/** * Authenticate user using username+password or token. * This function sets up $USER global. * It is safe to use has_capability() after this. * This method also verifies user is allowed to use this * server. * @return void */ protected function authenticate_user() { global $USER, $SESSION, $WEBSERVICE_INSTITUTION, $WEBSERVICE_OAUTH_USER; if ($this->authmethod == WEBSERVICE_AUTHMETHOD_USERNAME) { $this->auth = 'USER'; //we check that authentication plugin is enabled //it is only required by simple authentication $plugin = get_record('auth_installed', 'name', 'webservice'); if (empty($plugin) || $plugin->active != 1) { throw new WebserviceAccessException(get_string('wsauthnotenabled', 'auth.webservice')); } if (!$this->username) { throw new WebserviceAccessException(get_string('missingusername', 'auth.webservice')); } if (!$this->password) { throw new WebserviceAccessException(get_string('missingpassword', 'auth.webservice')); } // special web service login safe_require('auth', 'webservice'); // get the user $user = get_record('usr', 'username', $this->username); if (empty($user)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // user account is nolonger validly configured if (!($auth_instance = webservice_validate_user($user))) { throw new WebserviceAccessException(get_string('invalidaccount', 'auth.webservice')); } // set the global for the web service users defined institution $WEBSERVICE_INSTITUTION = $auth_instance->institution; // get the institution from the external user $ext_user = get_record('external_services_users', 'userid', $user->id); if (empty($ext_user)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // determine the internal auth instance $auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice'); if (empty($auth_instance)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // authenticate the user $auth = new AuthWebservice($auth_instance->id); if (!$auth->authenticate_user_account($user, $this->password, 'webservice')) { // log failed login attempts throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } } else { if ($this->authmethod == WEBSERVICE_AUTHMETHOD_PERMANENT_TOKEN) { $this->auth = 'TOKEN'; $user = $this->authenticate_by_token(EXTERNAL_TOKEN_PERMANENT); } else { if ($this->authmethod == WEBSERVICE_AUTHMETHOD_OAUTH_TOKEN) { //OAuth $this->auth = 'OAUTH'; // special web service login safe_require('auth', 'webservice'); // get the user - the user that authorised the token $user = get_record('usr', 'id', $this->oauth_token_details['user_id']); if (empty($user)) { throw new WebserviceAccessException(get_string('wrongusernamepassword', 'auth.webservice')); } // check user is member of configured OAuth institution $institutions = array_keys(load_user_institutions($this->oauth_token_details['user_id'])); $auth_instance = get_record('auth_instance', 'id', $user->authinstance); $institutions[] = $auth_instance->institution; if (!in_array($this->oauth_token_details['institution'], $institutions)) { throw new WebserviceAccessException(get_string('institutiondenied', 'auth.webservice')); } // set the global for the web service users defined institution $WEBSERVICE_INSTITUTION = $this->oauth_token_details['institution']; // set the note of the OAuth service owner $WEBSERVICE_OAUTH_USER = $this->oauth_token_details['service_user']; } else { $this->auth = 'OTHER'; $user = $this->authenticate_by_token(EXTERNAL_TOKEN_USER); } } } // now fake user login, the session is completely empty too $USER->reanimate($user->id, $user->authinstance); }
/** * submit callback * * @param Pieform $form * @param array $values */ function testclient_submit(Pieform $form, $values) { global $SESSION, $params, $iterations, $function, $dbsf; if ($values['authtype'] == 'token' && !empty($values['wstoken']) || $values['authtype'] == 'user' && !empty($values['wsusername']) && !empty($values['wspassword'])) { $vars = testclient_get_interface($dbsf->functionname); $inputs = array(); for ($i = 0; $i <= $iterations; $i++) { foreach ($vars as $var) { $name = preg_replace('/NUM/', $i, $var['name']); $parts = explode('_', $name); testclient_build_inputs($inputs, $parts, $values[$name]); } } if ($values['authtype'] == 'token') { // check token $dbtoken = get_record('external_tokens', 'token', $values['wstoken']); if (empty($dbtoken)) { $SESSION->add_error_msg(get_string('invalidtoken', 'auth.webservice')); redirect('/webservice/testclient.php?' . implode('&', $params)); } } else { // check user is a valid web services account $dbuser = get_record('usr', 'username', $values['wsusername']); if (empty($dbuser)) { $SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername'])); redirect('/webservice/testclient.php?' . implode('&', $params)); } // special web service login safe_require('auth', 'webservice'); // do password auth $ext_user = get_record('external_services_users', 'userid', $dbuser->id); if (empty($ext_user)) { $SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername'])); redirect('/webservice/testclient.php?' . implode('&', $params)); } // determine the internal auth instance $auth_instance = get_record('auth_instance', 'institution', $ext_user->institution, 'authname', 'webservice'); if (empty($auth_instance)) { $SESSION->add_error_msg(get_string('invaliduser', 'auth.webservice', $values['wsusername'])); redirect('/webservice/testclient.php?' . implode('&', $params)); } // authenticate the user $auth = new AuthWebservice($auth_instance->id); if (!$auth->authenticate_user_account($dbuser, $values['wspassword'], 'webservice')) { // log failed login attempts $SESSION->add_error_msg(get_string('invaliduserpass', 'auth.webservice', $values['wsusername'])); redirect('/webservice/testclient.php?' . implode('&', $params)); } } // now build the test call switch ($values['protocol']) { case 'rest': error_log('creating REST client'); require_once get_config('docroot') . '/webservice/rest/lib.php'; $client = new webservice_rest_client(get_config('wwwroot') . '/webservice/rest/server.php', $values['authtype'] == 'token' ? array('wstoken' => $values['wstoken']) : array('wsusername' => $values['wsusername'], 'wspassword' => $values['wspassword']), $values['authtype']); break; case 'xmlrpc': error_log('creating XML-RPC client'); require_once get_config('docroot') . 'webservice/xmlrpc/lib.php'; $client = new webservice_xmlrpc_client(get_config('wwwroot') . '/webservice/xmlrpc/server.php', $values['authtype'] == 'token' ? array('wstoken' => $values['wstoken']) : array('wsusername' => $values['wsusername'], 'wspassword' => $values['wspassword'])); break; case 'soap': error_log('creating SOAP client'); // stop failed to load external entity error libxml_disable_entity_loader(false); require_once get_config('docroot') . 'webservice/soap/lib.php'; //force SOAP synchronous mode $client = new webservice_soap_client(get_config('wwwroot') . 'webservice/soap/server.php', $values['authtype'] == 'token' ? array('wstoken' => $values['wstoken']) : array('wsusername' => $values['wsusername'], 'wspassword' => $values['wspassword']), array("features" => SOAP_WAIT_ONE_WAY_CALLS)); $client->setWsdlCache(false); break; } try { $results = $client->call($dbsf->functionname, $inputs, true); } catch (Exception $e) { $results = "exception: " . $e->getMessage(); } $SESSION->set('ws_call_results', serialize($results)); $SESSION->add_ok_msg(get_string('executed', 'auth.webservice')); } redirect('/webservice/testclient.php?' . implode('&', $params)); }