apistatusesretweet.php b/actions/apistatusesretweet.php index feed505fb2..ee391fdb4a 100644 --- a/actions/apistatusesretweet.php +++ b/actions/apistatusesretweet.php @@ -31,9 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Repeat a notice through the API * diff --git a/actions/apistatusesretweets.php b/actions/apistatusesretweets.php index 3a1a43bc63..7af4cd3ec6 100644 --- a/actions/apistatusesretweets.php +++ b/actions/apistatusesretweets.php @@ -31,9 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Show up to 100 repeats of a notice * diff --git a/actions/apistatusesupdate.php b/actions/apistatusesupdate.php index 9144f09002..7209ae3333 100644 --- a/actions/apistatusesupdate.php +++ b/actions/apistatusesupdate.php @@ -129,9 +129,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Updates the authenticating user's status (posts a notice). * diff --git a/actions/apisubscriptions.php b/actions/apisubscriptions.php index 84731ac00f..be53086ee4 100644 --- a/actions/apisubscriptions.php +++ b/actions/apisubscriptions.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * This class outputs a list of profiles as Twitter-style user and status objects. * It is used by the API methods /api/statuses/(friends|followers). To support the diff --git a/actions/apitimelinefavorites.php b/actions/apitimelinefavorites.php index e2cb7c2ee2..7e8dd7aad6 100644 --- a/actions/apitimelinefavorites.php +++ b/actions/apitimelinefavorites.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR.'/lib/apibareauth.php'; - /** * Returns the 20 most recent favorite notices for the authenticating user or user * specified by the ID parameter in the requested format. diff --git a/actions/apitimelinefriends.php b/actions/apitimelinefriends.php index 591baccfcc..ed4cce4908 100644 --- a/actions/apitimelinefriends.php +++ b/actions/apitimelinefriends.php @@ -133,8 +133,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Returns the most recent notices (default 20) posted by the target user. * This is the equivalent of 'You and friends' page accessed via Web. diff --git a/actions/apitimelinehome.php b/actions/apitimelinehome.php index 22c6cc5f94..1ca74b208e 100644 --- a/actions/apitimelinehome.php +++ b/actions/apitimelinehome.php @@ -38,8 +38,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Returns the most recent notices (default 20) posted by the target user. * This is the equivalent of 'You and friends' page accessed via Web. diff --git a/actions/apitimelinementions.php b/actions/apitimelinementions.php index 07fbdf0b67..4ba8a4966b 100644 --- a/actions/apitimelinementions.php +++ b/actions/apitimelinementions.php @@ -38,8 +38,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Returns the most recent (default 20) mentions (status containing @nickname) * diff --git a/actions/apitimelineretweetedbyme.php b/actions/apitimelineretweetedbyme.php index 5fe9609159..01f3fe378b 100644 --- a/actions/apitimelineretweetedbyme.php +++ b/actions/apitimelineretweetedbyme.php @@ -31,9 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Show authenticating user's most recent repeats * diff --git a/actions/apitimelineretweetedtome.php b/actions/apitimelineretweetedtome.php index 2ea84f16e3..85f52f7388 100644 --- a/actions/apitimelineretweetedtome.php +++ b/actions/apitimelineretweetedtome.php @@ -31,8 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Show most recent notices that are repeats in user's inbox * diff --git a/actions/apitimelineretweetsofme.php b/actions/apitimelineretweetsofme.php index d01db87b93..fe90213665 100644 --- a/actions/apitimelineretweetsofme.php +++ b/actions/apitimelineretweetsofme.php @@ -31,9 +31,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Show authenticating user's most recent notices that have been repeated * diff --git a/actions/apitimelineuser.php b/actions/apitimelineuser.php index 19e1a52d15..2540c036c1 100644 --- a/actions/apitimelineuser.php +++ b/actions/apitimelineuser.php @@ -38,8 +38,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Returns the most recent notices (default 20) posted by the authenticating * user. Another user's timeline can be requested via the id parameter. This diff --git a/actions/apiuserfollowers.php b/actions/apiuserfollowers.php index a5a429259d..61d743e27c 100644 --- a/actions/apiuserfollowers.php +++ b/actions/apiuserfollowers.