95 global $conf, $db, $user;
100 $userClass = Defaults::$userIdentifierClass;
109 if (isset($_GET[
'api_key'])) {
111 $api_key = $_GET[
'api_key'];
113 if (isset($_GET[
'DOLAPIKEY'])) {
115 $api_key = $_GET[
'DOLAPIKEY'];
117 if (isset($_SERVER[
'HTTP_DOLAPIKEY'])) {
118 $api_key = $_SERVER[
'HTTP_DOLAPIKEY'];
123 if (preg_match(
'/^dolcrypt:/i', $api_key)) {
124 throw new RestException(503,
'Bad value for the API key. An API key should not start with dolcrypt:');
130 $sql =
"SELECT u.login, u.datec, u.api_key,";
131 $sql .=
" u.tms as date_modification, u.entity";
132 $sql .=
" FROM ".MAIN_DB_PREFIX.
"user as u";
133 $sql .=
" WHERE u.api_key = '".$this->db->escape($api_key).
"' OR u.api_key = '".$this->db->escape(
dolEncrypt($api_key,
'',
'',
'dolibarr')).
"'";
135 $result = $this->db->query($sql);
137 $nbrows = $this->db->num_rows($result);
139 $obj = $this->db->fetch_object($result);
140 $login = $obj->login;
142 $userentity = $obj->entity;
144 if (!defined(
"DOLENTITY") && $conf->entity != ($obj->entity ? $obj->entity : 1)) {
145 $conf->entity = ($obj->entity ? $obj->entity : 1);
147 dol_syslog(
"Entity was not set on http header with HTTP_DOLAPIENTITY (recommended for performance purpose), so we switch now on entity of user (".$conf->entity.
") and we have to reload configuration.", LOG_WARNING);
148 $conf->setValues($this->db);
150 } elseif ($nbrows > 1) {
151 throw new RestException(503,
'Error when fetching user api_key : More than 1 user with this apikey');
154 throw new RestException(503,
'Error when fetching user api_key :'.$this->db->error_msg);
157 if ($login && $stored_key != $api_key) {
158 $userClass::setCacheIdentifier($api_key);
162 $genericmessageerroruser =
'Error user not valid (not found with api key or bad status or bad validity dates) (conf->entity='.$conf->entity.
')';
165 dol_syslog(
"functions_isallowed::check_user_api_key Authentication KO for api key: Error when searching login user from api key", LOG_NOTICE);
167 throw new RestException(401, $genericmessageerroruser);
170 $fuser =
new User($this->db);
171 $result = $fuser->fetch(
'', $login,
'', 0, (empty($userentity) ? -1 : $conf->entity));
173 dol_syslog(
"functions_isallowed::check_user_api_key Authentication KO for '".$login.
"': Failed to fetch on entity", LOG_NOTICE);
175 throw new RestException(401, $genericmessageerroruser);
179 if ($fuser->statut != $fuser::STATUS_ENABLED) {
181 dol_syslog(
"functions_isallowed::check_user_api_key Authentication KO for '".$login.
"': The user has been disabled", LOG_NOTICE);
183 throw new RestException(401, $genericmessageerroruser);
187 if (($fuser->flagdelsessionsbefore && !empty($_SESSION[
"dol_logindate"]) && $fuser->flagdelsessionsbefore > $_SESSION[
"dol_logindate"])) {
189 dol_syslog(
"functions_isallowed::check_user_api_key Authentication KO for '".$login.
"': The user has a date for session invalidation = ".$fuser->flagdelsessionsbefore.
" and a session date = ".$_SESSION[
"dol_logindate"].
". We must invalidate its sessions.");
191 throw new RestException(401, $genericmessageerroruser);
195 if ($fuser->isNotIntoValidityDateRange()) {
197 dol_syslog(
"functions_isallowed::check_user_api_key Authentication KO for '".$login.
"': The user login has a validity between [".$fuser->datestartvalidity.
" and ".$fuser->dateendvalidity.
"], current date is ".
dol_now());
199 throw new RestException(401, $genericmessageerroruser);
206 static::$user = $fuser;
212 static::$role =
'external';
216 static::$role =
'admin';
219 throw new RestException(401,
"Failed to login to API. No parameter 'HTTP_DOLAPIKEY' on HTTP header (and no parameter DOLAPIKEY in URL).");
222 $userClass::setCacheIdentifier(static::$role);
223 Resources::$accessControlFunction =
'DolibarrApiAccess::verifyAccess';
224 $requirefortest = static::$requires;
225 if (!is_array($requirefortest)) {
226 $requirefortest = explode(
',', $requirefortest);
228 return in_array(static::$role, (array) $requirefortest) || static::$role ==
'admin';