From ddce0412ac8fe675153182909d82955c79d1f660 Mon Sep 17 00:00:00 2001 From: ken restivo Date: Tue, 10 Nov 2015 22:50:18 -0800 Subject: Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. --- include/api.php | 90 ------------------------------------------------- include/api_auth.php | 95 ++++++++++++++++++++++++++++++++++++++++++++++++++++ include/auth.php | 1 + 3 files changed, 96 insertions(+), 90 deletions(-) create mode 100644 include/api_auth.php (limited to 'include') diff --git a/include/api.php b/include/api.php index 875bf121f..c8ba65992 100644 --- a/include/api.php +++ b/include/api.php @@ -66,96 +66,6 @@ require_once('include/attach.php'); 'auth'=>$auth); } - /** - * Simple HTTP Login - */ - - function api_login(&$a){ - // login with oauth - try { - $oauth = new FKOAuth1(); - $req = OAuthRequest::from_request(); - - list($consumer,$token) = $oauth->verify_request($req); - - if (!is_null($token)){ - $oauth->loginUser($token->uid); - - $a->set_oauth_key($consumer->key); - - call_hooks('logged_in', $a->user); - return; - } - echo __file__.__line__.__function__."
"; 
-//			var_dump($consumer, $token); 
-			die();
-		}
-		catch(Exception $e) {
-			logger(__file__.__line__.__function__."\n".$e);
-		}
-
-		
-		// workaround for HTTP-auth in CGI mode
-		if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
-		 	$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
-			if(strlen($userpass)) {
-			 	list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
-
-		if(x($_SERVER,'HTTP_AUTHORIZATION')) {
-		 	$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
-			if(strlen($userpass)) {
-			 	list($name, $password) = explode(':', $userpass);
-				$_SERVER['PHP_AUTH_USER'] = $name;
-				$_SERVER['PHP_AUTH_PW'] = $password;
-			}
-		}
-
-
-		if (!isset($_SERVER['PHP_AUTH_USER'])) {
-		   logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		    header('WWW-Authenticate: Basic realm="Red"');
-		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api requires login');
-		}
-		
-		// process normal login request
-		require_once('include/auth.php');
-		$channel_login = 0;
-		$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
-		if(! $record) {
-	        $r = q("select * from channel where channel_address = '%s' limit 1",
-    	        dbesc($_SERVER['PHP_AUTH_USER'])
-        	);
-        	if ($r) {
-            	$x = q("select * from account where account_id = %d limit 1",
-                	intval($r[0]['channel_account_id'])
-            	);
-            	if ($x) {
-					$record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
-					if($record)
-						$channel_login = $r[0]['channel_id'];
-				}
-			}
-			if(! $record) {	
-				logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-				header('WWW-Authenticate: Basic realm="Red"');
-				header('HTTP/1.0 401 Unauthorized');
-				die('This api requires login');
-			}
-		}
-
-		require_once('include/security.php');
-		authenticate_success($record);
-
-		if($channel_login)
-			change_channel($channel_login);
-
-		$_SESSION['allow_api'] = true;
-	}
 	
 	/**************************
 	 *  MAIN API ENTRY POINT  *
diff --git a/include/api_auth.php b/include/api_auth.php
new file mode 100644
index 000000000..ee9db3f55
--- /dev/null
+++ b/include/api_auth.php
@@ -0,0 +1,95 @@
+verify_request($req);
+
+		if (!is_null($token)){
+			$oauth->loginUser($token->uid);
+
+			$a->set_oauth_key($consumer->key);
+
+			call_hooks('logged_in', $a->user);
+			return;
+		}
+		echo __file__.__line__.__function__."
"; 
+//			var_dump($consumer, $token); 
+		die();
+	}
+	catch(Exception $e) {
+		logger(__file__.__line__.__function__."\n".$e);
+	}
+
+		
+	// workaround for HTTP-auth in CGI mode
+	if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
+		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
+		if(strlen($userpass)) {
+			list($name, $password) = explode(':', $userpass);
+			$_SERVER['PHP_AUTH_USER'] = $name;
+			$_SERVER['PHP_AUTH_PW'] = $password;
+		}
+	}
+
+	if(x($_SERVER,'HTTP_AUTHORIZATION')) {
+		$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
+		if(strlen($userpass)) {
+			list($name, $password) = explode(':', $userpass);
+			$_SERVER['PHP_AUTH_USER'] = $name;
+			$_SERVER['PHP_AUTH_PW'] = $password;
+		}
+	}
+
+
+	if (!isset($_SERVER['PHP_AUTH_USER'])) {
+		logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+		header('WWW-Authenticate: Basic realm="Red"');
+		header('HTTP/1.0 401 Unauthorized');
+		die('This api requires login');
+	}
+		
+	// process normal login request
+	require_once('include/auth.php');
+	$channel_login = 0;
+	$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+	if(! $record) {
+	        $r = q("select * from channel where channel_address = '%s' limit 1",
+		       dbesc($_SERVER['PHP_AUTH_USER'])
+			);
+        	if ($r) {
+			$x = q("select * from account where account_id = %d limit 1",
+			       intval($r[0]['channel_account_id'])
+				);
+			if ($x) {
+				$record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+				if($record)
+					$channel_login = $r[0]['channel_id'];
+			}
+		}
+		if(! $record) {	
+			logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+			header('WWW-Authenticate: Basic realm="Red"');
+			header('HTTP/1.0 401 Unauthorized');
+			die('This api requires login');
+		}
+	}
+
+	require_once('include/security.php');
+	authenticate_success($record);
+
+	if($channel_login)
+		change_channel($channel_login);
+
+	$_SESSION['allow_api'] = true;
+}
diff --git a/include/auth.php b/include/auth.php
index 643894e32..4f0c4c928 100644
--- a/include/auth.php
+++ b/include/auth.php
@@ -9,6 +9,7 @@
  * Also provides a function for OpenID identiy matching.
  */
 
+require_once('include/api_auth.php');
 require_once('include/security.php');
 
 /**
-- 
cgit v1.2.3