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Ouputs the authenticating user's followers (subscribers), each with * current Twitter-style status inline. They are ordered by the order diff --git a/actions/apiuserfriends.php b/actions/apiuserfriends.php index b77d08097c..be6ccba273 100644 --- a/actions/apiuserfriends.php +++ b/actions/apiuserfriends.php @@ -33,8 +33,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - /** * Ouputs the authenticating user's friends (subscriptions), each with * current Twitter-style status inline. They are ordered by the date diff --git a/actions/atompubfavoritefeed.php b/actions/atompubfavoritefeed.php index 8d5fde8150..837a9da3e9 100644 --- a/actions/atompubfavoritefeed.php +++ b/actions/atompubfavoritefeed.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Feed of ActivityStreams 'favorite' actions * diff --git a/actions/atompubmembershipfeed.php b/actions/atompubmembershipfeed.php index 57d7317eef..e5ca8b0a5a 100644 --- a/actions/atompubmembershipfeed.php +++ b/actions/atompubmembershipfeed.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Feed of group memberships for a user, in ActivityStreams format * diff --git a/actions/atompubshowfavorite.php b/actions/atompubshowfavorite.php index d8f371a39c..436e88e693 100644 --- a/actions/atompubshowfavorite.php +++ b/actions/atompubshowfavorite.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Show a single favorite in Atom Activity Streams format. * diff --git a/actions/atompubshowmembership.php b/actions/atompubshowmembership.php index 025e2cb83e..ad6aa6c1d0 100644 --- a/actions/atompubshowmembership.php +++ b/actions/atompubshowmembership.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Show (or delete) a single membership event as an ActivityStreams entry * diff --git a/actions/atompubshowsubscription.php b/actions/atompubshowsubscription.php index 4dbb2af2e0..ec3949c4d8 100644 --- a/actions/atompubshowsubscription.php +++ b/actions/atompubshowsubscription.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Show a single subscription * diff --git a/actions/atompubsubscriptionfeed.php b/actions/atompubsubscriptionfeed.php index 744a970d60..1b9f4b98a5 100644 --- a/actions/atompubsubscriptionfeed.php +++ b/actions/atompubsubscriptionfeed.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apiauth.php'; - /** * Subscription feed class for AtomPub * diff --git a/actions/newnotice.php b/actions/newnotice.php index 9ac8d46b6e..1c8f956b5d 100644 --- a/actions/newnotice.php +++ b/actions/newnotice.php @@ -34,9 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/noticelist.php'; -require_once INSTALLDIR . '/lib/mediafile.php'; - /** * Action for posting new notices * diff --git a/lib/apiauth.php b/lib/apiauth.php deleted file mode 100644 index 499c502480..0000000000 --- a/lib/apiauth.php +++ /dev/null @@ -1,380 +0,0 @@ -. - * - * @category API - * @package StatusNet - * @author Adrian Lang - * @author Brenda Wallace - * @author Craig Andrews - * @author Dan Moore - * @author Evan Prodromou - * @author mEDI - * @author Sarven Capadisli - * @author Zach Copley - * @copyright 2009-2010 StatusNet, Inc. - * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -/* External API usage documentation. Please update when you change how this method works. */ - -/*! @page authentication Authentication - - StatusNet supports HTTP Basic Authentication and OAuth for API calls. - - @warning Currently, users who have created accounts without