21use Luracast\Restler\RestException;
23require_once DOL_DOCUMENT_ROOT.
'/core/lib/security.lib.php';
24require_once DOL_DOCUMENT_ROOT.
'/user/class/user.class.php';
46 throw new RestException(403,
"Error login APIs are disabled. You must get the token from backoffice to be able to use APIs");
71 return $this->
index($login, $password, $entity, $reset);
93 public function index($login, $password, $entity =
'', $reset = 0)
95 global
$conf, $dolibarr_main_authentication, $dolibarr_auto_user;
99 dol_syslog(
"Warning: A try to use the login API has been done while the login API is disabled. You must generate or get the token from the backoffice.", LOG_WARNING);
100 throw new RestException(403,
"Error, the login API has been disabled for security purpose. You must generate or get the token from the backoffice.");
104 if (empty($dolibarr_main_authentication) || $dolibarr_main_authentication ==
'openid_connect') {
105 $dolibarr_main_authentication =
'dolibarr';
109 if ($dolibarr_main_authentication ==
'forceuser') {
110 if (empty($dolibarr_auto_user)) {
111 $dolibarr_auto_user =
'auto';
113 if ($dolibarr_auto_user != $login) {
114 dol_syslog(
"Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user.
"' that is not the requested login. API usage is forbidden in this mode.");
115 throw new RestException(403,
"Your instance is set to use the automatic login '".$dolibarr_auto_user.
"' that is not the requested login. API usage is forbidden in this mode.");
120 $authmode = explode(
',', $dolibarr_main_authentication);
122 if ($entity !=
'' && !is_numeric($entity)) {
123 throw new RestException(403,
"Bad value for entity, must be the numeric ID of company.");
129 include_once DOL_DOCUMENT_ROOT.
'/core/lib/security2.lib.php';
131 if ($login ===
'--bad-login-validity--') {
135 throw new RestException(403,
'Access denied');
138 $token =
'failedtogenerateorgettoken';
140 $tmpuser =
new User($this->db);
141 $tmpuser->fetch(0, $login, 0, 0, $entity);
142 if (empty($tmpuser->id)) {
143 throw new RestException(500,
'Failed to load user');
147 if (empty($tmpuser->api_key) || $reset) {
148 $tmpuser->loadRights();
149 if (!$tmpuser->hasRight(
'user',
'self',
'creer')) {
150 if (empty($tmpuser->api_key)) {
151 throw new RestException(403,
'No API token set for this user and user need write permission on itself to reset its API token');
153 throw new RestException(403,
'User need write permission on itself to reset its API token');
158 $token =
dol_hash($login.uniqid().getDolGlobalString(
'MAIN_API_KEY'),
'1');
161 $sql =
"UPDATE ".MAIN_DB_PREFIX.
"user";
162 $sql .=
" SET api_key = '".$this->db->escape(
dolEncrypt($token,
'',
'',
'dolibarr')).
"'";
163 $sql .=
" WHERE login = '".$this->db->escape($login).
"'";
165 dol_syslog(get_class($this).
"::login", LOG_DEBUG);
166 $result = $this->db->query($sql);
168 throw new RestException(500,
'Error when updating api_key for user :'.$this->db->lasterror());
171 $token = $tmpuser->api_key;
173 throw new RestException(500,
'Error, the API token of this user has a non valid value. Try to update it with a valid value.');
178 throw new RestException(500,
'Error the token for this user has not an hexa format. Try first to reset it.');
186 'entity' => $tmpuser->entity,
187 'message' =>
'Welcome '.$login.($reset ?
' - Token is new' :
' - This is your token (recorded for your user). You can use it to make any REST API call, or enter it into the DOLAPIKEY field to use the Dolibarr API explorer.')
API that allows to log in with an user account.
__construct()
Constructor of the class.
index($login, $password, $entity='', $reset=0)
Login.
loginUnsecured($login, $password, $entity='', $reset=0)
Login.
Class to manage Dolibarr users.
ascii_check($str)
Check if a string is in ASCII.
getDolGlobalString($key, $default='')
Return a Dolibarr global constant string value.
utf8_check($str)
Check if a string is in UTF8.
dol_syslog($message, $level=LOG_INFO, $ident=0, $suffixinfilename='', $restricttologhandler='', $logcontext=null)
Write log message into outputs.
global $conf
The following vars must be defined: $type2label $form $conf, $lang, The following vars may also be de...
checkLoginPassEntity($usertotest, $passwordtotest, $entitytotest, $authmode, $context='')
Return a login if login/pass was successful.
dolEncrypt($chain, $key='', $ciphering='', $forceseed='')
Encode a string with a symmetric encryption.
dol_hash($chain, $type='0', $nosalt=0)
Returns a hash (non reversible encryption) of a string.