dolibarr 21.0.0-beta
api_login.class.php
1<?php
2/* Copyright (C) 2015 Jean-François Ferry <jfefe@aternatik.fr>
3 * Copyright (C) 2016 Laurent Destailleur <eldy@users.sourceforge.net>
4 * Copyright (C) 2024 MDW <mdeweerd@users.noreply.github.com>
5 * Copyright (C) 2024 Frédéric France <frederic.france@free.fr>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 3 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program. If not, see <https://www.gnu.org/licenses/>.
19 */
20
21use Luracast\Restler\RestException;
22
23require_once DOL_DOCUMENT_ROOT.'/core/lib/security.lib.php';
24require_once DOL_DOCUMENT_ROOT.'/user/class/user.class.php';
25
29class Login
30{
34 public $db;
35
39 public function __construct()
40 {
41 global $db;
42 $this->db = $db;
43
44 //$conf->global->API_DISABLE_LOGIN_API = 1;
45 if (getDolGlobalString('API_DISABLE_LOGIN_API')) {
46 throw new RestException(403, "Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
47 }
48 }
49
69 public function loginUnsecured($login, $password, $entity = '', $reset = 0)
70 {
71 return $this->index($login, $password, $entity, $reset);
72 }
73
93 public function index($login, $password, $entity = '', $reset = 0)
94 {
95 global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
96
97 // Is the login API disabled ? The token must be generated from backoffice only.
98 if (getDolGlobalString('API_DISABLE_LOGIN_API')) {
99 dol_syslog("Warning: A try to use the login API has been done while the login API is disabled. You must generate or get the token from the backoffice.", LOG_WARNING);
100 throw new RestException(403, "Error, the login API has been disabled for security purpose. You must generate or get the token from the backoffice.");
101 }
102
103 // Authentication mode
104 if (empty($dolibarr_main_authentication) || $dolibarr_main_authentication == 'openid_connect') {
105 $dolibarr_main_authentication = 'dolibarr';
106 }
107
108 // Authentication mode: forceuser
109 if ($dolibarr_main_authentication == 'forceuser') {
110 if (empty($dolibarr_auto_user)) {
111 $dolibarr_auto_user = 'auto';
112 }
113 if ($dolibarr_auto_user != $login) {
114 dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
115 throw new RestException(403, "Your instance is set to use the automatic login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
116 }
117 }
118
119 // Set authmode
120 $authmode = explode(',', $dolibarr_main_authentication);
121
122 if ($entity != '' && !is_numeric($entity)) {
123 throw new RestException(403, "Bad value for entity, must be the numeric ID of company.");
124 }
125 if ($entity == '') {
126 $entity = 1;
127 }
128
129 include_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
130 $login = checkLoginPassEntity($login, $password, $entity, $authmode, 'api'); // Check credentials.
131 if ($login === '--bad-login-validity--') {
132 $login = '';
133 }
134 if (empty($login)) {
135 throw new RestException(403, 'Access denied');
136 }
137
138 $token = 'failedtogenerateorgettoken';
139
140 $tmpuser = new User($this->db);
141 $tmpuser->fetch(0, $login, 0, 0, $entity);
142 if (empty($tmpuser->id)) {
143 throw new RestException(500, 'Failed to load user');
144 }
145
146 // Renew the hash
147 if (empty($tmpuser->api_key) || $reset) {
148 $tmpuser->loadRights();
149 if (!$tmpuser->hasRight('user', 'self', 'creer')) {
150 if (empty($tmpuser->api_key)) {
151 throw new RestException(403, 'No API token set for this user and user need write permission on itself to reset its API token');
152 } else {
153 throw new RestException(403, 'User need write permission on itself to reset its API token');
154 }
155 }
156
157 // Generate token for user
158 $token = dol_hash($login.uniqid().getDolGlobalString('MAIN_API_KEY'), '1');
159
160 // We store API token into database
161 $sql = "UPDATE ".MAIN_DB_PREFIX."user";
162 $sql .= " SET api_key = '".$this->db->escape(dolEncrypt($token, '', '', 'dolibarr'))."'";
163 $sql .= " WHERE login = '".$this->db->escape($login)."'";
164
165 dol_syslog(get_class($this)."::login", LOG_DEBUG); // No log
166 $result = $this->db->query($sql);
167 if (!$result) {
168 throw new RestException(500, 'Error when updating api_key for user :'.$this->db->lasterror());
169 }
170 } else {
171 $token = $tmpuser->api_key;
172 if (!utf8_check($token)) {
173 throw new RestException(500, 'Error, the API token of this user has a non valid value. Try to update it with a valid value.');
174 }
175 }
176
177 if (!ascii_check($token)) {
178 throw new RestException(500, 'Error the token for this user has not an hexa format. Try first to reset it.');
179 }
180
181 //return token
182 return array(
183 'success' => array(
184 'code' => 200,
185 'token' => $token,
186 'entity' => $tmpuser->entity,
187 'message' => 'Welcome '.$login.($reset ? ' - Token is new' : ' - This is your token (recorded for your user). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
188 )
189 );
190 }
191}
API that allows to log in with an user account.
__construct()
Constructor of the class.
index($login, $password, $entity='', $reset=0)
Login.
loginUnsecured($login, $password, $entity='', $reset=0)
Login.
Class to manage Dolibarr users.
ascii_check($str)
Check if a string is in ASCII.
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
utf8_check($str)
Check if a string is in UTF8.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
Definition member.php:79
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
dolEncrypt($chain, $key='', $ciphering='', $forceseed='')
Encode a string with a symmetric encryption.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.