aboutsummaryrefslogtreecommitdiff
path: root/services/api
diff options
context:
space:
mode:
authorcash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-10-19 11:59:44 +0000
committercash <cash@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-10-19 11:59:44 +0000
commit985fad83ae06027c9ba92915b6f253815e7537cc (patch)
treeed32fd8354b73c3484b4ab77cb1ebe8103631c0a /services/api
parent6ed8a8dd29c699c1ff345f9827f5f685c15e85e6 (diff)
downloadelgg-985fad83ae06027c9ba92915b6f253815e7537cc.tar.gz
elgg-985fad83ae06027c9ba92915b6f253815e7537cc.tar.bz2
first version of new REST api
git-svn-id: http://code.elgg.org/elgg/trunk@3562 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'services/api')
-rw-r--r--services/api/rest.php33
1 files changed, 15 insertions, 18 deletions
diff --git a/services/api/rest.php b/services/api/rest.php
index dfa6cd3a5..a569e7e26 100644
--- a/services/api/rest.php
+++ b/services/api/rest.php
@@ -27,30 +27,27 @@ if ((isset($CONFIG->disable_api)) && ($CONFIG->disable_api == true)) {
throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
}
-// Register some default PAM methods, plugins can add their own
-register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in
-register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one.
-register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions
+// plugins should return true to control what API and user authentication handlers are registered
+if (trigger_plugin_hook('rest', 'init', null, false) == false) {
+ // check session - this usually means a REST call from a web browser
+ register_pam_handler('pam_auth_session');
+ // user token can also be used for user authentication
+ register_pam_handler('pam_auth_usertoken');
+
+ // for api authentication, we default to a simple API key check
+ register_api_auth_handler('api_auth_key');
+}
// Get parameter variables
$method = get_input('method');
$result = null;
-// Authenticate session
-if (pam_authenticate()) {
- // Authenticated somehow, now execute.
- $token = "";
- $params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler
- if (isset($params['auth_token'])) {
- $token = $params['auth_token'];
- }
-
- $result = execute_method($method, $params, $token);
-} else {
- throw new SecurityException(elgg_echo('SecurityException:NoAuthMethods'));
-}
+// this will throw an exception if authentication fails
+authenticate_method($method);
+
+$result = execute_method($method);
+
-// Finally output
if (!($result instanceof GenericResult)) {
throw new APIException(elgg_echo('APIException:ApiResultUnknown'));
}