setting a - password via OpenID, Facebook Connect, etc., cannot use the API until - they set a password with their account settings panel. - - @section HTTP Basic Auth - - - - @section OAuth - -*/ - -if (!defined('STATUSNET')) { - exit(1); -} - -require_once INSTALLDIR . '/lib/apioauth.php'; - -/** - * Actions extending this class will require auth - * - * @category API - * @package StatusNet - * @author Zach Copley - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ -class ApiAuthAction extends ApiAction -{ - var $auth_user_nickname = null; - var $auth_user_password = null; - - /** - * Take arguments for running, looks for an OAuth request, - * and outputs basic auth header if needed - * - * @param array $args $_REQUEST args - * - * @return boolean success flag - * - */ - function prepare($args) - { - parent::prepare($args); - - // NOTE: $this->auth_user has to get set in prepare(), not handle(), - // because subclasses do stuff with it in their prepares. - - $oauthReq = $this->getOAuthRequest(); - - if (!$oauthReq) { - if ($this->requiresAuth()) { - $this->checkBasicAuthUser(true); - } else { - // Check to see if a basic auth user is there even - // if one's not required - $this->checkBasicAuthUser(false); - } - } else { - $this->checkOAuthRequest($oauthReq); - } - - // NOTE: Make sure we're scoped properly based on the auths! - if (isset($this->auth_user) && !empty($this->auth_user)) { - $this->scoped = $this->auth_user->getProfile(); - } else { - $this->scoped = null; - } - - // Reject API calls with the wrong access level - - if ($this->isReadOnly($args) == false) { - if ($this->access != self::READ_WRITE) { - // TRANS: Client error 401. - $msg = _('API resource requires read-write access, ' . - 'but you only have read access.'); - $this->clientError($msg, 401, $this->format); - exit; - } - } - - return true; - } - - /** - * Determine whether the request is an OAuth request. - * This is to avoid doign any unnecessary DB lookups. - * - * @return mixed the OAuthRequest or false - */ - function getOAuthRequest() - { - ApiOauthAction::cleanRequest(); - - $req = OAuthRequest::from_request(); - - $consumer = $req->get_parameter('oauth_consumer_key'); - $accessToken = $req->get_parameter('oauth_token'); - - // XXX: Is it good enough to assume it's not meant to be an - // OAuth request if there is no consumer or token? --Z - - if (empty($consumer) || empty($accessToken)) { - return false; - } - - return $req; - } - - /** - * Verifies the OAuth request signature, sets the auth user - * and access type (read-only or read-write) - * - * @param OAuthRequest $request the OAuth Request - * - * @return nothing - */ - function checkOAuthRequest($request) - { - $datastore = new ApiStatusNetOAuthDataStore(); - $server = new OAuthServer($datastore); - $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); - - $server->add_signature_method($hmac_method); - - try { - $server->verify_request($request); - - $consumer = $request->get_parameter('oauth_consumer_key'); - $access_token = $request->get_parameter('oauth_token'); - - $app = Oauth_application::getByConsumerKey($consumer); - - if (empty($app)) { - common_log( - LOG_WARNING, - 'API OAuth - Couldn\'t find the OAuth app for consumer key: ' . - $consumer - ); - // TRANS: OAuth exception thrown when no application is found for a given consumer key. - throw new OAuthException(_('No application for that consumer key.')); - } - - // set the source attr - if ($app->name != 'anonymous') { - $this->source = $app->name; - } - - - $appUser = Oauth_application_user::getKV('token', $access_token); - - if (!empty($appUser)) { - // If access_type == 0 we have either a request token - // or a bad / revoked access token - - if ($appUser->access_type != 0) { - // Set the access level for the api call - $this->access = ($appUser->access_type & Oauth_application::$writeAccess) - ? self::READ_WRITE : self::READ_ONLY; - - // Set the auth user - if (Event::handle('StartSetApiUser', array(&$user))) { - $user = User::getKV('id', $appUser->profile_id); - if (!empty($user)) { - if (!