lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Test on bad entity

Browse Source
This commit is contained in:
Laurent Destailleur 2017-12-12 13:23:39 +01:00
parent 06e63615e3
commit 1ad7ec5ad1
2 changed files with 14 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
htdocs/api/class/api_login.class.php
View File

@ -57,11 +57,22 @@ class Login
if (empty($dolibarr_main_authentication))
$dolibarr_main_authentication = 'http,dolibarr';
// Authentication mode: forceuser
if ($dolibarr_main_authentication == 'forceuser' && empty($dolibarr_auto_user))
$dolibarr_auto_user = 'auto';
if ($dolibarr_main_authentication == 'forceuser')
{
if (empty($dolibarr_auto_user)) $dolibarr_auto_user='auto';
if ($dolibarr_auto_user != $login)
{
dol_syslog("Warning: your instance is set to use the automatic forced login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
throw new RestException(403, "Your instance is set to use the automatic login '".$dolibarr_auto_user."' that is not the requested login. API usage is forbidden in this mode.");
}
}
// Set authmode
$authmode = explode(',', $dolibarr_main_authentication);
if ($entity != '' && ! is_numeric($entity))
{
throw new RestException(403, "Bad value for entity, must be the numeric ID of company.");
}
if ($entity == '') $entity=1;
include_once DOL_DOCUMENT_ROOT . '/core/lib/security2.lib.php';

1
htdocs/core/login/functions_forceuser.php
View File

@ -44,5 +44,6 @@ function check_user_password_forceuser($usertotest,$passwordtotest,$entitytotest
if ($_SESSION["dol_loginmesg"]) $login='';
dol_syslog("functions_forceuser::check_user_password_forceuser ok. forced user = ".$login);
return $login;
}