aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
Diffstat (limited to 'include')
-rw-r--r--include/api_auth.php57
-rw-r--r--include/network.php4
2 files changed, 48 insertions, 13 deletions
diff --git a/include/api_auth.php b/include/api_auth.php
index 5c0bcb317..e2f7ab155 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -14,25 +14,58 @@ function api_login(&$a){
// login with oauth
try {
- $oauth = new ZotOAuth1();
- $req = OAuth1Request::from_request();
+ // OAuth 2.0
+ $storage = new \Zotlabs\Identity\OAuth2Storage(\DBA::$dba->db);
+ $server = new \Zotlabs\Identity\OAuth2Server($storage);
+ $request = \OAuth2\Request::createFromGlobals();
+ if ($server->verifyResourceRequest($request)) {
+ $token = $server->getAccessTokenData($request);
+ $uid = $token['user_id'];
+ $r = q("SELECT * FROM channel WHERE channel_id = %d LIMIT 1",
+ intval($uid)
+ );
+ if (count($r)) {
+ $record = $r[0];
+ } else {
+ header('HTTP/1.0 401 Unauthorized');
+ echo('This api requires login');
+ killme();
+ }
+
+ $_SESSION['uid'] = $record['channel_id'];
+ $_SESSION['addr'] = $_SERVER['REMOTE_ADDR'];
+
+ $x = q("select * from account where account_id = %d LIMIT 1",
+ intval($record['channel_account_id'])
+ );
+ if ($x) {
+ require_once('include/security.php');
+ authenticate_success($x[0], null, true, false, true, true);
+ $_SESSION['allow_api'] = true;
+ call_hooks('logged_in', App::$user);
+ return;
+ }
+ } else {
+ // OAuth 1.0
+ $oauth = new ZotOAuth1();
+ $req = OAuth1Request::from_request();
- list($consumer,$token) = $oauth->verify_request($req);
+ list($consumer, $token) = $oauth->verify_request($req);
- if (!is_null($token)){
- $oauth->loginUser($token->uid);
+ if (!is_null($token)) {
+ $oauth->loginUser($token->uid);
- App::set_oauth_key($consumer->key);
+ App::set_oauth_key($consumer->key);
- call_hooks('logged_in', App::$user);
- return;
+ call_hooks('logged_in', App::$user);
+ return;
+ }
+ killme();
}
- killme();
- }
- catch(Exception $e) {
+ } catch (Exception $e) {
logger($e->getMessage());
}
-
+
// workarounds for HTTP-auth in CGI mode
foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
diff --git a/include/network.php b/include/network.php
index f8cb68613..9768a2544 100644
--- a/include/network.php
+++ b/include/network.php
@@ -88,6 +88,8 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
$instance_headers[] = 'Cookie: PHPSESSID=' . session_id();
}
}
+ logger('headers: ' . json_encode($instance_headers, JSON_PRETTY_PRINT));
+
if($instance_headers)
@curl_setopt($ch, CURLOPT_HTTPHEADER, $instance_headers);
@@ -143,7 +145,7 @@ function z_fetch_url($url, $binary = false, $redirects = 0, $opts = array()) {
$base = $s;
$curl_info = @curl_getinfo($ch);
$http_code = $curl_info['http_code'];
- //logger('fetch_url:' . $http_code . ' data: ' . $s);
+ logger('fetch_url:' . $http_code . ' data: ' . $s);
$header = '';
// Pull out multiple headers, e.g. proxy and continuation headers