Exemplo n.º 1
0
 protected function prepareData()
 {
     global $USER;
     $appManager = ApplicationManager::getInstance();
     $applications = $appManager->getApplications();
     $passwordsList = ApplicationPasswordTable::getList(array("filter" => array("=USER_ID" => $USER->GetID()), "order" => array("APPLICATION_ID" => "ASC", "DATE_CREATE" => "ASC")));
     $rows = array();
     while ($password = $passwordsList->fetch()) {
         if (!isset($applications[$password["APPLICATION_ID"]])) {
             $applications[$password["APPLICATION_ID"]] = array("NAME" => $password["APPLICATION_ID"]);
         }
         if (!isset($rows[$password["APPLICATION_ID"]])) {
             $rows[$password["APPLICATION_ID"]] = array();
         }
         $rows[$password["APPLICATION_ID"]][] = $password;
     }
     $this->arResult["ROWS"] = $rows;
     $this->arResult["APPLICATIONS"] = $applications;
 }
Exemplo n.º 2
0
 /**
  * Authenticates the user and then authorizes him
  */
 function Login($login, $password, $remember = "N", $password_original = "Y")
 {
     /** @global CMain $APPLICATION */
     global $DB, $APPLICATION;
     $result_message = true;
     $user_id = 0;
     $applicationId = null;
     $applicationPassId = null;
     $arParams = array("LOGIN" => &$login, "PASSWORD" => &$password, "REMEMBER" => &$remember, "PASSWORD_ORIGINAL" => &$password_original);
     unset($_SESSION["SESS_OPERATIONS"]);
     unset($_SESSION["MODULE_PERMISSIONS"]);
     $_SESSION["BX_LOGIN_NEED_CAPTCHA"] = false;
     $bOk = true;
     $APPLICATION->ResetException();
     foreach (GetModuleEvents("main", "OnBeforeUserLogin", true) as $arEvent) {
         if (ExecuteModuleEventEx($arEvent, array(&$arParams)) === false) {
             if ($err = $APPLICATION->GetException()) {
                 $result_message = array("MESSAGE" => $err->GetString() . "<br>", "TYPE" => "ERROR");
             } else {
                 $APPLICATION->ThrowException("Unknown login error");
                 $result_message = array("MESSAGE" => "Unknown login error" . "<br>", "TYPE" => "ERROR");
             }
             $bOk = false;
             break;
         }
     }
     if ($bOk) {
         //external authentication
         foreach (GetModuleEvents("main", "OnUserLoginExternal", true) as $arEvent) {
             $user_id = ExecuteModuleEventEx($arEvent, array(&$arParams));
             if ($user_id > 0) {
                 break;
             }
         }
         if ($user_id <= 0) {
             //internal authentication OR application password for external user
             $foundUser = false;
             $strSql = "SELECT U.ID, U.LOGIN, U.ACTIVE, U.PASSWORD, U.LOGIN_ATTEMPTS, U.CONFIRM_CODE, U.EMAIL " . "FROM b_user U  " . "WHERE U.LOGIN='******' " . "\tAND (EXTERNAL_AUTH_ID IS NULL OR EXTERNAL_AUTH_ID='') ";
             $result = $DB->Query($strSql);
             if ($arUser = $result->Fetch()) {
                 //internal authentication by login and password
                 $foundUser = true;
                 if (strlen($arUser["PASSWORD"]) > 32) {
                     $salt = substr($arUser["PASSWORD"], 0, strlen($arUser["PASSWORD"]) - 32);
                     $db_password = substr($arUser["PASSWORD"], -32);
                 } else {
                     $salt = "";
                     $db_password = $arUser["PASSWORD"];
                 }
                 $user_password_no_otp = "";
                 if ($arParams["PASSWORD_ORIGINAL"] == "Y") {
                     $user_password = md5($salt . $arParams["PASSWORD"]);
                     if ($arParams["OTP"] != '') {
                         $user_password_no_otp = md5($salt . substr($arParams["PASSWORD"], 0, -6));
                     }
                 } else {
                     if (strlen($arParams["PASSWORD"]) > 32) {
                         $user_password = substr($arParams["PASSWORD"], -32);
                     } else {
                         $user_password = $arParams["PASSWORD"];
                     }
                 }
                 $passwordCorrect = $db_password === $user_password || $arParams["OTP"] != '' && $db_password === $user_password_no_otp;
                 if ($db_password === $user_password) {
                     //this password has no added otp for sure
                     $arParams["OTP"] = '';
                 }
                 if (!$passwordCorrect) {
                     //let's try to find application password
                     if (($appPassword = ApplicationPasswordTable::findPassword($arUser["ID"], $arParams["PASSWORD"], $arParams["PASSWORD_ORIGINAL"] == "Y")) !== false) {
                         $passwordCorrect = true;
                         $applicationId = $appPassword["APPLICATION_ID"];
                         $applicationPassId = $appPassword["ID"];
                     }
                 }
                 $arPolicy = CUser::GetGroupPolicy($arUser["ID"]);
                 $pol_login_attempts = intval($arPolicy["LOGIN_ATTEMPTS"]);
                 $usr_login_attempts = intval($arUser["LOGIN_ATTEMPTS"]) + 1;
                 if ($pol_login_attempts > 0 && $usr_login_attempts > $pol_login_attempts) {
