/**
* Check authentication array and set error, errorcode, errorlabel
*
* @param array $authentication Array with authentication informations ('login'=>,'password'=>,'entity'=>,'dolibarrkey'=>)
* @param int &$error Number of errors
* @param string &$errorcode Error string code
* @param string &$errorlabel Error string label
* @return User Return user object identified by login/pass/entity into authentication array
*/
function check_authentication($authentication, &$error, &$errorcode, &$errorlabel)
{
global $db, $conf, $langs;
global $dolibarr_main_authentication, $dolibarr_auto_user;
$fuser = new User($db);
if (!$error && $authentication['dolibarrkey'] != $conf->global->WEBSERVICES_KEY) {
$error++;
$errorcode = 'BAD_VALUE_FOR_SECURITY_KEY';
$errorlabel = 'Value provided into dolibarrkey entry field does not match security key defined in Webservice module setup';
}
if (!$error && !empty($authentication['entity']) && !is_numeric($authentication['entity'])) {
$error++;
$errorcode = 'BAD_PARAMETERS';
$errorlabel = "Parameter entity must be empty (or filled with numeric id of instance if multicompany module is used).";
}
if (!$error) {
$result = $fuser->fetch('', $authentication['login'], '', 0);
if ($result < 0) {
$error++;
$errorcode = 'ERROR_FETCH_USER';
$errorlabel = 'A technical error occurs during fetch of user';
} else {
if ($result == 0) {
$error++;
$errorcode = 'BAD_CREDENTIALS';
$errorlabel = 'Bad value for login or password';
}
}
if (!$error && $fuser->statut == 0) {
$error++;
$errorcode = 'ERROR_USER_DISABLED';
$errorlabel = 'This user has been locked or disabled';
}
// Validation of login
if (!$error) {
$fuser->getrights();
// Load permission of user
// Authentication mode
if (empty($dolibarr_main_authentication)) {
$dolibarr_main_authentication = 'http,dolibarr';
}
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
$dolibarr_auto_user = '******';
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($authentication['login'], $authentication['password'], $authentication['entity'], $authmode);
if (empty($login)) {
$error++;
$errorcode = 'BAD_CREDENTIALS';
$errorlabel = 'Bad value for login or password';
}
}
}
return $fuser;
}
$goontestloop = true;
}
if ($dolibarr_main_authentication == 'forceuser' && !empty($dolibarr_auto_user)) {
$goontestloop = true;
}
if (GETPOST("username", "alpha", 2) || !empty($_COOKIE['login_dolibarr']) || GETPOST('openid_mode', 'alpha', 1)) {
$goontestloop = true;
}
if (!is_object($langs)) {
include_once DOL_DOCUMENT_ROOT . '/core/class/translate.class.php';
$langs = new Translate("", $conf);
$langcode = GETPOST('lang') ? GETPOST('lang', 'alpha', 1) : (empty($conf->global->MAIN_LANG_DEFAULT) ? 'auto' : $conf->global->MAIN_LANG_DEFAULT);
$langs->setDefaultLang($langcode);
}
if ($test && $goontestloop) {
$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
if ($login) {
$dol_authmode = $conf->authmode;
// This properties is defined only when logged, to say what mode was successfully used
$dol_tz = $_POST["tz"];
$dol_tz_string = $_POST["tz_string"];
$dol_tz_string = preg_replace('/\\s*\\(.+\\)$/', '', $dol_tz_string);
$dol_tz_string = preg_replace('/,/', '/', $dol_tz_string);
$dol_tz_string = preg_replace('/\\s/', '_', $dol_tz_string);
$dol_dst = 0;
if (isset($_POST["dst_first"]) && isset($_POST["dst_second"])) {
include_once DOL_DOCUMENT_ROOT . '/core/lib/date.lib.php';
$datenow = dol_now();
$datefirst = dol_stringtotime($_POST["dst_first"]);
$datesecond = dol_stringtotime($_POST["dst_second"]);
if ($datenow >= $datefirst && $datenow < $datesecond) {
/**
* Login
*
* Log user with username and password
*
* @param string $login Username
* @param string $password User password
* @param int $entity User entity
* @return array Response status and user token
*
* @throws RestException
*/
public function login($login, $password, $entity = 0)
{
// Authentication mode
if (empty($dolibarr_main_authentication)) {
$dolibarr_main_authentication = 'http,dolibarr';
}
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
$dolibarr_auto_user = '******';
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($login, $password, $entity, $authmode);
if (empty($login)) {
throw new RestException(403, 'Access denied');
}
// Generate token for user
$token = dol_hash($login . uniqid() . $conf->global->MAIN_API_KEY, 1);
// We store API token into database
$sql = "UPDATE " . MAIN_DB_PREFIX . "user";
$sql .= " SET api_key = '" . $this->db->escape($token) . "'";
$sql .= " WHERE login = '******'";
dol_syslog(get_class($this) . "::login", LOG_DEBUG);
// No log
$result = $this->db->query($sql);
if (!$result) {
throw new RestException(500, 'Error when updating user :'******'success' => array('code' => 200, 'token' => $token, 'message' => 'Welcome ' . $login));
}
/**
* testCheckLoginPassEntity
*
* @return void
*/
public function testCheckLoginPassEntity()
{
$login = checkLoginPassEntity('loginbidon', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__ . " login="******"\n";
$this->assertEquals($login, '');
$login = checkLoginPassEntity('admin', 'passwordbidon', 1, array('dolibarr'));
print __METHOD__ . " login="******"\n";
$this->assertEquals($login, '');
$login = checkLoginPassEntity('admin', 'admin', 1, array('dolibarr'));
// Should works because admin/admin exists
print __METHOD__ . " login="******"\n";
$this->assertEquals($login, 'admin');
$login = checkLoginPassEntity('admin', 'admin', 1, array('http', 'dolibarr'));
// Should work because of second authetntication method
print __METHOD__ . " login="******"\n";
$this->assertEquals($login, 'admin');
$login = checkLoginPassEntity('admin', 'admin', 1, array('forceuser'));
print __METHOD__ . " login="******"\n";
$this->assertEquals($login, '');
// Expected '' because should failed because login 'auto' does not exists
}
/**
* Validate login/pass
*
* @param string $aLogin Login
* @param string $aPasswd Password
* @return int 0 or 1
*/
function verif($aLogin, $aPasswd)
{
global $conf, $langs;
global $dolibarr_main_authentication, $dolibarr_auto_user;
$ret = -1;
$login = '';
$test = true;
// Authentication mode
if (empty($dolibarr_main_authentication)) {
$dolibarr_main_authentication = 'http,dolibarr';
}
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user)) {
$dolibarr_auto_user = '******';
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
// No authentication mode
if (!count($authmode)) {
$langs->load('main');
dol_print_error('', $langs->trans("ErrorConfigParameterNotDefined", 'dolibarr_main_authentication'));
exit;
}
$usertotest = $aLogin;
$passwordtotest = $aPasswd;
$entitytotest = $conf->entity;
// Validation tests user / password
// If ok, the variable will be initialized login
// If error, we will put error message in session under the name dol_loginmesg
$goontestloop = false;
if (isset($_SERVER["REMOTE_USER"]) && in_array('http', $authmode)) {
$goontestloop = true;
}
if (isset($aLogin) || GETPOST('openid_mode', 'alpha', 1)) {
$goontestloop = true;
}
if ($test && $goontestloop) {
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
$login = checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode);
if ($login) {
$this->login($aLogin);
$this->passwd($aPasswd);
$ret = 0;
} else {
$ret = -1;
}
}
return $ret;
}