$user->hasRight(Right::API)) { - // TRANS: Authorization exception thrown when a user without API access tries to access the API. - throw new AuthorizationException(_('Not allowed to use API.')); - } - } - $this->auth_user = $user; - // FIXME: setting the value returned by common_current_user() - // There should probably be a better method for this. common_set_user() - // does lots of session stuff. - global $_cur; - $_cur = $this->auth_user; - Event::handle('EndSetApiUser', array($user)); - } - - $msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . - "application '%s' (id: %d) with %s access."; - - common_log( - LOG_INFO, - sprintf( - $msg, - $this->auth_user->nickname, - $this->auth_user->id, - $app->name, - $app->id, - ($this->access = self::READ_WRITE) ? 'read-write' : 'read-only' - ) - ); - } else { - // TRANS: OAuth exception given when an incorrect access token was given for a user. - throw new OAuthException(_('Bad access token.')); - } - } else { - // Also should not happen. - // TRANS: OAuth exception given when no user was found for a given token (no token was found). - throw new OAuthException(_('No user for that token.')); - } - - } catch (OAuthException $e) { - $this->logAuthFailure($e->getMessage()); - common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); - $this->clientError($e->getMessage(), 401, $this->format); - exit; - } - } - - /** - * Does this API resource require authentication? - * - * @return boolean true - */ - function requiresAuth() - { - return true; - } - - /** - * Check for a user specified via HTTP basic auth. If there isn't - * one, try to get one by outputting the basic auth header. - * - * @return boolean true or false - */ - function checkBasicAuthUser($required = true) - { - $this->basicAuthProcessHeader(); - - $realm = common_config('api', 'realm'); - - if (empty($realm)) { - $realm = common_config('site', 'name') . ' API'; - } - - if (empty($this->auth_user_nickname) && $required) { - header('WWW-Authenticate: Basic realm="' . $realm . '"'); - - // show error if the user clicks 'cancel' - // TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel". - $this->clientError(_('Could not authenticate you.'), 401, $this->format); - exit; - - } else { - - $user = common_check_user($this->auth_user_nickname, - $this->auth_user_password); - - if (Event::handle('StartSetApiUser', array(&$user))) { - - if (!empty($user)) { - if (!$user->hasRight(Right::API)) { - // TRANS: Authorization exception thrown when a user without API access tries to access the API. - throw new AuthorizationException(_('Not allowed to use API.')); - } - $this->auth_user = $user; - } - - Event::handle('EndSetApiUser', array($user)); - } - - // By default, basic auth users have rw access - $this->access = self::READ_WRITE; - - if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) { - $msg = sprintf( - "basic auth nickname = %s", - $this->auth_user_nickname - ); - $this->logAuthFailure($msg); - // TRANS: Client error thrown when authentication fails. - $this->clientError(_('Could not authenticate you.'), 401, $this->format); - exit; - } - } - } - - /** - * Read the HTTP headers and set the auth user. Decodes HTTP_AUTHORIZATION - * param to support basic auth when PHP is running in CGI mode. - * - * @return void - */ - function basicAuthProcessHeader() - { - $authHeaders = array('AUTHORIZATION', - 'HTTP_AUTHORIZATION', - 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI - $authorization_header = null; - foreach ($authHeaders as $header) { - if (isset($_SERVER[$header])) { - $authorization_header = $_SERVER[$header]; - break; - } - } - - if (isset($_SERVER['PHP_AUTH_USER'])) { - $this->auth_user_nickname = $_SERVER['PHP_AUTH_USER']; - $this->auth_user_password = $_SERVER['PHP_AUTH_PW']; - } elseif (isset($authorization_header) - && strstr(substr($authorization_header, 0, 5), 'Basic')) { - - // Decode the HTTP_AUTHORIZATION header on php-cgi server self - // on fcgid server the header name is AUTHORIZATION - $auth_hash = base64_decode(substr($authorization_header, 6)); - list($this->auth_user_nickname, - $this->auth_user_password) = explode(':', $auth_hash); - - // Set all to null on a empty basic auth request - - if (empty($this->auth_user_nickname)) { - $this->auth_user_nickname = null; - $this->auth_password = null; - } - } - } - - /** - * Log an API authentication failure. Collect the proxy and IP - * and log them - * - * @param string $logMsg additional log message - */ - function logAuthFailure($logMsg) - { - list($proxy, $ip) = common_client_ip(); - - $msg = sprintf( - 'API auth failure (proxy = %1$s, ip = %2$s) - ', - $proxy, - $ip - ); - - common_log(LOG_WARNING, $msg . $logMsg); - } -} diff --git a/lib/apiauthaction.php b/lib/apiauthaction.php new file mode 100644 index 0000000000..3edcda4cb7 --- /dev/null +++ b/lib/apiauthaction.php @@ -0,0 +1,376 @@ +. + * + * @category API + * @package StatusNet + * @author Adrian Lang + * @author Brenda Wallace + * @author Craig Andrews + * @author Dan Moore + * @author Evan Prodromou + * @author mEDI + * @author Sarven Capadisli + * @author Zach Copley + * @copyright 2009-2010 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +/* External API usage documentation. Please update when you change how this method works. */ + +/*! @page authentication Authentication + + StatusNet supports HTTP Basic Authentication and OAuth for API calls. + + @warning Currently, users who have created accounts without setting a + password via OpenID, Facebook Connect, etc., cannot use the API until + they set a password with their account settings panel. + + @section HTTP Basic Auth + + + + @section OAuth + +*/ + +if (!defined('STATUSNET')) { + exit(1); +} + +require_once INSTALLDIR . '/lib/apioauth.php'; + +/** + * Actions extending this class will require auth + * + * @category API + * @package StatusNet + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ +class ApiAuthAction extends ApiAction +{ + var $auth_user_nickname = null; + var $auth_user_password = null; + + /** + * Take arguments for running, looks for an OAuth request, + * and outputs basic auth header if needed + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + function prepare($args) + { + parent::prepare($args); + + // NOTE: $this->auth_user has to get set in prepare(), not handle(), + // because subclasses do stuff with it in their prepares. + + $oauthReq = $this->getOAuthRequest(); + + if (!$oauthReq) { + if ($this->requiresAuth()) { + $this->checkBasicAuthUser(true); + } else { + // Check to see if a basic auth user is there even + // if one's not required + $this->checkBasicAuthUser(false); + } + } else { + $this->checkOAuthRequest($oauthReq); + } + + // NOTE: Make sure we're scoped properly based on the auths! + $this->scoped = $this->auth_user->getProfile(); + + // Reject API calls with the wrong access level + + if ($this->isReadOnly($args) == false) { + if ($this->access != self::READ_WRITE) { + // TRANS: Client error 401. + $msg = _('API resource requires read-write access, ' . + 'but you only have read access.'); + $this->clientError($msg, 401, $this->format); + exit; + } + } + + return true; + } + + /** + * Determine whether the request is an OAuth request. + * This is to avoid doign any unnecessary DB lookups. + * + * @return mixed the OAuthRequest or false + */ + function getOAuthRequest() + { + ApiOauthAction::cleanRequest(); + + $req = OAuthRequest::from_request(); + + $consumer = $req->get_parameter('oauth_consumer_key'); + $accessToken = $req->get_parameter('oauth_token'); + + // XXX: Is it good enough to assume it's not meant to be an + // OAuth request if there is no consumer or token? --Z + + if (empty($consumer) || empty($accessToken)) { + return false; + } + + return $req; + } + + /** + * Verifies the OAuth request signature, sets the auth user + * and access type (read-only or read-write) + * + * @param OAuthRequest $request the OAuth Request + * + * @return nothing + */ + function checkOAuthRequest($request) + { + $datastore = new ApiStatusNetOAuthDataStore(); + $server = new OAuthServer($datastore); + $hmac_method = new OAuthSignatureMethod_HMAC_SHA1(); + + $server->add_signature_method($hmac_method); + + try { + $server->verify_request($request); + + $consumer = $request->get_parameter('oauth_consumer_key'); + $access_token = $request->get_parameter('oauth_token'); + + $app = Oauth_application::getByConsumerKey($consumer); + + if (empty($app)) { + common_log( + LOG_WARNING, + 'API OAuth - Couldn\'t find the OAuth app for consumer key: ' . + $consumer + ); + // TRANS: OAuth exception thrown when no application is found for a given consumer key. + throw new OAuthException(_('No application for that consumer key.')); + } + + // set the source attr + if ($app->name != 'anonymous') { + $this->source = $app->name; + } + + + $appUser = Oauth_application_user::getKV('token', $access_token); + + if (!empty($appUser)) { + // If access_type == 0 we have either a request token + // or a bad / revoked access token + + if ($appUser->access_type != 0) { + // Set the access level for the api call + $this->access = ($appUser->access_type & Oauth_application::$writeAccess) + ? self::READ_WRITE : self::READ_ONLY; + + // Set the auth user + if (Event::handle('StartSetApiUser', array(&$user))) { + $user = User::getKV('id', $appUser->profile_id); + if (!empty($user)) { + if (!$user->hasRight(Right::API)) { + // TRANS: Authorization exception thrown when a user without API access tries to access the API. + throw new AuthorizationException(_('Not allowed to use API.')); + } + } + $this->auth_user = $user; + // FIXME: setting the value returned by common_current_user() + // There should probably be a better method for this. common_set_user() + // does lots of session stuff. + global $_cur; + $_cur = $this->auth_user; + Event::handle('EndSetApiUser', array($user)); + } + + $msg = "API OAuth authentication for user '%s' (id: %d) on behalf of " . + "application '%s' (id: %d) with %s access."; + + common_log( + LOG_INFO, + sprintf( + $msg, + $this->auth_user->nickname, + $this->auth_user->id, + $app->name, + $app->id, + ($this->access = self::READ_WRITE) ? 'read-write' : 'read-only' + ) + ); + } else { + // TRANS: OAuth exception given when an incorrect access token was given for a user. + throw new OAuthException(_('Bad access token.')); + } + } else { + // Also should not happen. + // TRANS: OAuth exception given when no user was found for a given token (no token was found). + throw new OAuthException(_('No user for that token.')); + } + + } catch (OAuthException $e) { + $this->logAuthFailure($e->getMessage()); + common_log(LOG_WARNING, 'API OAuthException - ' . $e->getMessage()); + $this->clientError($e->getMessage(), 401, $this->format); + exit; + } + } + + /** + * Does this API resource require authentication? + * + * @return boolean true + */ + function requiresAuth() + { + return true; + } + + /** + * Check for a user specified via HTTP basic auth. If there isn't + * one, try to get one by outputting the basic auth header. + * + * @return boolean true or false + */ + function checkBasicAuthUser($required = true) + { + $this->basicAuthProcessHeader(); + + $realm = common_config('api', 'realm'); + + if (empty($realm)) { + $realm = common_config('site', 'name') . ' API'; + } + + if (empty($this->auth_user_nickname) && $required) { + header('WWW-Authenticate: Basic realm="' . $realm . '"'); + + // show error if the user clicks 'cancel' + // TRANS: Client error thrown when authentication fails becaus a user clicked "Cancel". + $this->clientError(_('Could not authenticate you.'), 401, $this->format); + exit; + + } else { + + $user = common_check_user($this->auth_user_nickname, + $this->auth_user_password); + + if (Event::handle('StartSetApiUser', array(&$user))) { + + if (!empty($user)) { + if (!