We are no longer offering accounts on this server. Consider https://gitlab.freedesktop.org/ as a place to host projects.

Commit 05156b70 authored by Michele's avatar Michele Committed by Zach Copley

HTTP auth provided is evaluated even if it's not required

parent c63832f7
...@@ -79,10 +79,13 @@ class ApiAuthAction extends ApiAction ...@@ -79,10 +79,13 @@ class ApiAuthAction extends ApiAction
$this->checkOAuthRequest(); $this->checkOAuthRequest();
} else { } else {
$this->checkBasicAuthUser(); $this->checkBasicAuthUser();
// By default, all basic auth users have read and write access
$this->access = self::READ_WRITE;
} }
} else {
// Check to see if a basic auth user is there even
// if one's not required
$this->checkBasicAuthUser(false);
} }
return true; return true;
...@@ -198,13 +201,13 @@ class ApiAuthAction extends ApiAction ...@@ -198,13 +201,13 @@ class ApiAuthAction extends ApiAction
* @return boolean true or false * @return boolean true or false
*/ */
function checkBasicAuthUser() function checkBasicAuthUser($required = true)
{ {
$this->basicAuthProcessHeader(); $this->basicAuthProcessHeader();
$realm = common_config('site', 'name') . ' API'; $realm = common_config('site', 'name') . ' API';
if (!isset($this->auth_user)) { if (!isset($this->auth_user) && $required) {
header('WWW-Authenticate: Basic realm="' . $realm . '"'); header('WWW-Authenticate: Basic realm="' . $realm . '"');
// show error if the user clicks 'cancel' // show error if the user clicks 'cancel'
...@@ -212,12 +215,16 @@ class ApiAuthAction extends ApiAction ...@@ -212,12 +215,16 @@ class ApiAuthAction extends ApiAction
$this->showBasicAuthError(); $this->showBasicAuthError();
exit; exit;
} else { } else if (isset($this->auth_user)) {
$nickname = $this->auth_user; $nickname = $this->auth_user;
$password = $this->auth_pw; $password = $this->auth_pw;
$user = common_check_user($nickname, $password); $user = common_check_user($nickname, $password);
if (Event::handle('StartSetApiUser', array(&$user))) { if (Event::handle('StartSetApiUser', array(&$user))) {
$this->auth_user = $user; $this->auth_user = $user;
// By default, all basic auth users have read and write access
$this->access = self::READ_WRITE;
Event::handle('EndSetApiUser', array($user)); Event::handle('EndSetApiUser', array($user));
} }
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment