19use Luracast\Restler\RestException;
21require_once DOL_DOCUMENT_ROOT.
'/core/lib/security.lib.php';
22require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
44 throw new RestException(403,
"Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
69 return $this->
index($login, $password, $entity, $reset);
91 public function index($login, $password, $entity =
'', $reset = 0)
93 global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
97 dol_syslog(
"Warning: A try to use the login API has been done while the login API is disabled. You must generate or get the token from the backoffice.", LOG_WARNING);
98 throw new RestException(403,
"Error, the login API has been disabled for security purpose. You must generate or get the token from the backoffice.");
102 if (empty($dolibarr_main_authentication)) {
103 $dolibarr_main_authentication =
'dolibarr';
107 if ($dolibarr_main_authentication ==
'forceuser') {
108 if (empty($dolibarr_auto_user)) {
109 $dolibarr_auto_user =
'auto';
111 if ($dolibarr_auto_user != $login) {
112 dol_syslog(
"Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user.
"' that is not the requested login. API usage is forbidden in this mode.");
113 throw new RestException(403,
"Your instance is set to use the automatic login '".$dolibarr_auto_user.
"' that is not the requested login. API usage is forbidden in this mode.");
118 $authmode = explode(
',', $dolibarr_main_authentication);
120 if ($entity !=
'' && !is_numeric($entity)) {
121 throw new RestException(403,
"Bad value for entity, must be the numeric ID of company.");
127 include_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
129 if ($login ===
'--bad-login-validity--') {
133 throw new RestException(403,
'Access denied');
136 $token =
'failedtogenerateorgettoken';
138 $tmpuser =
new User($this->db);
139 $tmpuser->fetch(0, $login, 0, 0, $entity);
140 if (empty($tmpuser->id)) {
141 throw new RestException(500,
'Failed to load user');
145 if (empty($tmpuser->api_key) || $reset) {
146 $tmpuser->getrights();
147 if (!$tmpuser->hasRight(
'user',
'self',
'creer')) {
148 if (empty($tmpuser->api_key)) {
149 throw new RestException(403,
'No API token set for this user and user need write permission on itself to reset its API token');
151 throw new RestException(403,
'User need write permission on itself to reset its API token');
159 $sql =
"UPDATE ".MAIN_DB_PREFIX.
"user";
160 $sql .=
" SET api_key = '".$this->db->escape(
dolEncrypt($token,
'',
'',
'dolibarr')).
"'";
161 $sql .=
" WHERE login = '".$this->db->escape($login).
"'";
163 dol_syslog(get_class($this).
"::login", LOG_DEBUG);
164 $result = $this->db->query($sql);
166 throw new RestException(500,
'Error when updating api_key for user :'.$this->db->lasterror());
169 $token = $tmpuser->api_key;
171 throw new RestException(500,
'Error, the API token of this user has a non valid value. Try to update it with a valid value.');
176 throw new RestException(500,
'Error the token for this user has not an hexa format. Try first to reset it.');
184 'entity' => $tmpuser->entity,
185 'message' =>
'Welcome '.$login.($reset ?
' - Token is new' :
' - This is your token (recorded for your user). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
API that allows to log in with an user account.
__construct()
Constructor of the class.
index($login, $password, $entity='', $reset=0)
Login.
loginUnsecured($login, $password, $entity='', $reset=0)
Login.
Class to manage Dolibarr users.
ascii_check($str)
Check if a string is in ASCII.
getDolGlobalString($key, $default='')
Return dolibarr global constant string value.
utf8_check($str)
Check if a string is in UTF8.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
dolEncrypt($chain, $key='', $ciphering='AES-256-CTR', $forceseed='')
Encode a string with a symetric encryption.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.