From b423a525afafd3bfdea7e6de652e32e4187491c2 Mon Sep 17 00:00:00 2001 From: seferdemirci <63615719+seferdemirci@users.noreply.github.com> Date: Sun, 23 Jan 2022 22:27:12 +0300 Subject: [PATCH] Check user making request from API If the user sends a request with API, the plugin was preventing the request and redirects the Google Login page. Before redirecting I checked user requests come from API and check user credentials are valid. --- plugin.php | 65 +++++++++++++++++++++++++++++++----------------------- 1 file changed, 37 insertions(+), 28 deletions(-) diff --git a/plugin.php b/plugin.php index 2cf5afc..bdfdc85 100644 --- a/plugin.php +++ b/plugin.php @@ -50,35 +50,44 @@ function atomarch_google_auth() { return true; } else { - - if (!isset($_GET['code'])) { - - // Generate a URL to request access from Google's OAuth 2.0 server - $auth_url = $client->createAuthUrl(); - // Redirect the user to $auth_url so they can enter their Google credentials - header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL)); - - } else { - // Exchange an authorization code for an access token - $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); - - if (!array_key_exists('access_token', $token)) { - yourls_e("invalid token"); - die(); - } - //Store Access Token in a session variable - $_SESSION['access_token'] = $token; - - if (atomarch_check_domain($client) === false) { - $client->revokeToken(); - unset($_SESSION['access_token']); - yourls_e("User from Unauthorized Domain."); - die(); + + // If user sending request with API, check user credentials + if(yourls_is_API()){ + + yourls_check_username_password(); + + }else{ + + if (!isset($_GET['code'])) { + + // Generate a URL to request access from Google's OAuth 2.0 server + $auth_url = $client->createAuthUrl(); + // Redirect the user to $auth_url so they can enter their Google credentials + header('Location: ' . filter_var($auth_url, FILTER_SANITIZE_URL)); + + } else { + // Exchange an authorization code for an access token + $token = $client->fetchAccessTokenWithAuthCode($_GET['code']); + + if (!array_key_exists('access_token', $token)) { + yourls_e("invalid token"); + die(); } - - $redirect_uri = yourls_admin_url(); - header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL)); - } + //Store Access Token in a session variable + $_SESSION['access_token'] = $token; + + if (atomarch_check_domain($client) === false) { + $client->revokeToken(); + unset($_SESSION['access_token']); + yourls_e("You can only access it with an ILA account."); + die(); + } + + $redirect_uri = yourls_admin_url(); + header('Location: ' . filter_var($redirect_uri, FILTER_SANITIZE_URL)); + } + } + } }