dolibarr  18.0.0-alpha
api_login.class.php
1 <?php
2 /* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3  * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4  *
5  * This program is free software; you can redistribute it and/or modify
6  * it under the terms of the GNU General Public License as published by
7  * the Free Software Foundation; either version 3 of the License, or
8  * (at your option) any later version.
9  *
10  * This program is distributed in the hope that it will be useful,
11  * but WITHOUT ANY WARRANTY; without even the implied warranty of
12  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13  * GNU General Public License for more details.
14  *
15  * You should have received a copy of the GNU General Public License
16  * along with this program. If not, see <https://www.gnu.org/licenses/>.
17  */
18 
19 use Luracast\Restler\RestException;
20 
21 require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
22 
26 class Login
27 {
28 
32  public function __construct()
33  {
34  global $conf, $db;
35  $this->db = $db;
36 
37  //$conf->global->MAIN_MODULE_API_LOGIN_DISABLED = 1;
38  if (!empty($conf->global->MAIN_MODULE_API_LOGIN_DISABLED)) {
39  throw new RestException(403, "Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
40  }
41  }
42 
62  public function loginUnsecured($login, $password, $entity = '', $reset = 0)
63  {
64  return $this->index($login, $password, $entity, $reset);
65  }
66 
86  public function index($login, $password, $entity = '', $reset = 0)
87  {
88  global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
89 
90  // Is the login API disabled ? The token must be generated from backoffice only.
91  if (!empty($conf->global->API_DISABLE_LOGIN_API)) {
92  dol_syslog("Warning: A try to use the login API has been done while the login API is disabled. You must generate or get the token from the backoffice.", LOG_WARNING);
93  throw new RestException(403, "Error, the login API has been disabled for security purpose. You must generate or get the token from the backoffice.");
94  }
95 
96  // Authentication mode
97  if (empty($dolibarr_main_authentication)) {
98  $dolibarr_main_authentication = 'dolibarr';
99  }
100 
101  // Authentication mode: forceuser
102  if ($dolibarr_main_authentication == 'forceuser') {
103  if (empty($dolibarr_auto_user)) {
104  $dolibarr_auto_user = 'auto';
105  }
106  if ($dolibarr_auto_user != $login) {
107  dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
108  throw new RestException(403, "Your instance is set to use the automatic login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
109  }
110  }
111 
112  // Set authmode
113  $authmode = explode(',', $dolibarr_main_authentication);
114 
115  if ($entity != '' && !is_numeric($entity)) {
116  throw new RestException(403, "Bad value for entity, must be the numeric ID of company.");
117  }
118  if ($entity == '') {
119  $entity = 1;
120  }
121 
122  include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
123  $login = checkLoginPassEntity($login, $password, $entity, $authmode, 'api'); // Check credentials.
124  if ($login === '--bad-login-validity--') {
125  $login = '';
126  }
127  if (empty($login)) {
128  throw new RestException(403, 'Access denied');
129  }
130 
131  $token = 'failedtogenerateorgettoken';
132 
133  $tmpuser = new User($this->db);
134  $tmpuser->fetch(0, $login, 0, 0, $entity);
135  if (empty($tmpuser->id)) {
136  throw new RestException(500, 'Failed to load user');
137  }
138 
139  // Renew the hash
140  if (empty($tmpuser->api_key) || $reset) {
141  $tmpuser->getrights();
142  if (empty($tmpuser->rights->user->self->creer)) {
143  if (empty($tmpuser->api_key)) {
144  throw new RestException(403, 'No API token set for this user and user need write permission on itself to reset its API token');
145  } else {
146  throw new RestException(403, 'User need write permission on itself to reset its API token');
147  }
148  }
149 
150  // Generate token for user
151  $token = dol_hash($login.uniqid().(empty($conf->global->MAIN_API_KEY)?'':$conf->global->MAIN_API_KEY), 1);
152 
153  // We store API token into database
154  $sql = "UPDATE ".MAIN_DB_PREFIX."user";
155  $sql .= " SET api_key = '".$this->db->escape($token)."'";
156  $sql .= " WHERE login = '".$this->db->escape($login)."'";
157 
158  dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
159  $result = $this->db->query($sql);
160  if (!$result) {
161  throw new RestException(500, 'Error when updating api_key for user :'.$this->db->lasterror());
162  }
163  } else {
164  $token = $tmpuser->api_key;
165  }
166 
167  //return token
168  return array(
169  'success' => array(
170  'code' => 200,
171  'token' => $token,
172  'entity' => $tmpuser->entity,
173  'message' => 'Welcome '.$login.($reset ? ' - Token is new' : ' - This is your token (recorded for your user). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
174  )
175  );
176  }
177 }
db
$conf db
API class for accounts.
Definition: inc.php:41
$sql
if(isModEnabled('facture') &&!empty($user->rights->facture->lire)) if((isModEnabled('fournisseur') &&empty($conf->global->MAIN_USE_NEW_SUPPLIERMOD) && $user->hasRight("fournisseur", "facture", "lire"))||(isModEnabled('supplier_invoice') && $user->hasRight("supplier_invoice", "lire"))) if(isModEnabled('don') &&!empty($user->rights->don->lire)) if(isModEnabled('tax') &&!empty($user->rights->tax->charges->lire)) if(isModEnabled('facture') &&isModEnabled('commande') && $user->hasRight("commande", "lire") &&empty($conf->global->WORKFLOW_DISABLE_CREATE_INVOICE_FROM_ORDER)) $sql
Social contributions to pay.
Definition: index.php:745
Login\loginUnsecured
loginUnsecured($login, $password, $entity='', $reset=0)
Login.
Definition: api_login.class.php:62
dol_hash
dol_hash($chain, $type='0')
Returns a hash (non reversible encryption) of a string.
Definition: security.lib.php:210
checkLoginPassEntity
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successfull.
Definition: security2.lib.php:57
dol_syslog
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
Definition: functions.lib.php:1639
Login
API that allows to log in with an user account.
Definition: api_login.class.php:26
User
Class to manage Dolibarr users.
Definition: user.class.php:44
Login\index
index($login, $password, $entity='', $reset=0)
Login.
Definition: api_login.class.php:86
Login\__construct
__construct()
Constructor of the class.
Definition: api_login.class.php:32