dolibarr  9.0.0
api_login.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  */
18 
20 
21 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
22 
26 class Login
27 {
28 
32  function __construct()
33  {
34  global $db;
35  $this->db = $db;
36  }
37 
58  public function index($login, $password, $entity='', $reset=0)
59  {
60 
61  global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
62 
63  // Authentication mode
64  if (empty($dolibarr_main_authentication))
65  $dolibarr_main_authentication = 'http,dolibarr';
66  // Authentication mode: forceuser
67  if ($dolibarr_main_authentication == 'forceuser')
68  {
69  if (empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
70  if ($dolibarr_auto_user != $login)
71  {
72  dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
73  throw new RestException(403, "Your instance is set to use the automatic login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
74  }
75  }
76  // Set authmode
77  $authmode = explode(',', $dolibarr_main_authentication);
78 
79  if ($entity != '' && ! is_numeric($entity))
80  {
81  throw new RestException(403, "Bad value for entity, must be the numeric ID of company.");
82  }
83  if ($entity == '') $entity=1;
84 
85  include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
86  $login = checkLoginPassEntity($login, $password, $entity, $authmode);
87  if (empty($login))
88  {
89  throw new RestException(403, 'Access denied');
90  }
91 
92  $token = 'failedtogenerateorgettoken';
93 
94  $tmpuser=new User($this->db);
95  $tmpuser->fetch(0, $login, 0, 0, $entity);
96  if (empty($tmpuser->id))
97  {
98  throw new RestException(500, 'Failed to load user');
99  }
100 
101  // Renew the hash
102  if (empty($tmpuser->api_key) || $reset)
103  {
104  $tmpuser->getrights();
105  if (empty($tmpuser->rights->user->self->creer))
106  {
107  throw new RestException(403, 'User need write permission on itself to reset its API token');
108  }
109 
110  // Generate token for user
111  $token = dol_hash($login.uniqid().$conf->global->MAIN_API_KEY,1);
112 
113  // We store API token into database
114  $sql = "UPDATE ".MAIN_DB_PREFIX."user";
115  $sql.= " SET api_key = '".$this->db->escape($token)."'";
116  $sql.= " WHERE login = '".$this->db->escape($login)."'";
117 
118  dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
119  $result = $this->db->query($sql);
120  if (!$result)
121  {
122  throw new RestException(500, 'Error when updating api_key for user :'.$this->db->lasterror());
123  }
124  }
125  else
126  {
127  $token = $tmpuser->api_key;
128  }
129 
130  //return token
131  return array(
132  'success' => array(
133  'code' => 200,
134  'token' => $token,
135  'entity' => $tmpuser->entity,
136  'message' => 'Welcome ' . $login.($reset?' - Token is new':' - This is your token (generated by a previous call). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
137  )
138  );
139  }
140 }
Class to manage Dolibarr users.
Definition: user.class.php:41
API that allows to log in with an user account.
index($login, $password, $entity='', $reset=0)
Login.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode)
Return a login if login/pass was successfull.
dol_hash($chain, $type='0')
Returns a hash of a string.
__construct()
Constructor of the class.