diff options
| author | Tom Needham <needham.thomas@gmail.com> | 2012-09-13 15:18:38 +0000 |
|---|---|---|
| committer | Tom Needham <needham.thomas@gmail.com> | 2012-09-13 15:18:38 +0000 |
| commit | a8c82440d0f4158151b9f28c6bfc0bbc14aea3e1 (patch) | |
| tree | 7194f9063968dd5f34270f0d3d23e08d9ad37967 | |
| parent | 8b409dfe2ad634b84dcbcc54cdd668488318e79b (diff) | |
| download | nextcloud-server-a8c82440d0f4158151b9f28c6bfc0bbc14aea3e1.tar.gz nextcloud-server-a8c82440d0f4158151b9f28c6bfc0bbc14aea3e1.zip | |
API: Use http authentication, check the auth level required
| -rw-r--r-- | lib/api.php | 41 |
1 files changed, 22 insertions, 19 deletions
diff --git a/lib/api.php b/lib/api.php index c278f7672f1..29446e979fe 100644 --- a/lib/api.php +++ b/lib/api.php @@ -86,7 +86,7 @@ class OC_API { foreach(self::$actions[$name] as $action){ $app = $action['app']; // Authorsie this call - if($this->isAuthorised($action)){ + if(self::isAuthorised($action)){ if(is_callable($action['action'])){ $responses[] = array('app' => $app, 'response' => call_user_func($action['action'], $parameters)); } else { @@ -105,7 +105,7 @@ class OC_API { } else { self::respond($response); } - // logout the user to be stateles + // logout the user to be stateless OC_User::logout(); } @@ -114,7 +114,7 @@ class OC_API { * @param array $action the action details as supplied to OC_API::register() * @return bool */ - private function isAuthorised($action){ + private static function isAuthorised($action){ $level = $action['authlevel']; switch($level){ case OC_API::GUEST_AUTH: @@ -123,13 +123,25 @@ class OC_API { break; case OC_API::USER_AUTH: // User required - // Check url for username and password + return self::loginUser(); break; case OC_API::SUBADMIN_AUTH: // Check for subadmin + $user = self::loginUser(); + if(!$user){ + return false; + } else { + return OC_SubAdmin::isSubAdmin($user); + } break; case OC_API::ADMIN_AUTH: // Check for admin + $user = self::loginUser(); + if(!$user){ + return false; + } else { + return OC_Group::inGroup($user, 'admin'); + } break; default: // oops looks like invalid level supplied @@ -139,11 +151,13 @@ class OC_API { } /** - * gets login details from url and logs in the user - * @return bool + * http basic auth + * @return string|false (username, or false on failure) */ - public function loginUser(){ - // Todo + private static function loginUser(){ + $authuser = isset($_SERVER['PHP_AUTH_USER']) ? $_SERVER['PHP_AUTH_USER'] : ''; + $authpw = isset($_SERVER['PHP_AUTH_PW']) ? $_SERVER['PHP_AUTH_PW'] : ''; + return OC_User::login($authuser, $authpw) ? $authuser : false; } /** @@ -222,17 +236,6 @@ class OC_API { $writer->writeElement($k, $v); } } - } - /** - * check if the user is authenticated - */ - public static function checkLoggedIn(){ - // Check OAuth - if(!OC_OAuth_Server::isAuthorised()){ - OC_Response::setStatus(401); - die(); - } - } } |