From c391ca62f1ad4130202b995bb5bb9111894e65ff Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Sun, 28 Dec 2014 18:05:02 +0100
Subject: Remove all old references to LOG_PATH

See https://github.com/FreshRSS/FreshRSS/issues/729
---
 p/api/greader.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index 1a66c30fb..80714d478 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -77,7 +77,7 @@ class MyPDO extends Minz_ModelPdo {
 }
 
 function logMe($text) {
-	file_put_contents(LOG_PATH . '/api.log', $text, FILE_APPEND);
+	file_put_contents(join_path(USERS_PATH, '_', 'log_api.txt'), $text, FILE_APPEND);
 }
 
 function debugInfo() {
-- 
cgit v1.2.3


From 60563283cc5594f50fd8943661e03e350e529913 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 6 Jan 2015 23:16:57 +0100
Subject: Fix greader api script with new config system

See https://github.com/FreshRSS/FreshRSS/issues/730
---
 p/api/greader.php | 35 +++++++++++++++++++----------------
 1 file changed, 19 insertions(+), 16 deletions(-)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index 80714d478..30530d60d 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -150,13 +150,12 @@ function authorizationToUserConf() {
 		if (count($headerAuthX) === 2) {
 			$user = $headerAuthX[0];
 			if (ctype_alnum($user)) {
-				try {
-					$conf = new FreshRSS_Configuration($user);
-				} catch (Exception $e) {
-					logMe($e->getMessage() . "\n");
+				$conf = get_user_configuration($user);
+				if (is_null($conf)) {
 					unauthorized();
 				}
-				if ($headerAuthX[1] === sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash)) {
+				$system_conf = Minz_Configuration::get('system');
+				if ($headerAuthX[1] === sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash)) {
 					return $conf;
 				} else {
 					logMe('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1] . "\n");
@@ -177,16 +176,16 @@ function clientLogin($email, $pass) {	//http://web.archive.org/web/2013060409104
 		if (!function_exists('password_verify')) {
 			include_once(LIB_PATH . '/password_compat.php');
 		}
-		try {
-			$conf = new FreshRSS_Configuration($email);
-		} catch (Exception $e) {
-			logMe($e->getMessage() . "\n");
-			Minz_Log::warning('Invalid API user ' . $email);
+
+		$conf = get_user_configuration($email);
+		if (is_null($conf)) {
 			unauthorized();
 		}
+
 		if ($conf->apiPasswordHash != '' && password_verify($pass, $conf->apiPasswordHash)) {
 			header('Content-Type: text/plain; charset=UTF-8');
-			$auth = $email . '/' . sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash);
+			$system_conf = Minz_Configuration::get('system');
+			$auth = $email . '/' . sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash);
 			echo 'SID=', $auth, "\n",
 				'Auth=', $auth, "\n";
 			exit();
@@ -204,7 +203,8 @@ function token($conf) {
 //http://blog.martindoms.com/2009/08/15/using-the-google-reader-api-part-1/
 //https://github.com/ericmann/gReader-Library/blob/master/greader.class.php
 	logMe('token('. $conf->user . ")\n");	//TODO: Implement real token that expires
-	$token = str_pad(sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
+	$system_conf = Minz_Configuration::get('system');
+	$token = str_pad(sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
 	echo $token, "\n";
 	exit();
 }
@@ -212,7 +212,8 @@ function token($conf) {
 function checkToken($conf, $token) {
 //http://code.google.com/p/google-reader-api/wiki/ActionToken
 	logMe('checkToken(' . $token . ")\n");
-	if ($token === str_pad(sha1(Minz_Configuration::salt() . $conf->user . $conf->apiPasswordHash), 57, 'Z')) {
+	$system_conf = Minz_Configuration::get('system');
+	if ($token === str_pad(sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash), 57, 'Z')) {
 		return true;
 	}
 	unauthorized();
@@ -536,9 +537,11 @@ logMe('----------------------------------------------------------------'."\n");
 $pathInfo = empty($_SERVER['PATH_INFO']) ? '/Error' : urldecode($_SERVER['PATH_INFO']);
 $pathInfos = explode('/', $pathInfo);
 
-Minz_Configuration::init();
-
-if (!Minz_Configuration::apiEnabled()) {
+Minz_Configuration::register('system',
+                             DATA_PATH . '/config.php',
+                             DATA_PATH . '/config.default.php');
+$system_conf = Minz_Configuration::get('system');
+if (!$system_conf->api_enabled) {
 	serviceUnavailable();
 }
 
-- 
cgit v1.2.3


From e7e7a320d61a03141823ccb47c8587bb2541ba2e Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 13 Jan 2015 14:13:27 +0100
Subject: Add a log line in greader API.