                     $_SESSION["BX_LOGIN_NEED_CAPTCHA"] = true;
                     if (!$APPLICATION->CaptchaCheckCode($_REQUEST["captcha_word"], $_REQUEST["captcha_sid"])) {
                         $passwordCorrect = false;
                     }
                 }
                 if ($passwordCorrect) {
                     if ($salt == '' && $arParams["PASSWORD_ORIGINAL"] == "Y" && $applicationId === null) {
                         $salt = randString(8, array("abcdefghijklnmopqrstuvwxyz", "ABCDEFGHIJKLNMOPQRSTUVWXYZ", "0123456789", ",.<>/?;:[]{}\\|~!@#\$%^&*()-_+="));
                         $new_password = $salt . md5($salt . $arParams["PASSWORD"]);
                         $DB->Query("UPDATE b_user SET PASSWORD='******', TIMESTAMP_X = TIMESTAMP_X WHERE ID = " . intval($arUser["ID"]));
                     }
                     if ($arUser["ACTIVE"] == "Y") {
                         $user_id = $arUser["ID"];
                         //update digest hash for http digest authorization
                         if ($arParams["PASSWORD_ORIGINAL"] == "Y" && $applicationId === null && COption::GetOptionString('main', 'use_digest_auth', 'N') == 'Y') {
                             CUser::UpdateDigest($arUser["ID"], $arParams["PASSWORD"]);
                         }
                     } elseif ($arUser["CONFIRM_CODE"] != '') {
                         //unconfirmed registration
                         $message = GetMessage("MAIN_LOGIN_EMAIL_CONFIRM", array("#EMAIL#" => $arUser["EMAIL"]));
                         $APPLICATION->ThrowException($message);
                         $result_message = array("MESSAGE" => $message . "<br>", "TYPE" => "ERROR");
                     } else {
                         $APPLICATION->ThrowException(GetMessage("LOGIN_BLOCK"));
                         $result_message = array("MESSAGE" => GetMessage("LOGIN_BLOCK") . "<br>", "TYPE" => "ERROR");
                     }
                 } else {
                     $DB->Query("UPDATE b_user SET LOGIN_ATTEMPTS = " . $usr_login_attempts . ", TIMESTAMP_X = TIMESTAMP_X WHERE ID = " . intval($arUser["ID"]));
                     $APPLICATION->ThrowException(GetMessage("WRONG_LOGIN"));
                     $result_message = array("MESSAGE" => GetMessage("WRONG_LOGIN") . "<br>", "TYPE" => "ERROR", "ERROR_TYPE" => "LOGIN");
                 }
             } else {
                 //no user found by login - try to find an external user
                 foreach (GetModuleEvents("main", "OnFindExternalUser", true) as $arEvent) {
                     if (($external_user_id = intval(ExecuteModuleEventEx($arEvent, array($arParams["LOGIN"])))) > 0) {
                         //external user authentication
                         //let's try to find application password for the external user
                         if (($appPassword = ApplicationPasswordTable::findPassword($external_user_id, $arParams["PASSWORD"], $arParams["PASSWORD_ORIGINAL"] == "Y")) !== false) {
                             //bingo, the user has the application password
                             $foundUser = true;
                             $user_id = $external_user_id;
                             $applicationId = $appPassword["APPLICATION_ID"];
                             $applicationPassId = $appPassword["ID"];
                         }
                         break;
                     }
                 }
             }
             if (!$foundUser) {
                 $APPLICATION->ThrowException(GetMessage("WRONG_LOGIN"));
                 $result_message = array("MESSAGE" => GetMessage("WRONG_LOGIN") . "<br>", "TYPE" => "ERROR", "ERROR_TYPE" => "LOGIN");
             }
         }
     }
     // All except Admin
     if ($user_id > 1 && $arParams["CONTROLLER_ADMIN"] !== "Y") {
         $limitUsersCount = intval(COption::GetOptionInt("main", "PARAM_MAX_USERS", 0));
         if ($limitUsersCount > 0) {
             $by = "ID";
             $order = "ASC";
             $arFilter = array("LAST_LOGIN_1" => ConvertTimeStamp());
             //Intranet users only
             if (IsModuleInstalled("intranet")) {
                 $arFilter["!=UF_DEPARTMENT"] = false;
             }
             $rsUsers = CUser::GetList($by, $order, $arFilter, array("FIELDS" => array("ID", "LOGIN")));
             while ($user = $rsUsers->fetch()) {
                 if ($user["ID"] == $user_id) {
                     $limitUsersCount = 1;
                     break;
                 }
                 $limitUsersCount--;
             }
             if ($limitUsersCount < 0) {
                 $user_id = 0;
                 $APPLICATION->ThrowException(GetMessage("LIMIT_USERS_COUNT"));
                 $result_message = array("MESSAGE" => GetMessage("LIMIT_USERS_COUNT") . "<br>", "TYPE" => "ERROR");
             }
         }
     }
     $arParams["USER_ID"] = $user_id;
     $doAuthorize = true;
     if ($user_id > 0) {
         if ($applicationId === null && CModule::IncludeModule("security")) {
             /*
             MFA can allow or disallow authorization.
