friendica
/
friendica
mirror of https://github.com/friendica/friendica
6
0
Fork 1
Code Issues Packages Projects Releases 1 Wiki Activity

Added "source" detection

This commit is contained in:
Michael 2021-06-08 17:48:41 +00:00
parent 0f0a301280
commit 8bf5dd187b
1 changed files with 33 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
src/Security/BasicAuth.php
View File

@ -77,10 +77,27 @@ class BasicAuth
return self::$current_token; return self::$current_token;
} }
$source = $_REQUEST['source'] ?? '';
// Support for known clients that doesn't send a source name
if (empty($source) && !empty($_SERVER['HTTP_USER_AGENT'])) {
if(strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) {
$source = 'Twidere';
}
Logger::info('Unrecognized user-agent', ['http_user_agent' => $_SERVER['HTTP_USER_AGENT']]);
} else {
Logger::info('Empty user-agent');
}
if (empty($source)) {
$source = 'api';
}
self::$current_token = [ self::$current_token = [
'uid' => self::$current_user_id, 'uid' => self::$current_user_id,
'id' => 0, 'id' => 0,
'name' => api_source(), 'name' => $source,
'website' => '', 'website' => '',
'created_at' => DBA::NULL_DATETIME, 'created_at' => DBA::NULL_DATETIME,
'read' => true, 'read' => true,
@ -114,32 +131,32 @@ class BasicAuth
} }
} }
$user = $_SERVER['PHP_AUTH_USER'] ?? ''; $user = $_SERVER['PHP_AUTH_USER'] ?? '';
$password = $_SERVER['PHP_AUTH_PW'] ?? ''; $password = $_SERVER['PHP_AUTH_PW'] ?? '';
// allow "user@server" login (but ignore 'server' part) // allow "user@server" login (but ignore 'server' part)
$at = strstr($user, "@", true); $at = strstr($user, "@", true);
if ($at) { if ($at) {
$user = $at; $user = $at;
} }
// next code from mod/auth.php. needs better solution // next code from mod/auth.php. needs better solution
$record = null; $record = null;
$addon_auth = [ $addon_auth = [
'username' => trim($user), 'username' => trim($user),
'password' => trim($password), 'password' => trim($password),
'authenticated' => 0, 'authenticated' => 0,
'user_record' => null, 'user_record' => null,
]; ];
/* /*
* An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record * An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
* Addons should never set 'authenticated' except to indicate success - as hooks may be chained * Addons should never set 'authenticated' except to indicate success - as hooks may be chained
* and later addons should not interfere with an earlier one that succeeded. * and later addons should not interfere with an earlier one that succeeded.
*/ */
Hook::callAll('authenticate', $addon_auth); Hook::callAll('authenticate', $addon_auth);
if ($addon_auth['authenticated'] && !empty($addon_auth['user_record'])) { if ($addon_auth['authenticated'] && !empty($addon_auth['user_record'])) {
$record = $addon_auth['user_record']; $record = $addon_auth['user_record'];
} else { } else {
@ -148,32 +165,32 @@ class BasicAuth
$record = DBA::selectFirst('user', [], ['uid' => $user_id]); $record = DBA::selectFirst('user', [], ['uid' => $user_id]);
} catch (Exception $ex) { } catch (Exception $ex) {
$record = []; $record = [];
} }
} }
if (empty($record)) { if (empty($record)) {
if (!$do_login) { if (!$do_login) {
return 0; return 0;
} }
Logger::debug('failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]); Logger::debug('Access denied', ['parameters' => $_SERVER]);
header('WWW-Authenticate: Basic realm="Friendica"'); header('WWW-Authenticate: Basic realm="Friendica"');
throw new UnauthorizedException("This API requires login"); throw new UnauthorizedException("This API requires login");
} }
// Don't refresh the login date more often than twice a day to spare database writes // Don't refresh the login date more often than twice a day to spare database writes
$login_refresh = strcmp(DateTimeFormat::utc('now - 12 hours'), $record['login_date']) > 0; $login_refresh = strcmp(DateTimeFormat::utc('now - 12 hours'), $record['login_date']) > 0;
DI::auth()->setForUser($a, $record, false, false, $login_refresh); DI::auth()->setForUser($a, $record, false, false, $login_refresh);
Session::set('allow_api', true); Session::set('allow_api', true);
Hook::callAll('logged_in', $a->user); Hook::callAll('logged_in', $a->user);
if (Session::get('allow_api')) { if (Session::get('allow_api')) {
self::$current_user_id = local_user(); self::$current_user_id = local_user();
} else { } else {
self::$current_user_id = 0; self::$current_user_id = 0;
} }
return self::$current_user_id; return self::$current_user_id;
} }
} }