diff options
-rw-r--r-- | include/api.php | 179 | ||||
-rw-r--r-- | include/api_auth.php | 95 | ||||
-rw-r--r-- | include/auth.php | 1 |
3 files changed, 96 insertions, 179 deletions
diff --git a/include/api.php b/include/api.php index 875bf121f..24176884c 100644 --- a/include/api.php +++ b/include/api.php @@ -66,96 +66,6 @@ require_once('include/attach.php'); 'auth'=>$auth); } - /** - * Simple HTTP Login - */ - - function api_login(&$a){ - // login with oauth - try { - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); - - list($consumer,$token) = $oauth->verify_request($req); - - if (!is_null($token)){ - $oauth->loginUser($token->uid); - - $a->set_oauth_key($consumer->key); - - call_hooks('logged_in', $a->user); - return; - } - echo __file__.__line__.__function__."<pre>"; -// var_dump($consumer, $token); - die(); - } - catch(Exception $e) { - logger(__file__.__line__.__function__."\n".$e); - } - - - // workaround for HTTP-auth in CGI mode - if(x($_SERVER,'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - if(x($_SERVER,'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - - if (!isset($_SERVER['PHP_AUTH_USER'])) { - logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); - } - - // process normal login request - require_once('include/auth.php'); - $channel_login = 0; - $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); - if(! $record) { - $r = q("select * from channel where channel_address = '%s' limit 1", - dbesc($_SERVER['PHP_AUTH_USER']) - ); - if ($r) { - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']); - if($record) - $channel_login = $r[0]['channel_id']; - } - } - if(! $record) { - logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); - } - } - - require_once('include/security.php'); - authenticate_success($record); - - if($channel_login) - change_channel($channel_login); - - $_SESSION['allow_api'] = true; - } /************************** * MAIN API ENTRY POINT * @@ -2417,95 +2327,6 @@ logger('Req: ' . var_export($req,true)); api_register_func('api/oauth/access_token', 'api_oauth_access_token', false); - -function api_export_users(&$a,$type) { - - if (! is_site_admin()){ - header('HTTP/1.0 401 Unauthorized'); - die('Only admin accounts may use this endpoint.'); - } - - $r = q("SELECT * FROM account"); - - // TODO: paginating! - - $ret = array(); - foreach($r as $u){ - $ret[] = $u; - } - - json_return_and_die(array('status' => 'OK', - 'users' => $u)); -} -api_register_func('api/export/users','api_export_users', true); - - - -function api_export_channel_hashes(&$a, $type) { - - if (! is_site_admin()){ - header('HTTP/1.0 401 Unauthorized'); - die('Only admin accounts may use this endpoint.'); - } - - if( $_REQUEST['account_id'] == ''){ - header('HTTP/1.0 422 Unprocessable Entity'); - die('Must supply account_id parameter.'); - - } - - $c = q("select * from channel where channel_account_id = '%d'", - intval($_REQUEST['account_id'])); - - if(! $c){ - header('HTTP/1.0 404 Not Found'); - die('No such account_id '. $_REQUEST['account_id']); - - } - - $ret = array(); - foreach ($c as $r){ - $ret[] = $r['channel_hash']; - } - json_return_and_die(array('status' => 'OK', - 'channel_hashes' => $ret)); -} -api_register_func('api/export/channels','api_export_channel_hashes', true); - - - - -function api_export_identity(&$a, $type) { - - if (! is_site_admin()){ - header('HTTP/1.0 401 Unauthorized'); - die('Only admin accounts may use this endpoint.'); - } - - if( $_REQUEST['channel_hash'] == ''){ - header('HTTP/1.0 422 Unprocessable Entity'); - die('Must supply channel_hash parameter.'); - - } - - require_once('include/identity.php'); - - $c = q("select channel_id from channel where channel_hash = '%s' LIMIT 1", - dbesc($_REQUEST['channel_hash'])); - - if(! $c){ - header('HTTP/1.0 404 Not Found'); - die('No such channel '. $_REQUEST['channel_hash']); - - } - json_return_and_die( - identity_basic_export($c[0]['channel_id'], - (($_REQUEST['posts']) ? intval($_REQUEST['posts']) : 0 ))); -} -api_register_func('api/export/identity','api_export_identity', true); - - - /* Not implemented by now: statuses/retweets_of_me diff --git a/include/api_auth.php b/include/api_auth.php new file mode 100644 index 000000000..ee9db3f55 --- /dev/null +++ b/include/api_auth.php @@ -0,0 +1,95 @@ +<?php /** @file */ + +require_once("oauth.php"); + + +/** + * Simple HTTP Login + */ + +function api_login(&$a){ + // login with oauth + try { + $oauth = new FKOAuth1(); + $req = OAuthRequest::from_request(); + + list($consumer,$token) = $oauth->verify_request($req); + + if (!is_null($token)){ + $oauth->loginUser($token->uid); + + $a->set_oauth_key($consumer->key); + + call_hooks('logged_in', $a->user); + return; + } + echo __file__.__line__.__function__."<pre>"; +// var_dump($consumer, $token); + die(); + } + catch(Exception $e) { + logger(__file__.__line__.__function__."\n".$e); + } + + + // workaround for HTTP-auth in CGI mode + if(x($_SERVER,'REDIRECT_REMOTE_USER')) { + $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + if(x($_SERVER,'HTTP_AUTHORIZATION')) { + $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + } + + + if (!isset($_SERVER['PHP_AUTH_USER'])) { + logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); + header('WWW-Authenticate: Basic realm="Red"'); + header('HTTP/1.0 401 Unauthorized'); + die('This api requires login'); + } + + // process normal login request + require_once('include/auth.php'); + $channel_login = 0; + $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); + if(! $record) { + $r = q("select * from channel where channel_address = '%s' limit 1", + dbesc($_SERVER['PHP_AUTH_USER']) + ); + if ($r) { + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if ($x) { + $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']); + if($record) + $channel_login = $r[0]['channel_id']; + } + } + if(! $record) { + logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); + header('WWW-Authenticate: Basic realm="Red"'); + header('HTTP/1.0 401 Unauthorized'); + die('This api requires login'); + } + } + + require_once('include/security.php'); + authenticate_success($record); + + if($channel_login) + change_channel($channel_login); + + $_SESSION['allow_api'] = true; +} diff --git a/include/auth.php b/include/auth.php index 643894e32..4f0c4c928 100644 --- a/include/auth.php +++ b/include/auth.php @@ -9,6 +9,7 @@ * Also provides a function for OpenID identiy matching. */ +require_once('include/api_auth.php'); require_once('include/security.php'); /** |