See https://github.com/FreshRSS/FreshRSS/issues/747
---
 p/api/greader.php | 1 +
 1 file changed, 1 insertion(+)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index 30530d60d..bbde2a867 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -152,6 +152,7 @@ function authorizationToUserConf() {
 			if (ctype_alnum($user)) {
 				$conf = get_user_configuration($user);
 				if (is_null($conf)) {
+					logMe('Invalid configuration API file for user ' . $user);
 					unauthorized();
 				}
 				$system_conf = Minz_Configuration::get('system');
-- 
cgit v1.2.3


From f3545208ab29ac646e3f104892aabcabe575411d Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 13 Jan 2015 15:00:06 +0100
Subject: Add log in API

See https://github.com/FreshRSS/FreshRSS/issues/747
---
 p/api/greader.php | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index bbde2a867..069fcd5a8 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -152,7 +152,7 @@ function authorizationToUserConf() {
 			if (ctype_alnum($user)) {
 				$conf = get_user_configuration($user);
 				if (is_null($conf)) {
-					logMe('Invalid configuration API file for user ' . $user);
+					Minz_Log::warning('Invalid API user ' . $user . ': configuration cannot be found.');
 					unauthorized();
 				}
 				$system_conf = Minz_Configuration::get('system');
@@ -180,6 +180,7 @@ function clientLogin($email, $pass) {	//http://web.archive.org/web/2013060409104
 
 		$conf = get_user_configuration($email);
 		if (is_null($conf)) {
+			Minz_Log::warning('Invalid API user ' . $email . ': configuration cannot be found.');
 			unauthorized();
 		}
 
-- 
cgit v1.2.3


From 59760580d2e6856ee66dedb0ae33829aea29c971 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 13 Jan 2015 15:14:55 +0100
Subject: Fix greader API

$conf->user didn't exist anymore since #730. User name had to be retrieved
by another way. It uses sessions now.

Fix https://github.com/FreshRSS/FreshRSS/issues/747
---
 p/api/greader.php | 23 ++++++++++++++---------
 1 file changed, 14 insertions(+), 9 deletions(-)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index 069fcd5a8..2c23b30a2 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -143,7 +143,7 @@ function checkCompatibility() {
 	exit();
 }
 
-function authorizationToUserConf() {
+function authorizationToUser() {
 	$headerAuth = headerVariable('Authorization', 'GoogleLogin_auth');	//Input is 'GoogleLogin auth', but PHP replaces spaces by '_'	http://php.net/language.variables.external
 	if ($headerAuth != '') {
 		$headerAuthX = explode('/', $headerAuth, 2);
@@ -156,8 +156,8 @@ function authorizationToUserConf() {
 					unauthorized();
 				}
 				$system_conf = Minz_Configuration::get('system');
-				if ($headerAuthX[1] === sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash)) {
-					return $conf;
+				if ($headerAuthX[1] === sha1($system_conf->salt . $user . $conf->apiPasswordHash)) {
+					return $user;
 				} else {
 					logMe('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1] . "\n");
 					Minz_Log::warning('Invalid API authorisation for user ' . $user . ': ' . $headerAuthX[1]);
@@ -187,7 +187,7 @@ function clientLogin($email, $pass) {	//http://web.archive.org/web/2013060409104
 		if ($conf->apiPasswordHash != '' && password_verify($pass, $conf->apiPasswordHash)) {
 			header('Content-Type: text/plain; charset=UTF-8');
 			$system_conf = Minz_Configuration::get('system');
-			$auth = $email . '/' . sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash);
+			$auth = $email . '/' . sha1($system_conf->salt . $email . $conf->apiPasswordHash);
 			echo 'SID=', $auth, "\n",
 				'Auth=', $auth, "\n";
 			exit();
@@ -204,18 +204,20 @@ function clientLogin($email, $pass) {	//http://web.archive.org/web/2013060409104
 function token($conf) {
 //http://blog.martindoms.com/2009/08/15/using-the-google-reader-api-part-1/
 //https://github.com/ericmann/gReader-Library/blob/master/greader.class.php
-	logMe('token('. $conf->user . ")\n");	//TODO: Implement real token that expires
+	$user = Minz_Session::_param('currentUser', '_');
+	logMe('token('. $user . ")\n");	//TODO: Implement real token that expires
 	$system_conf = Minz_Configuration::get('system');
-	$token = str_pad(sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
+	$token = str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
 	echo $token, "\n";
 	exit();
 }
 
