dolibarr  7.0.0-beta
api_login.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-Fran├žois Ferry <jfefe@aternatik.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <http://www.gnu.org/licenses/>.
17  */
18 
19 use Luracast\Restler\RestException;
20 
21 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
22 
26 class Login
27 {
28 
29  function __construct() {
30  global $db;
31  $this->db = $db;
32  }
33 
54  public function index($login, $password, $entity='', $reset=0) {
55 
56  global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
57 
58  // Authentication mode
59  if (empty($dolibarr_main_authentication))
60  $dolibarr_main_authentication = 'http,dolibarr';
61  // Authentication mode: forceuser
62  if ($dolibarr_main_authentication == 'forceuser')
63  {
64  if (empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
65  if ($dolibarr_auto_user != $login)
66  {
67  dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
68  throw new RestException(403, "Your instance is set to use the automatic login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
69  }
70  }
71  // Set authmode
72  $authmode = explode(',', $dolibarr_main_authentication);
73 
74  if ($entity != '' && ! is_numeric($entity))
75  {
76  throw new RestException(403, "Bad value for entity, must be the numeric ID of company.");
77  }
78  if ($entity == '') $entity=1;
79 
80  include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';
81  $login = checkLoginPassEntity($login, $password, $entity, $authmode);
82  if (empty($login))
83  {
84  throw new RestException(403, 'Access denied');
85  }
86 
87  $token = 'failedtogenerateorgettoken';
88 
89  $tmpuser=new User($this->db);
90  $tmpuser->fetch(0, $login, 0, 0, $entity);
91  if (empty($tmpuser->id))
92  {
93  throw new RestException(500, 'Failed to load user');
94  }
95 
96  // Renew the hash
97  if (empty($tmpuser->api_key) || $reset)
98  {
99  $tmpuser->getrights();
100  if (empty($tmpuser->rights->user->self->creer))
101  {
102  throw new RestException(403, 'User need write permission on itself to reset its API token');
103  }
104 
105  // Generate token for user
106  $token = dol_hash($login.uniqid().$conf->global->MAIN_API_KEY,1);
107 
108  // We store API token into database
109  $sql = "UPDATE ".MAIN_DB_PREFIX."user";
110  $sql.= " SET api_key = '".$this->db->escape($token)."'";
111  $sql.= " WHERE login = '".$this->db->escape($login)."'";
112 
113  dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
114  $result = $this->db->query($sql);
115  if (!$result)
116  {
117  throw new RestException(500, 'Error when updating api_key for user :'.$this->db->lasterror());
118  }
119  }
120  else
121  {
122  $token = $tmpuser->api_key;
123  }
124 
125  //return token
126  return array(
127  'success' => array(
128  'code' => 200,
129  'token' => $token,
130  'entity' => $tmpuser->entity,
131  'message' => 'Welcome ' . $login.($reset?' - Token is new':' - This is your token (generated by a previous call). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
132  )
133  );
134  }
135 }
Class to manage Dolibarr users.
Definition: user.class.php:39
API that allows to log in with an user account.
index($login, $password, $entity='', $reset=0)
Login.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='')
Write log message into outputs.
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode)
Return a login if login/pass was successfull.
dol_hash($chain, $type='0')
Returns a hash of a string.