Added "source" detection
This commit is contained in:
parent
0f0a301280
commit
8bf5dd187b
|
@ -77,10 +77,27 @@ class BasicAuth
|
||||||
return self::$current_token;
|
return self::$current_token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$source = $_REQUEST['source'] ?? '';
|
||||||
|
|
||||||
|
// Support for known clients that doesn't send a source name
|
||||||
|
if (empty($source) && !empty($_SERVER['HTTP_USER_AGENT'])) {
|
||||||
|
if(strpos($_SERVER['HTTP_USER_AGENT'], "Twidere") !== false) {
|
||||||
|
$source = 'Twidere';
|
||||||
|
}
|
||||||
|
|
||||||
|
Logger::info('Unrecognized user-agent', ['http_user_agent' => $_SERVER['HTTP_USER_AGENT']]);
|
||||||
|
} else {
|
||||||
|
Logger::info('Empty user-agent');
|
||||||
|
}
|
||||||
|
|
||||||
|
if (empty($source)) {
|
||||||
|
$source = 'api';
|
||||||
|
}
|
||||||
|
|
||||||
self::$current_token = [
|
self::$current_token = [
|
||||||
'uid' => self::$current_user_id,
|
'uid' => self::$current_user_id,
|
||||||
'id' => 0,
|
'id' => 0,
|
||||||
'name' => api_source(),
|
'name' => $source,
|
||||||
'website' => '',
|
'website' => '',
|
||||||
'created_at' => DBA::NULL_DATETIME,
|
'created_at' => DBA::NULL_DATETIME,
|
||||||
'read' => true,
|
'read' => true,
|
||||||
|
@ -114,32 +131,32 @@ class BasicAuth
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$user = $_SERVER['PHP_AUTH_USER'] ?? '';
|
$user = $_SERVER['PHP_AUTH_USER'] ?? '';
|
||||||
$password = $_SERVER['PHP_AUTH_PW'] ?? '';
|
$password = $_SERVER['PHP_AUTH_PW'] ?? '';
|
||||||
|
|
||||||
// allow "user@server" login (but ignore 'server' part)
|
// allow "user@server" login (but ignore 'server' part)
|
||||||
$at = strstr($user, "@", true);
|
$at = strstr($user, "@", true);
|
||||||
if ($at) {
|
if ($at) {
|
||||||
$user = $at;
|
$user = $at;
|
||||||
}
|
}
|
||||||
|
|
||||||
// next code from mod/auth.php. needs better solution
|
// next code from mod/auth.php. needs better solution
|
||||||
$record = null;
|
$record = null;
|
||||||
|
|
||||||
$addon_auth = [
|
$addon_auth = [
|
||||||
'username' => trim($user),
|
'username' => trim($user),
|
||||||
'password' => trim($password),
|
'password' => trim($password),
|
||||||
'authenticated' => 0,
|
'authenticated' => 0,
|
||||||
'user_record' => null,
|
'user_record' => null,
|
||||||
];
|
];
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
|
* An addon indicates successful login by setting 'authenticated' to non-zero value and returning a user record
|
||||||
* Addons should never set 'authenticated' except to indicate success - as hooks may be chained
|
* Addons should never set 'authenticated' except to indicate success - as hooks may be chained
|
||||||
* and later addons should not interfere with an earlier one that succeeded.
|
* and later addons should not interfere with an earlier one that succeeded.
|
||||||
*/
|
*/
|
||||||
Hook::callAll('authenticate', $addon_auth);
|
Hook::callAll('authenticate', $addon_auth);
|
||||||
|
|
||||||
if ($addon_auth['authenticated'] && !empty($addon_auth['user_record'])) {
|
if ($addon_auth['authenticated'] && !empty($addon_auth['user_record'])) {
|
||||||
$record = $addon_auth['user_record'];
|
$record = $addon_auth['user_record'];
|
||||||
} else {
|
} else {
|
||||||
|
@ -148,32 +165,32 @@ class BasicAuth
|
||||||
$record = DBA::selectFirst('user', [], ['uid' => $user_id]);
|
$record = DBA::selectFirst('user', [], ['uid' => $user_id]);
|
||||||
} catch (Exception $ex) {
|
} catch (Exception $ex) {
|
||||||
$record = [];
|
$record = [];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if (empty($record)) {
|
if (empty($record)) {
|
||||||
if (!$do_login) {
|
if (!$do_login) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
Logger::debug('failed', ['module' => 'api', 'action' => 'login', 'parameters' => $_SERVER]);
|
Logger::debug('Access denied', ['parameters' => $_SERVER]);
|
||||||
header('WWW-Authenticate: Basic realm="Friendica"');
|
header('WWW-Authenticate: Basic realm="Friendica"');
|
||||||
throw new UnauthorizedException("This API requires login");
|
throw new UnauthorizedException("This API requires login");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Don't refresh the login date more often than twice a day to spare database writes
|
// Don't refresh the login date more often than twice a day to spare database writes
|
||||||
$login_refresh = strcmp(DateTimeFormat::utc('now - 12 hours'), $record['login_date']) > 0;
|
$login_refresh = strcmp(DateTimeFormat::utc('now - 12 hours'), $record['login_date']) > 0;
|
||||||
|
|
||||||
DI::auth()->setForUser($a, $record, false, false, $login_refresh);
|
DI::auth()->setForUser($a, $record, false, false, $login_refresh);
|
||||||
|
|
||||||
Session::set('allow_api', true);
|
Session::set('allow_api', true);
|
||||||
|
|
||||||
Hook::callAll('logged_in', $a->user);
|
Hook::callAll('logged_in', $a->user);
|
||||||
|
|
||||||
if (Session::get('allow_api')) {
|
if (Session::get('allow_api')) {
|
||||||
self::$current_user_id = local_user();
|
self::$current_user_id = local_user();
|
||||||
} else {
|
} else {
|
||||||
self::$current_user_id = 0;
|
self::$current_user_id = 0;
|
||||||
}
|
}
|
||||||
return self::$current_user_id;
|
return self::$current_user_id;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user