 function checkToken($conf, $token) {
 //http://code.google.com/p/google-reader-api/wiki/ActionToken
+	$user = Minz_Session::_param('currentUser', '_');
 	logMe('checkToken(' . $token . ")\n");
 	$system_conf = Minz_Configuration::get('system');
-	if ($token === str_pad(sha1($system_conf->salt . $conf->user . $conf->apiPasswordHash), 57, 'Z')) {
+	if ($token === str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) {
 		return true;
 	}
 	unauthorized();
@@ -549,8 +551,11 @@ if (!$system_conf->api_enabled) {
 
 Minz_Session::init('FreshRSS');
 
-$conf = authorizationToUserConf();
-$user = $conf == null ? '' : $conf->user;
+$user = authorizationToUser();
+if (is_null($user)) {
+	unauthorized();
+}
+$conf = get_user_configuration($user);
 
 logMe('User => ' . $user . "\n");
 
-- 
cgit v1.2.3


From e8556ac1a4c00b4e44e88a7d73feca6f7462fc34 Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Tue, 13 Jan 2015 15:26:42 +0100
Subject: Change behaviour if authorizationToUser is null

authorizationToUser() returns now an empty string by default
If it returns an empty string, conf is set to null and api don't die
anymore.

Fix https://github.com/FreshRSS/FreshRSS/issues/747
---
 p/api/greader.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index 2c23b30a2..20f72cc3b 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -168,7 +168,7 @@ function authorizationToUser() {
 			}
 		}
 	}
-	return null;
+	return '';
 }
 
 function clientLogin($email, $pass) {	//http://web.archive.org/web/20130604091042/http://undoc.in/clientLogin.html
@@ -552,10 +552,10 @@ if (!$system_conf->api_enabled) {
 Minz_Session::init('FreshRSS');
 
 $user = authorizationToUser();
-if (is_null($user)) {
-	unauthorized();
+$conf = null;
+if ($user !== '') {
+	$conf = get_user_configuration($user);
 }
-$conf = get_user_configuration($user);
 
 logMe('User => ' . $user . "\n");
 
-- 
cgit v1.2.3


From f1ffdd8b9d1f3d8742f1328dfa805664a66e34aa Mon Sep 17 00:00:00 2001
From: Marien Fressinaud <dev@marienfressinaud.fr>
Date: Wed, 14 Jan 2015 21:13:38 +0100
Subject: Fix stupid bug in greader API

Replace Minz_Session::_param() by Minz_Session::param() in token()
and checkToken() functions.

Fix https://github.com/FreshRSS/FreshRSS/issues/747
---
 p/api/greader.php | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

(limited to 'p/api/greader.php')

diff --git a/p/api/greader.php b/p/api/greader.php
index 20f72cc3b..ab1a02244 100644
--- a/p/api/greader.php
+++ b/p/api/greader.php
@@ -204,7 +204,7 @@ function clientLogin($email, $pass) {	//http://web.archive.org/web/2013060409104
 function token($conf) {
 //http://blog.martindoms.com/2009/08/15/using-the-google-reader-api-part-1/
 //https://github.com/ericmann/gReader-Library/blob/master/greader.class.php
-	$user = Minz_Session::_param('currentUser', '_');
+	$user = Minz_Session::param('currentUser', '_');
 	logMe('token('. $user . ")\n");	//TODO: Implement real token that expires
 	$system_conf = Minz_Configuration::get('system');
 	$token = str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z');	//Must have 57 characters
@@ -214,7 +214,7 @@ function token($conf) {
 
 function checkToken($conf, $token) {
 //http://code.google.com/p/google-reader-api/wiki/ActionToken
-	$user = Minz_Session::_param('currentUser', '_');
+	$user = Minz_Session::param('currentUser', '_');
 	logMe('checkToken(' . $token . ")\n");
 	$system_conf = Minz_Configuration::get('system');
 	if ($token === str_pad(sha1($system_conf->salt . $user . $conf->apiPasswordHash), 57, 'Z')) {
@@ -649,7 +649,7 @@ elseif ($pathInfos[1] === 'reader' && $pathInfos[2] === 'api' && isset($pathInfo
 			markAllAsRead($streamId, $ts);
 			break;
 		case 'token':
-			Token($conf);
+			token($conf);
 			break;
 	}
 } elseif ($pathInfos[1] === 'check' && $pathInfos[2] === 'compatibility') {
-- 
cgit v1.2.3