diff options
author | mrjive <mrjive@mrjive.it> | 2018-04-05 10:52:39 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-04-05 10:52:39 +0200 |
commit | a7ff2cc5ea11afd7b832bef24866abfb0220d022 (patch) | |
tree | e7dcd63bbfdaa6ae564c60d59ef60edf0e6ba7a7 /include/api_auth.php | |
parent | 20ac91703d54679d2e5080ba2d4985e93986a515 (diff) | |
parent | dcacdd23c87061dc15bd12ed2e959bcbe020c5df (diff) | |
download | volse-hubzilla-a7ff2cc5ea11afd7b832bef24866abfb0220d022.tar.gz volse-hubzilla-a7ff2cc5ea11afd7b832bef24866abfb0220d022.tar.bz2 volse-hubzilla-a7ff2cc5ea11afd7b832bef24866abfb0220d022.zip |
Merge pull request #3 from redmatrix/dev
Dev
Diffstat (limited to 'include/api_auth.php')
-rw-r--r-- | include/api_auth.php | 57 |
1 files changed, 45 insertions, 12 deletions
diff --git a/include/api_auth.php b/include/api_auth.php index 5c0bcb317..e2f7ab155 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -14,25 +14,58 @@ function api_login(&$a){ // login with oauth try { - $oauth = new ZotOAuth1(); - $req = OAuth1Request::from_request(); + // OAuth 2.0 + $storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db); + $server = new \Zotlabs\Identity\OAuth2Server($storage); + $request = \OAuth2\Request::createFromGlobals(); + if ($server->verifyResourceRequest($request)) { + $token = $server->getAccessTokenData($request); + $uid = $token['user_id']; + $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1", + intval($uid) + ); + if (count($r)) { + $record = $r[0]; + } else { + header('HTTP/1.0 401 Unauthorized'); + echo('This api requires login'); + killme(); + } + + $_SESSION['uid'] = $record['channel_id']; + $_SESSION['addr'] = $_SERVER['REMOTE_ADDR']; + + $x = q("select * from account where account_id = %d LIMIT 1", + intval($record['channel_account_id']) + ); + if ($x) { + require_once('include/security.php'); + authenticate_success($x[0], null, true, false, true, true); + $_SESSION['allow_api'] = true; + call_hooks('logged_in', App::$user); + return; + } + } else { + // OAuth 1.0 + $oauth = new ZotOAuth1(); + $req = OAuth1Request::from_request(); - list($consumer,$token) = $oauth->verify_request($req); + list($consumer, $token) = $oauth->verify_request($req); - if (!is_null($token)){ - $oauth->loginUser($token->uid); + if (!is_null($token)) { + $oauth->loginUser($token->uid); - App::set_oauth_key($consumer->key); + App::set_oauth_key($consumer->key); - call_hooks('logged_in', App::$user); - return; + call_hooks('logged_in', App::$user); + return; + } + killme(); } - killme(); - } - catch(Exception $e) { + } catch (Exception $e) { logger($e->getMessage()); } - + // workarounds for HTTP-auth in CGI mode foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { |