gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-11-28 10:30:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

do not treat Basic authentication as a token, but just skip it

Browse Source
This commit is contained in:
Uwe Steinmann 2025-10-24 12:50:49 +02:00
parent 6e06bec195
commit d73a89c616
1 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
restapi/index.php
View File

@ -3071,7 +3071,12 @@ class RestapiAuthMiddleware implements MiddlewareInterface { /* {{{ */
} }
/** /**
* Example middleware invokable class * Auth middleware invokable class
*
* This methods checks for an api token in the Authorization header or
* a valid session in the cookie `mydms_session`.
* It does not support Basic authentication. It actually treats that
* as a wrong api token and authentication fails.
* *
* @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request * @param \Psr\Http\Message\ServerRequestInterface $request PSR7 request
* @param \Psr\Http\Server\RequestHandlerInterface $handler * @param \Psr\Http\Server\RequestHandlerInterface $handler
@ -3133,6 +3138,8 @@ class RestapiAuthMiddleware implements MiddlewareInterface { /* {{{ */
$userobj = null; $userobj = null;
// $logger->log(var_export($environment, true), PEAR_LOG_DEBUG); // $logger->log(var_export($environment, true), PEAR_LOG_DEBUG);
if(!empty($environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) { if(!empty($environment['HTTP_AUTHORIZATION']) && !empty($settings->_apiKey) && !empty($settings->_apiUserId)) {
/* We cannot handle Basic authentication, so skip it */
if (substr($environment['HTTP_AUTHORIZATION'], 0, 6) != 'Basic ') {
$logger->log("Authorization key: ".$environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG); $logger->log("Authorization key: ".$environment['HTTP_AUTHORIZATION'], PEAR_LOG_DEBUG);
if($settings->_apiKey == $environment['HTTP_AUTHORIZATION']) { if($settings->_apiKey == $environment['HTTP_AUTHORIZATION']) {
if(!($userobj = $dms->getUser($settings->_apiUserId))) { if(!($userobj = $dms->getUser($settings->_apiUserId))) {
@ -3160,6 +3167,9 @@ class RestapiAuthMiddleware implements MiddlewareInterface { /* {{{ */
return $response; return $response;
} }
$logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO); $logger->log("Login with apikey as '".$userobj->getLogin()."' successful", PEAR_LOG_INFO);
} else {
$logger->log("Login with Basic auth cannot be handled by AuthMiddleware", PEAR_LOG_INFO);
}
} else { } else {
$logger->log("Checking for valid session", PEAR_LOG_INFO); $logger->log("Checking for valid session", PEAR_LOG_INFO);
require_once("../inc/inc.ClassSession.php"); require_once("../inc/inc.ClassSession.php");