$user->hasRight(Right::API)) { + // TRANS: Authorization exception thrown when a user without API access tries to access the API. + throw new AuthorizationException(_('Not allowed to use API.')); + } + $this->auth_user = $user; + } + + Event::handle('EndSetApiUser', array($user)); + } + + // By default, basic auth users have rw access + $this->access = self::READ_WRITE; + + if (empty($this->auth_user) && ($required || isset($_SERVER['PHP_AUTH_USER']))) { + $msg = sprintf( + "basic auth nickname = %s", + $this->auth_user_nickname + ); + $this->logAuthFailure($msg); + // TRANS: Client error thrown when authentication fails. + $this->clientError(_('Could not authenticate you.'), 401, $this->format); + exit; + } + } + } + + /** + * Read the HTTP headers and set the auth user. Decodes HTTP_AUTHORIZATION + * param to support basic auth when PHP is running in CGI mode. + * + * @return void + */ + function basicAuthProcessHeader() + { + $authHeaders = array('AUTHORIZATION', + 'HTTP_AUTHORIZATION', + 'REDIRECT_HTTP_AUTHORIZATION'); // rewrite for CGI + $authorization_header = null; + foreach ($authHeaders as $header) { + if (isset($_SERVER[$header])) { + $authorization_header = $_SERVER[$header]; + break; + } + } + + if (isset($_SERVER['PHP_AUTH_USER'])) { + $this->auth_user_nickname = $_SERVER['PHP_AUTH_USER']; + $this->auth_user_password = $_SERVER['PHP_AUTH_PW']; + } elseif (isset($authorization_header) + && strstr(substr($authorization_header, 0, 5), 'Basic')) { + + // Decode the HTTP_AUTHORIZATION header on php-cgi server self + // on fcgid server the header name is AUTHORIZATION + $auth_hash = base64_decode(substr($authorization_header, 6)); + list($this->auth_user_nickname, + $this->auth_user_password) = explode(':', $auth_hash); + + // Set all to null on a empty basic auth request + + if (empty($this->auth_user_nickname)) { + $this->auth_user_nickname = null; + $this->auth_password = null; + } + } + } + + /** + * Log an API authentication failure. Collect the proxy and IP + * and log them + * + * @param string $logMsg additional log message + */ + function logAuthFailure($logMsg) + { + list($proxy, $ip) = common_client_ip(); + + $msg = sprintf( + 'API auth failure (proxy = %1$s, ip = %2$s) - ', + $proxy, + $ip + ); + + common_log(LOG_WARNING, $msg . $logMsg); + } +} diff --git a/lib/apibareauth.php b/lib/apibareauth.php deleted file mode 100644 index 043181b07a..0000000000 --- a/lib/apibareauth.php +++ /dev/null @@ -1,103 +0,0 @@ -. - * - * @category API - * @package StatusNet - * @author Adrian Lang - * @author Brenda Wallace - * @author Craig Andrews - * @author Dan Moore - * @author Evan Prodromou - * @author mEDI - * @author Sarven Capadisli - * @author Zach Copley - * @copyright 2009 StatusNet, Inc. - * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ - -if (!defined('STATUSNET')) { - exit(1); -} - -require_once INSTALLDIR.'/lib/apiauth.php'; - -/** - * Actions extending this class will require auth unless a target - * user ID has been specified - * - * @category API - * @package StatusNet - * @author Adrian Lang - * @author Brenda Wallace - * @author Craig Andrews - * @author Dan Moore - * @author Evan Prodromou - * @author mEDI - * @author Sarven Capadisli - * @author Zach Copley - * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 - * @link http://status.net/ - */ -class ApiBareAuthAction extends ApiAuthAction -{ - /** - * Take arguments for running - * - * @param array $args $_REQUEST args - * - * @return boolean success flag - * - */ - function prepare($args) - { - parent::prepare($args); - return true; - } - - /** - * Does this API resource require authentication? - * - * @return