             Allowed if:
             - OTP is not active for the user;
             - correct "OTP" in the $arParams (filled by the OnBeforeUserLogin event handler).
             Disallowed if:
             - OTP is not provided;
             - OTP is not correct.
             When authorization is disallowed the OTP form will be shown on the next hit.
             Note: there is no MFA check for an application password.
             */
             $arParams["CAPTCHA_WORD"] = $_REQUEST["captcha_word"];
             $arParams["CAPTCHA_SID"] = $_REQUEST["captcha_sid"];
             $doAuthorize = \Bitrix\Security\Mfa\Otp::verifyUser($arParams);
         }
         if ($doAuthorize) {
             $this->Authorize($user_id, $arParams["REMEMBER"] == "Y", true, $applicationId);
             if ($applicationPassId !== null) {
                 //update usage statistics for the application
                 Main\Authentication\ApplicationPasswordTable::update($applicationPassId, array('DATE_LOGIN' => new Main\Type\DateTime(), 'LAST_IP' => $_SERVER["REMOTE_ADDR"]));
             }
         } else {
             $result_message = false;
         }
         if ($applicationId === null && $arParams["LOGIN"] != '') {
             //the cookie is for authentication forms mostly, does not make sense for applications
             $APPLICATION->set_cookie("LOGIN", $arParams["LOGIN"], time() + 60 * 60 * 24 * 30 * 60, '/', false, false, COption::GetOptionString("main", "auth_multisite", "N") == "Y");
         }
     }
     $arParams["RESULT_MESSAGE"] = $result_message;
     $APPLICATION->ResetException();
     foreach (GetModuleEvents("main", "OnAfterUserLogin", true) as $arEvent) {
         ExecuteModuleEventEx($arEvent, array(&$arParams));
     }
     if ($doAuthorize == true && $result_message !== true && COption::GetOptionString("main", "event_log_login_fail", "N") === "Y") {
         CEventLog::Log("SECURITY", "USER_LOGIN", "main", $login, $result_message["MESSAGE"]);
     }
     return $arParams["RESULT_MESSAGE"];
 }
Exemplo n.º 3
0
    CHTTP::SetStatus("401 Unauthorized");
} else {
    $answer = array("success" => true, "sessionId" => session_id(), "bitrixSessionId" => bitrix_sessid());
    if (($_POST['renew_password'] == 'y' || $_POST['otp'] != '') && $USER->GetParam("APPLICATION_ID") === null) {
        $code = '';
        if (strlen($_POST['user_os_mark']) > 0) {
            $code = md5($_POST['user_os_mark'] . $_POST['user_account']);
        }
        if ($code != '') {
            $orm = ApplicationPasswordTable::getList(array('select' => array('ID'), 'filter' => array('USER_ID' => $USER->GetID(), 'CODE' => $code)));
            if ($row = $orm->fetch()) {
                ApplicationPasswordTable::delete($row['ID']);
            }
        }
        $password = ApplicationPasswordTable::generatePassword();
        $res = ApplicationPasswordTable::add(array('USER_ID' => $USER->GetID(), 'APPLICATION_ID' => 'desktop', 'PASSWORD' => $password, 'DATE_CREATE' => new Main\Type\DateTime(), 'CODE' => $code, 'COMMENT' => GetMessage('DESKTOP_APP_GENERATOR'), 'SYSCOMMENT' => GetMessage('DESKTOP_APP_TITE')));
        if ($res->isSuccess()) {
            $answer["appPassword"] = $password;
        }
    }
}
if (isset($_REQUEST['json']) && $_REQUEST['json'] == 'y') {
    header('Content-Type: application/json');
    echo Main\Web\Json::encode($answer);
} else {
    echo toJsObject($answer);
}
function toJsObject(array $answer)
{
    $answerParts = array();
    foreach ($answer as $attr => $value) {
Exemplo n.º 4
0
            $rsSites = CSite::GetByID(CExtranet::GetExtranetSiteID());
            if (($arExtranetSite = $rsSites->Fetch()) && $arExtranetSite["ACTIVE"] != "N") {
