19 use Luracast\Restler\RestException;
21 require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
38 if (!empty($conf->global->MAIN_MODULE_API_LOGIN_DISABLED)) {
39 throw new RestException(403,
"Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
64 return $this->
index($login, $password, $entity, $reset);
86 public function index($login, $password, $entity =
'', $reset = 0)
88 global $conf, $dolibarr_main_authentication, $dolibarr_auto_user;
91 if (!empty($conf->global->API_DISABLE_LOGIN_API)) {
92 dol_syslog(
"Warning: A try to use the login API has been done while the login API is disabled. You must generate or get the token from the backoffice.", LOG_WARNING);
93 throw new RestException(403,
"Error, the login API has been disabled for security purpose. You must generate or get the token from the backoffice.");
97 if (empty($dolibarr_main_authentication)) {
98 $dolibarr_main_authentication =
'dolibarr';
102 if ($dolibarr_main_authentication ==
'forceuser') {
103 if (empty($dolibarr_auto_user)) {
104 $dolibarr_auto_user =
'auto';
106 if ($dolibarr_auto_user != $login) {
107 dol_syslog(
"Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user.
"' that is not the requested login. API usage is forbidden in this mode.");
108 throw new RestException(403,
"Your instance is set to use the automatic login '".$dolibarr_auto_user.
"' that is not the requested login. API usage is forbidden in this mode.");
113 $authmode = explode(
',', $dolibarr_main_authentication);
115 if ($entity !=
'' && !is_numeric($entity)) {
116 throw new RestException(403,
"Bad value for entity, must be the numeric ID of company.");
122 include_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
124 if ($login ===
'--bad-login-validity--') {
128 throw new RestException(403,
'Access denied');
131 $token =
'failedtogenerateorgettoken';
133 $tmpuser =
new User($this->
db);
134 $tmpuser->fetch(0, $login, 0, 0, $entity);
135 if (empty($tmpuser->id)) {
136 throw new RestException(500,
'Failed to load user');
140 if (empty($tmpuser->api_key) || $reset) {
141 $tmpuser->getrights();
142 if (empty($tmpuser->rights->user->self->creer)) {
143 if (empty($tmpuser->api_key)) {
144 throw new RestException(403,
'No API token set for this user and user need write permission on itself to reset its API token');
146 throw new RestException(403,
'User need write permission on itself to reset its API token');
151 $token =
dol_hash($login.uniqid().(empty($conf->global->MAIN_API_KEY)?
'':$conf->global->MAIN_API_KEY), 1);
154 $sql =
"UPDATE ".MAIN_DB_PREFIX.
"user";
155 $sql .=
" SET api_key = '".$this->db->escape($token).
"'";
156 $sql .=
" WHERE login = '".$this->db->escape($login).
"'";
158 dol_syslog(get_class($this).
"::login", LOG_DEBUG);
159 $result = $this->
db->query($sql);
161 throw new RestException(500,
'Error when updating api_key for user :'.$this->
db->lasterror());
164 $token = $tmpuser->api_key;
172 'entity' => $tmpuser->entity,
173 'message' =>
'Welcome '.$login.($reset ?
' - Token is new' :
' - This is your token (recorded for your user). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')