1
0
Fork 0

Merge pull request #11106 from annando/issue-11101

Issue 11101: Fix API authentification
This commit is contained in:
Philipp 2021-12-17 09:09:15 +01:00 committed by GitHub
commit 9f401a5952
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 19 additions and 12 deletions

View file

@ -26,12 +26,17 @@ use Friendica\Database\DBA;
use Friendica\DI; use Friendica\DI;
use Friendica\Module\BaseApi; use Friendica\Module\BaseApi;
use Friendica\Util\Network; use Friendica\Util\Network;
use Psr\Http\Message\ResponseInterface;
/** /**
* Apps class to register new OAuth clients * Apps class to register new OAuth clients
*/ */
class Apps extends BaseApi class Apps extends BaseApi
{ {
public function run(array $request = [], bool $scopecheck = true): ResponseInterface
{
return parent::run($request, false);
}
/** /**
* @throws \Friendica\Network\HTTPException\InternalServerErrorException * @throws \Friendica\Network\HTTPException\InternalServerErrorException
*/ */

View file

@ -79,19 +79,21 @@ class BaseApi extends BaseModule
* *
* @throws HTTPException\ForbiddenException * @throws HTTPException\ForbiddenException
*/ */
public function run(array $request = []): ResponseInterface public function run(array $request = [], bool $scopecheck = true): ResponseInterface
{ {
switch ($this->server['REQUEST_METHOD'] ?? Router::GET) { if ($scopecheck) {
case Router::DELETE: switch ($this->server['REQUEST_METHOD'] ?? Router::GET) {
case Router::PATCH: case Router::DELETE:
case Router::POST: case Router::PATCH:
case Router::PUT: case Router::POST:
self::checkAllowedScope(self::SCOPE_WRITE); case Router::PUT:
self::checkAllowedScope(self::SCOPE_WRITE);
if (!self::getCurrentUserID()) {
throw new HTTPException\ForbiddenException($this->t('Permission denied.')); if (!self::getCurrentUserID()) {
} throw new HTTPException\ForbiddenException($this->t('Permission denied.'));
break; }
break;
}
} }
return parent::run($request); return parent::run($request);