Merge pull request #8381 from annando/Invalid-consumer-key
API: Only perform OAuth when no login data are provided
This commit is contained in:
commit
d89f90e80e
1 changed files with 18 additions and 17 deletions
|
@ -186,6 +186,18 @@ function api_register_func($path, $func, $auth = false, $method = API_METHOD_ANY
|
||||||
*/
|
*/
|
||||||
function api_login(App $a)
|
function api_login(App $a)
|
||||||
{
|
{
|
||||||
|
// workaround for HTTP-auth in CGI mode
|
||||||
|
if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) {
|
||||||
|
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
|
||||||
|
if (strlen($userpass)) {
|
||||||
|
list($name, $password) = explode(':', $userpass);
|
||||||
|
$_SERVER['PHP_AUTH_USER'] = $name;
|
||||||
|
$_SERVER['PHP_AUTH_PW'] = $password;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (empty($_SERVER['PHP_AUTH_USER'])) {
|
||||||
|
// Try OAuth when no user is provided
|
||||||
$oauth1 = new FKOAuth1();
|
$oauth1 = new FKOAuth1();
|
||||||
// login with oauth
|
// login with oauth
|
||||||
try {
|
try {
|
||||||
|
@ -200,20 +212,9 @@ function api_login(App $a)
|
||||||
var_dump($consumer, $token);
|
var_dump($consumer, $token);
|
||||||
die();
|
die();
|
||||||
} catch (Exception $e) {
|
} catch (Exception $e) {
|
||||||
Logger::warning(API_LOG_PREFIX . 'error', ['module' => 'api', 'action' => 'login', 'exception' => $e->getMessage()]);
|
Logger::warning(API_LOG_PREFIX . 'OAuth error', ['module' => 'api', 'action' => 'login', 'exception' => $e->getMessage()]);
|
||||||
}
|
}
|
||||||
|
|
||||||
// workaround for HTTP-auth in CGI mode
|
|
||||||
if (!empty($_SERVER['REDIRECT_REMOTE_USER'])) {
|
|
||||||
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"], 6));
|
|
||||||
if (strlen($userpass)) {
|
|
||||||
list($name, $password) = explode(':', $userpass);
|
|
||||||
$_SERVER['PHP_AUTH_USER'] = $name;
|
|
||||||
$_SERVER['PHP_AUTH_PW'] = $password;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (empty($_SERVER['PHP_AUTH_USER'])) {
|
|
||||||
Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]);
|
Logger::debug(API_LOG_PREFIX . 'failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]);
|
||||||
header('WWW-Authenticate: Basic realm="Friendica"');
|
header('WWW-Authenticate: Basic realm="Friendica"');
|
||||||
throw new UnauthorizedException("This API requires login");
|
throw new UnauthorizedException("This API requires login");
|
||||||
|
|
Loading…
Reference in a new issue