/** * Grant access tokens for basic user credentials. * * Check the supplied username and password for validity. * * You can also use the $client_id param to do any checks required based * on a client, if you need that. * * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS. * * @param $client_id * Client identifier to be check with. * @param $username * Username to be check with. * @param $password * Password to be check with. * * @return * TRUE if the username and password are valid, and FALSE if it isn't. * Moreover, if the username and password are valid, and you want to * verify the scope of a user's access, return an associative array * with the scope values as below. We'll check the scope you provide * against the requested scope before providing an access token: * @code * return array( * 'scope' => <stored scope values (space-separated string)>, * ); * @endcode * * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.3 * * @ingroup oauth2_section_4 */ public function checkUserCredentials(IOAuth2GrantUser $storage, $client_id, $username, $password) { $clientInfo = $storage->getClientDetails($client_id); if ($clientInfo === false) { return false; } // Is just a regular Sugar User $auth = AuthenticationController::getInstance(); // noHooks since we'll take care of the hooks on API level, to make it more generalized $loginSuccess = $auth->login($username, $password, array('passwordEncrypted' => false, 'noRedirect' => true, 'noHooks' => true)); if ($loginSuccess && !empty($auth->nextStep)) { // Set it here, and then load it in to the session on the next pass // TODO: How do we pass the next required step to the client via the REST API? $GLOBALS['nextStep'] = $auth->nextStep; } if ($loginSuccess) { $this->userBean = $this->loadUserFromName($username); return array('user_id' => $this->userBean->id); } else { if (!empty($_SESSION['login_error'])) { $message = $_SESSION['login_error']; } else { $message = null; } throw new SugarApiExceptionNeedLogin($message); } }
/** * Grant access tokens for basic user credentials. * * Check the supplied username and password for validity. * * You can also use the $client_id param to do any checks required based * on a client, if you need that. * * Required for OAuth2::GRANT_TYPE_USER_CREDENTIALS. * * @param $client_id * Client identifier to be check with. * @param $username * Username to be check with. * @param $password * Password to be check with. * * @return * TRUE if the username and password are valid, and FALSE if it isn't. * Moreover, if the username and password are valid, and you want to * verify the scope of a user's access, return an associative array * with the scope values as below. We'll check the scope you provide * against the requested scope before providing an access token: * @code * return array( * 'scope' => <stored scope values (space-separated string)>, * ); * @endcode * * @see http://tools.ietf.org/html/draft-ietf-oauth-v2-20#section-4.3 * * @ingroup oauth2_section_4 */ public function checkUserCredentials(IOAuth2GrantUser $storage, $client_id, $username, $password) { if (empty($username)) { return false; } $clientInfo = $storage->getClientDetails($client_id); if ($clientInfo === false) { return false; } $portalApiUser = $this->findPortalApiUser($client_id); if ($portalApiUser == null) { // Can't login as a portal user if there is no API user throw new SugarApiExceptionPortalNotConfigured(); } $contact = $this->loadUserFromName($username); if (!empty($contact) && !User::checkPassword($password, $contact->portal_password)) { $contact = null; } if (!empty($contact)) { $sessionManager = new SessionManager(); if (!$sessionManager->canAddSession()) { //not able to add another session right now $GLOBALS['log']->error("Unable to add new session"); throw new SugarApiExceptionNeedLogin('too_many_concurrent_connections', array('Too many concurrent sessions')); } $this->contactBean = $contact; if (empty($this->userBean)) { $this->userBean = $portalApiUser; } return array('user_id' => $contact->id); } else { throw new SugarApiExceptionNeedLogin(translate('ERR_INVALID_PASSWORD', 'Users')); } }