boolean true or false - */ - function requiresAuth() - { - // If the site is "private", all API methods except statusnet/config - // need authentication - if (common_config('site', 'private')) { - return true; - } - - // check whether a user has been specified somehow - $id = $this->arg('id'); - $user_id = $this->arg('user_id'); - $screen_name = $this->arg('screen_name'); - - if (empty($id) && empty($user_id) && empty($screen_name)) { - return true; - } - - return false; - } -} diff --git a/lib/apibareauthaction.php b/lib/apibareauthaction.php new file mode 100644 index 0000000000..8c20a031e8 --- /dev/null +++ b/lib/apibareauthaction.php @@ -0,0 +1,101 @@ +. + * + * @category API + * @package StatusNet + * @author Adrian Lang + * @author Brenda Wallace + * @author Craig Andrews + * @author Dan Moore + * @author Evan Prodromou + * @author mEDI + * @author Sarven Capadisli + * @author Zach Copley + * @copyright 2009 StatusNet, Inc. + * @copyright 2009 Free Software Foundation, Inc http://www.fsf.org + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ + +if (!defined('STATUSNET')) { + exit(1); +} + +/** + * Actions extending this class will require auth unless a target + * user ID has been specified + * + * @category API + * @package StatusNet + * @author Adrian Lang + * @author Brenda Wallace + * @author Craig Andrews + * @author Dan Moore + * @author Evan Prodromou + * @author mEDI + * @author Sarven Capadisli + * @author Zach Copley + * @license http://www.fsf.org/licensing/licenses/agpl-3.0.html GNU Affero General Public License version 3.0 + * @link http://status.net/ + */ +class ApiBareAuthAction extends ApiAuthAction +{ + /** + * Take arguments for running + * + * @param array $args $_REQUEST args + * + * @return boolean success flag + * + */ + function prepare($args) + { + parent::prepare($args); + return true; + } + + /** + * Does this API resource require authentication? + * + * @return boolean true or false + */ + function requiresAuth() + { + // If the site is "private", all API methods except statusnet/config + // need authentication + if (common_config('site', 'private')) { + return true; + } + + // check whether a user has been specified somehow + $id = $this->arg('id'); + $user_id = $this->arg('user_id'); + $screen_name = $this->arg('screen_name'); + + if (empty($id) && empty($user_id) && empty($screen_name)) { + return true; + } + + return false; + } +} diff --git a/lib/apilistusers.php b/lib/apilistusers.php index 04fc46730d..0838228ba0 100644 --- a/lib/apilistusers.php +++ b/lib/apilistusers.php @@ -29,8 +29,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR . '/lib/apibareauth.php'; - class ApiListUsersAction extends ApiBareAuthAction { var $list = null; diff --git a/lib/apiprivateauth.php b/lib/apiprivateauth.php index df401c382e..12f9898463 100644 --- a/lib/apiprivateauth.php +++ b/lib/apiprivateauth.php @@ -40,8 +40,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR.'/lib/apiauth.php'; - /** * Actions extending this class will require auth only if a site is private * diff --git a/lib/mailhandler.php b/lib/mailhandler.php index 75e4e1c1e4..188e848703 100644 --- a/lib/mailhandler.php +++ b/lib/mailhandler.php @@ -18,7 +18,6 @@ */ require_once(INSTALLDIR . '/lib/mail.php'); -require_once(INSTALLDIR . '/lib/mediafile.php'); require_once('Mail/mimeDecode.php'); // @todo FIXME: we use both Mail_mimeDecode and mailparse diff --git a/plugins/Bookmark/actions/apitimelinebookmarks.php b/plugins/Bookmark/actions/apitimelinebookmarks.php index 34dbfa75d3..58aac5d21c 100644 --- a/plugins/Bookmark/actions/apitimelinebookmarks.php +++ b/plugins/Bookmark/actions/apitimelinebookmarks.php @@ -34,8 +34,6 @@ if (!defined('STATUSNET')) { exit(1); } -require_once INSTALLDIR.'/lib/apibareauth.php'; - /** * Returns the 20 most recent favorite notices for the authenticating user or user * specified by the ID parameter in the requested format.