// Handle a request to a resource and authenticate the access token
$token_OK = $server->verifyResourceRequest(OAuth2\Request::createFromGlobals());
if (!$token_OK) {
- $server->getResponse()->send();
+ $response = $server->getResponse();
+ if (!count($response->getParameters())) {
+ // We get an empty response if we don't get any auth header. Let's actually note that explicitly.
+ $response->setError($response->getStatusCode(), 'auth_missing', 'Authentication missing');
+ }
+ $response->send();
if ($settings['piwik_enabled']) { $piwikTracker->doTrackPageView('API Request: Bad Token'); }
exit();
}
'error_description' => 'The user the access token is connected to was not recognized.')));
}
else {
- if (in_array($user['email'], $utils->client_reg_email_whitelist)) {
+ if (($utils->client_reg_email_whitelist === false) || (in_array($user['email'], $utils->client_reg_email_whitelist))) {
if (strlen(@$_GET['client_id']) >= 5) {
$result = $db->prepare('SELECT `client_id`,`user_id` FROM `oauth_clients` WHERE `client_id` = :clientid;');
$result->execute(array(':clientid' => $_GET['client_id']));