Merge pull request #11106 from annando/issue-11101
Issue 11101: Fix API authentification
This commit is contained in:
commit
9f401a5952
2 changed files with 19 additions and 12 deletions
|
@ -26,12 +26,17 @@ use Friendica\Database\DBA;
|
||||||
use Friendica\DI;
|
use Friendica\DI;
|
||||||
use Friendica\Module\BaseApi;
|
use Friendica\Module\BaseApi;
|
||||||
use Friendica\Util\Network;
|
use Friendica\Util\Network;
|
||||||
|
use Psr\Http\Message\ResponseInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Apps class to register new OAuth clients
|
* Apps class to register new OAuth clients
|
||||||
*/
|
*/
|
||||||
class Apps extends BaseApi
|
class Apps extends BaseApi
|
||||||
{
|
{
|
||||||
|
public function run(array $request = [], bool $scopecheck = true): ResponseInterface
|
||||||
|
{
|
||||||
|
return parent::run($request, false);
|
||||||
|
}
|
||||||
/**
|
/**
|
||||||
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
* @throws \Friendica\Network\HTTPException\InternalServerErrorException
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -79,19 +79,21 @@ class BaseApi extends BaseModule
|
||||||
*
|
*
|
||||||
* @throws HTTPException\ForbiddenException
|
* @throws HTTPException\ForbiddenException
|
||||||
*/
|
*/
|
||||||
public function run(array $request = []): ResponseInterface
|
public function run(array $request = [], bool $scopecheck = true): ResponseInterface
|
||||||
{
|
{
|
||||||
switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
|
if ($scopecheck) {
|
||||||
case Router::DELETE:
|
switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
|
||||||
case Router::PATCH:
|
case Router::DELETE:
|
||||||
case Router::POST:
|
case Router::PATCH:
|
||||||
case Router::PUT:
|
case Router::POST:
|
||||||
self::checkAllowedScope(self::SCOPE_WRITE);
|
case Router::PUT:
|
||||||
|
self::checkAllowedScope(self::SCOPE_WRITE);
|
||||||
if (!self::getCurrentUserID()) {
|
|
||||||
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
if (!self::getCurrentUserID()) {
|
||||||
}
|
throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
|
||||||
break;
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
return parent::run($request);
|
return parent::run($request);
|
||||||
|
|
Loading…
Reference in a new issue