                $data["whiteList"] = array($arExtranetSite["DIR"] . "mobile/");
                $data["appmap"] = array("main" => array("url" => $arExtranetSite["DIR"] . "mobile/index.php", "bx24ModernStyle" => true), "menu" => array("url" => $arExtranetSite["DIR"] . "mobile/left.php"), "right" => array("url" => $arExtranetSite["DIR"] . "mobile/im/right.php"));
                if (\Bitrix\MobileApp\Mobile::getInstance()->getApiVersion() >= 10) {
                    $data["appmap"]["right"] = array("url" => $arExtranetSite["DIR"] . "mobile/im/right.php");
                }
            }
        }
        if (toUpper(SITE_CHARSET) != "UTF-8") {
            $data = $APPLICATION->ConvertCharsetArray($data, SITE_CHARSET, "utf-8");
        }
    }
    $needAppPass = \Bitrix\Main\Context::getCurrent()->getServer()->get("HTTP_BX_APP_PASS");
    $appUUID = \Bitrix\Main\Context::getCurrent()->getServer()->get("HTTP_BX_APP_UUID");
    $deviceName = \Bitrix\Main\Context::getCurrent()->getServer()->get("HTTP_BX_DEVICE_NAME");
    if ($needAppPass == 'mobile' && $USER->GetParam("APPLICATION_ID") === null) {
        if (strlen($appUUID) > 0) {
            $result = ApplicationPasswordTable::getList(array('select' => array('ID'), 'filter' => array('USER_ID' => $USER->GetID(), 'CODE' => $appUUID)));
            if ($row = $result->fetch()) {
                ApplicationPasswordTable::delete($row['ID']);
            }
        }
        $password = ApplicationPasswordTable::generatePassword();
        $res = ApplicationPasswordTable::add(array('USER_ID' => $USER->GetID(), 'APPLICATION_ID' => 'mobile', 'PASSWORD' => $password, 'CODE' => $appUUID, 'DATE_CREATE' => new Main\Type\DateTime(), 'COMMENT' => GetMessage("MD_GENERATE_BY_MOBILE") . (strlen($deviceName) > 0 ? " (" . $deviceName . ")" : ""), 'SYSCOMMENT' => GetMessage("MD_MOBILE_APPLICATION")));
        if ($res->isSuccess()) {
            $data["appPassword"] = $password;
        }
    }
}
return $data;
Exemplo n.º 5
0
        if (ApplicationPasswordTable::getRow(array("filter" => array("=ID" => $id, "=USER_ID" => $USER->GetID()))) !== null) {
            $result = ApplicationPasswordTable::delete($id);
            if ($result->isSuccess()) {
                $answer["success"] = true;
                $answer["message"] = Loc::getMessage("main_app_passwords_ajax_deleted");
            } else {
                $answer["message"] = implode("<br>", $result->getErrorMessages());
            }
        }
    } elseif ($post["action"] == "add") {
        //adding a new application password
        $appManager = ApplicationManager::getInstance();
        $applications = $appManager->getApplications();
        $password = ApplicationPasswordTable::generatePassword();
        if (isset($applications[$post['APPLICATION_ID']])) {
            $date = new Main\Type\DateTime();
            $result = ApplicationPasswordTable::add(array('USER_ID' => $USER->GetID(), 'APPLICATION_ID' => $post['APPLICATION_ID'], 'PASSWORD' => $password, 'DATE_CREATE' => $date, 'COMMENT' => $post['COMMENT'], 'SYSCOMMENT' => $post['SYSCOMMENT']));
            if ($result->isSuccess()) {
                $answer["success"] = true;
                $answer["id"] = $result->getId();
                $answer["date_create"] = $date->toString();
                $answer["password"] = '******' . implode(str_split($password, 4), '</span><span>') . '</span>';
            } else {
                $answer["message"] = implode("<br>", $result->getErrorMessages());
            }
        } else {
            $answer["message"] = Loc::getMessage("main_app_passwords_ajax_no_app");
        }
    }
}
echo Json::encode($answer);