diff --git a/include/api.php b/include/api.php index 88736e1f0..0b925aee0 100644 --- a/include/api.php +++ b/include/api.php @@ -175,6 +175,7 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * Simple Auth allow username in form of
user@server, ignoring server part * * @param App $a App + * @param bool $do_login try to log in when not logged in, otherwise quit silently * @throws ForbiddenException * @throws InternalServerErrorException * @throws UnauthorizedException @@ -185,8 +186,10 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY * 'authenticated' => return status, * 'user_record' => return authenticated user record */ -function api_login(App $a) +function api_login(App $a, bool $do_login = true) { + $_SESSION["allow_api"] = false; + // workaround for HTTP-auth in CGI mode if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6)); @@ -216,6 +219,10 @@ function api_login(App $a) Logger::warning(API_LOG_PREFIX . 'OAuth error', ['module' => 'api', 'action' => 'login', 'exception' => $e->getMessage()]); } + if (!$do_login) { + return; + } + Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]); header('WWW-Authenticate: Basic realm="Friendica"'); throw new UnauthorizedException("This API requires login"); @@ -257,6 +264,9 @@ function api_login(App $a) } if (!DBA::isResult($record)) { + if (!$do_login) { + return; + } Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]); header('WWW-Authenticate: Basic realm="Friendica"'); //header('HTTP/1.0 401 Unauthorized'); diff --git a/src/Module/BaseApi.php b/src/Module/BaseApi.php index d62014afc..c161159e2 100644 --- a/src/Module/BaseApi.php +++ b/src/Module/BaseApi.php @@ -91,6 +91,22 @@ class BaseApi extends BaseModule return (bool)self::$current_user_id; } + /** + * Get current user id, returns 0 if not logged in + * + * @return int User ID + */ + protected static function getCurrentUserID() + { + if (is_null(self::$current_user_id)) { + api_login(DI::app(), false); + + self::$current_user_id = api_user(); + } + + return (int)self::$current_user_id; + } + /** * Get user info array. *